Re: BGP and Firewalls...

[David <david () davidswafford com>]

SSL interception was the most painful -- PaloAlto finally confirmed it as a bug in 3.1.9, havnt upgraded yet.  it 
basicall eats ssl traffic sporadically.

had another issue during go-live where a "commit" caused the box to crash (3.1.9)

and anothere during that same week where a malformed ssl packet crashed the dataplane.

all cases involved significant interruptions because most did not trigger ha-related failovers.  palo also support was 
extremely slow in all cases weve had and from that perspective alone i would not put all of my eggs into it.  great box 
for web filtering from a feature perspective, but my bluecoats were much more stabile in their 4 yr life than the first 
2weeks on our 2050s

david.

Sent from an email server.

On Dec 8, 2011, at 10:11 AM, "Gregory Croft" <gcroft () shoremortgage com> wrote:

> What kind of Bugs are you running into? 
> I have two PA500's at the moment and haven't really had any issues with
> web filtering. 
>
>
>
> Thank you, 
> Gregory S. Croft 
>
> -----Original Message-----
> From: David [mailto:david () davidswafford com] 
> Sent: Thursday, December 08, 2011 9:50 AM
> To: Gregory Croft
> Cc: <nanog () nanog org>
> Subject: Re: BGP and Firewalls...
>
> I wouldn't do it.  We have 8 x PA-2050s and run into a lot of wierd
> bugs.... (just doing web filtering)
>
> David
>
> Sent from an email server.
>
> On Dec 7, 2011, at 12:31 PM, "Gregory Croft" <gcroft () shoremortgage com>
> wrote:
>
> > Hi All,
> >
> >
> >
> > Does anyone have any experience with using firewalls as edge devices 
> > when BGP is concerned?
> >
> > Specifically the Palo Alto series of devices. 
> >
> >
> >
> > If so please contact me off list. 
> >
> >
> >
> > Thank you. 
> >
> >
> >
> >
> >
> > Thank you,
> >
> > Gregory S. Croft