#arpnetworks 2018-05-04,Fri

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)

WhoWhatWhen
up_the_irons2anyone have any good / bad experience with Palo Alto Networks firewalls? [00:29]
***up_the_irons2 is now known as up_the_irons
up_the_irons is now known as Guest5143
[00:29]
pyvpxtheir appid is great
the VM is decently performant, but not vSRX level (which has great performance and decent but increasing app identification abilities)
the patching is never ending with PAN software.
I personally never got used to the way it deals with subnets, network objects, interfaces, etc. but, things like BGP and OSPF end up working, with all the fixings, once you figure out what knobs to turn. the documentation is Useful(tm) in that regard
I mean, I'd only not use an OpenBSD firewall if I needed the app ident stuff. otherwise it's just another packet filter with some routing daemons
[00:37]
.................................... (idle for 2h55mn)
mercutioapparently the edgerouter lite works with openbsd
i wonder what there is between that and a small PC
[03:36]
pyvpxyeah, the ERL is an octeon MIPS processor, and openbsd is somewhat actively developed on it. the downside is much of the ERL features are hardware accelerated, and that of course is a complete binary blob
you'd get better performace/watt out of a recent atom C27xx or similar
[03:42]
mercutioi didn't even realise that there was hw accel :)
you might be right there then.
the cool thing about stuff like erl is that they're physically tiny
but yeah normal intel cpus and form factors are getting smaller.
[03:43]
....... (idle for 33mn)
Guest5143pyvpx: what is their App-ID? (i see it in the product briefs, but no explanation on what it is!) [04:17]
***Guest5143 is now known as up_the_irons
ChanServ sets mode: +o up_the_irons
[04:19]
up_the_ironsmercutio: yeah the actual hardware version of their firewalls are hw accelerated [04:19]
OK I rtfm'd... App-ID looks interesting... [04:25]
pyvpxname is on the tin ;) fine grained application traffic identification
google hangouts traffic versus google mail traffic. if you're into that sort of thing.
vSRX has some similar features. not as finely grained last I looked at it a year+ ago
plus it's an additional licensing fee for vSRX
pan does it by default, but I think you need a subscription to some service to get regular (daily? weekly? i dont recall) updates.
[04:35]
fIorzi.e., the thing that QUIC will break for good? ;-) [04:43]
........... (idle for 50mn)
pyvpxwell, most of the useful app id is based on subnets and cert information [05:33]
.... (idle for 16mn)
***dj_goku_ has joined #arpnetworks
dj_goku_ has quit IRC (Changing host)
dj_goku_ has joined #arpnetworks
dj_goku has quit IRC (Read error: Connection reset by peer)
[05:49]
............................. (idle for 2h24mn)
jcv has quit IRC (Quit: leaving) [08:13]
jcv has joined #arpnetworks [08:25]
............................... (idle for 2h31mn)
toddf has joined #arpnetworks
ChanServ sets mode: +o toddf
[10:56]
toddf has quit IRC (Quit: leaving)
toddf has joined #arpnetworks
ChanServ sets mode: +o toddf
[11:09]
............................... (idle for 2h33mn)
erratic has joined #arpnetworks [13:42]
...... (idle for 26mn)
mercutioseems apu2 is better openbsd small hardware solution
intel ethernet with amd cpu and 6watt power
[14:08]
.................................. (idle for 2h46mn)
***toddf has quit IRC (Quit: leaving)
toddf has joined #arpnetworks
ChanServ sets mode: +o toddf
[16:55]
................................................. (idle for 4h2mn)
ziyourenxiang has joined #arpnetworks [20:57]
.... (idle for 17mn)
ziyourenxiang has quit IRC (Quit: Leaving) [21:14]
ziyourenxiang has joined #arpnetworks [21:25]
.................... (idle for 1h36mn)
toddf has quit IRC (Quit: leaving)
toddf has joined #arpnetworks
ChanServ sets mode: +o toddf
toddf has quit IRC (Client Quit)
toddf has joined #arpnetworks
ChanServ sets mode: +o toddf
toddf has quit IRC (Client Quit)
toddf has joined #arpnetworks
ChanServ sets mode: +o toddf
[23:01]
..... (idle for 23mn)
Hien has quit IRC (Ping timeout: 255 seconds)
Hien has joined #arpnetworks
[23:29]

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)