SSL interception was the most painful -- PaloAlto finally confirmed it as a bug in 3.1.9, havnt upgraded yet. it basicall eats ssl traffic sporadically.
had another issue during go-live where a "commit" caused the box to crash (3.1.9) and anothere during that same week where a malformed ssl packet crashed the dataplane. all cases involved significant interruptions because most did not trigger ha-related failovers. palo also support was extremely slow in all cases weve had and from that perspective alone i would not put all of my eggs into it. great box for web filtering from a feature perspective, but my bluecoats were much more stabile in their 4 yr life than the first 2weeks on our 2050s david. Sent from an email server. On Dec 8, 2011, at 10:11 AM, "Gregory Croft" <gcr...@shoremortgage.com> wrote: > What kind of Bugs are you running into? > I have two PA500's at the moment and haven't really had any issues with > web filtering. > > > > Thank you, > Gregory S. Croft > > -----Original Message----- > From: David [mailto:da...@davidswafford.com] > Sent: Thursday, December 08, 2011 9:50 AM > To: Gregory Croft > Cc: <nanog@nanog.org> > Subject: Re: BGP and Firewalls... > > I wouldn't do it. We have 8 x PA-2050s and run into a lot of wierd > bugs.... (just doing web filtering) > > David > > Sent from an email server. > > On Dec 7, 2011, at 12:31 PM, "Gregory Croft" <gcr...@shoremortgage.com> > wrote: > >> Hi All, >> >> >> >> Does anyone have any experience with using firewalls as edge devices >> when BGP is concerned? >> >> Specifically the Palo Alto series of devices. >> >> >> >> If so please contact me off list. >> >> >> >> Thank you. >> >> >> >> >> >> Thank you, >> >> Gregory S. Croft >> >> >> >> >>
