|
Tremblay posted:It really depends on what other things CM data is used for. Peer reviews are common sense, a second set of eyes doesn't hurt when you are talking about changes that are more significant than code upgrades and reconfiguring user ports. This is the correct answer. You absolutely want review for anything that is either not a routine item and/or could be cause an outage. Our process goes usually like this -Submission (from client or internal) -Review phase to assign to relevant teams, gather additional data if needed, format request into the standard CR layout if not already (easier if you have a tool, this is REALLY important and useful if you find the need to search through old CRs) -All commands to be entered documented down in the comments/notes before approval will be done (The only roles to not have shared are reviewer and approver for any CR) -Approval -Implement It's really not as much overhead as it seems, we get about 15-20 non routine CRs a day and complete 98% of them in under 6 working hours average with it being only medium priority on the tasking list below 2-3 major projects at any time. That's with a 4 man team, and 2 of us barely do anything with CRs anymore. Slickdrac fucked around with this message at 09:40 on Jan 22, 2016 |
#
?
Jan 22, 2016 09:38
|
|
|
|
| # ? May 11, 2024 13:45 |
|
|
Tremblay posted:It really depends on what other things CM data is used for. Peer reviews are common sense, a second set of eyes doesn't hurt when you are talking about changes that are more significant than code upgrades and reconfiguring user ports. Slickdrac posted:This is the correct answer. You absolutely want review for anything that is either not a routine item and/or could be cause an outage. Exactly. We aren't looking to peer-review/CCB every change on the network, just a specific styles of changes that have varying degrees of potential impacts.
|
|
#
?
Jan 22, 2016 13:05
|
|
|
I work for a small company that recently had a Security Risk Assessment done, and one of their recommendations was to install a higher-grade firewall. IT stuff generally falls in my lap, but I am by no means an expert - so please let me know if I am over my head here. We currently have a Asus RT-N66U running Tomato as our main router. The SRA recommends: quote:Purchase a HIPAA grade firewall with Intrusion Prevention System, SSL VPN, , application scanning, antivirus gateway, and a Syslog file export to an external syslog server. Example: Cisco ASA5506-x, McAfee s1104, SonicWall TZ 500 with antimalware and Intrusion Prevention System. I've looked into the Cisco ASA 5506-X but I have no idea what I am looking at, and every guide assumes some level knowledge. So my quick list of questions:
Of course the security company that did the SRA offered to set this all up for $$$, but we need to do this as cheap as possible.
|
|
#
?
Jan 22, 2016 20:14
|
|
|
Firepower is their IPS. Yes, you need the subscription. It is mostly set and forget. Config is not bad. As the owner of a bunch of ASAs I'd look hard at Palo Alto instead. KS fucked around with this message at 20:43 on Jan 22, 2016 |
|
#
?
Jan 22, 2016 20:37
|
|
|
Partycat posted:QoS internally is what we are referring to. Your border firewall has nothing to do with that. voice/video need QoS rules in place on your internal switches (packet marking and traffic policing) to ensure that your comms get through and are not butchered up by oversubscribed interfaces. Most of the time things will work fine since voice is low bandwidth but bursty traffic like file transfers and that can crush a shared interface and break something. Partycat posted:The reason you would get a dedicated circuit for SIP is so that you can have QoS to your provider. As you note, you can shape and enforce to the edge and bounce off to discount whatever VoIP provider, but on a SMB type circuit, you may be not given guarantee that it won't be oversubscribed on their end. Circuit costs are going to be non zero that's for sure, so, if your ISP offers you the ability to get VoIP service on the same transit that you're using for data access, that would solve your quality problem as long as you police traffic appropriately on your end. To put this into perspective here's two examples: One customer in CA has a conference-sharing system similar to go2meeting that's operated by a vendor that's located in PA. The software is very sensitive to latency and jitter, and drops connection or stutters with latency > 500ms. Ping from on-site to the vendor's colo is 200ms one-way. Devops bro in San Francisco has an AWS instance in Singapore, and can't figure out why his 100mbit connection only gets 7mbps transfers. Meanwhile an AWS instance that's in WA gets 95mbps transfers. Partycat posted:I have no comment on the UBNT VoIP system, I have not used it. Partycat posted:The Cisco rep should be able to get you a price on licensing and maintenance for roll-your-own VM or a Business Edition if you want to run their solution. Then, if you don't want to upgrade, you just stop paying maintenance. You just get no patches or anything that way. Also you buy it all again when you want to upgrade in several years. Partycat posted:If you get under the hood and start tinkering with things in the dial plan, or start running half-assed open source modules for fax Partycat posted:and conferencing that aren't fleshed out, then it can fall apart. There is a reason business pay big bux. Partycat posted:Regarding video conferencing, a video call is the same as a voice call in the SIP world, it is just additional media that flows using a different set of advertised capabilities. Partycat posted:If you're operating on a shoestring budget there is a lot of time and effort that is going to go into trying to provision something that is competent and capable. I really apologize in advance if this comes off way too arrogant but, you're talking like I did 5 years ago, and it sounds like you really need a bit of help and study before you go forward. 100% agreed. Panda Time should probably hire some consultants who have a verifiable background doing what he needs, and make sure his VPs clearly define the project scope before any money is spent. This is a recipe for burning cash as features creep out of control.
|
|
#
?
Jan 22, 2016 21:21
|
|
|
KS posted:It is mostly set and forget. Not if you want to actually get much use out of it as an IPS. But I agree that you shouldn't use Sourcefire/FirePOWER if you don't have a dedicate security guy. Go Palo instead.
|
|
#
?
Jan 22, 2016 21:28
|
|
|
Thanks, guys. You're correct we don't/won't have a dedicated IT/Security guy. What differentiates Palo Alto from my other options? Just easier to use/setup or auto-updates?
|
|
#
?
Jan 22, 2016 23:17
|
|
|
sbyers77 posted:Thanks, guys. You're correct we don't/won't have a dedicated IT/Security guy. I´d say go with Watchguard or something similar that is more oriented towards the SMB market or buy it as a service. A huge number of all security breaches are caused by misconfigurations. Palo Alto sells mediocre security at a ludicrous price to its loyal fans. I love the following quote; "If your security vendor spends more on marketing than R&D, they're a marketing company." - Greg Young, Gartner. Would you trust a security vendor that has the following in its EULA? code:ior fucked around with this message at 23:47 on Jan 22, 2016 |
|
#
?
Jan 22, 2016 23:38
|
|
|
What's your budget for this project? Palo Alto is good but their poo poo is going to seem unimaginably expensive to an SMB used to running an Asus home router as their gateway.
|
|
#
?
Jan 22, 2016 23:41
|
|
|
we use fortigates with bai or whatever they are called today for IDS monitoring. FortiOS is pretty intuitive, and has an excellent gui if that is your thing.
|
|
#
?
Jan 22, 2016 23:56
|
|
|
Docjowles posted:What's your budget for this project? Palo Alto is good but their poo poo is going to seem unimaginably expensive to an SMB used to running an Asus home router as their gateway. $500 is comfortable, anything under $1000 is doable. I don't think boss-man would be happy anything more than that unless its easily justified (he was very put-off by the SRA guy just telling scare-tactic stories and giving over-the-top recommendations). If I need licensing or subscription anything more than ~$200/yr is going to raise some eyebrows. If there is a better thread to take this conversation to just point me in the right direction since this is getting less Cisco specific.
|
|
#
?
Jan 23, 2016 00:06
|
|
|
sbyers77 posted:$500 is comfortable, anything under $1000 is doable. I don't think boss-man would be happy anything more than that unless its easily justified (he was very put-off by the SRA guy just telling scare-tactic stories and giving over-the-top recommendations). If I need licensing or subscription anything more than ~$200/yr is going to raise some eyebrows. Have a look at http://www.guardsite.com/ There you should be able to find some hints about pricing for the different sizes of appliances. (I have NO affiliation with either guardsite or Watchguard, I work for a different vendor in the high end part of the market)
|
|
#
?
Jan 23, 2016 00:36
|
|
|
sbyers77 posted:I work for a small company that recently had a Security Risk Assessment done, and one of their recommendations was to install a higher-grade firewall. An interesting note from the pfSense team on compliance issues: quote:Prospective pfSense users commonly inquire about the ability to meet security requirements applicable to their specific environments. Some of those include PCI, SOX, GLBA, HIPAA, amongst numerous other similar regulations for publicly traded companies, financial institutions, healthcare institutions, and others.
|
|
#
?
Jan 23, 2016 00:58
|
|
|
adorai posted:we use fortigates with bai or whatever they are called today for IDS monitoring. FortiOS is pretty intuitive, and has an excellent gui if that is your thing. FortiOS is far from intuitive. We have hundreds of Fortigates, and after how they've handled the FM login security issue I have no trust in their products.
|
|
#
?
Jan 23, 2016 01:12
|
|
|
We had PaloAltos at the office but when we tried to use them with IPv6 they poo poo the bed by dropping packets all over the place. That was two years ago and I haven't caught up but is their v6 support any better?
|
|
#
?
Jan 23, 2016 16:17
|
|
|
sbyers77 posted:$500 is comfortable, anything under $1000 is doable. I don't think boss-man would be happy anything more than that unless its easily justified (he was very put-off by the SRA guy just telling scare-tactic stories and giving over-the-top recommendations). If I need licensing or subscription anything more than ~$200/yr is going to raise some eyebrows. sbyers77 posted:If there is a better thread to take this conversation to just point me in the right direction since this is getting less Cisco specific.
|
|
#
?
Jan 23, 2016 21:29
|
|
|
CrazyLittle posted:The handoffs between transit (ie where Zayo meets ATT meets Level3 meets Cogent meets Verizon and especially international) are frequently points of bandwidth contention, and can easily mangle your RTP streams. At one point in recent years Zayo had a total of 40gb of transit into San Francisco down the peninsula to San Jose, and no other/additional links out. As soon as anyone in the city had a flood of traffic (DDoS etc) all Zayo customers would be dead in the water. So there are distinct advantages to being as few hops from the PSTN as possible. Yes, this is true, though what I'm saying is that if you can pay a couple of $ more in usage a month to run on your circuit, say, if you had Level 3 as your ISP, since you'd maybe be overprovisioned on phy anyways, then you can do that rather than get another circuit or line in the place. #1 place to shop for reliable phone service is not gooogle.com, that's for sure, but there are other options. Some companies this doesn't work for, like, Verizon, where there are many "Verizons" internally. CrazyLittle posted:It's ungood. I cannot recommend it, and UBNT themselves have stated that they're dropping all support and development for their own PBX side projects, and that the UniFi VoIP products will be retooled for use with other PBX vendors, where the UniFi controller will only handle configuration management. TBH the actual unified communications manager isn't that far off from Trixbox in how it is organized and how it functions. Endpoints, trunks, DIDs, routing, these things are all as expected. If you are running multiple vendors endpoints, it is annoying to get things working sometimes. It has come a long way from what it was and is generally more usable now than ever before. CrazyLittle posted:Don't use fax over VoIP links. T.38 fax over IP suppport is poo poo with heavy caveats depending on the fax modem in the end-device. Get a normal POTS phone for fax service or use an eFax service instead. Having one POTS red-phone on site is always a good idea for 911 etc. I don't think this is 100% true, but this is one of those things where the need to solve this problem 100% isn't there, so, it's not really done well. You can fax over VoIP all day when you're running g711a/u between devices using a reasonable ATA. You can fax when you have BRI/PRI outbound and you run it as audio through your system and out. It is sensitive like RTP anyways, and some ATAs are garbage and mangle it. Where it does not work is when you have compression, or other disruptive elements in between. But, this works for us with ATA -> g711 -> PRI all day long. Same with credit card machines and some alarms. Some things get eaten by DTMF recognition, or relay functions. T.38 is serviceable but not usually from the gateway to some MFP but in the background between ATAs. For one machine it may not be worth doing this, but it can scale alright when you have many machines. In the scenario where we started this with bargain basement everything, I picture a $19.99 Brother fax with a grandstream cheapass ATA going to some internet remote ITSP. Then, yeah, it may not work well. The trouble is that it may not be 100% reliable and you can do nothing about it, when you create this problem by relying on it. I've actually had really good luck with whatever free DSP fax comes with the Trixbox liveCD. Having a pots line for 911 at most facilities is standard, usually it's there for an alarm as well. CrazyLittle posted:Do use/build/buy a conference bridge. Don't try to do large conference calls with 3-way calling since it will introduce massive delays between the users on the end of the chain. Depends how this is done, and the system, but, yeah, it's not great to chain up people onto conference. With Cisco's stuff your three-way uses the built in bridge on the phone. Beyond that it actually pulls in a system conference bridge. For voice. For video, there are a couple of devices which I believe now work similarly with "personal multiparty conferencing" but they want you to use a bridge for pretty much anything. CrazyLittle posted:That's kinda oversimplified. Well, that was the point I guess that it doesn't have to be super complex for it to be an issue, if you're approaching things from a building blocks methodology. I can place a SIP video call that goes out my PRI service to another ISDN data capable station and it can work, but, I believe (and this is why I stay off the /r/VoIP reddit because of the asterisk dorks) most of the time these questions come from SMB type persons, someone who has an idea, and doesn't really get all the parts right out of the gate. Then someone has them buy cheap rear end old grandstream or Linksys phones, load trixbox/freepbx on something, and get SIP service from an internet based reseller. And it works, just not the same as all that other expensive stuff does. However having used various key systems, those don't always work well either. What's consistent is voice quality, and even cellular voice quality has improved to the point that compressed audio will be tolerated, but, broken janky audio will not. That's a lot easier to run into as a problem anonymous SIP trash and underpowered hardware than it ever would have been even with the most lovely shoebox PBX from the 80s or 90s. Video has always been interesting, but it represents a spendy area in business now. A lot of "cloud" vendors are selling conference services which do not account for the quality of the experience because of all the things between them and you. Similarly, there is a bunch of spending going on where you can do teleconferencing correctly now, and just as much with a webcam and a lovely smart TV that people expect to look like the war room - and it won't. That part annoys me to no end, that a properly built out system with its pieces and parts is going to work better than 15 different cloud/web/bullshit things that are either inadequate for the intended usage, or are part of another system that never gets fully fleshed out. I think I can actually say I've been working with telecom and data equipment now for about a decade, and I'm learning more now than ever before, built on the blocks and foundation from where I started. For the post that we started responding to on the other page, I would probably say, look, if your org is a cheap rear end you have to manage the expectation. I would look at a basic Asterisk key system with probably some analog lines, maybe move to SIP later on once that's been fleshed out, and stick with "cloud" for a video experience. Once you get into wanting to set up a really impressive video conferencing solution for a room, the materials will be there from whatever vendor, and you'll be armed with the knowledge you picked up along the way to sniff out the bullshit that is rife in this industry, so you make the right decisions.
|
|
#
?
Jan 25, 2016 05:30
|
|
|
sbyers77 posted:$500 is comfortable, anything under $1000 is doable. I don't think boss-man would be happy anything more than that unless its easily justified (he was very put-off by the SRA guy just telling scare-tactic stories and giving over-the-top recommendations). If I need licensing or subscription anything more than ~$200/yr is going to raise some eyebrows. Since no one mentioned them yet. You can have a look at the Juniper SRX series, the lower end of the spectrum might fall in your price range.
|
|
#
?
Jan 25, 2016 08:04
|
|
|
In prime collaboration there are some config screens with dozens of check boxes but no "select all" option. Come on man.
|
|
#
?
Jan 25, 2016 17:00
|
|
|
Bigass Moth posted:In prime collaboration there are some config screens with dozens of check boxes but no "select all" option. Come on man. 'Select all' is a part of the LSM (Large Scale Management) license. You need to order L-PC-B-LSM-500 or higher. The number indicates how many times the license will allow you to use the select all option. Fortunately the count itself it honor based so once you have it, go wild. 
|
|
#
?
Jan 25, 2016 17:54
|
|
|
I don't know if you're serious or joking, but I was doing ciscos partner education test and that option was not there.
|
|
#
?
Jan 25, 2016 18:06
|
|
|
Bigass Moth posted:I don't know if you're serious or joking
|
|
#
?
Jan 25, 2016 18:55
|
|
|
Bigass Moth posted:I don't know if you're serious or joking, but I was doing ciscos partner education test and that option was not there. Fortunately it´s a bad joke. Kind of scary that it could be true though. Thanks Ants posted:
Exactly!
|
|
#
?
Jan 25, 2016 20:38
|
|
|
Partycat posted:*a very good post* Partycat posted:(and this is why I stay off the /r/VoIP reddit because of the asterisk dorks) most of the time these questions come from SMB type persons, someone who has an idea, and doesn't really get all the parts right out of the gate. Then someone has them buy cheap rear end old grandstream or Linksys phones, load trixbox/freepbx on something, and get SIP service from an internet based reseller. And it works, just not the same as all that other expensive stuff does. Partycat posted:I think I can actually say I've been working with telecom and data equipment now for about a decade, and I'm learning more now than ever before, built on the blocks and foundation from where I started.
|
|
#
?
Jan 25, 2016 21:04
|
|
|
Bigass Moth posted:In prime collaboration there are some config screens with dozens of check boxes but no "select all" option. Come on man. You only want to use the "uninstall" button, especially with Prime Collaboration Assurance, or "Prime rear end" as we have been calling it. The partner's lab we looked at made it look slick when you click through all the charts and graphs at the Cisco recommended unable-to-actually-see-what-it-is speed, but it pretty much garbage. What I give it, is if you have no LMS or if you are deploying your own infra into someone else's environs, you can use it a quick network monitor. The licensing model is just the razor blades on the sundae of that thing. Probably going to demo Collaboration Provisioning Standard which looks more reasonable.
|
|
#
?
Jan 26, 2016 01:12
|
|
|
Sprechensiesexy posted:Since no one mentioned them yet. You can have a look at the Juniper SRX series, the lower end of the spectrum might fall in your price range. Please no.  Trying to diagnose any network issues on Junipers is awful. They have a shell you can drop in to but you can't tcpdump data plane traffic. You have to rely on stateless ACL's and export the pcaps. 
|
|
#
?
Jan 26, 2016 04:03
|
|
|
Partycat posted:You only want to use the "uninstall" button, especially with Prime Collaboration Assurance, or "Prime rear end" as we have been calling it. The partner's lab we looked at made it look slick when you click through all the charts and graphs at the Cisco recommended unable-to-actually-see-what-it-is speed, but it pretty much garbage. What I give it, is if you have no LMS or if you are deploying your own infra into someone else's environs, you can use it a quick network monitor. The licensing model is just the razor blades on the sundae of that thing. Probably going to demo Collaboration Provisioning Standard which looks more reasonable. Unfortunately I need to know it for the ccnp but I don't see many real life uses and I don't think our company uses it for anything.
|
|
#
?
Jan 26, 2016 13:00
|
|
|
Prescription Combs posted:Please no. How is this different / worse than other vendors ? Also all firewaslls are the worst.
|
|
#
?
Jan 26, 2016 18:31
|
|
|
Sprechensiesexy posted:Since no one mentioned them yet. You can have a look at the Juniper SRX series, the lower end of the spectrum might fall in your price range. I've done a few deployments in the past with a fully licensed (AV/Webfilter/IDP) up SRX110 and having its logs sent to a free splunk server instance for reporting/troubleshooting for a SMB. Only issues with the Junipers is that the GUI isn't that good so if you're not familiar or good with the CLI you're going to have a hard time getting them up and running properly.
|
|
#
?
Jan 26, 2016 23:39
|
|
|
falz posted:all firewaslls are the worst.
|
|
#
?
Jan 27, 2016 00:29
|
|
|
hanyolo posted:I've done a few deployments in the past with a fully licensed (AV/Webfilter/IDP) up SRX110 and having its logs sent to a free splunk server instance for reporting/troubleshooting for a SMB. Only issues with the Junipers is that the GUI isn't that good so if you're not familiar or good with the CLI you're going to have a hard time getting them up and running properly. I never use the GUI personally. We just have a tool that will vomit out ready to use configs and the CLI is quite nice once you get the hang of it. Nothing but love for the commit confirmed command.
|
|
#
?
Jan 27, 2016 10:36
|
|
|
The NGFW space is weird at the moment because all the products seem to be held together by gum and shoestring despite the fact that they are some of the most critical infrastructure in any business. In any vendor's line-up you see a whole suite of cool features but then there's a huge BUUUT at the end. Like, "BUUUUT our management interface is a decade old and can only run on windows" or "BUUUUT all these performance numbers are based on 1500 byte udp frames from a thousand different sources downwind in dry conditions", or who could forget "BUUT keep in mind doing a signature update takes 40 minutes and there is no loading bar or indication of progress, also sometimes it wont work for no reason"
|
|
#
?
Jan 27, 2016 13:47
|
|
|
falz posted:How is this different / worse than other vendors ? Also all firewaslls are the worst. It's not bad once you learn each vendors quirks. From experience with PIX/ASA/FWSM/Fortigate. I have a hell of an easier time with Cisco, but thats largely due to my experience with the platform.
|
|
#
?
Jan 27, 2016 21:30
|
|
|
Our third-party IT company--who handles all of our higher-end networking--is telling me I don't need to change anything on our ASA 5505 to run it with AnyConnect instead of the Cisco VPN Client that we're currently using, that all I need to do is download the AnyConnect Client, and we're good to go. Is that accurate?
|
|
#
?
Jan 27, 2016 23:08
|
|
|
Thanatosian posted:Our third-party IT company--who handles all of our higher-end networking--is telling me I don't need to change anything on our ASA 5505 to run it with AnyConnect instead of the Cisco VPN Client that we're currently using, that all I need to do is download the AnyConnect Client, and we're good to go. Is that accurate? It depends! (on the software version your 5505 is running) Hopefully they are competent enough to know which one is which.
|
|
#
?
Jan 27, 2016 23:11
|
|
|
 Partycat/CrazyLittle/Fatcow   bless you dudes, thanks.CrazyLittle posted:As for the voice-only portion, you should shop around your sip providers to see who has their media proxy closer to you hop-wise. If you can't find a sip provider adjacent, that's when you start looking at direct links. Our building had both a smaller localized ISP and Zayo already in our MPOE, and pricing aside, I assumed the local ISP had higher risk for potential downtime and less re-routing options available if part of their network or peering handoffs went down? Plus it looks like Zayo owns a sub-company that offers SIP service, and there's a few local 3rd party SIP trunks in our city. I'll try a SIP-SIP x-lite/bria test once we have our new ISP up, thanks for that. PBX game plan might wait for a few months. For video/screen sharing/conferencing we'll probably just test bluejeans and if that meets quality standards of the VP as it seems like it gets the job done and is usable easy to deploy. CrazyLittle posted:100% agreed. Panda Time should probably hire some consultants who have a verifiable background doing what he needs, and make sure his VPs clearly define the project scope before any money is spent. This is a recipe for burning cash as features creep out of control. The funny part about all of this is that this company is willing to pay video editors around ~$2000/week and yet everything else is done via intern slave labor and shifting responsibility of 2 people onto one and "weekly" rates with workloads that leave most people here for 50-60 hours a week. They left everything to the last minute for the new build out. I looked at the floor plan and apparently they started designing the floor space in April and yet only by November did they finally dumped the whole project onto our ground floor middle manager guy who should be focusing on his already over burdened normal workload. And than we have "the consultant" who knows a threshold of technical jargon and buzzwords and is comically inept ( more than me  ), and only really here due to nepotist ties. I'll spare the details but he basically only knows how to call vendors and share bids. He's constantly just spewing technical jargon for the hell of it and the best he can come up with is "name brands are good". When sourcing the Cat6 contractors he only dealt with one who won the bid because they were a few thousand under the other contractors but now of course they're adding on all sorts of poo poo like "oops we didn't anticipate these cable runs being so long even though we had the floor plans and a site survey so we're going to have to charge for the extra cable" and "we thought that was the general contractors responsibility, we can do this for $2000". I'll add that it was my first time dealing with contractors but I know enough to at least toss their itemized bids at each other to get call outs on what needs to be done and what might be missing or undisclosed to hide the costs of the job. Light Source 1 was brilliant at calling out all these details. I wouldn't be the least surprised if the contractor who undercut both LS1 and SS is using cable pillaged from old sites.The company brought on a new financial bureaucrat guy who seems savvy and reasonable and though some magic it seems like we may be able to actually weigh our options beyond "get the cheapest poo poo possible that functions". With that being said.. I'm now planning on demoing some Ruckus R600 "unleashed". Their phone rep was cool and digging through the Ruckus forums seems like things are already covered concerning issues with Apple devices having weird sticky WiFi issues that can be kinda resolved with RSSI/manual channel settings and disabling a/b/g (although gently caress if the inevitable someone comes in with an old iPhone/netbook). Juniper EX3300's look nice. Cisco 2960's are expensive and stack modules are $500 vs Junipers virtual chassis done via SFP+. I was looking through http://fs.com and it looks like a SFP+ DOM LS 1310 fiber module is only $30.. would there be any reason not to use OM4 and 1310, even for a 1 meter patch? Now that we have a few 10G pipes, I'm hoping to get the company to buy a 10G SSD server and switch(s) at some point in the next year or two.. Cisco SG350XG 24 actually seems to be less expensive than the Juniper EX4500 for full 10G. Computer Serf fucked around with this message at 02:20 on Jan 28, 2016 |
|
#
?
Jan 27, 2016 23:47
|
|
|
If you want to do a short patch then use an SFP+ DA cable.
|
|
#
?
Jan 28, 2016 00:16
|
|
|
abigserve posted:The NGFW space is weird at the moment because all the products seem to be held together by gum and shoestring despite the fact that they are some of the most critical infrastructure in any business. In any vendor's line-up you see a whole suite of cool features but then there's a huge BUUUT at the end. Like, "BUUUUT our management interface is a decade old and can only run on windows" or "BUUUUT all these performance numbers are based on 1500 byte udp frames from a thousand different sources downwind in dry conditions", or who could forget "BUUT keep in mind doing a signature update takes 40 minutes and there is no loading bar or indication of progress, also sometimes it wont work for no reason" The only caveat I've found with PAN is that the forwarding throughput goes down the more inspections you do. It could potentially drop as much as 50% from the spec but to be fair these NGFWs are doing an awful lot at that point.
|
|
#
?
Jan 28, 2016 00:50
|
|
|
1000101 posted:The only caveat I've found with PAN is that the forwarding throughput goes down the more inspections you do. It could potentially drop as much as 50% from the spec but to be fair these NGFWs are doing an awful lot at that point. I feel that's true of any device, really.
|
|
#
?
Jan 28, 2016 02:45
|
|
|
|
| # ? May 11, 2024 13:45 |
|
|
Panda Time posted:I was looking through http://fs.com and it looks like a SFP+ DOM LS 1310 fiber module is only $30.. would there be any reason not to use OM4 and 1310, even for a 1 meter patch? ragzilla posted:LX/LR transceivers can be safely used on short patches. It's only ER/ZR/LX that have a minimum distance. Thanks Ants posted:If you want to do a short patch then use an SFP+ DA cable. This, or use multimode optics for 10gig (10g-SR, 850nm) CrazyLittle fucked around with this message at 05:30 on Jan 28, 2016 |
|
#
?
Jan 28, 2016 02:46
|
|