Registered: 1451917644 Posts: 142
Reply with quote #1
REALLY hate Cisco. The ASA product line SUCKS. There are so many differences from one model to the next. Documentation is horrible. Why does a lower level product support VLAN's but a higher level product does not? THEY CHARGE A FREAKING FORTUNE FOR EVERYTHING. Licenses, licenses, licenses!!! Command line is HORRIBLE. They use Java of all things for their management app. BAH!! I honestly cannot believe they are number one. How did this happen? I can't wait to get this shitty 5508-X out of my face so I can go back to the comfortable embrace of my Juniper SRX machines. Author's Note: This post in no way diminishes my love for Todd Lammle. The man is awesome-sauce and I consider him a friend. JamesNT __________________ I miss Windows NT 4.0 Service Pack 4.
Registered: 1451586584 Posts: 227
Reply with quote #2
Knowing how to configure a PIX 550 was big bucks.
The cisco consultants in San Diego charged 2200 bucks a day. If that day was an hour, it was still 2200 bucks. You can see why I learned as much as I could. I did not charge that but I made a decent bit of coin while installing and configuring the pix for Microsoft apps. But it was hard. I did it w/o a GUI. So if the IOS is still like that I know what you mean. __________________ Curt Spanburgh
Still Checking the Forum Out
Registered: 1451989658 Posts: 4
Reply with quote #3
I normally hear complaints that there are not enough differences between different models to differentiate them.
If I was to address your other key points in turn: "Documentation is horrible." Not sure what source you are using but Cisco's own website (in particular, here: http://www.cisco.com/c/en/us/support/index.html) is one of the best vendor documentation repositories available. I've yet to not find the relevant piece of information on there and their config guides and Cisco Validated Designs (CVDs) are spot on. It is such a large "Why does a lower level product support VLAN's but a higher level product does not?" The 5505/5506/etc models are aimed at SOHO environments and use a built in switch, hence you configure VLANs on the ports and SVIs for those VLANs. The higher end models are not targeted at SOHO environments and hence don't bundle the switch in to the firewall chassis i.e. it assumes a separate switch(es) will be used. You can still use VLANs, you just trunk them up to the firewall on subinterfaces of a physical interface e.g. Gig0/1.234 for VLAN 234. This is effectively a firewall on a stick configuration. "THEY CHARGE A FREAKING FORTUNE FOR EVERYTHING". They produce enterprise grade equipment, which comes with something like a 70%+ markup for them. Not bad profit for hardware. Yes, its expensive, but the old adage 'nobody got fired for buying Cisco' holds true. "Licenses, licenses, licenses!!!" I come out in hives thinking about any kind of licencing so completely agree with you on this point. "Command line is HORRIBLE." It's just a learning curve. I use the CLI everyday and have not used the ASDM in years. Can script things so much easier, replicate to other devices, do compares etc. It's very easy when you are working on it more often. "They use Java of all things for their management app. BAH!!" Yes, the irony of using Java on a security device. Lol "I honestly cannot believe they are number one. How did this happen?" Because it works and most network engineers can talk Cisco. Most other vendors use some flavour of Cisco type commands because they know this and are looking to make the migration path as painless as possible (save for Juniper who, despite me finding their way of doing things alien, I can see the cleanliness of it). Dell, Arista, all easy for me to play with as its so Ciscoesque.I would offer the following advice. Don't dismiss what you don't immediately understand. There aren't millions of engineers thinking the same way as you, otherwise Cisco would not be in the market position they find themselves in. Embrace the new learning opportunity. ;-)
Registered: 1451917644 Posts: 142
Reply with quote #4
I'll agree with your points. Yes, it's all just a learning curve and, yes, I'm being difficult about it. The market votes with its dollars and those votes count. Cisco didn't become number 1 by accident. However, I will further empower the point you made about Juniper: They have a Cleanliness to their approach that cannot be dismissed. The hierachiel approach they use is awesome. Dividing things out into stanzas is like making poetry. I'll just have to keep going with Cisco until I get it. And, to once again empower something you said, this is a learning opportunity. Imagine applying for a job and being able to say, "Yep, I do Cisco and Juniper!" JamesNT __________________ I miss Windows NT 4.0 Service Pack 4.