You've all been there, right? It's now time to have some fun sharing... Where is the craziest place you’ve had to deploy a Next-Generation Firewall (NGFW)? And – does that bring to mind any NGFW deployment tip to share?
Location: Installed an evaluation for a coal export terminal customer one day in the middle of nowhere. Customer enabled SPAN/TAP on their old 3750 and brought the entire port system down.
Tip: Don't enable SPAN/TAP on old Cisco 3750 switches. Use VWire instead, and the result will still be amazing and the customer will gain the required visibility.
Location: Small branch Offices with CISCOs ASA, migrate to PA-2XX series
Tip: I dind't use the migration tool for cisco FWs, I created a new configuration or Panorama templates/device configuration stacks, is by far better and faster than migrating all kind of rules, good if you have a lot of objects and subnets. Palo Alto firewall makes implementation way easier.
Thanks for all your responses. We loved reading them, globetrotting with you, and sharing a few good laughs along the way. We've compiled all your answers here, Craziest firewall deployment, so that others may enjoy your travels and tips and be inspired...or at least amused. :-) Thanks again!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!