Every firewall vendor I have dealt with always seems to have their own interpretation on how IPSEC is supposed to work. I suspect the other end of the IPSEC tunnel is expecting one tunnel per subnet pair which is a pretty standard way of doing it in my IMO. If it works on *sense and Sophos ok, they might be hiding the fact that it is what they are doing.
docs.netgate.com
Building own router - pfsense vs openwrt vs ?
- Thread starter Hades
- Start date
It’s NSX-T. And it’s configured with other tunnels with multiple pairs.
Certainly be interested to see who it evolves under new ownership. Start retention was mentioned on one of the other groups, so I had a look on LinkedIn and sure enough people departing. However I also get that when companies are taken over there will be a duplication of roles, so staff will leave / be let got etc.
I asked about Arista resellers in the UK re the switch line too, just got pointed to the arista.com website. I gave up and looked at other options.
So I had a chat with our support ‘handler’ and they basically said that some staff with share options took the opportunity to take a huge amount of money and go off and do something else/retire, that some just didn’t want to work for a mega-corp and left and some people were leaving anyway and were part way through their notice period when the acquisition was announced. So from that I’d assume they lost some original talent, some long standing staff and some that were leaving anyway.
Obviously it doesn’t change the software that is in release right now, and given that it is, and always was, a repackaging of existing (often open-source) security technologies into a pretty shell I doubt much will change in the short term. If it all goes bad then I’ll rip it all out and sell my customers something else. I always tell every customer that there is no such thing a future-proof and they should buy a system that does what they want for today and that the top-end stuff today will be worthless junk in 3 years time. And they still buy it. WhooHoo!
As for not being able to get Arista switches in the UK, just Google “Arista Switches UK” and a dozen resellers will pop up. Why you would want to pay corporate money for a new switch for home/small business beats me though. The big IT departments get massive discounts on the list prices but the likes of you and I will still be paying over the odds for features like redundant power supplies and stacking that we’re very unlikely to ever use.
Makes sense re the staff departures etc. As you say will watch what happens and worst case people switch to an alternate solution. I'm sure as ever there is plenty more market consolidation to come.
I was enquiring on a particular model of switch, not their big data centre range of switches etc.
Try Broadberry. We sometimes get Supermicro stuff from them if Senetic don't have what we need.
Will have a look and drop them a message. I was on their site yesterday looking at SuperMicro 1U short depth servers. Cheers
With IPsec I always (well, at least when the platform has it as an option) make a tunnel with virtual interfaces and then control what traffic goes through it by creating route policies. And use IKEv2 all the time now.
It means I can add subnets at either end of the link without having to touch the VPN configuration or even bring it down, and can move to a routing protocol if I fancy it.
It means I can add subnets at either end of the link without having to touch the VPN configuration or even bring it down, and can move to a routing protocol if I fancy it.