Bullshit, you obviously have never worked in a service provider network where you are protecting application DMZs for a couple score applications that can inter-work between each other and other pieces of your network. GUIs increase productivity, if we were managing all our firewall policies via command line we would need at least 30 more people on our staff. Even for me who can get upwards of 80 words per minute on a good day. It's a damn sight quicker to drag TCP-443 into a policy line than to log into a box, define TCP-443 with a name in syntax, then find the policy line via a crazy show command, and finally add that object to the policy line. Get real. GUIs despite being "lame" are useful for speeding up common tasks. -K
A company called Exaprotect, which acquired a company called Solsoft, made a pretty neat tool that visualized the network and you could put enforcement points onto a map based on topology and apply rules. My company uses the tool for some things in our network. It's an amazing tool once you get it up and running, but there is a level of effort and understanding of how the tool works that is involved. Sadly Exaprotect is making the tool End of Life because they didn't see enough demand/profit from it. The killer feature of it was that once you got a policy looking like you wanted, and you needed to add a subnet or host. You'd simply manipulate the object at that point in the topology then click on all the enforcement points involved (easy to do because it could track them down via the policy layout) and then click "Update Policy Enforcement Point". If anyone knows of a good replacement please let me know, we're looking for one as Exaprotect is killing this product. -K
Latency, Throughput and NO NO NO NO. Are you guys on crack? Latency is network based. Host to host. It takes 45ms for my packet to get from my computer to your computer. Throughput is network based. Host to host. I can achieve from my computer to your computer 1000 kilobits per second in throughput. Server level "latency" is some other crap, I'm sorry but us networkers REFUSE to accept your junky server problems as either latency or throughput, find new words server monkeys! Make em up! Here are some suggestions, processor bound response time, PBRT (latency for server geeks), processor bound data transfer PBDT (throughput for server geeks). Damn it server monkeys, get off my network! And stop blaming it for your latency and throughput whines! *Shakes cane* JB
It's not that one. It was stolen in 2000 and returned.