Comment Re:Balderdash, poppycock.. (Score 1) 414
I know this is opening a can of worms, but I got kharma to burn so why the heck not...
Disclaimer : I work for a company which deals exclusively with firewalls and internet security including integration of both Cisco and Check Point products.
If you have a few firewalls, knock yourself out with the CLI. If you have a massive enterprise setup where not only do you have tiers of individuals who control what rules do and don't get put on the firewalls, but you also have S/Ox compliance to think about then get yourself a GUI driven system with proper workflow management. I know you're proud of your Unix mastery and your CLI Jedi powers and all. But the only thing really accomplished by doing everything via CLI is that you make yourself the one guy who the company is screwed without. Great for your job security, horrible for the company.
The number of times I've had to spend hours, sometimes days, troubleshooting network integration issues with someone only to find that "Oh, when I was manually editing the config for one of our Ciscos I forgot to put this particular IP/port combo in an allow for the ACL" was the root of the problem is all I need to know to verify that a well written GUI, and well written graphical log/event tracker are essential to the large enterprise.