+ Reply to Thread
Page 2 of 3 First 12 3 Last
Results 26 to 50 of 73
  1. Senior Member Vask3n's Avatar
    Join Date
    Oct 2005
    Posts
    499

    Certifications
    ASA Specialist, CCNA Security, CCNA R/S , CCENT, JNCIA, A+, Security+, CST
    #26
    Thanks for the clarification everyone. It looks like for those of us who are already in the middle of NP Security will need to either scramble to finish all four before April which would be stressful or finish the current exam/exams we are working on and then switch over to the new version of the remaining ones. I'm interested in seeing some new OCG material come out for these new tests.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member geek4god's Avatar
    Join Date
    Aug 2010
    Posts
    186

    Certifications
    CCENT Network+ Security+ MCDST Mitel 5000 Mitel MCD
    #27
    Quote Originally Posted by docrice View Post
    Given the recent Sourcefire acquisition, I wonder if this will influence the IPS area...
    Yea, I have been wondering since they announced the Sourcefire deal how that would impact the Security certs in general. Will be interesting to see.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Dec 2011
    Posts
    330

    Certifications
    CCNP Collab, CCDP, CCNP R&S, CCNP V, CCP-N NetScaler, Net+, A+
    #28
    Quote Originally Posted by shodown View Post
    The security track seems to have the most changes. For those of us who work in VAR environments we see that cisco is loosing ground in security day by day. As Juniper VPN's, Palo Alto firewalls and other security appliances come forward cisco has to keep adapting to keep up. I honestly feel they are in a loosing battle in security.
    Agreed. Cisco's best security products are the Iron Port devices. The ASA is a great VPN concentrator but enterprise firewall? Not so much. Checkpoint and Palo Alto make real firewalls IMO. As far as Cisco IPS, I've never seen one so that's not a good sign they lead in that area either.
    Reply With Quote Quote  

  5. Senior Member RouteMyPacket's Avatar
    Join Date
    Aug 2012
    Location
    Dallas
    Posts
    1,077

    Certifications
    CCWKIA (Cisco Certified Wannabe Know It All)
    #29
    Quote Originally Posted by aaron0011 View Post
    Agreed. Cisco's best security products are the Iron Port devices. The ASA is a great VPN concentrator but enterprise firewall? Not so much. Checkpoint and Palo Alto make real firewalls IMO. As far as Cisco IPS, I've never seen one so that's not a good sign they lead in that area either.


    Please explain why the ASA is not a good enterprise firewall? There are differences between 5505, 5510, 5520, 5585 and now the X series.
    Reply With Quote Quote  

  6. Member
    Join Date
    May 2013
    Location
    Jülich, Germany
    Posts
    63

    Certifications
    ASC,CCNA R&S ,CCDA, CHFI, CEH, CCNA SEC, CCAI, CCNP R&S
    #30
    Code:
    The ASA is a great VPN concentrator but enterprise firewall? Not so much. Checkpoint and Palo Alto make real firewalls IMO
    This is something i cant understand...
    Cisco isnt easy: TRUE! Cisco isnt cheap: TRUE! BUT CISCO IS EFFECTIV! You will never get the speed that Asa is providing!
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Dec 2011
    Posts
    330

    Certifications
    CCNP Collab, CCDP, CCNP R&S, CCNP V, CCP-N NetScaler, Net+, A+
    #31
    Quote Originally Posted by Jobene View Post
    Code:
    The ASA is a great VPN concentrator but enterprise firewall? Not so much. Checkpoint and Palo Alto make real firewalls IMO
    This is something i cant understand...
    Cisco isnt easy: TRUE! Cisco isnt cheap: TRUE! BUT CISCO IS EFFECTIV! You will never get the speed that Asa is providing!
    But the management sucks. Sure ASDM has made strides but it's not great by no means.
    Reply With Quote Quote  

  8. Member
    Join Date
    May 2013
    Location
    Jülich, Germany
    Posts
    63

    Certifications
    ASC,CCNA R&S ,CCDA, CHFI, CEH, CCNA SEC, CCAI, CCNP R&S
    #32
    Why that? Oo

    At "mine" branch, we are using 2xAsa5585x! And with ASDM and a little bit of Cli we are using them without any problem!
    And saying that ASA isnt a enterprise firewall because of asdm etc is a little bit of unfair!
    Reply With Quote Quote  

  9. Audentis Fortuna Iuvat veritas_libertas's Avatar
    Join Date
    Feb 2009
    Posts
    5,654

    Certifications
    eCPPT, GPEN, GWAPT, GCIH, CISSP, CCNA (expired), MCTS
    #33
    Lack of Application "Layer-7" filtering makes it less than adequate in the world we live in. That's my main complaint. I would love to see Cisco embrace web application filtering.
    Currently working on: Resting
    Reply With Quote Quote  

  10. Senior Member Vask3n's Avatar
    Join Date
    Oct 2005
    Posts
    499

    Certifications
    ASA Specialist, CCNA Security, CCNA R/S , CCENT, JNCIA, A+, Security+, CST
    #34
    I think the main thing to remember about ASDM is that it's a direct extension of the CLI- every single option that shows up on the ASDM has a direct CLI equivalent (you can see this by enabling command previews before sending to device). Because of this, some of the options that appear on the GUI seem a little weird, redundant, or out of place. However, the built-in wizards usually do a pretty good job of abstracting the steps. I also wish that ASDM did not require Java.
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Jun 2009
    Location
    Gosford, Australia
    Posts
    567

    Certifications
    CCNA, CCDA, CCNA:Voice(IIUC), CCNP:Voice
    #35
    Quote Originally Posted by veritas_libertas View Post
    What I find interesting is the lack of focus on ASAs. I'm curious where Cisco is going with this. I'm also wondering how soon they will have books out for the next version.
    Based on the Cisco Press previous track record for R&S, Security or Voice...6-12 months...or in the case of Data Center or Service Provider..."one day over the rainbow"...
    Reply With Quote Quote  

  12. Audentis Fortuna Iuvat veritas_libertas's Avatar
    Join Date
    Feb 2009
    Posts
    5,654

    Certifications
    eCPPT, GPEN, GWAPT, GCIH, CISSP, CCNA (expired), MCTS
    #36
    Yeah, that has never made any sense to me. You would think they would plan it out better in order to make more cash.
    Last edited by veritas_libertas; 01-21-2014 at 08:20 PM.
    Currently working on: Resting
    Reply With Quote Quote  

  13. Senior Member RouteMyPacket's Avatar
    Join Date
    Aug 2012
    Location
    Dallas
    Posts
    1,077

    Certifications
    CCWKIA (Cisco Certified Wannabe Know It All)
    #37
    Quote Originally Posted by aaron0011 View Post
    But the management sucks. Sure ASDM has made strides but it's not great by no means.
    So this is why Cisco ASA isn't a sound enterprise level firewall solution? Please explain why it is not a valid solution, i'm interested to hear why.

    Quote Originally Posted by veritas_libertas View Post
    Lack of Application "Layer-7" filtering makes it less than adequate in the world we live in. That's my main complaint. I would love to see Cisco embrace web application filtering.
    This is at least a start at explaining some potential lacking features of the ASA platform. However, strides are being made with the new X generation and CX, application visibility is coming along. It's no Palo Alto in that regard but still to say it's not a sound platform is pure ignorance.

    Cisco Prime Security is looking awesome too.
    Last edited by RouteMyPacket; 01-21-2014 at 08:13 PM.
    Reply With Quote Quote  

  14. Audentis Fortuna Iuvat veritas_libertas's Avatar
    Join Date
    Feb 2009
    Posts
    5,654

    Certifications
    eCPPT, GPEN, GWAPT, GCIH, CISSP, CCNA (expired), MCTS
    #38
    I have nothing against the ASA for certain purposes, but when it comes to filtering and allowing only certain Web Apps (Facebook viewing but not posting, etc.) it's less than adequate (Which I'm stuck with doing). The worlds changing and I'm a little disappointed that Cisco is not trying to keep up. I should have been more specific on my complaints.

    You had every right to call me out.
    Currently working on: Resting
    Reply With Quote Quote  

  15. Senior Member RouteMyPacket's Avatar
    Join Date
    Aug 2012
    Location
    Dallas
    Posts
    1,077

    Certifications
    CCWKIA (Cisco Certified Wannabe Know It All)
    #39
    Quote Originally Posted by veritas_libertas View Post
    I have nothing against the ASA for certain purposes, but when it comes to filtering and allowing only certain Web Apps (Facebook viewing but not posting, etc.) it's less than adequate (Which I'm stuck with doing). The worlds changing and I'm a little disappointed that Cisco is not trying to keep up. I should have been more specific on my complaints.

    You had every right to call me out.
    Read again, I have been asking aaron0011 to explain why it is not a good enterprise platform. You on the other hand actually began touching on some lacking functionality that I agree Cisco need to ramp up on.
    Reply With Quote Quote  

  16. Member
    Join Date
    May 2013
    Location
    Jülich, Germany
    Posts
    63

    Certifications
    ASC,CCNA R&S ,CCDA, CHFI, CEH, CCNA SEC, CCAI, CCNP R&S
    #40
    but when it comes to filtering and allowing only certain Web Apps (Facebook viewing but not posting, etc.)
    Could be done with Asa.....

    True is that cisco WAS late!
    And back to the topic with the change of the ccnp security cisco has done the right step into the future!
    Reply With Quote Quote  

  17. Senior Member
    Join Date
    May 2009
    Location
    DMV
    Posts
    2,205

    Certifications
    CCNP, CCNP(V), S+ CCIE V(written)
    #41
    Why isn't the ASA a sound enterprise firewall.


    Back in 2009 when we were looking at several firewalls. I'll just bring up the Palo Alto vs the ASA. At the time when we got the palo alto we were able to block facebook chat, and Games, while still allow users to get onto facebook. The ASA at the time could not do this. The ASA was still stuck in doing things at layer 3 which we could block the entire site, but not specific features. This was HUGE for my client at the time. You factor in that cisco is still stuck at a layer 3 mindset when it comes to firewalls instead of the application and tie in the lack of good tac engineers when you run into problems made us choose the Palo Alto over the ASA. The ASA had also lost to the Juniper VPN a year prior to that, but I wasn't involved with that purchase.
    Currently Reading

    CUCM SRND 9x/10, UCCX SRND 10x, QOS SRND, SIP Trunking Guide, anything contact center related
    Reply With Quote Quote  

  18. Senior Member
    Join Date
    Sep 2012
    Posts
    211
    #42
    Quote Originally Posted by veritas_libertas View Post
    I have nothing against the ASA for certain purposes, but when it comes to filtering and allowing only certain Web Apps (Facebook viewing but not posting, etc.) it's less than adequate (Which I'm stuck with doing). The worlds changing and I'm a little disappointed that Cisco is not trying to keep up. I should have been more specific on my complaints.

    You had every right to call me out.
    ASA CX will help.
    Reply With Quote Quote  

  19. Senior Member RouteMyPacket's Avatar
    Join Date
    Aug 2012
    Location
    Dallas
    Posts
    1,077

    Certifications
    CCWKIA (Cisco Certified Wannabe Know It All)
    #43
    Quote Originally Posted by shodown View Post
    Why isn't the ASA a sound enterprise firewall.


    Back in 2009 when we were looking at several firewalls. I'll just bring up the Palo Alto vs the ASA. At the time when we got the palo alto we were able to block facebook chat, and Games, while still allow users to get onto facebook. The ASA at the time could not do this. The ASA was still stuck in doing things at layer 3 which we could block the entire site, but not specific features. This was HUGE for my client at the time. You factor in that cisco is still stuck at a layer 3 mindset when it comes to firewalls instead of the application and tie in the lack of good tac engineers when you run into problems made us choose the Palo Alto over the ASA. The ASA had also lost to the Juniper VPN a year prior to that, but I wasn't involved with that purchase.
    I agree, and again you point out what was lacking in the ASA platform. Layer 7 visibility etc. but it's looking better these days. Also, if you do not have that specific requirement the ASA platform can secure the network edge with the best of them.
    Reply With Quote Quote  

  20. Senior Member Staunchy's Avatar
    Join Date
    Jul 2013
    Location
    Johannesburg, South Africa
    Posts
    178

    Certifications
    CompTIA N+, Win 7, MCITP: SA, MCSA, CCENT, CCNA R&S, JNCIA, JNCIS-ENT, HP ATP V1 & V2, Aruba ACMP, Palo Alto ACE, Citrix CCP-N
    #44
    I prefer Fortigate to Cisco firewalls but when it comes to switches, routers I will stick to Cisco. I'm yet to a chance to play around with Juniper.

    What is you guys take on CheckPoint?
    Last edited by Staunchy; 01-21-2014 at 09:20 PM.
    Reply With Quote Quote  

  21. Senior Member
    Join Date
    May 2009
    Location
    DMV
    Posts
    2,205

    Certifications
    CCNP, CCNP(V), S+ CCIE V(written)
    #45
    Quote Originally Posted by RouteMyPacket View Post
    I agree, and again you point out what was lacking in the ASA platform. Layer 7 visibility etc. but it's looking better these days. Also, if you do not have that specific requirement the ASA platform can secure the network edge with the best of them.

    So we are in kinda a agreement. My earlier post indicated that since I've been working for VAR's the majority of the past few years I have seen cisco loose footing to other players in the game. This explains why the CCSP, CCNP, and CCIE security tracks keep changing as they have to keep updating there products to stay in the game. If I was looking to get a CCNP it would make me kinda wary as it could be outdated in a few years, and getting the cert is a pretty large effort. All things in IT change, but I feel security is moving at a faster pace.
    Currently Reading

    CUCM SRND 9x/10, UCCX SRND 10x, QOS SRND, SIP Trunking Guide, anything contact center related
    Reply With Quote Quote  

  22. Member
    Join Date
    Nov 2013
    Location
    Kuwait
    Posts
    50

    Certifications
    BSIT: Security, CISSP,GSEC,CASP,CEH,MCSE 2012,CCNP R&S,CCDP,CCNP Security, CCNA C/V/Vid/W/RS, P/L/Sec/Net/A+, ITIL F, Few CIWs
    #46
    Well good thing IPS and Firewall are down, testing VPN on Thursday. I should be able to finish with no issues. But wow, way to spring it on us all of the sudden.
    Reply With Quote Quote  

  23. Senior Member Vask3n's Avatar
    Join Date
    Oct 2005
    Posts
    499

    Certifications
    ASA Specialist, CCNA Security, CCNA R/S , CCENT, JNCIA, A+, Security+, CST
    #47
    Good luck Heracles, I am also taking it this week (Friday). Do you have any recommendations other than OCG and CBT Nuggets? I found the following free ipExpert videos on youtube:

    VPN High Availability
    CCNP Security Training Video :: VPN High Availability - Failover :: Exam 642-648 - VPN - YouTube

    IKEv2 L2L VPN
    CCIE Security Lab Video :: IKEv2 L2L VPN - YouTube

    ASA Certificate Maps
    CCNP Security :: ASA Certificate Maps - Exam 642-648 - VPN - YouTube

    IKEv1 IPSec Site-to-Site Digital Certificates
    CCNP Security :: IKEv1 IPSec Site-to-Site Digital Certificates - Exam 642-648 - VPN - YouTube
    Reply With Quote Quote  

  24. Member
    Join Date
    Nov 2013
    Location
    Kuwait
    Posts
    50

    Certifications
    BSIT: Security, CISSP,GSEC,CASP,CEH,MCSE 2012,CCNP R&S,CCDP,CCNP Security, CCNA C/V/Vid/W/RS, P/L/Sec/Net/A+, ITIL F, Few CIWs
    #48
    I guess we will find out Thursday afternoon if I had anything good. I used the OCG and the INE videos. I feel comfortable so hopefully it woks out well. Ill drop a new topic on the forums Thursday afternoon when I get home and tell you how it goes and anything I wasn't expecting.
    Reply With Quote Quote  

  25. Senior Member viper75's Avatar
    Join Date
    Oct 2003
    Location
    NY
    Posts
    738

    Certifications
    A+, Network+, CCNA R&S, CCDA, CCNA Security, NSTISSI 4011, 4013, CCNP Security
    #49
    Man, what a pain this is. I'm almost done with the VPN v2 book. I was planning on re-reading the book again and keep labbing away. I'm not new to VPNs. I have implemented tons of them, but need to learn how Cisco wants you to learn before I take the test.

    Anyway, I have completed Firewall v2 already. I am planning to have VPN done before April. So just to get this clear. I have to take 300-207 SITCS
    Implementing Cisco Threat Control Solutions and 300-208 SISAS Implementing Cisco Secure Access Solutions to achieve the CCNP Security? The VPN and Firewall exams are still good for the CCNP Security. Is that right?
    CCNP Security - DONE!
    CCNP R&S - In Progress...
    CCIE Security - Future...
    Reply With Quote Quote  

  26. Senior Member
    Join Date
    Mar 2010
    Location
    Los Angeles, California
    Posts
    200

    Certifications
    A+, Project+, Network+, Security+, CCNA: Security, CCNP R&S, CCDP, CCNP Security
    #50
    I just want to give RouteMyPacket a hard time. I don't like the ASA cause when I look at it the lights blink at me! and it lacks personality that UMPH! :P

    Quote Originally Posted by RouteMyPacket View Post
    Read again, I have been asking aaron0011 to explain why it is not a good enterprise platform. You on the other hand actually began touching on some lacking functionality that I agree Cisco need to ramp up on.
    Reply With Quote Quote  

+ Reply to Thread
Page 2 of 3 First 12 3 Last

Social Networking & Bookmarks