Hey all
I recently accepted a Senior Network Security Engineer position with a major health company in the DC area. Hanging up the routing and switching hat and putting on a firewall hat. it's a major move up for me career-wise. Looks like a fun opportunity.
:applause:
You'll need to use this one a lot, though:
:notthefirewall:
What kind of firewalls will you be working with?
Congrats, hope they aren't running ASAs :)
Quote from: SimonV on June 12, 2017, 06:02:28 AM
Congrats, hope they aren't running ASAs :)
yep, those and PA
congratulations!
WOOT congrats dude!!!
Congrats!
Congratulations. Welcome to the dark side.
-Otanx
Quote from: Otanx on June 12, 2017, 09:45:18 AM
Congratulations. Welcome to the dark side.
-Otanx
What are you trying to say? Us security guys just say "no" a lot?
:no:
OK, so maybe we are a bit negative...
Congrats on the new job!!
Congrats on the new position. Trust it will be a good move for you, as long as they still let you sleep at night.
Congrats!
Congratulations!!! :mrgreen:
Best of luck and hope it all works out A+
Quote from: SimonV on June 12, 2017, 06:02:28 AM
Congrats, hope they aren't running ASAs :)
What's wrong with ASA's? Apart from numerous code bugs and features causing crashing / rebooting? :twitch:
Quote from: Dieselboy on June 12, 2017, 09:28:36 PMWhat's wrong with ASA's? Apart from numerous code bugs and features causing crashing / rebooting? :twitch:
That, and they are horrible firewalls.
That, and next to no next-gen features. Chaining an actual NFGW in-line doesn't count... that's two firewalls. LOL
I won't even mention zoning.... at least they can do BGP and routed VPNs now, allegedly LOL
Back on topic though, please for the love of all that is holy, remember your roots and remember that security is supposed to make things happen securely, NOT just secure things.
Something that can't connect to anything is 100% secure after all.
That, and if anyone proposes to stick a default gateway on a firewall, burn it with fire. Esp if they are trying to shove it into a leaf-spine fabric.
GRATZ!!
Quote from: SimonV on June 13, 2017, 04:58:20 AM
That, and they are horrible firewalls to work with on the CLI.
Still better than working with them on the GUI :-P
I've corrected my original post :)
CONGRATS MAN!
Let me give you a few caveats I have found with PAN products so far:
1) Their sub-interfaces do not have separate MAC addresses (BIG ISSUE... really stupid)
2) They cannot support DHCP to DHCP IPSEC VPN
3) Cannot do http redirects (not really a big surprise here)
so far going well, still working on my access and lots of training, maybe next week i'll even get to do some real work. Mostly working with non-X ASA's in a LAN setting. providing different groups with LAN access to different services, seems like a good place, busy, with lots of nice people, commute is minimally worse and I do get to sleep in a bit later. don't know what the commute will be like when school starts back up.