Do you have a preferred vendor for your network gear?
I’ll go first:
- Firewalls: Fortinet, ASA, Palo Alto
- Route/Switch: Cisco, HPE/Aruba
- Wireless: Aruba, Cisco, Meraki
- Auth: NPS, ISE, ClearPass
- Monitoring: SolarWinds, Auvik, PRTG
- Automation: Ansible
- SDWAN: PA Prisma SDWAN, Fortinet, Velocloud
I got a lot of exposure to MikroTik’s route/switch devices when I worked at a WISP and really came to love them.
Wireless: Aruba, Cisco, Meraki
I know what you meant when you said “Wireless”, but I’m going to go with Siklu for their Kilo EtherHaul 70/80GHz radios that can no shit do 10Gbps links up to like 10 miles in ideal conditions.
Ooooh, I gotta look this up. Love PtP links.
Yeah we use a fair bit of Mikrotik as well. They’re great for the price, and work well as long as you stick to what they’re good at.
- Firewalls: Fortinet, Juniper
- Route/Switch: Juniper
- Wireless: God please no
- Auth: FreeRADIUS
- Monitoring: Zabbix
- Automation: Salt
- SDWAN: Fortinet
Zabbix is great, I’ve rolled an instance of that. Also did extensive work with FreeRADIUS - that’s one big conf file.
The key to FreeRADIUS is to auto-generate the config, and use something like SQL or LDAP as an auth source.
Yeah, unfortunately, the use case I was implementing it for was 802.1X with certificates… that was fun!
Once upon a time I setup the same thing and it was a PITA, and we didn’t want to use it in production. We’ve just setup PacketFence which uses FreeRadius and it was an absolute breeze by comparison
Juniper for R/S, Palo for firewalls. At home I use pfsense and UniFi APs and in that environment they’re great.
Ha! At home I run a Ubiquiti stack with my lab hung off it (switches, ASA, FortiGate).
Arista for DC switching and Juniper for everything else.
Tell me you’re a provider without telling me you’re a provider.
Hopefully at some point. Enterprise now and a couple of smaller cloud companies before this.
Also all Arista for DC switching. Fintech space
Fortinet
ONE DAY after we bought one it turns out [https://www.bleepingcomputer.com/news/security/fortinet-fixes-critical-rce-flaw-in-fortigate-ssl-vpn-devices-patch-now/amp/](they were being pwned and Fortinet is being a weasel in their security communications)
I blame myself. I knew old ones were being pwned but this just feels bad. Life goes on but ugh
Wait, Cisco == Meraki ;)
I work for Aruba (outing myself on my first post on Lemmy, smooth move dude) but I see Mist marketing themselves everywhere in the space, interested on people’s take on them.
Wait, HPE == Aruba?
Lol! I get hounded by Mist, but haven’t taken a real look at them. I’m breaking myself in at a Fortune company… about three months in. So I’m spending my time on getting up to speed. I’ll take a look at them though, and let you know what I think.
LOL more like Aruba == HPE, at least that’s what we tell ourselves.
The folder in my Vendors folder says ‘Aruba,’ don’t worry! After CommWare got sidelined for Aruba’s OS, I could tell.
Juniper Routers and Switches are solid, firewalls are ok but pretty easily outclassed by a Forti or Palo these days
Juniper Mist for Wi-Fi is awesome, much better than other wireless solutions I’ve used personally
Personally I love Fortis for firewalls and SDWAN, Huawei for routing, switching and WLAN. Clearpas for Auth. I do not have a lot of experience in different Monitoring softwares but am quite used to solarwinds.
Anything using SNMP, SSH, and NetFlow gets me what I need. Oh, and easy packet captures.
Id definitely include docker under automation. for monitoring we have started using managedEngine
ManageEngine is good. IMO, if you can do ICMP, SNMP, NetFlow, and SSH (for config mgmt), you’re good. Bonus points for API integration!
My current pain is from SDA and DNAC. They make ACI look good.
Oh man. ACI is rough, too.
No Arista? It’s been really great from my perspective. basically identical to the Cisco IOS!
Oh, I really like Arista, but haven’t had the opportunity to put into production. I only really see it with carrier deployments in my experience, but would be open to checking them out.
This seems to be a divisive opinion, but I like Mikrotik routers. I run an RB3011 at home, and at the TV station I work at we have a transport stream out of the station to one of the transmitter sites over a GRE tunnel on two RB4011s. They aren’t as easy to support as Cisco but I like them.
We have an Aruba which is only ok, and several HP Procurve switches that are very simple and easy to manage. No fancy interface that takes up screen space or resources.
For monitoring, I use CheckMK and I just got done installing NetDisco. CheckMK installation is easy but the configuration is daunting because I could monitor literally whatever I want as long as there’s data for it, and then alerting is another layer of complexity and decision-making added onto it.
I installed NetDisco because I wanted something that could show me a very basic “automated” network map. The TV station is 40 years old and has random things plugged in under floors and behind walls controlling lights and similar auxiliary devices, and it’s hard to tell exactly what is where or what that thing does. I’m pairing this with a Netbox installation that will serve as a source of truth for the hundreds of network cables, hundreds of audio cables, hundreds of GPI cables, and thousands of video cables and all of our racks of hardware so everything is listed in one spot and I can easily see what it’s associated with (example: interface 27 on switch 2 is associated with cable 2385. Cable 2385 is also associated with camera 6. Camera 6 has Audio 512 and GPI 73 plugged in). Netbox also has the ability to manage an asset inventory, which would add another useful tool.
I apologize for rambling. Finally getting solid documentation on the physical and logical topology of my station is exciting.
Finally getting solid documentation on the physical and logical topology of my station is exciting.
It’s the best. Watch out for hidden 4-port switches under desks… I swear those fuckers are like cockroaches.
Doing Bpdu guard, port security, 802.1x everywhere.
Haven’t had to deal with a 4-port roach in ages.
I like MikroTik too. I kind of understand the dislike some people have for MT, but on the other hand a lot of it seems to be based on misunderstandings and outdated information.
Juniper isn’t too bad either.
Not much experience with “corporate firewalls” (besides MT / Juniper SRX), but having seen Fortinet, it doesn’t look too great.
Depends on the load, budget for capex and opex, and what the network will be running :)
I liked HP procurve before the Aruba firmware was introduced. For wireless, I used to like Ruckus 5 years ago. Cannot stand the move to cloud management that all the WAP vendors seem to require.
For auth, the click verify of duo is pretty nice if the security of a physical OTP device isn’t needed.
For firewalls… ASA if NSA isn’t in the threat profile.
OG ProCurve was the best.
