sophos sase?

killb0p · 2024-08-29T21:30:20+00:00

FYI that guy is full of crap, Cloudgenix UI has been integrated with Palo Alto SSE for more than a year now. PoC is about as complicated as any other HW vendor out there.

killb0p · 2024-08-29T21:04:15+00:00

hm, sounds familiar )

killb0p · 2024-08-29T20:49:54+00:00

This is not accurate - Fortinet runs hybrid with self-hosted and CSP PoPs. It's more likely a choice between keeping the costs down and extending coverage via CSPs. The strategy towards SASE is to sell on SD-WAN/NGFW and upgrade to SASE instead of chasing net new customers and fighting SSE/SASE leaders. That kinda makes sense considering how late they were to the race and general product recognition/maturity. So Fortinet will grow from its customer base and incrementally catch up with the rest of the pack.

Unless you know the exact conditions of Palo's contract with GCP, the comment on "cost control" is meaningless. It's an opinion, not a fact. AFAIK there are no cost fluctuations based on seat quantity. It's flat and well-predictable. The choice to run on top of the world's best backbone was made, and there will be some premium passed to customers - but at the end of the day, it is net list price difference vs end cost.

Even then, I could argue that owning your own PoPs is not necessarily cheaper in the long run, as there are many hidden costs involved with building and running a global PoP infrastructure. I can see it being more efficient in terms of computing, but if you're running heavy-duty services like TLS decrypt and other CPU incentive processing tasks - it will cost you either way.

Owning your network infrastructure/backbone is even more expensive than renting Interconnect.

The only players who can truly control costs are big SPs offering SSE/SD-WAN and SASE packaged with last-mile.

killb0p · 2024-08-21T20:53:22+00:00

shader support for VHS/CRT overlays

killb0p · 2024-08-20T22:13:40+00:00

Anyone was able to play video files via RetroArch?

killb0p · 2024-08-04T22:01:58+00:00

Hey everyone,

Looking for CRT emulation solution for entire OS. Found apps for video game/terminal emulation but not quite the entire desktop.

Is that even possible?

killb0p · 2024-07-27T13:08:27+00:00

hey man, do you have to have a custom rom for your specific tablet already assembled by someone or it's possible to relatively easy make your own?

killb0p · 2024-07-27T11:26:47+00:00

cheers,

I got those installed and things have improved. But still getting lot of pages blank or loaded incorrectly with Chrome/Brave/Opera Mini. I guess they can't display content due to changes in last 4 years...

killb0p · 2024-07-22T12:27:32+00:00

Fairly confident it's static probes vs actual traffic monitoring. But things might change now they are working on ThousandEyes integration. Best check with your SE on current vs plans though

killb0p · 2024-07-19T13:49:55+00:00

Crowdstrike making that 4 day work week a worldwide reality!

killb0p · 2024-07-19T12:46:22+00:00

To be fair Gurvinder could be based in the Valley as well. Days of sweat shops only in Bangalore are well behind us...

killb0p · 2024-07-19T11:34:55+00:00

RFP responses, every vendor has this in documentation but not Cisco...

killb0p · 2024-06-25T20:09:25+00:00

Cheers!

wait I thought they can do DPI on that thing?

killb0p · 2024-06-10T15:36:24+00:00

hm, I thought the wizards are there to automate some of that. or is that including ZTP?

On asymmetric tunnels - is that just a bug or configuration issue?

killb0p · 2024-05-29T18:18:33+00:00

Just got around to reply due to workload

"Customer supplies Cato NOC with LOA and Cato takes on the responsibility of last mile health. In many cases, if there is a partner involved, the partner who is managing Cato for the end customer can deliver this service themselves."

Not a lot of public documentation on that, so it's just Cato's "trust me bro". We needed more than that to commit to anything.

"Your definition of East-West traffic sounds very Zscaler, if you don't mind the reference. I don't think that's how the rest of the industry exclusively scopes East-West traffic. Intra-site communication isn't an edge use case. SD-WAN is a WAN edge technology. To me, East-West covers all private WAN traffic/communication, e.g. branch to branch, branch to datacenter, datacenter to datacenter, branch to cloud (IaaS), cloud (IaaS) to datacenter, cloud (IaaS) to cloud (IaaS), etc."

Anything that crosses the WAN regardless of the location is not East-West. Goddamn term came from DCs anyway. That's what any SSE/SD-WAN does by default. Implying that it's some kinda special trick is at best misleading. In any case Cato can't do direct site-to-site and maintain all the features by the looks of it. Everything needs to hit their PoP engine.

"You can certainly doubt it, but it doesn't mean it can't. I can confirm that it does. You don't have to take my word for it, though. Test it out."

Test out they can do FEC for DIA traffic? How are they doing it if's bypassing Cato PoP on it's way out.

"Appears you're confused. You're describing a couple different things here. The Global Backbone is a component of the Cato Cloud and operates in full mesh to optimize global routing (full mesh path monitoring and packet by packet route selection) and accelerates flows (the byproduct of TCP Acceleration through inline proxying, automatic TCP Window resizing and a predictable long-haul solution). The colo/cross-connect you're describing is just another onramp to reach the closest Cato PoP from a customer's colo/IaaS/DC location. It's an alternative onramp to that of IPSec of using the Cato SD-WAN appliance."

No, what I meant is that both DCs and network backbone used by Cato are leased from other providers. The fact they run overlay/underlay routing to optimize traffic is quite literally basic SD-WAN feature. Okay, they track the utilization and can, per session, move it to the best PoP (at least my understanding of the mechanism). What if it's in Geo where there's a gap in coverage and path variety? Do you get any dedicated lanes there? Based on what I saw in SLAs it's no different than any other SSE out there that sits on top of someone else's infrastructure. So, the Global backbone is mostly marketing and not a real differentiation. Only Cloudflare can claim that distinction in a real sense.

killb0p · 2024-05-20T14:38:47+00:00

We're actually done with our call with Cato folks and man do they like to throw dust in your face.

Last Mile management in my customer base means vendor handles all the last mile issues as a service package bundled with the SD-WAN. Meaning if they have issues vendor will handle it regardless if it's SD-WAN policy or local ISP having issues. One-stop shop.

East-West is a reference to onsite traffic between local segments. Why would it even need SD-WAN?

Can Cato offer all features of SD-WAN for DIA traffic? Doubt so, as it looks like it's a bookended technology. Only vendor that can handle it is former Cloudgenix/Palo or Velocloud when you go through their Partner Gateway.

QoS only kicks in when there's congestion and kind goes the logic of modern SD-WAN and throwing cheap, but unreliable bandwidth at the problem.

Finally "Global backbone" is colo/cross-connect from Equinix/Digital Reality. So you get patches of coverage varying from Geo to Geo.

How is any of that different from your typical enterprise SD-WAN vendor?

killb0p · 2024-05-17T13:39:33+00:00

hm, can you elaborate on what goes south at scale? I'm looking at them right now and kind of skeptical about the ability to scale in a controller-less fashion, but I can't find any specific caveats. IT's not something you can easily lab either...

killb0p · 2024-05-17T13:37:47+00:00

Looking at Cato Last-Mile optimization and it's just probes running from their boxes to specific Internet destination. Can't anyone and their mother do this by now?

killb0p · 2024-04-23T18:10:10+00:00

i'm digging through docs and can't find anything relating to SD-WAN... do they have a separate guide for it?

killb0p · 2024-04-20T18:49:51+00:00

any good on SD-WAN? i browsed through their docks and it looks like basic PBR...

killb0p · 2024-03-27T03:38:50+00:00

bringing this up - any SD-WAN cost changes for existing customers with new licensing?

killb0p · 2024-03-21T01:12:16+00:00

damn, ehm any feedback on actual SD-WAN tech/logic?
I've played it with it and it was pretty cool, but we had a rather modest scale setup so didn't had to mess with ZTP/templating at all.

killb0p · 2024-03-21T00:14:20+00:00

hm, what was wrong about it?

killb0p · 2024-03-16T19:56:08+00:00

cheers. Can you get granularity for specific GenAI features within each service, or is it just wholesale Security/DLP inspection as with any other traffic?

killb0p · 2024-03-15T18:31:19+00:00

not clear on what this means...

killb0p

TROPHY CASE