undefined | Better HN

0 pointsfeld10y ago0 comments

People who have firewall needs and no skills hire people who know what Cisco products are, get someone to implement an ASA for them, and then it sits for years without any software updates. Maybe a rule update every now and then, but definitely no software updates.

0 comments

code77777710y ago

Perhaps most do but I see a different trend these days. "The network" is a lot more important now since so many things are cloud-based.

Our networking group automated a deployment for the fix and contacted everyone that has ever bought an ASA from our company and updated them. We have ~400 ASAs across the country still have < 50 to go. There are still a few stragglers and the older ASAs need a bit more TLC.

Many of those clients have a maintenance agreement with us that includes these sorts of things and changes. All of them were updated and tested within 24 hours.

We did the same thing for the Juniper exploits (albeit we only had a handful).

EDIT: typos

kjs310y ago

I can think of at least 8 of my clients (between 500 and 15000 employees, with probably 100 ASAs total) still on ASA version 8, much less 9. For some, the more critical in infrastructure, the less they want to update.

j / k navigate · click thread line to collapse