Quote:
Originally Posted by derspot  I see , well installing patches ( HFAs ) manually sucks these days. I mean most major vendors do have automated patch download/installation solution. |
Not so sure about automated download solutions for enterprise-class systems. I doubt I would ever want something like that to run on say Cisco 7600s, Solaris servers, HP-UX boxes, etc. Windows, Mac & Linux clients, fine - but that's a very different market to firewalls. What major vendors are you referring to? Do you mean other major firewall vendors? Let's compare like with like.
As Ray pointed out, you can use SmartUpdate, which makes it relatively easy to download updates, and push them out, but it's not fully automated, nor should it be. It's similar I guess to using Ciscoworks to push out IOS images. There is absolutely no way that in a production network I am going to allow something to automatically download patches, install and reboot on my firewalls, without at least some sort of intervention on my part.
FWIW, although most places I work at are licensed for SmartUpdate (license is included with license for RTM), and I've done some major updates with it, I don't normally bother. For me, it's usually better to just scp the packages out, untar and run the HFA - that way I can sit on it and watch what's going on. When you've got millions of dollars going through systems, patching becomes a big issue - and saving 5 minutes by using a GUI rather than command line is pretty much irrelevant.
Mind you, from what I hear Check Point uses SmartUpdate in a big way internally. Probably good if you need to blitz a test lab. But then they did have a massive network outage last week...