Most firewall can do NAT translation so maybe that is what you meant?
That may be what I meant.
I assume SPI is stateful packet inspection; why are these useless? I usually hear them listed as a best practice, at least at the plant floor level. I'm sure Internet connectivity has different requirements (deep packet inspection, etc).
We manage around 400 switches on this site and have no issues doing so? What's so hard about it?
I have to disagree. VLAN tagging and priority is quite simple if you know what you are doing.
I'm not saying that VLAN management is difficult, for people who know how to do it. I think the crux of the issue is that my customers refuse to learn. I have the same problem with networking as with programming: everything must be dumbed down for the lowest common denominator, or it won't be successful.
I've had multiple installations where they had issues with priority because every managed switch was left at the default settings, which effectively stripped out all the priority/vlan tags.