Re: Are you using a "next generation" firewall?

["Boyd, Daniel" <dboyd () BERRY EDU>]

- which vendor did you choose?
We chose Sonicwall E-series firewalls
- which of the above capabilities are you using, and how/for what?
We are using application identification and control, including controlling P2P traffic.  We simplified our Internet 
connection from multiple routing, IPS and traffic control devices down to our two firewalls in a HA configuration (from 
12 devices to 2)
- which of the above capabilities did you try using and gave up (and why)?
None
- if your firewall supports it, are you using the SSL decryption features, and if so, for what?
Our firewall supports it, but that amount of network traffic visibility is something we refrain from unless given 
specific instructions to provide it, so at this time we are not using it.  I expect we will use it within 6 months 
because of the amount of potentially malicious traffic that now uses encryption.
- do you think the new capabilities have practical value over "traditional" firewalls, or are they just hype?
As I mentioned before, we simplified our physical network and our troubleshooting overhead significantly without 
increasing our budgetary requirements by consolidating our traffic shaping, routing, and IPS/IDS duties down to two 
firewalls in a high availability configuration.  Our decision to convert our Internet connection to MetroEthernet from 
frame-relay also contributed positively to this process.  I am not sure that I would ever want to separate those 
functions again now that we can see everything in "one pane of glass".

You are welcome to contact me privately via email if you have more questions and we can of course share the resulting 
information here if appropriate.

Daniel H. Boyd (94C)
Senior Network Architect
Network Operations
Berry College
Phone: 706-236-1750
Fax:     706-238-5824

There are two rules to follow with your account passwords:
1. NEVER SEND YOUR PASSWORD VIA EMAIL (TO ANYONE)!!!!!
2. If unsure, consult rule #1