Re: Firewall Upgrade

[Matt Williams <mcw015 () BUCKNELL EDU>]

We're using Palo Alto 5050s and we love them for the most part.  There's a
learning curve from the Cisco ASAs that we had, but once we started getting
comfortable with it, it's a very versatile system and we don't spend nearly
the amount of time managing it as we did the ASAs.

Respectfully,

Matthew "Will" Williams
Assistant Director, Networking
Bucknell University
570.577.1491


On Fri, Feb 14, 2014 at 10:00 AM, Roger A Safian
<r-safian () northwestern edu>wrote:

>  We are...the PA replaced our Tipping Point.
>
>
>
> *From:* The EDUCAUSE Security Constituent Group Listserv [mailto:
> SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Dennis Bohn
> *Sent:* Friday, February 14, 2014 8:59 AM
>
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* Re: [SECURITY] Firewall Upgrade
>
>
>
> A few years ago, many folks were using $_L3/4_Firewall and an IPS like
> TippingPoint in tandem.  I am wondering if folks are now using Palo Alto to
> cover both of those bases:Firewall and IPS.  Or are you using Palo Alto
> plus IPS.
>
> Thanks,
> dennis
>
>
>  Dennis Bohn
> Manager of Network and Systems
> Adelphi University
> bohn () adelphi edu
> 5168773327
>
>
>
> On Fri, Feb 14, 2014 at 9:51 AM, Roger A Safian <r-safian () northwestern edu>
> wrote:
>
> At the risk of overloading the Palo Alto band wagon, I'll also go +1.  We
> got ours about a year ago, and they have been incredibly useful.  They were
> the only system we tested that found, from the beginning, proven hostile
> traffic on our net.  The other's had signal, but, way too much noise.  They
> are now a critical component of our security posture.
>
>
> > -----Original Message-----
> > From: The EDUCAUSE Security Constituent Group Listserv
>
> > [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Michael Horne
> > Sent: Friday, February 14, 2014 8:45 AM
> > To: SECURITY () LISTSERV EDUCAUSE EDU
> > Subject: Re: [SECURITY] Firewall Upgrade
>
> > I will also give a +1 to Palo Alto, We replaced a pair of aging Nortel
> branded
> > check points with a pair of PA 5020's. We are very pleased with them and
> I
> > personally would recommend them as well. A lot deeper view into what's
> > happening on the network as well. Rule creation is not bad either once
> yopu get
> > the mind shift changed to zone / application based vrs just a port based
> FW.
> > Michael Horne
> > Network Engineer
> > Olin College of Engineering
> > 1000 Olin Way, Milas Hall, Suite LL18
> > Needham, MA 02492
> > 1-781-292-2438
> >
> >
> >
> > -----Original Message-----
> > From: The EDUCAUSE Security Constituent Group Listserv
> > [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Russo, Dan
> > Sent: Thursday, February 13, 2014 2:19 PM
> > To: SECURITY () LISTSERV EDUCAUSE EDU
> > Subject: [SECURITY] Firewall Upgrade
> >
> > We are looking into upgrading our Firewall. I was wondering if anyone had
> > anything to offer in regards to what you are using and the pros/cons
> associated
> > to it.
> >
> > Thanks,
> >
> > Dan