Educause Security Discussion mailing list archives
Re: Firewall Vendors
From: "Tornoe, Eric J." <EJTORNOE () STTHOMAS EDU>
Date: Fri, 14 Nov 2014 17:12:20 +0000
Thanks, I will keep that in mind as we move forward with the install. We're adding bandwidth as well so I think we will be able to evaluate how the Palo performs at rate shaping without it becoming a critical issue immediately. We were concerned about the DRM implications of the PeerApp. They have a lot of language assuring us it's OK, and the way they lay it out makes sense- they check for a valid subscription each time before starting a stream by logging on to the service. NetFlix actually has a similar device they will give you to improve performance but you need to have at least 5Gb of traffic a month to qualify and we don't come close. Functionally there are no issues. It won't cache Hulu because it is encrypted- they claim this will be supported in a future release- but we have no problems with Netflix or Amazon. Eric -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Brian Helman Sent: Thursday, November 06, 2014 12:54 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Firewall Vendors Eric, Just be aware that the Palo Alto devices rate-shape on the egress port. That can be tricky depending on how your physical connections are laid out on PAN device. We run a pair of 5050's, but still use a NetEqualizer device that Dennis mentions. How does the PeerApp system work? It was my understanding that Neflix couldn't be cached because the stream included DRM encoding which was specific to each player. If that is not accurate, I'll have to take a closer look at the product! -Brian ________________________________________ From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of Tornoe, Eric J. [EJTORNOE () STTHOMAS EDU] Sent: Thursday, October 30, 2014 4:14 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Firewall Vendors Thanks Dennis, I'll look into that. Our shaping needs are very minimal, such as swapping admin and dorm bandwidth during peak usage times for each so we are fairly confident the Palo will cover our needs. We recently implemented PeerApp, which caches Netflix and Amazon Prime Video, Windows and IOS updates, etc. and serves the content from the local network to take the load off the Internet pipe. This has effectively returned about 100Mbps of bandwidth. We run an average of 25% served from cache and occasionally we are serving more from the PeerApp than we are from the Internet. It nicely evens out the hit from things like the recent IOS 8 update because after the first three downloads the rest come from the local cache. You could see this in the PeerApp charts for 2-3 days after the release on September 17th with noticeably higher "served from cache" numbers. Eric From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dennis Bohn Sent: Thursday, October 30, 2014 12:08 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Firewall Vendors HI Eric, Since you again mentioned bandwidth shaping, I wanted to let you know that we are pretty pleased with Net Equalizer. It's best feature is that most of the time it does no shaping :-) Until it is approaching a preset bandwidth threshold, and then throttles back the users with the highest number of flows/most bandwidth. A few times a week I get an email that it has kicked into shaping, but most of the time it just sits there. This does not have the precise reports of who is using what L7 protocol, but we stopped caring until there is a problem, and other tools work then. best, dennis Dennis Bohn Manager of Network and Systems Adelphi University bohn () adelphi edu<mailto:bohn () adelphi edu> 5168773327 On Thu, Oct 30, 2014 at 11:53 AM, Tornoe, Eric J. <EJTORNOE () stthomas edu<mailto:EJTORNOE () stthomas edu>> wrote: We are considering a pair of PA 5060's and it is good to hear that everyone who has them has had a positive experience. It sounds like the PA would also meet our needs for P2P blocking and minimal bandwidth shaping, allowing us to eliminate our PacketShaper. We would plan to roll training into the initial purchase, which would be provided by our reseller. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>] On Behalf Of Michael Horne Sent: Thursday, October 30, 2014 10:30 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Firewall Vendors +1 for PaloAlto's I really love these things compared to the older checkpoints we had running prior. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of King, Ronald A. Sent: Wednesday, October 29, 2014 5:59 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Firewall Vendors Palo Alto Networks. We have had a pair of their next generation PA 5050s and have been very happy with them. Got a Phish (email)? Forward it to abuse () nsu edu<mailto:abuse () nsu edu>! Ronald King, CISSP Interim CISO & Technical Services Director Norfolk State University http://security.nsu.edu<http://security.nsu.edu/> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kubb, Richard Sent: Wednesday, October 29, 2014 5:55 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Firewall Vendors Greetings, At Maryville we currently use a Sonicwall firewall that is rapidly reaching end of life and are starting to explore alternative vendors. Curious which vendors and models others are using for your firewall solution. We also use Packetshaper as part of our solution and we would consider a single firewall device and eliminate the use of Packetshaper if we can find the right solution. Regards, Rick. Rick Kubb Director of Technology Services Maryville University 314-529-9606<tel:314-529-9606> Gander Hall, Room 215 rkubb () maryville edu<mailto:rkubb () maryville edu>
Current thread:
- Re: Firewall Vendors, (continued)
- Re: Firewall Vendors Jason Cook (Oct 29)
- Re: Firewall Vendors King, Ronald A. (Oct 30)
- Re: Firewall Vendors Ben Parker (Oct 30)
- Re: Firewall Vendors Jason Cook (Oct 29)
- Re: Firewall Vendors David Escalante (Oct 30)
- Re: Firewall Vendors Michael Horne (Oct 30)
- Re: Firewall Vendors Tornoe, Eric J. (Oct 30)
- Re: Firewall Vendors Dennis Bohn (Oct 30)
- Re: Firewall Vendors Tornoe, Eric J. (Oct 30)
- Re: Firewall Vendors Brian Helman (Nov 06)
- Re: Firewall Vendors Tornoe, Eric J. (Nov 14)
- Re: Firewall Vendors Dexter Caldwell (Nov 12)
- Re: Firewall Vendors Tornoe, Eric J. (Nov 14)
- Re: Firewall Vendors Jeremy Kurtz (Oct 29)
- Re: Firewall Vendors Bob Williamson (Oct 30)