Educause Security Discussion mailing list archives
Re: Firewall recommendations
From: "Perry, Jeff" <perry () KU EDU>
Date: Mon, 3 Mar 2008 16:54:49 -0600
Jeff, We recently looked at Cisco's FSMs & ASAs, Checkpoint on Crossbeam, and Junipers larger scale products. We have a very large firewall infrastructure and our core needs were: Functionality Flexibility Management Scalability Cost I have to agree w/ Mr. Consolvo (Texas State) about the ASA's we rated them "ok" too for the same reasons. Compared to the FSMS they are night and day different in functionality. Overall the FSM's were faster but less flexible and provided less deep inspection (layer 7) capabilities (due to being an ASIC based design). Although w/ the ASA vs. FSMs you also have to really think about topology and what interface/circuit designs you can use. We liked the functionality of the Netscreen products overall but found the Checkpoint software had a few whistles we liked better (on the management side mostly). Overall all the products had value that was tied greatly to: Your specific topology and security infrastructure (physically, and logically on the network). For instance layer 2 serialization vs layer 3 routing etc. How much deep inspection you want to do (all can do some but the amount and type varies greatly based on the market segment the product is designed for) Additional Features you actually need to support your specific security posture (like web url protection, vpn, ssl vpn, tunneling, offloading) Management capabilities of the systems is pretty different and worth looking in to as it's a real deal breaker for us do to the size of our implementation. I'd be happy to discuss who we selected and why if you want to email me directly. Best of luck, -------------------------------------------- Jeff Perry, CISSP Manager, Security Services and Operations Information Security Office - A Division of Information Services The University of Kansas Office +1 785-864-9003 Direct +1 785-864-0489 Fax +1 785-864-0485 Email perry () ku edu -------------------------------------------- http://www.security.ku.edu <http://www.security.ku.edu/> ________________________________ From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jeff Holden Sent: Friday, February 29, 2008 4:41 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Firewall recommendations We are looking at upgrading our campus's firewall. We are currently using a pair of end of life PIX 515s. We have been looking at the Cisco ASA and Juniper Netscreen products. We are very early in our evaluation and haven't talked with any venders yet. We are wondering if any other campus has been through this process recently and can offer any suggestions. We are looking at the bandwidth they can handle, price, added features such as VPN, IDS/IPS functionality, likes and dislikes and any other helpful advise. Currently we are a mixed Cisco and HP shop, but are open to any and all vendors solutions. Thanks, Jeff Holden, CISSP, RHCE Manager, Network & Data Security Mt. San Antonio College (909) 594-5611 X5017
Current thread:
- Firewall recommendations Jeff Holden (Feb 29)
- <Possible follow-ups>
- Re: Firewall recommendations Brawner, David (Feb 29)
- Re: Firewall recommendations Bean, Mike (Feb 29)
- Re: Firewall recommendations Consolvo, Corbett D (Feb 29)
- Re: Firewall recommendations Jarrod Millman (Feb 29)
- Re: Firewall recommendations Constantakos, William (Mar 01)
- Re: Firewall recommendations Ramon Hermida (Mar 03)
- Re: Firewall recommendations Joey Rego (Mar 03)
- Re: Firewall recommendations Ramon Hermida (Mar 03)
- Re: Firewall recommendations Charlie Prothero (Mar 03)
- Re: Firewall recommendations Perry, Jeff (Mar 03)
- Re: Firewall recommendations Soliwoda, Andrzej (Mar 14)
- Re: Firewall recommendations Richard Kunert (Mar 18)
- Re: Firewall recommendations Jon Hanny (Mar 18)
- Re: Firewall recommendations Avdagic, Indir (Mar 18)