Re: Are you using a "next generation" firewall?

[Will Froning <will.froning () GMAIL COM>]

On Wednesday, July 20, 2011 at 5:55 PM, David Curry wrote: 
> - which vendor did you choose?
Palo Alto Networks 
> - which of the above capabilities are you using, and how/for what?
We use them all. AD integration works well only if you use captive portal or require all PCs to log onto AD. We mostly 
use the user-based rules for VPN. 
> - which of the above capabilities did you try using and gave up (and why)?
Like I said we use them all to some degree. This summer we have been testing application-based QoS on our main 200mb 
link and I have plans to test policy-based forwarding with a secondary link to gain a little more bandwidth. 
> - if your firewall supports it, are you using the SSL decryption features, and if so, for what?
Yes, but not extensively. I'm a little scared to try it out on our blackboard server because I'm concerned it looks too 
deeply. Right now it knows it as "blackboard", but once I decrypt the SSL I think I would have to add 
http-video/http-audio in case the profs have published anything for their students. 
> - do you think the new capabilities have practical value over "traditional" firewalls, or are they just hype?
They are wicked. The level of control and visibility are great.

<http://www.aus.edu/ir/info.php>
~5300 students
~10000 network devices
200mb link IPv4 link

Thanks,
Will

--
Will Froning
Unix SysAdmin
Will.Froning () GMail com
MSN: wfroning () angui sh
YIM: will_froning
AIM: willfroning