Educause Security Discussion mailing list archives
Re: Are you using a "next generation" firewall?
From: Will Froning <will.froning () GMAIL COM>
Date: Thu, 21 Jul 2011 09:06:08 +0400
On Wednesday, July 20, 2011 at 5:55 PM, David Curry wrote:
- which vendor did you choose?
Palo Alto Networks
- which of the above capabilities are you using, and how/for what?
We use them all. AD integration works well only if you use captive portal or require all PCs to log onto AD. We mostly use the user-based rules for VPN.
- which of the above capabilities did you try using and gave up (and why)?
Like I said we use them all to some degree. This summer we have been testing application-based QoS on our main 200mb link and I have plans to test policy-based forwarding with a secondary link to gain a little more bandwidth.
- if your firewall supports it, are you using the SSL decryption features, and if so, for what?
Yes, but not extensively. I'm a little scared to try it out on our blackboard server because I'm concerned it looks too deeply. Right now it knows it as "blackboard", but once I decrypt the SSL I think I would have to add http-video/http-audio in case the profs have published anything for their students.
- do you think the new capabilities have practical value over "traditional" firewalls, or are they just hype?
They are wicked. The level of control and visibility are great. <http://www.aus.edu/ir/info.php> ~5300 students ~10000 network devices 200mb link IPv4 link Thanks, Will -- Will Froning Unix SysAdmin Will.Froning () GMail com MSN: wfroning () angui sh YIM: will_froning AIM: willfroning
Current thread:
- Are you using a "next generation" firewall? David Curry (Jul 20)
- Re: Are you using a "next generation" firewall? Will Froning (Jul 20)
- <Possible follow-ups>
- Re: Are you using a "next generation" firewall? Boyd, Daniel (Jul 28)