Re: Firewalls

[Chris Golden <cgolden () LEEUNIVERSITY EDU>]

We eval'd a Fortinet and used it for URL filtering, IDS/IPS, and Firewall rulesets and the thing ran 80-90% resources 
constantly.  I ended up with a PA-5020 and we have all these things running (and more) and we aren't even in double 
digits in terms of resources.

The PA-5020 is a beast.  For me it was difficult transitioning from a Checkpoint to the Palo Alto.  I was stuck in port 
mode and needed to think application layer.  But once the mindset changed, I'm extremely happy with the PA.

I have a 600MB connection that’s constantly being used.  (mostly for Netflix and Youtube)

-Chris

Chris Golden
Director of IT Operations
Lee University
423.614.8020
cgolden () leeuniversity edu

From: John Kaftan <jkaftan () UTICA EDU<mailto:jkaftan () UTICA EDU>>
Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () 
LISTSERV EDUCAUSE EDU>>
Date: Friday, June 28, 2013 2:23 PM
To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>" <SECURITY () LISTSERV EDUCAUSE 
EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: [SECURITY] Firewalls

We have been using Fortinet 1000as for the last 6 years.  We are currently in a firewall RFP to replace these boxes and 
wonder if anyone out there can help.

We are planning on having two firewalls in an HA configuration.  We have about 1500 users on campus and about 2500 
distance and commuter students.  We have a 1 Gb internet connection.  We are only looking to protect our edge.

We are looking at the following options.


Fortigate 1000cs
Cisco ASA 5580s
Palo-Alto 5020s

Reading through the literature can be overwhelming with UTM firewalls.  I'd just like to know if anybody is using one 
of these platforms and the pros and cons you see.  Specifically, we are concerned about support and how the boxes 
perform as you turn on features, also usability.

Thanks

--
John Kaftan
IT Infrastructure Manager
Utica College