Educause Security Discussion mailing list archives
Re: Firewalls
From: Bob Williamson <bob_williamson () AW ORG>
Date: Wed, 10 Jul 2013 16:08:05 -0700
We are a small boarding school of 500 users. 100mps up and down. I agree whole heatedly regarding the PA. The mindset of apps vs ports is a tough transition and I would even suggest it makes the system more complex. BUT part of the complexity in our environment is because our students range from pre-k to 12th so we have to have crazy rules depending on ages/times/etc. With a high end Watchguard we could not get the throughput the PA500 is giving us. When we do hit it hard, the Skype users don't even miss a beat. I have also had good luck with the tech support. Bob Sent from my iPad On Jul 10, 2013, at 2:05 PM, "Chris Golden" <cgolden () LEEUNIVERSITY EDU<mailto:cgolden () LEEUNIVERSITY EDU>> wrote: We eval'd a Fortinet and used it for URL filtering, IDS/IPS, and Firewall rulesets and the thing ran 80-90% resources constantly. I ended up with a PA-5020 and we have all these things running (and more) and we aren't even in double digits in terms of resources. The PA-5020 is a beast. For me it was difficult transitioning from a Checkpoint to the Palo Alto. I was stuck in port mode and needed to think application layer. But once the mindset changed, I'm extremely happy with the PA. I have a 600MB connection that’s constantly being used. (mostly for Netflix and Youtube) -Chris Chris Golden Director of IT Operations Lee University 423.614.8020 cgolden () leeuniversity edu<mailto:cgolden () leeuniversity edu> From: John Kaftan <jkaftan () UTICA EDU<mailto:jkaftan () UTICA EDU>> Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Date: Friday, June 28, 2013 2:23 PM To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>" <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Subject: [SECURITY] Firewalls We have been using Fortinet 1000as for the last 6 years. We are currently in a firewall RFP to replace these boxes and wonder if anyone out there can help. We are planning on having two firewalls in an HA configuration. We have about 1500 users on campus and about 2500 distance and commuter students. We have a 1 Gb internet connection. We are only looking to protect our edge. We are looking at the following options. Fortigate 1000cs Cisco ASA 5580s Palo-Alto 5020s Reading through the literature can be overwhelming with UTM firewalls. I'd just like to know if anybody is using one of these platforms and the pros and cons you see. Specifically, we are concerned about support and how the boxes perform as you turn on features, also usability. Thanks -- John Kaftan IT Infrastructure Manager Utica College
Current thread:
- Re: Firewalls Peter Setlak (Jul 03)
- <Possible follow-ups>
- Re: Firewalls Chris Golden (Jul 10)
- Re: Firewalls Bob Williamson (Jul 10)
- Re: Firewalls Nathaniel Hall (Jul 14)
- Re: Firewalls John Kaftan (Jul 10)
- Re: Firewalls Nathaniel Hall (Jul 14)
- Re: Firewalls Bob Williamson (Jul 10)
- Re: Firewalls Chris Davis (Jul 11)
- Re: Firewalls Bradley, Stephen (Jul 11)
- Re: Firewalls Chris Davis (Jul 12)
- Re: Firewalls randy (Jul 12)
- Re: Firewalls Alan Nord (Jul 17)