Re: Firewall Upgrade

["King, Ronald A." <raking () NSU EDU>]

We upgraded our Cisco ASAs to Palo Alto Networks' next-gen firewalls about a
year ago.  We are very happy with it.  I guess the pros and cons will vary
based on what your moving from.  For us, we have greater granularity,
application (beyond layer 4) detection and filtering, and more features
including IPS, URL filtering and anti-malware.  

The biggest con is having to convert standard layer 3 and 4 firewall rules.
As an example, we allowed ports 80 and 443 through to our web server.  Now,
we allow "web-browsing," "ssl," and "flash" as well as ports 80 and 443.  In
some cases, we create a policy allowing the ports and logging connections.
We will review the rules after some time and add the applications to permit
or deny.

 Feel free to contact me directly.

Got a Phish (email)? Forward it to abuse () nsu edu!

Ronald King
Security Engineer
Norfolk State University
http://security.nsu.edu

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Russo, Dan
Sent: Thursday, February 13, 2014 2:19 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Firewall Upgrade

We are looking into upgrading our Firewall. I was wondering if anyone had
anything to offer in regards to what you are using and the pros/cons
associated to it.

Thanks,

Dan

Attachment: smime.p7s
Description: