Educause Security Discussion mailing list archives
Re: Firewall Upgrade
From: "King, Ronald A." <raking () NSU EDU>
Date: Thu, 13 Feb 2014 15:09:16 -0500
We upgraded our Cisco ASAs to Palo Alto Networks' next-gen firewalls about a year ago. We are very happy with it. I guess the pros and cons will vary based on what your moving from. For us, we have greater granularity, application (beyond layer 4) detection and filtering, and more features including IPS, URL filtering and anti-malware. The biggest con is having to convert standard layer 3 and 4 firewall rules. As an example, we allowed ports 80 and 443 through to our web server. Now, we allow "web-browsing," "ssl," and "flash" as well as ports 80 and 443. In some cases, we create a policy allowing the ports and logging connections. We will review the rules after some time and add the applications to permit or deny. Feel free to contact me directly. Got a Phish (email)? Forward it to abuse () nsu edu! Ronald King Security Engineer Norfolk State University http://security.nsu.edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Russo, Dan Sent: Thursday, February 13, 2014 2:19 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Firewall Upgrade We are looking into upgrading our Firewall. I was wondering if anyone had anything to offer in regards to what you are using and the pros/cons associated to it. Thanks, Dan
Attachment:
smime.p7s
Description:
Current thread:
- Firewall Upgrade Russo, Dan (Feb 13)
- Re: Firewall Upgrade King, Ronald A. (Feb 13)
- Re: Firewall Upgrade Ben Parker (Feb 13)
- Re: Firewall Upgrade Nathaniel Hall (Feb 13)
- Re: Firewall Upgrade Di Fabio, Andrea (Feb 13)
- Re: Firewall Upgrade Kevin Hayes (Feb 13)
- Re: Firewall Upgrade Michael Horne (Feb 14)
- Re: Firewall Upgrade Roger A Safian (Feb 14)
- Re: Firewall Upgrade Dennis Bohn (Feb 14)
- Re: Firewall Upgrade Roger A Safian (Feb 14)
- Re: Firewall Upgrade Nathaniel Hall (Feb 14)
- Re: Firewall Upgrade Matt Williams (Feb 14)
- Re: Firewall Upgrade Roger A Safian (Feb 14)
- Re: Firewall Upgrade King, Ronald A. (Feb 13)