Re: Firewall Upgrade

[Robert Lau <rslau () USC EDU>]

Like other people have mentioned, going from layer 3 to layer 7 can be
interesting. You find people who were using ports 80/443 for "stuff"
(non HTTP/HTTPS) because they were open, but application inspection closes
that backdoor.

We have deployed 100+ Fortinet units over the last 2 years and are
deploying more regularly.

We are very happy with the Fortinets... high throughput, low latency,
detailed logging, deep feature set, low per-port cost, available low-cost
integrated 2 factor auth, and ease of management. We have boxes with
multiple 10gig interfaces and see <10% CPU when pushing TBs across IPSEC
tunnels even with IPS and DLP enabled. The breadth of Fortinet's product
line allows us to buy appropriately sized (and priced) boxes for each
deployment. And since the mgmt interface is the same acrosrading to a
faster box has very little support impact.

We are looking at their multiple 100gig box (per interface, not lag).
Brocade and Arista are involved with testing to ensure compatibility.

Robert Lau
Director, Information Security
Information Technology Services
University of Southern California
1-213-740-5469

On 2014/02/13 11:19 , "Russo, Dan" <drusso () SBU EDU> wrote:

We are looking into upgrading our Firewall. I was wondering if anyone had
anything to offer in regards to what you are using and the pros/cons
associated to it.

Thanks,

Dan