Educause Security Discussion mailing list archives
Re: Firewall Upgrade
From: Robert Lau <rslau () USC EDU>
Date: Thu, 13 Feb 2014 14:28:26 -0700
Like other people have mentioned, going from layer 3 to layer 7 can be interesting. You find people who were using ports 80/443 for "stuff" (non HTTP/HTTPS) because they were open, but application inspection closes that backdoor. We have deployed 100+ Fortinet units over the last 2 years and are deploying more regularly. We are very happy with the Fortinets... high throughput, low latency, detailed logging, deep feature set, low per-port cost, available low-cost integrated 2 factor auth, and ease of management. We have boxes with multiple 10gig interfaces and see <10% CPU when pushing TBs across IPSEC tunnels even with IPS and DLP enabled. The breadth of Fortinet's product line allows us to buy appropriately sized (and priced) boxes for each deployment. And since the mgmt interface is the same acrosrading to a faster box has very little support impact. We are looking at their multiple 100gig box (per interface, not lag). Brocade and Arista are involved with testing to ensure compatibility. Robert Lau Director, Information Security Information Technology Services University of Southern California 1-213-740-5469 On 2014/02/13 11:19 , "Russo, Dan" <drusso () SBU EDU> wrote: We are looking into upgrading our Firewall. I was wondering if anyone had anything to offer in regards to what you are using and the pros/cons associated to it. Thanks, Dan
Current thread:
- Re: Firewall Upgrade, (continued)
- Re: Firewall Upgrade Nathaniel Hall (Feb 14)
- Re: Firewall Upgrade Ruth Ginzberg (Feb 14)
- Re: Firewall Upgrade Hall, Rand (Feb 14)
- Re: Firewall Upgrade Roger A Safian (Feb 14)
- Re: Firewall Upgrade Mark Rogowski (Feb 14)
- Re: Firewall Upgrade Roger A Safian (Feb 14)
- Re: Firewall Upgrade O'Callaghan, Daniel (Feb 14)
- Re: Firewall Upgrade Mike Osterman (Feb 14)
- Re: Firewall Upgrade Ian McDonald (Feb 14)
- Re: Firewall Upgrade Mike Osterman (Feb 14)
- Re: Firewall Upgrade Roger A Safian (Feb 14)
- Re: Firewall Upgrade Pete Hickey (Feb 14)
- Re: Firewall Upgrade Mike Osterman (Feb 14)
- Re: Firewall Upgrade Derek Diget (Feb 14)
- Re: Firewall Upgrade randy (Feb 14)