Re: Next gen firewall bake-off

[Ben Parker <BParker () CHICORPORATION COM>]

Shashank,
Some additional things to look at might be some test scenarios from the operational side instead of just does the 
device allow us to do X. Also consider asking how long does it take to complete X(For example create a new policy). 
Given an issue how quickly can you troubleshoot with logs determine where/what the error is? How easily can you 
determined what changed between time and A and time B.

Everyone is short staffed so being able to improve operational efficiencies should be considered as part of your 
bake-off. It will also give you some additional metrics to compare since most vendors are trying to reach parity on 
features.

As far as the experience question, mine has mostly been with Palo Alto's where I first saw them while since working at 
a university. Since then I have done more work with Palo Alto's and a little with Sonicwalls. Generally speaking, I 
think most of the UTM's can now do something similar to the Palo Alto but not usually as detailed and definitely not as 
efficiently when you look at the throughput hit for enabling features. They are also usually cheaper but take much 
longer to accomplish your goal on. So you end up making the trade-off, cost versus depth of feature set and ease of use.

Sincerely,

Ben Parker
Sales and Implementation Engineer
Chi Corporation
5265 Naiman Parkway
Cleveland, OH 44139
www.chicorporation.com<http://www.chicorporation.com/>
440-498-2308
800-828-0599 x 231
Fax 440-498-2301
Twitter: @benparker82



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kumar, 
Shashank
Sent: Sunday, January 11, 2015 10:44 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Next gen firewall bake-off

Greetings Colleagues,

I also posted this in the 'Netman' group. I apologize if anyone received this email twice.

We are evaluating next gen firewall solution for our campus and wanted to tap into the collective expertise of our 
group.
I have the following questions to ask the group:


1.       The test case that we intend to use attached. Could anyone provide feedback on the test case - is it thorough, 
are we missing anything?

2.       We don't have access to Spirent or Ixia. Are there any free imix or any other traffic generators that can help 
measure bandwidth? Is iperf the best option?

3.       What tools would you use for SYN flood/UDP flood testing and for IPS testing?

4.       What did your bake-off/test case look like?

5.       Experience with any NGFW that you can share?

Thank you for your time and feedback.

Best Regards,
Shashank
FGCU Network Services |Tel: 239-590-7448

Florida has a very broad public records law.  As a result, any written communication created or received by Florida 
Gulf Coast University employees is subject to disclosure to the public and the media, upon request, unless otherwise 
exempt.  Under Florida law, e-mail addresses are public records.  If you do not want your email address released in 
response to a public records request, do not send electronic mail to this entity.  Instead, contact this office by 
phone or in writing.


________________________________

Never give out your username or password to anyone. This includes any accounts you have such as: FGCU, bank and credit 
card accounts, and other personal accounts.