Educause Security Discussion mailing list archives
Re: Next gen firewall bake-off
From: Ben Parker <BParker () CHICORPORATION COM>
Date: Sun, 11 Jan 2015 20:36:42 +0000
Shashank, Some additional things to look at might be some test scenarios from the operational side instead of just does the device allow us to do X. Also consider asking how long does it take to complete X(For example create a new policy). Given an issue how quickly can you troubleshoot with logs determine where/what the error is? How easily can you determined what changed between time and A and time B. Everyone is short staffed so being able to improve operational efficiencies should be considered as part of your bake-off. It will also give you some additional metrics to compare since most vendors are trying to reach parity on features. As far as the experience question, mine has mostly been with Palo Alto's where I first saw them while since working at a university. Since then I have done more work with Palo Alto's and a little with Sonicwalls. Generally speaking, I think most of the UTM's can now do something similar to the Palo Alto but not usually as detailed and definitely not as efficiently when you look at the throughput hit for enabling features. They are also usually cheaper but take much longer to accomplish your goal on. So you end up making the trade-off, cost versus depth of feature set and ease of use. Sincerely, Ben Parker Sales and Implementation Engineer Chi Corporation 5265 Naiman Parkway Cleveland, OH 44139 www.chicorporation.com<http://www.chicorporation.com/> 440-498-2308 800-828-0599 x 231 Fax 440-498-2301 Twitter: @benparker82 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kumar, Shashank Sent: Sunday, January 11, 2015 10:44 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Next gen firewall bake-off Greetings Colleagues, I also posted this in the 'Netman' group. I apologize if anyone received this email twice. We are evaluating next gen firewall solution for our campus and wanted to tap into the collective expertise of our group. I have the following questions to ask the group: 1. The test case that we intend to use attached. Could anyone provide feedback on the test case - is it thorough, are we missing anything? 2. We don't have access to Spirent or Ixia. Are there any free imix or any other traffic generators that can help measure bandwidth? Is iperf the best option? 3. What tools would you use for SYN flood/UDP flood testing and for IPS testing? 4. What did your bake-off/test case look like? 5. Experience with any NGFW that you can share? Thank you for your time and feedback. Best Regards, Shashank FGCU Network Services |Tel: 239-590-7448 Florida has a very broad public records law. As a result, any written communication created or received by Florida Gulf Coast University employees is subject to disclosure to the public and the media, upon request, unless otherwise exempt. Under Florida law, e-mail addresses are public records. If you do not want your email address released in response to a public records request, do not send electronic mail to this entity. Instead, contact this office by phone or in writing. ________________________________ Never give out your username or password to anyone. This includes any accounts you have such as: FGCU, bank and credit card accounts, and other personal accounts.
Current thread:
- Next gen firewall bake-off Kumar, Shashank (Jan 11)
- Re: Next gen firewall bake-off Ben Parker (Jan 11)