Re: small schools - nextgen firewalls

[Kevin Halgren <kevin.halgren () WASHBURN EDU>]

We have a 1Gbps pipe which we routinely do 350+Mbps on.  We use a SonicWall E-8500 and it's been OK, but in the last 
year we've started pegging out the CPUs at peak times.  In theory It has plenty of throughput capacity (in Gbps), but 
it starts hitting its limit on the CPU at about 60,000 packets per second (pps).  That seems to be a more critical 
measure of performance, at least in our case.  We're going to have to do something this year or next, so far there are 
no indications of end-user-noticeable performance impact when it's peaked out, but it's only a matter of time before we 
do.

Kevin

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Julie 
Newton
Sent: Tuesday, January 13, 2015 12:30 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] small schools - nextgen firewalls

Are there any small schools using SonicWall (NSA 220, NSA250 or NSA 2600 models) or PaloAlto (PA-200, PA-500, PA-2020 
or PA-2050) ?

We currently have 20 MB pipe (we *are* small) but expect 1 GB within <2 years as Google Fiber is installed across 
Austin.  We have 2 discrete networks and want an appliance that works across both with unique filter sets.  I am most 
concerned with malware filtering ability, throughput and a good admin interface.

Currently on older Cymphonix (pre-Untangle), which required an appliance for each network and had a clunky UI and 
filtering did not catch ransomware.

Any suggestions or opinions?

Thanks in advance for your help!

-Julie Newton
Director of Information Technology
----------------------------------------------------------------------------
AUSTIN PRESBYTERIAN THEOLOGICAL SEMINARY
100 E. 27th Street, Austin, Texas 78705

austinseminary.edu