Educause Security Discussion mailing list archives

Re: small schools - nextgen firewalls

From: "Kramp, William D" <bill.kramp () ITEC SUNY EDU>
Date: Wed, 14 Jan 2015 20:18:55 +0000

Are using any of the Sonicwall Application control, AV, DPI, or content filtering features while experiencing these 
performance issues?

Bill

Bill Kramp
Sr. Programmer/Analyst (Networking)
Information Technology Exchange Center
Buffalo State College
Twin Rise 200, 1300 Elmwood Ave
Buffalo, NY 14222
Bill.Kramp () itec suny edu<mailto:Bill.Kramp () itec suny edu>
PGP Key ID: 3610345A<http://pgp.mit.edu/pks/lookup?op=get&search=0x604DB8DF3610345A>

From: Kevin Halgren <kevin.halgren () WASHBURN EDU<mailto:kevin.halgren () WASHBURN EDU>>
Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () 
LISTSERV EDUCAUSE EDU>>
Date: Wednesday, January 14, 2015 at 3:11 PM
To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>" <SECURITY () LISTSERV EDUCAUSE 
EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: Re: [SECURITY] small schools - nextgen firewalls

We have a 1Gbps pipe which we routinely do 350+Mbps on.  We use a SonicWall E-8500 and it’s been OK, but in the last 
year we’ve started pegging out the CPUs at peak times.  In theory It has plenty of throughput capacity (in Gbps), but 
it starts hitting its limit on the CPU at about 60,000 packets per second (pps).  That seems to be a more critical 
measure of performance, at least in our case.  We’re going to have to do something this year or next, so far there are 
no indications of end-user-noticeable performance impact when it’s peaked out, but it’s only a matter of time before we 
do.

Kevin

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Julie 
Newton
Sent: Tuesday, January 13, 2015 12:30 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] small schools - nextgen firewalls

Are there any small schools using SonicWall (NSA 220, NSA250 or NSA 2600 models) or PaloAlto (PA-200, PA-500, PA-2020 
or PA-2050) ?

We currently have 20 MB pipe (we *are* small) but expect 1 GB within <2 years as Google Fiber is installed across 
Austin.  We have 2 discrete networks and want an appliance that works across both with unique filter sets.  I am most 
concerned with malware filtering ability, throughput and a good admin interface.

Currently on older Cymphonix (pre-Untangle), which required an appliance for each network and had a clunky UI and 
filtering did not catch ransomware.

Any suggestions or opinions?

Thanks in advance for your help!

-Julie Newton
Director of Information Technology
----------------------------------------------------------------------------
AUSTIN PRESBYTERIAN THEOLOGICAL SEMINARY
100 E. 27th Street, Austin, Texas 78705

austinseminary.edu

Current thread:

small schools - nextgen firewalls Julie Newton (Jan 13)
- Re: small schools - nextgen firewalls Bob Williamson (Jan 13)
  - Re: small schools - nextgen firewalls Barros, Jacob (Jan 13)
- Re: small schools - nextgen firewalls Kapucu, Ali (Jan 13)
- Re: small schools - nextgen firewalls Blackwood, James (Jan 13)
- Re: small schools - nextgen firewalls Kurz, Kenneth J. (Jan 13)
  - Re: small schools - nextgen firewalls Steve Camacho (Jan 13)
    - Re: small schools - nextgen firewalls Nathaniel Hall (Jan 13)
    - Re: small schools - nextgen firewalls Samuel Garnier (Jan 13)
- Re: small schools - nextgen firewalls Kevin Halgren (Jan 14)
- <Possible follow-ups>
- Re: small schools - nextgen firewalls Kramp, William D (Jan 14)
  - Re: small schools - nextgen firewalls Kevin Halgren (Jan 15)