Educause Security Discussion mailing list archives
Re: small schools - nextgen firewalls
From: Kevin Halgren <kevin.halgren () WASHBURN EDU>
Date: Thu, 15 Jan 2015 13:54:35 +0000
Yes, we're using a number of the features, I'd have to review exactly what all we have turned on, but I know we have antivirus turned on and various other inspection features and are using content filtering for a very small portion of our network as well. If we have to start scaling something back it would probably be some of the content inspection features, the trouble is determining what has the most impact on performance and what risk we'd be adding in doing so. Kevin From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kramp, William D Sent: Wednesday, January 14, 2015 2:19 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] small schools - nextgen firewalls Are using any of the Sonicwall Application control, AV, DPI, or content filtering features while experiencing these performance issues? Bill Bill Kramp Sr. Programmer/Analyst (Networking) Information Technology Exchange Center Buffalo State College Twin Rise 200, 1300 Elmwood Ave Buffalo, NY 14222 Bill.Kramp () itec suny edu<mailto:Bill.Kramp () itec suny edu> PGP Key ID: 3610345A<http://pgp.mit.edu/pks/lookup?op=get&search=0x604DB8DF3610345A> From: Kevin Halgren <kevin.halgren () WASHBURN EDU<mailto:kevin.halgren () WASHBURN EDU>> Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Date: Wednesday, January 14, 2015 at 3:11 PM To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>" <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Subject: Re: [SECURITY] small schools - nextgen firewalls We have a 1Gbps pipe which we routinely do 350+Mbps on. We use a SonicWall E-8500 and it's been OK, but in the last year we've started pegging out the CPUs at peak times. In theory It has plenty of throughput capacity (in Gbps), but it starts hitting its limit on the CPU at about 60,000 packets per second (pps). That seems to be a more critical measure of performance, at least in our case. We're going to have to do something this year or next, so far there are no indications of end-user-noticeable performance impact when it's peaked out, but it's only a matter of time before we do. Kevin From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Julie Newton Sent: Tuesday, January 13, 2015 12:30 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] small schools - nextgen firewalls Are there any small schools using SonicWall (NSA 220, NSA250 or NSA 2600 models) or PaloAlto (PA-200, PA-500, PA-2020 or PA-2050) ? We currently have 20 MB pipe (we *are* small) but expect 1 GB within <2 years as Google Fiber is installed across Austin. We have 2 discrete networks and want an appliance that works across both with unique filter sets. I am most concerned with malware filtering ability, throughput and a good admin interface. Currently on older Cymphonix (pre-Untangle), which required an appliance for each network and had a clunky UI and filtering did not catch ransomware. Any suggestions or opinions? Thanks in advance for your help! -Julie Newton Director of Information Technology ---------------------------------------------------------------------------- AUSTIN PRESBYTERIAN THEOLOGICAL SEMINARY 100 E. 27th Street, Austin, Texas 78705 austinseminary.edu
Current thread:
- Re: small schools - nextgen firewalls, (continued)
- Re: small schools - nextgen firewalls Bob Williamson (Jan 13)
- Re: small schools - nextgen firewalls Barros, Jacob (Jan 13)
- Re: small schools - nextgen firewalls Kapucu, Ali (Jan 13)
- Re: small schools - nextgen firewalls Blackwood, James (Jan 13)
- Re: small schools - nextgen firewalls Kurz, Kenneth J. (Jan 13)
- Re: small schools - nextgen firewalls Steve Camacho (Jan 13)
- Re: small schools - nextgen firewalls Nathaniel Hall (Jan 13)
- Re: small schools - nextgen firewalls Samuel Garnier (Jan 13)
- Re: small schools - nextgen firewalls Steve Camacho (Jan 13)
- Re: small schools - nextgen firewalls Kevin Halgren (Jan 14)
- Re: small schools - nextgen firewalls Kramp, William D (Jan 14)
- Re: small schools - nextgen firewalls Kevin Halgren (Jan 15)
- Re: small schools - nextgen firewalls Bob Williamson (Jan 13)