Educause Security Discussion mailing list archives
Re: Next Generation Firewalls
From: Brandon Dick <bdick () MURRAYSTATE EDU>
Date: Fri, 19 Jun 2015 19:32:08 -0500
For you all that went with Fortinet:When we were doing our bid, we put in requirements that the Firewall be 10GB capable and someone put in a bid for the Fortinet 1500D. According to the specs, the 1500D would put a Palo Alto 5050 to shame, but the cost difference wasn't even close, with Fortinet being the clear winner in price. I kept digging into it with the reseller and requesting guarantees that this would actually perform as well as they said, and eventually the reseller pulled out of the bid. So I never really got the full story on that one.
So my question is, how many of you think the 1500D would've actually handled 10GB of traffic? I noticed in your comparison below, they chose the 3600C, which makes me think even more that the 1500D wouldn't have performed to spec. It was just a really odd situation...
On 6/19/2015 2:45 PM, Kumar, Shashank wrote:
Hello All, We recently went through a bake-off ourselves and evaluated the Palo Alto 5050s, Fortinet 3600C, ASA5585-SSP-20 and the SRX 3600. PA and Fortinet impressed us the most with flexible deployment options (routed mode, transparent mode, tap mode, virtual systems), good hardware specs and throughput, intuitive management consoles and good vendor interaction. Positive feedback from universities that had deployed PA and Fortinet was reassuring. Our evaluation process involved hitting the test unit with constant 2Gig of traffic and measuring the throughput with various features enabled. We also planned for virtual systems and doubling our throughput within the next 3 years or so. Let me know if you would like to see the test template that we used. Hope this helps. Best Regards, Shashank FGCU Network Services |Tel: 239-590-7448 Florida has a very broad public records law. As a result, any written communication created or received by Florida Gulf Coast University employees is subject to disclosure to the public and the media, upon request, unless otherwise exempt. Under Florida law, e-mail addresses are public records. If you do not want your email address released in response to a public records request, do not send electronic mail to this entity. Instead, contact this office by phone or in writing. -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Gramke, Jim Sent: Friday, June 19, 2015 2:12 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Next Generation Firewalls I've got to second the Fortigate recommendation. We've had a High Availability pair of them for a number of iterations now. Recently PA made a push, and we looked, but just undoable because of cost and even performance differences. Bang for buck, Fortigate is a formidable competitor. -----Original Message----- From: Ferguson, Michael [mailto:mferguson () CHAPMAN EDU] Sent: Thursday, June 18, 2015 11:17 Subject: Re: Next Generation Firewalls We ourselves just completed a Firewall POC solution. I would recommend also being open to Fortinet as part of your consideration as this is what we selected. It’s too early to say how well we like the solution as we’re in the process of implementation. But at least during our POC, it distinguished itself the most in a couple key categories with an emphasis on making sure we have a NGFW firewall that not only works well today, but also 4-5 years from now. Like you, we saw our selection of NGFW as a significant investment. I’ll refrain from mentioning the other solutions we considered, but suffice it to say that we considered all the top solutions that are performing well in NSS Labs’ new Cyber Advanced Warning System. Our testing included Ixia Breaking Point tests, which I would recommend you consider as part of your evaluation if you have time to do it. We also captured live traffic from our Production environment and sent it to several other solutions simultaneously using a Gigamon. This was valuable for seeing the manageability and effectiveness of each of the solutions against each other, but not very useful when considering performance. We also ran other security tests outside the Breaking Point to look at the effectiveness of each tool. But by far, the results of the Breaking Point tests revealed the most distinction of the products we evaluated. I know Ixia offers Test Consulting for a relatively modest fee, as well as some security consulting firms. There might be other ways to get a Breaking Point or a different stress-testing tool from Spirent or others. But needless to say, it was very enlightening to see the differences between each of the solutions under heavy stress when all inspection (including Application awareness) and logging was turned on. -- Mike Ferguson Chapman University Network Operations Manager 714-744-7873 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Carroll, Tim Sent: Thursday, June 18, 2015 7:00 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Next Generation Firewalls All, Roane State Community College is in the process of reviewing next generation firewalls. Since this is a significant investment, I would be interested in hearing from the community what you are using, your experience, why you made the choice and your satisfaction with the vendor chosen. Thanks in advance for any feedback. Regards, Tim Carroll Assistant Vice President and Chief Information Officer Information Technology Roane State Community College ________________________________ This email is intended for the addressee and may contain privileged information. If you are not the addressee, you are not permitted to use or copy this email or its attachments nor may you disclose the same to any third party. If this has been sent to you in error, please delete the email and notify us by replying to this email immediately. ________________________________ Never give out your username or password to anyone. This includes any accounts you have such as: FGCU, bank and credit card accounts, and other personal accounts.
-- Brandon Dick Network Engineer Information Systems Murray State University Phone: (270) 809-3694 Fax: (270) 809-3465
MSU Information Systems staff will never ask for your password or other confidential information via email.
Current thread:
- Re: Next Generation Firewalls, (continued)
- Re: Next Generation Firewalls Carroll, Tim (Jun 18)
- Re: Next Generation Firewalls Hendra Hendrawan (Jun 19)
- Re: Next Generation Firewalls Ferguson, Michael (Jun 18)
- Re: Next Generation Firewalls Di Fabio, Andrea (Jun 18)
- Re: Next Generation Firewalls Tornoe, Eric J. (Jun 18)
- Re: Next Generation Firewalls Tevlin, Dave (Jun 18)
- Re: Next Generation Firewalls Swick, Forrest (Jun 18)
- Re: Next Generation Firewalls Robert Lau (Jun 19)
- Re: Next Generation Firewalls Tornoe, Eric J. (Jun 18)
- Re: Next Generation Firewalls Kumar, Shashank (Jun 19)
- Re: Next Generation Firewalls Brandon Dick (Jun 19)
- Re: Next Generation Firewalls Ferguson, Michael (Jun 21)
- Re: Next Generation Firewalls Brandon Dick (Jun 21)
- Re: Next Generation Firewalls Carroll, Tim (Jun 22)