Educause Security Discussion mailing list archives
Re: [External] [SECURITY] Border IPS replacement--feedback needed
From: "Adam T. Ferrero" <adam () TEMPLE EDU>
Date: Wed, 29 Apr 2020 04:49:07 +0000
I'll share. * What border firewall/IPS are you using? Palo Alto * What made you decide on that solution? 4 or 5 years ago we had Check Point. We purposefully wanted something more hardware assisted than pure software. * Where does it fit with your overall security architecture? Every server subnet is routed directly on the firewall as is the interfaces towards each VRF (student, staff, pci, hipaa, etc.). It controls and inspects all the meaningful traffic for us. Plus our default inbound policy is deny. We explicitly allow the necessary applications and block everything else. * Does your solution integrate with endpoint protection? If so, how? No * Did you integrate your solution with other technologies or vendor solutions (ex. Load Balancer, VMWare NSX, etc.)? No * Do you have an Aruba Wireless Network? If so, how well does your solution integrate with Aruba Wireless? Yes. Not integrated really. * Do you have Aruba ClearPass? If so, did you integrate ClearPass with your solution? How well did it integrate? Yes. We didn't integrate user-id type stuff. We use Clearpass as for radius authentication for the admins only. * How does it integrate with systems or services your institution has in the cloud? Smoothly. We have a single management appliance that manages on prem hardware firewalls as well as cloud based software ones. * Are you using it for multiple purposes (ex. WAF, VPN, etc.)? Threat/IPS, URL filtering, DNS sinkhole, and we are adding VPN site to site tunneling. * Are you performing SSL inspection? No * What would you do differently? Any gotcha's or lessons learned that you can share? We started with a pair of firewalls specifically for student and then bought another pair for everything else. Had we realized all the power was in the line cards and all the licensing expense is in the chassis count, we'd have only bought two instead of four. We've since eliminated two chassis. Otherwise, I've been thrilled with Palo. Happy to comment further if you reach out off list. Good luck. Adam From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Fugett, Julie C Sent: Tuesday, April 28, 2020 5:56 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [External] [SECURITY] Border IPS replacement--feedback needed Colleagues- We are replacing our current IPS solution and would like feedback on what other universities are using as their border firewall/IPS and how you arrived at the decision(s) you did. I would love to chat off list and/or via phone if you would prefer not to reply publicly. * What border firewall/IPS are you using? * What made you decide on that solution? * Where does it fit with your overall security architecture? * Does your solution integrate with endpoint protection? If so, how? * Did you integrate your solution with other technologies or vendor solutions (ex. Load Balancer, VMWare NSX, etc.)? * Do you have an Aruba Wireless Network? If so, how well does your solution integrate with Aruba Wireless? * Do you have Aruba ClearPass? If so, did you integrate ClearPass with your solution? How well did it integrate? * How does it integrate with systems or services your institution has in the cloud? * Are you using it for multiple purposes (ex. WAF, VPN, etc.)? * Are you performing SSL inspection? * What would you do differently? Any gotcha's or lessons learned that you can share? ______________________________________ Julie C. Fugett, CISSP Chief Information Security Officer KU Information Technology The University of Kansas Email jcf () ku edu<mailto:jcf () ku edu> Mobile +1 785 691 9023 Office +1 785 864 0490 She/Her/Hers Complete your annual security awareness training today! https://go.ku.edu/tyYnU ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Border IPS replacement--feedback needed Fugett, Julie C (Apr 28)
- Re: [External] [SECURITY] Border IPS replacement--feedback needed Adam T. Ferrero (Apr 28)
- <Possible follow-ups>
- Re: Border IPS replacement--feedback needed Keenan Martinez (Apr 29)