Re: Firewalls

[Peter Setlak <psetlak () COLGATE EDU>]

We just recently removed our Cisco 5585s from our edge and replaced them
with PaloAlto 5050's. Before doing so, we did a bake-off between the
PaloAlto product and the Fortinet Product. The Fortinet Engineer couldn't
get much of the functionality working and when we wanted to see real
reports, we were told we'd need to purchase an additional box. We opted to
test that as well and when we tried pumping data from the firewall to the
report box, the firewall couldn't keep up.

In the end, our PAN-5050's are great. They keep up with our 85% saturated
gig link, are easy and intuitive to maintain and I'll definitely stick with
Palo Alto for some time to come. The way they keep the management plane
separate form the data plane is unique and their parallel processing is
astounding. Their sales engineer was honest of the boxes capabilities as
well. The box is used for firewalling, not edge routing (BGP) and not VPN.

As a side note, we moved our ASAs to the core. The IPS modules could not
keep up with the traffic and we made a decision to perform stateful
firewalling between the server VLANs and the users while using the
application firewall (Palo Alto) at the edge.


On Fri, Jun 28, 2013 at 2:23 PM, John Kaftan <jkaftan () utica edu> wrote:

> We have been using Fortinet 1000as for the last 6 years.  We are currently
> in a firewall RFP to replace these boxes and wonder if anyone out there can
> help.
>
> We are planning on having two firewalls in an HA configuration.  We have
> about 1500 users on campus and about 2500 distance and commuter students.
>  We have a 1 Gb internet connection.  We are only looking to protect our
> edge.
>
> We are looking at the following options.
>
>
> Fortigate 1000cs
> Cisco ASA 5580s
> Palo-Alto 5020s
>
> Reading through the literature can be overwhelming with UTM firewalls.
>  I'd just like to know if anybody is using one of these platforms and the
> pros and cons you see.  Specifically, we are concerned about support and
> how the boxes perform as you turn on features, also usability.
>
> Thanks
>
> --
> John Kaftan
> IT Infrastructure Manager
> Utica College


-- 
Thank you,

Peter J. Setlak
Managing Director, Networks, Systems & Operations
Network Security Analyst, GSEC, GLEG
Colgate University
---
psetlak () colgate edu
(315) 228-7151
Case-Geyer 180H (NSO Suite)
skype: petersetlak

Think *Green!* Please consider the environment before printing this email.

*Engage with Colgate University:
*
News blog <http://blogs.colgate.edu/>,
Twitter<https://twitter.com/#%21/colgateuniv>
, Facebook <https://www.facebook.com/colgateuniversity>,
Google+<https://plus.google.com/u/0/b/113333907606560373469/>
, Delicious <http://www.delicious.com/colgatenewsmakers>,
YouTube<http://www.youtube.com/cuatchannel13>
, Flickr <http://www.flickr.com/photos/colgateuniversity/>,
Pinterest<http://pinterest.com/colgateuniv/>
, LinkedIn <http://www.linkedin.com/company/colgate-university/>