Educause Security Discussion mailing list archives
Re: Firewalls
From: Peter Setlak <psetlak () COLGATE EDU>
Date: Wed, 3 Jul 2013 09:21:40 -0400
We just recently removed our Cisco 5585s from our edge and replaced them with PaloAlto 5050's. Before doing so, we did a bake-off between the PaloAlto product and the Fortinet Product. The Fortinet Engineer couldn't get much of the functionality working and when we wanted to see real reports, we were told we'd need to purchase an additional box. We opted to test that as well and when we tried pumping data from the firewall to the report box, the firewall couldn't keep up. In the end, our PAN-5050's are great. They keep up with our 85% saturated gig link, are easy and intuitive to maintain and I'll definitely stick with Palo Alto for some time to come. The way they keep the management plane separate form the data plane is unique and their parallel processing is astounding. Their sales engineer was honest of the boxes capabilities as well. The box is used for firewalling, not edge routing (BGP) and not VPN. As a side note, we moved our ASAs to the core. The IPS modules could not keep up with the traffic and we made a decision to perform stateful firewalling between the server VLANs and the users while using the application firewall (Palo Alto) at the edge. On Fri, Jun 28, 2013 at 2:23 PM, John Kaftan <jkaftan () utica edu> wrote:
We have been using Fortinet 1000as for the last 6 years. We are currently in a firewall RFP to replace these boxes and wonder if anyone out there can help. We are planning on having two firewalls in an HA configuration. We have about 1500 users on campus and about 2500 distance and commuter students. We have a 1 Gb internet connection. We are only looking to protect our edge. We are looking at the following options. Fortigate 1000cs Cisco ASA 5580s Palo-Alto 5020s Reading through the literature can be overwhelming with UTM firewalls. I'd just like to know if anybody is using one of these platforms and the pros and cons you see. Specifically, we are concerned about support and how the boxes perform as you turn on features, also usability. Thanks -- John Kaftan IT Infrastructure Manager Utica College
-- Thank you, Peter J. Setlak Managing Director, Networks, Systems & Operations Network Security Analyst, GSEC, GLEG Colgate University --- psetlak () colgate edu (315) 228-7151 Case-Geyer 180H (NSO Suite) skype: petersetlak Think *Green!* Please consider the environment before printing this email. *Engage with Colgate University: * News blog <http://blogs.colgate.edu/>, Twitter<https://twitter.com/#%21/colgateuniv> , Facebook <https://www.facebook.com/colgateuniversity>, Google+<https://plus.google.com/u/0/b/113333907606560373469/> , Delicious <http://www.delicious.com/colgatenewsmakers>, YouTube<http://www.youtube.com/cuatchannel13> , Flickr <http://www.flickr.com/photos/colgateuniversity/>, Pinterest<http://pinterest.com/colgateuniv/> , LinkedIn <http://www.linkedin.com/company/colgate-university/>
Current thread:
- Re: Firewalls Peter Setlak (Jul 03)
- <Possible follow-ups>
- Re: Firewalls Chris Golden (Jul 10)
- Re: Firewalls Bob Williamson (Jul 10)
- Re: Firewalls Nathaniel Hall (Jul 14)
- Re: Firewalls John Kaftan (Jul 10)
- Re: Firewalls Nathaniel Hall (Jul 14)
- Re: Firewalls Bob Williamson (Jul 10)
- Re: Firewalls Chris Davis (Jul 11)
- Re: Firewalls Bradley, Stephen (Jul 11)
- Re: Firewalls Chris Davis (Jul 12)
- Re: Firewalls randy (Jul 12)
- Re: Firewalls Alan Nord (Jul 17)