Re: Firewall Vendors

["Tornoe, Eric J." <EJTORNOE () STTHOMAS EDU>]

1Gb, about to move to 2Gb. The PeerApp is consistently returning about 10%, with peaks up to 40%. It rises and falls 
consistent with bandwidth usage. Consistency of experience seems improved as well for Netflix and the like, although 
that is anecdotal at this point.

Eric

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dexter 
Caldwell
Sent: Wednesday, November 12, 2014 1:12 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Firewall Vendors

Eric:
Out of curiosity, what is your pipe size?  Ex, What percentage of bandwidth did the PeerApp return of your overall link?

Thanks,
Dexter

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Tornoe, 
Eric J.
Sent: Thursday, October 30, 2014 4:15 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Firewall Vendors

Thanks Dennis, I’ll look into that.

Our shaping needs are very minimal, such as swapping admin and dorm bandwidth during peak usage times for each so we 
are fairly confident the Palo will cover our needs. We recently implemented PeerApp, which caches Netflix and Amazon 
Prime Video, Windows and IOS updates, etc. and serves the content from the local network to take the load off the 
Internet pipe. This has effectively returned about 100Mbps of bandwidth. We run an average of 25% served from cache and 
occasionally we are serving more from the PeerApp than we are from the Internet. It nicely evens out the hit from 
things like the recent IOS 8 update because after the first three downloads the rest come from the local cache. You 
could see this in the PeerApp charts for 2-3 days after the release on September 17th with noticeably higher “served 
from cache” numbers.

Eric

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dennis 
Bohn
Sent: Thursday, October 30, 2014 12:08 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Firewall Vendors

HI Eric,
Since you again mentioned bandwidth shaping, I wanted to let you know that we are pretty pleased with Net Equalizer.  
It's best feature is that most of the time it does no shaping :-) Until it is approaching a preset bandwidth threshold, 
and then throttles back the users with the highest number of flows/most bandwidth.  A few times a week I get an email 
that it has kicked into shaping, but most of the time it just sits there.  This does not have the precise reports of 
who is using what L7 protocol, but we stopped caring until there is a problem, and other tools work then.

best,
dennis

Dennis Bohn
Manager of Network and Systems
Adelphi University
bohn () adelphi edu<mailto:bohn () adelphi edu>
5168773327

On Thu, Oct 30, 2014 at 11:53 AM, Tornoe, Eric J. <EJTORNOE () stthomas edu<mailto:EJTORNOE () stthomas edu>> wrote:
We are considering a pair of PA 5060’s and it is good to hear that everyone who has them has had a positive experience. 
It sounds like the PA would also meet our needs for P2P blocking and minimal bandwidth shaping, allowing us to 
eliminate our PacketShaper. We would plan to roll training into the initial purchase, which would be provided by our 
reseller.

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () 
LISTSERV EDUCAUSE EDU>] On Behalf Of Michael Horne
Sent: Thursday, October 30, 2014 10:30 AM

To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Firewall Vendors

+1 for PaloAlto’s
I really love these things compared to the older checkpoints we had running prior.

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of King, 
Ronald A.
Sent: Wednesday, October 29, 2014 5:59 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Firewall Vendors

Palo Alto Networks.  We have had a pair of their next generation PA 5050s and have been very happy with them.

Got a Phish (email)? Forward it to abuse () nsu edu<mailto:abuse () nsu edu>!

Ronald King, CISSP
Interim CISO & Technical Services Director
Norfolk State University
http://security.nsu.edu<http://security.nsu.edu/>

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kubb, 
Richard
Sent: Wednesday, October 29, 2014 5:55 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Firewall Vendors

Greetings,

At Maryville we currently use a Sonicwall firewall that is rapidly reaching end of life and are starting to explore 
alternative vendors.  Curious which vendors and models others are using for your firewall solution.  We also use 
Packetshaper as part of our solution and we would consider a single firewall device and eliminate the use of 
Packetshaper if we can find the right solution.

Regards,

Rick.

Rick Kubb
Director of Technology Services
Maryville University
314-529-9606<tel:314-529-9606>
Gander Hall, Room 215
rkubb () maryville edu<mailto:rkubb () maryville edu>