Re: Next Generation Firewalls

["Gramke, Jim" <JGramke () CSBSJU EDU>]

I've got to second the Fortigate recommendation.  We've had a High Availability pair of them for a number of iterations 
now.   Recently PA made a push, and we looked, but just undoable because of cost and even performance differences.  
Bang for buck, Fortigate is a formidable competitor.


-----Original Message-----
From: Ferguson, Michael [mailto:mferguson () CHAPMAN EDU] 
Sent: Thursday, June 18, 2015 11:17
Subject: Re: Next Generation Firewalls

We ourselves just completed a Firewall POC solution.  I would recommend also being open to Fortinet as part of your 
consideration as this is what we selected.   It’s too early to say how well we like the solution as we’re in the 
process of implementation.  But at least during our POC,  it distinguished itself the most in a couple key categories 
with an emphasis on making sure we have a NGFW firewall that not only works well today, but also 4-5 years from now.  
Like you, we saw our selection of NGFW as a significant investment.  I’ll refrain from mentioning the other solutions 
we considered, but suffice it to say that we considered all the top solutions that are performing well in NSS Labs’ new 
Cyber Advanced Warning System.

Our testing included Ixia Breaking Point tests, which I would recommend you consider as part of your evaluation if you 
have time to do it.  We also captured live traffic from our Production environment and sent it to several other 
solutions simultaneously using a Gigamon.  This was valuable for seeing the manageability and effectiveness of each of 
the solutions against each other, but not very useful when considering performance.  We also ran other security tests 
outside the Breaking Point to look at the effectiveness of each tool.  But by far, the results of the Breaking Point 
tests revealed the most distinction of the products we evaluated.
 
I know Ixia offers Test Consulting for a relatively modest fee, as well as some security consulting firms.  There might 
be other ways to get a Breaking Point or a different stress-testing tool from Spirent or others.  But needless to say, 
it was very enlightening to see the differences between each of the solutions under heavy stress when all inspection 
(including Application awareness) and logging was turned on.

--
Mike Ferguson
Chapman University
Network Operations Manager
714-744-7873


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Carroll, 
Tim
Sent: Thursday, June 18, 2015 7:00 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Next Generation Firewalls

All,

Roane State Community College is in the process of reviewing next generation firewalls.  Since this is a significant 
investment, I would be interested in hearing from the community what you are using, your experience, why you made the 
choice and your satisfaction with the vendor chosen.

Thanks in advance for any feedback.

Regards,

Tim Carroll
Assistant Vice President and Chief Information Officer Information Technology Roane State Community College

________________________________

This email is intended for the addressee and may contain privileged information. If you are not the addressee, you are 
not permitted to use or copy this email or its attachments nor may you disclose the same to any third party. If this 
has been sent to you in error, please delete the email and notify us by replying to this email immediately.