Have any of you guys checked out Palo Alto Networks?
From: Crawford, Scott [mailto:crawfo...@evangel.edu] Sent: Thursday, August 04, 2011 3:18 PM To: NT System Admin Issues Subject: RE: SMB firewall (was RE: VLAN N00b) Are you saying that av/content filtering is you least important criteria of all on a FW? Or that's it's the bottom of your must haves? From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, August 04, 2011 12:23 PM To: NT System Admin Issues Subject: Re: SMB firewall (was RE: VLAN N00b) The features I find that I use the most are: * Firewall / VPN * IPS * . * . * . * AV / Content Filtering ASB http://about.me/Andrew.S.Baker Harnessing the Advantages of Technology for the SMB market. On Thu, Aug 4, 2011 at 10:38 AM, David Lum <david....@nwea.org> wrote: And now I need to choose a firewall. Holy crap there are a multitude of options, not the least of which are the various UTM (Unified Threat Management) options and reporting options. What kind of features do you guys find are key and are there any features you thought you'd use but really don't? Dave -----Original Message----- From: David Lum [mailto:david....@nwea.org] Sent: Thursday, August 04, 2011 6:08 AM To: NT System Admin Issues Subject: RE: SMB firewall (was RE: VLAN N00b) Yep, what you describe is exactly what I was envisioning, thanks! (BTW Dell also calls it tagging). Now to decide on a firewall. I called my client last night and she was already onboard with my thinking "go ahead and buy it or send me a link and I'll order it". I love clients that trust you enough that all you need to do is explain the concept and benefits and they're ready to pull the trigger, weird telling them "uh, I'm not ready to buy anything as I need to decide on the exact product..." :-). It's also nice is knowing steering them to a managed switch 3 years ago is going to pay off with this little project. Dave -----Original Message----- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Thursday, August 04, 2011 5:34 AM To: NT System Admin Issues Subject: Re: SMB firewall (was RE: VLAN N00b) On Wed, Aug 3, 2011 at 4:42 PM, David Lum <david....@nwea.org> wrote: > So ideally in your opinion the firewall would effectively give > each VLAN (each VLAN defined by 802.1Q tags) it's own > DHCP scope and thus their own IP settings, correct? More or less. I would separate your desired access groups into separate networks. Conceptually, start with the idea that you have each group on a different physical switch, each with its own DHCP server, and its own <snip> So upgrade the concept to a firewall that understands 802.1Q VLAN tags. Only one cable from the switch to the firewall. Each separate VLAN gets associated with that single cable, and the switch and firewall use 802.1Q VLAN tags to know which isolated network a given frame is for. Only the switch port connected to the firewall emits or expects frames with VLAN tags. (I believe Cisco calls this a "VLAN trunk port"; HP calls it "tagged"; I dunno what Dell calls it.) All the other switch ports are on a single VLAN ("untagged" in HP-speak), and just act like separate switches for the nodes which aren't aware of the other networks. Make sense? -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
