Yes. Have two PAs clustered. Love the security aspect. Management console performance is sloooow.
Kevin On 8/4/11, Martin Blackstone <[email protected]> wrote: > Have any of you guys checked out Palo Alto Networks? > > > > From: Crawford, Scott [mailto:[email protected]] > Sent: Thursday, August 04, 2011 3:18 PM > To: NT System Admin Issues > Subject: RE: SMB firewall (was RE: VLAN N00b) > > > > Are you saying that av/content filtering is you least important criteria of > all on a FW? Or that's it's the bottom of your must haves? > > > > From: Andrew S. Baker [mailto:[email protected]] > Sent: Thursday, August 04, 2011 12:23 PM > To: NT System Admin Issues > Subject: Re: SMB firewall (was RE: VLAN N00b) > > > > The features I find that I use the most are: > > * Firewall / VPN > * IPS > * . > * . > * . > * AV / Content Filtering > > > > > ASB > > > http://about.me/Andrew.S.Baker > > > Harnessing the Advantages of Technology for the SMB market. > > > > On Thu, Aug 4, 2011 at 10:38 AM, David Lum <[email protected]> wrote: > > And now I need to choose a firewall. Holy crap there are a multitude of > options, not the least of which are the various UTM (Unified Threat > Management) options and reporting options. > > What kind of features do you guys find are key and are there any features > you thought you'd use but really don't? > > Dave > > > -----Original Message----- > From: David Lum [mailto:[email protected]] > > Sent: Thursday, August 04, 2011 6:08 AM > To: NT System Admin Issues > > Subject: RE: SMB firewall (was RE: VLAN N00b) > > Yep, what you describe is exactly what I was envisioning, thanks! (BTW Dell > also calls it tagging). Now to decide on a firewall. I called my client last > night and she was already onboard with my thinking "go ahead and buy it or > send me a link and I'll order it". > > I love clients that trust you enough that all you need to do is explain the > concept and benefits and they're ready to pull the trigger, weird telling > them "uh, I'm not ready to buy anything as I need to decide on the exact > product..." :-). > > It's also nice is knowing steering them to a managed switch 3 years ago is > going to pay off with this little project. > > Dave > > -----Original Message----- > From: Ben Scott [mailto:[email protected]] > Sent: Thursday, August 04, 2011 5:34 AM > To: NT System Admin Issues > Subject: Re: SMB firewall (was RE: VLAN N00b) > > On Wed, Aug 3, 2011 at 4:42 PM, David Lum <[email protected]> wrote: >> So ideally in your opinion the firewall would effectively give >> each VLAN (each VLAN defined by 802.1Q tags) it's own >> DHCP scope and thus their own IP settings, correct? > > More or less. > > I would separate your desired access groups into separate networks. > > Conceptually, start with the idea that you have each group on a > different physical switch, each with its own DHCP server, and its own > > > <snip> > > So upgrade the concept to a firewall that understands 802.1Q VLAN > tags. Only one cable from the switch to the firewall. Each separate > VLAN gets associated with that single cable, and the switch and > firewall use 802.1Q VLAN tags to know which isolated network a given > frame is for. > > Only the switch port connected to the firewall emits or expects > frames with VLAN tags. (I believe Cisco calls this a "VLAN trunk > port"; HP calls it "tagged"; I dunno what Dell calls it.) All the > other switch ports are on a single VLAN ("untagged" in HP-speak), and > just act like separate switches for the nodes which aren't aware of > the other networks. > > Make sense? > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin -- Sent from my mobile device ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
