Yes, and their stuff is awesome... :) A bit pricier than the range we're talking about, though.
* * *ASB* *http://about.me/Andrew.S.Baker* *Harnessing the Advantages of Technology for the SMB market… * On Thu, Aug 4, 2011 at 6:58 PM, Martin Blackstone <[email protected]>wrote: > Have any of you guys checked out Palo Alto Networks?**** > > ** ** > > *From:* Crawford, Scott [mailto:[email protected]] > *Sent:* Thursday, August 04, 2011 3:18 PM > > *To:* NT System Admin Issues > *Subject:* RE: SMB firewall (was RE: VLAN N00b)**** > > ** ** > > Are you saying that av/content filtering is you least important criteria of > all on a FW? Or that’s it’s the bottom of your must haves?**** > > ** ** > > *From:* Andrew S. Baker [mailto:[email protected]] > *Sent:* Thursday, August 04, 2011 12:23 PM > *To:* NT System Admin Issues > *Subject:* Re: SMB firewall (was RE: VLAN N00b)**** > > ** ** > > The features I find that I use the most are:**** > > - Firewall / VPN**** > - IPS**** > - .**** > - .**** > - .**** > - AV / Content Filtering**** > > ** ** > > *ASB***** > > *http://about.me/Andrew.S.Baker***** > > *Harnessing the Advantages of Technology for the SMB market…***** > > ** ** > > On Thu, Aug 4, 2011 at 10:38 AM, David Lum <[email protected]> wrote:**** > > And now I need to choose a firewall. Holy crap there are a multitude of > options, not the least of which are the various UTM (Unified Threat > Management) options and reporting options. > > What kind of features do you guys find are key and are there any features > you thought you'd use but really don't? > > Dave**** > > > -----Original Message----- > From: David Lum [mailto:[email protected]]**** > > Sent: Thursday, August 04, 2011 6:08 AM > To: NT System Admin Issues**** > > Subject: RE: SMB firewall (was RE: VLAN N00b) > > Yep, what you describe is exactly what I was envisioning, thanks! (BTW Dell > also calls it tagging). Now to decide on a firewall. I called my client last > night and she was already onboard with my thinking "go ahead and buy it or > send me a link and I'll order it". > > I love clients that trust you enough that all you need to do is explain the > concept and benefits and they're ready to pull the trigger, weird telling > them "uh, I'm not ready to buy anything as I need to decide on the exact > product..." :-). > > It's also nice is knowing steering them to a managed switch 3 years ago is > going to pay off with this little project. > > Dave > > -----Original Message----- > From: Ben Scott [mailto:[email protected]] > Sent: Thursday, August 04, 2011 5:34 AM > To: NT System Admin Issues > Subject: Re: SMB firewall (was RE: VLAN N00b) > > On Wed, Aug 3, 2011 at 4:42 PM, David Lum <[email protected]> wrote: > > So ideally in your opinion the firewall would effectively give > > each VLAN (each VLAN defined by 802.1Q tags) it's own > > DHCP scope and thus their own IP settings, correct? > > More or less. > > I would separate your desired access groups into separate networks. > > Conceptually, start with the idea that you have each group on a > different physical switch, each with its own DHCP server, and its own > > > <snip> > > So upgrade the concept to a firewall that understands 802.1Q VLAN > tags. Only one cable from the switch to the firewall. Each separate > VLAN gets associated with that single cable, and the switch and > firewall use 802.1Q VLAN tags to know which isolated network a given > frame is for. > > Only the switch port connected to the firewall emits or expects > frames with VLAN tags. (I believe Cisco calls this a "VLAN trunk > port"; HP calls it "tagged"; I dunno what Dell calls it.) All the > other switch ports are on a single VLAN ("untagged" in HP-speak), and > just act like separate switches for the nodes which aren't aware of > the other networks. > > Make sense? > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
