Yes. You can contact me off-line...
*ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>* **Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market…*** On Wed, Feb 6, 2013 at 4:59 PM, Pete Howard <[email protected]> wrote: > Anyone have a favorite VAR to work with for PA's ? A few of > my usual vendors dont carry them > > ------------------------------ > *From:* "Ziots, Edward" <[email protected]> > *To:* NT System Admin Issues <[email protected]> > *Sent:* Wednesday, February 6, 2013 4:08 PM > *Subject:* RE: OT: Guest network security > > If you mean PA=Palo Alto, they are dead on (scary CCIE would say that > being from the CISCO house) I work on Palo Alto Daily, and its sick how > much these things can do. Been finding a lot that I wouldn’t have been > able to obtain but regular firewall log parsing, and being able to > quantifiy you own applications and make traffic rules based on them is > pretty killer. > > Z > > Edward E. Ziots, CISSP, Security +, Network + > Security Engineer > Lifespan Organization > [email protected] > > This electronic message and any attachments may be privileged and > confidential and protected from disclosure. If you are reading this > message, but are not the intended recipient, nor an employee or agent > responsible for delivering this message to the intended recipient, you are > hereby notified that you are strictly prohibited from copying, printing, > forwarding or otherwise disseminating this communication. If you have > received this communication in error, please immediately notify the sender > by replying to the message. Then, delete the message from your computer. > Thank you. > *[image: Description: Description: Lifespan]* > > > *From:* Kevin Lundy [mailto:[email protected]] > *Sent:* Wednesday, February 06, 2013 3:48 PM > *To:* NT System Admin Issues > *Subject:* Re: OT: Guest network security > > I have two CCIE's that work for me. Both also used to work for a Cisco > VAR - so obviously Cisco bigots. They both recommended PA to me over the > ASA. From a security perspective, the PA do so much more than ASAs. We > still use ASAs for some intranet firewalls. > > Are you using the Cisco controllers with your WAPs? If so, they have > captive portal capability. They call it Lobby Ambassador. > On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff <[email protected]> wrote: > Our Sidewinders are EOL at the end of April, and my manager doesn't like > them. > > He's a Cisco bigot, and wants ASAs in here. > > I'm fighting him to at least take a look at the Palo Alto platform, or > perhaps the newest iteration of the Sidewinders (which are now called > McAfee Enteprise Firewalls). > > That's an interesting tip on the Sophos solution. What did you use for > the hardware? > > Kurt > > On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall <[email protected]> > wrote: > > I was going to suggest using the SonicPoint solution from SonicWall, but > > you've got Sidewinders, don't you? > > > > Does McAfee have anything like SonicWall's wireless solution where it's > all > > managed from the firewall? > > > > PS Sophos has this too, and they give their UTM firewall away free for > home > > use. Just bring your own hardware. I just switched to this the other > day > > and love it so far. I should write a blog post about it. (But then I'd > > have to create a blog...) > > > > > > On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff <[email protected]> wrote: > >> > >> All, > >> > >> Quite some time ago, I set up an unsecured guest VLAN in our network, > >> providing wireless access to all of the sundry devices that staff and > >> visitors carry. I set up a small FreeBSD machine to serve IP addresses > >> via DHCP, and that was dead simple. > >> > >> It is a layer2 VLAN, traversing our backbone, and terminating on our > >> corporate firewall. > >> > >> However, there are now other tenants in our building, and the subnet > >> is getting too much bandwidth and address consumption - the range I > >> set up is completely filled, and the VLAN is consuming about half of > >> our Internet pipe, which is far too much for my comfort. > >> > >> I suspect the other tenants are leeching. > >> > >> What I've read of captive portals seems to indicate that the portal is > >> part of the firewall. I could be wrong about that, though. Regardless, > the > >> corporate firewall will not be allowed to be part of this solution. > >> > >> The only other alternative I see right now is to set up a password on > >> the SSID, and have the front desk hand it out to guests, after mailing > >> it to staff, and I'm getting pushback on that from my manager. > >> > >> Does anyone have some ideas I could pursue on this? > >> > >> Thanks, > >> > >> Kurt > >> > >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >> > >> --- > >> To manage subscriptions click here: > >> http://lyris.sunbelt-software.com/read/my_forums/ > >> or send an email to [email protected] > >> with the body: unsubscribe ntsysadmin > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to [email protected] > > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<image001.jpg>>
