What firewall Appliances are everyone using

[Kevin Whelan]

Just wondering what appliances everyone is using and N4L is not an option for us.
Historically we had a watchguard xtm which worked well but they want over $20k for 3 years license which seems a lot. We've also used Microsoft ISA before and that worked well too. Just wondering what else is out there.

[Andrew Godfrey]

PfSense with a standard motherboard and server grade 4-port network card to offload some of the network traffic processing. Two ports are LAG'd to our core switch and the other two are feeds from N4L and 2degrees. This firewall handles routing for our eight VLANs as well. N4L usually runs between 400 and 500 during class time but we have managed to get 900Mbps out of it during testing.

Web filtering is done with a separate device sitting in the middle of the VLAN trunked LAG between PfSense and the switch.

Andrew Godfrey  |  Network Manager

On 2 June 2017 at 09:43, Kevin Whelan <kwhel...@gmail.com> wrote:

Just wondering what appliances everyone is using and N4L is not an option for us.
Historically we had a watchguard xtm which worked well but they want over $20k for 3 years license which seems a lot. We've also used Microsoft ISA before and that worked well too. Just wondering what else is out there.

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Matt Strickland]

Hi Kevin,

We're using a SonicWall 4600 Network Security Appliance (which Dell used to own but now sold off)

Purchased the hardware used (for cheap) and licencing/support costs us ~10k over 3 years.

Only using the firewall / content filtering stuff. It can do deep packet ssl inspection and other fancy stuff but I haven't had much time to really customize it.

I do plan to rebuild our Radius ground up, certificates, vlan and integrated into sonicwall for policy enforcement. (we're a high trust model so for now if its good for staff, its good for students)

For us, I couldn't get N4L to work with hosted solutions nicely (especially accessit)

Matt

[Bevan McNaughton]

Fortinet/Fortigate is quite common and does have some good features

I have Mikrotik here for our secondary connection and have custom L7 rules on it. It is more manual compared to other products however.

We also have a Juniper SRX sitting idle which can do appliance-type firewalling but licencing isn't that economical either. Builtin antivirus passthrough is handy though.

Regards,
Bevan

--

You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Bevan McNaughton

Intranet Manager

MCP, MTCNA, CAP, UEWA, Google Ed.

Southland Girls' High School

328 Tweed Street

Invercargill 9812

Phone: +64 3 211 6030

Fax:     +64 3 216 9010

Mobile: 027 223 2144

[Julian Davison]

pfSense is a nice free option, but any kind of filtering is fairly DIY and can be a bit time-consuming

You may also consider Linewize, which does filtering fairly well and can also be used as a firewall as well/instead.

On Fri, Jun 2, 2017 at 9:43 AM, Kevin Whelan <kwhel...@gmail.com> wrote:

Just wondering what appliances everyone is using and N4L is not an option for us.
Historically we had a watchguard xtm which worked well but they want over $20k for 3 years license which seems a lot. We've also used Microsoft ISA before and that worked well too. Just wondering what else is out there.

--

[Richard Symon]

N4L's Firewall along with Linewize

[Kevin Whelan]

thanks everyone will do some research. We have been linewize for 2 years now

On Friday, June 2, 2017 at 9:43:52 AM UTC+12, Kevin Whelan wrote:

[Blake Richardson]

We are using the Sonicwall SuperMassive 9200 which is pair with a high availability unit. It does our content filtering, anti spam, malware, intrusion prevention, DPI-SSL, as well as application filtering and port based fire wall rules. 

Very good unit and we are very happy with it, we got both units with 3 years licensing for around 50-60K

[Simon Wright]

I think your in a different league than most of us Blake. You must have a very nice looking budget ;)

We had a sonicwall with HA which cost a third of that over the 3 years, but we are probably a smaller school. We are talking 5-6 years ago now and back then sonicwalls AD/user integration was terrible to say the least. I'm sure it has improved now, but our linewize does everything that we were doing with the sonicwall, if not more.

Regards
Simon Wright
ICT Manager

Best for boys through the right learning
2 Arthur Street, Dunedin, 9016, New Zealand p: 03 477 5527 | f: 03 477 5468 | c: 021 773 229 | w: obhs.school.nz

Respect - Whakaute | Courage - Toa | Honour - Hōnore | Perseverance - Manawanui | Excellence - Hiranga

On 7 June 2017 at 08:39, Blake Richardson <bla...@stmargarets.school.nz> wrote:

We are using the Sonicwall SuperMassive 9200 which is pair with a high availability unit. It does our content filtering, anti spam, malware, intrusion prevention, DPI-SSL, as well as application filtering and port based fire wall rules. 

Very good unit and we are very happy with it, we got both units with 3 years licensing for around 50-60K

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

DISCLAIMER
This e-mail is intended for the addressee only and may contain information which is subject to legal privilege. This e-mail message and accompanying data may contain information that is confidential and subject to privilege. Its contents are not necessarily the official view Otago Boys’ High School or communication of the Otago Boys’ High School. If you are not the intended recipient you must not use, disclose, copy or distribute this e-mail or any information in, or attached to it. If you have received this e-mail in error, please contact the sender immediately or return the original message to Otago Boys’ High School by e-mail, and destroy any copies. Otago Boys’ High School does not accept any liability for changes made to this e-mail or attachments after sending.

[Sue Way]

We use a Fortigate 600C and N4L for Data. We have no filtering at N4L our Fortigate does it all.

about $3000 a year for licencing.

Regards

Sue Way | IT Services Director

Wellington Girls' College | Pipitea Street, Thorndon, Wellington 6011 |  

[sup...@berkley.school.nz]

Good afternoon. This is a first post from me, I joined today. 

We have moved from Watchguard to Linewize.  Although N4L is our ISP they don't offer the granularity we needed. Linewize is simple to configure and manage; its daily and weekly reports on violations are very useful and provide just the right information.

I hope this helps.

Regards.

Brian Bowell.

On Friday, 2 June 2017 09:43:52 UTC+12, Kevin Whelan wrote: