Re: Firewall replacement

["King, Ronald A." <raking () NSU EDU>]

We use ASAs here as well.  We are very happy with them.  In addition to firewalling, we use them for user client based 
VPN, SSL VPN, and site to site.  We also through the full Emerging Threats IP block list at them which they handle like 
champs.  We have 2 in active-passive.  When an update is required, as there can be some nasty ones, downtime is pretty 
much non-existent when failing them over for reboots.  At most, 30 seconds for routing tables to update.  In most 
cases, updates are done remotely through a VPN tunnel and, when failing them over, we don't lose the tunnel.


Ronald King
Security Engineer
Norfolk State University
Marie V. McDemmond Center for Applied Research
Suite 401
700 Park Ave.
Norfolk, Virginia  23504
Phone:  757-823-3918
Fax: 757-823-2128
Email: raking () nsu edu<mailto:raking () nsu edu>
http://security.nsu.edu

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kellogg, 
Brian D.
Sent: Monday, March 07, 2011 11:15 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Firewall replacement

We are beginning to look at replacing our Sonicwall firewalls.  My experience is mostly with Cisco Pix, which were rock 
solid, and older ASA code running on Pix appliances.  Are the new ASA appliances as stable as the old Pix boxes?

Our needs are simple; stateful firewall, User VPN, site to site VPN, and a handful of SSL VPN connections if possible.  
I prefer appliances, but am open to any suggestions.  Platform stability is my greatest concern.

Anyone out there running a Linux FW appliance like Vyatta?  If so experiences and feedback would be welcome.



Thanks for any suggestions or feedback,
Brian