NETASQ firewalls....

[mrbios]

Anyone used one?

I was previously looking at palo alto but i've been quoted a decent price for a netasq U250S and the only video i can find of them makes it look quite good but it's a video by netasq themselves, so i need some unbiased user opinions.

 

[mrbios]

Interesting, they're very france based it seems from googling, the french military supposedly use them (it's not looking good eh? ) and their nato approved for whatever that's worth.

This is their site: http://www.netasq.com/en/firewall-services/u-series-s-models.php

 

[mrbios]

Getting a box from the supplier to play around with Palo alto was my first choice but the PA offering is over double the price of this one, so im going to give it a good look over. Also theyre offering onsite and remote support as well as training so they have that part well covered.

 

[mrbios]

I did look at fortinet, even contacted them and asked for more info but they arranged to ring me back and never did.

Might contact them again on Monday though as i did like the look of them, not sure which product of theirs i should be looking at though in the mean time? 600-700 devices, 100mb internet connection and requirement for spam+av filtering on top of the standard firewall capabilities (assume AD integration is standard for all firewalls these days?....I've been using an ISA2006 box for years so quite out of touch with it all)

Any rough idea on price in comparison? I'd be looking at £1500 for netasq, £3350 for palo alto + optional extras such as spam filtering.....which i dont think PA could do.

 

[mrbios]

Thanks Hulkstar that's just the sort of info i was looking for from the sounds of things the nice low price tag is down to the relatively less than impresive capabilities then.

Iaind will send you an email in trust now, quite keen to get in contact with fortinet now

 

[mrbios]

Cheers iain

I need a 3rd comparison, so what are checkpoint like? can anyone give me any idea what their costs are like in comparison to palo alto and fortinet?

How good is their spam filtering?

 

[mrbios]

Cheers chaps, and i agree certainly don't have that kind of expertise in house!!

Will take a look at watchgaurd then

 

[mrbios]

Ah thanks!

Do either of you have any experience with the spam filtering capabilities of these?

We're also looking at possibly using forefront online protection for exchange as it's dirt cheap for schools, any experiences with that?

 

[mrbios]

Alas yes. It's all controlled by an external database managed by Watchguard - the feature key license covers this for the period that you're covered for. It's OK at what it does, no real complaints there, however it lacks control. You can define how the spam is handled (drop/quarantine/log/mark) and then users are emailed (usually daily) from your WSC server and they can review and release their own mail

- GP

Certainly an improvment on what we have now. So the emails the user get from the server to release mail, is the mail catagorized so that we can only allow spam that falls within a set severity to be released? I assume they don't get shown every single email that attempted to come in to their account, porn n all, that they can release?

 

[mrbios]

You didnt say you were a school though! Forget UTM on the firewalls and get a Lightspeed device. Designed for schools - you can do stuff like allow a teacher to open up youtube to their class for the duration of a lesson. It also has a lot of duty of care stuff, can monitor IM etc. Worth a look

Woops thought i'd mentioned school in my OP, missed that out!

We'll be doing the web filtering completely seperately from the firewall and spam filters job, mainly because every time i look at a device to do all 3 tasks one aspect of it tends to be a bit ...... well ****! Smoothwall are a good example of that, good web filter, bad firewall.

Will be getting smoothwall, bloxx and lightspeed in to show off their web filtering. All nice school focussed systems To be honest though I've not bothered to look at any of them for email filtering...

 

[mrbios]

Maybe I'm confusing what i need from my devices then? I didn't realise there was so much complexity to it all before i started looking at it (My jobs always been more focused on what goes on inside a network and other people have done the perimeter/outside setup)

I'll try and outline what i need and what i currently use:
Currently ....
Firewall - ISA2006 server used for publishing websites, exchange - smtp, owa etc, and various rules for other protocols required by the network be it in or out, nothing bespoke or out of the ordinary. So old and outdated, we want to replace this with something with active directory integration etc.
Mail filters - Two linux boxes running spamassassin - very old version of fedora running on them (CLI only) none of us are really that linux savvy so we don't do much with them. Here we want to replace these with something that's easier to manage and even gives the user something back such as the ability to release blocked mail.
Web Filtering - At the moment this is provided by the internet provider at their end, this is just a url only piece of junk
Internet connection - 30mb leased line

Here's what we're looking at for replacement:
Internet connection - 76Mbps FTTC 1:1 line (hell of a lot cheaper than a leased line!)
Web Filtering - Either bloxx, smoothwall or lightspeed
Mail filtering - After rethinking this part, perhaps one of the above web filtering options would be a good bet to package this with seeing as they all provide it?
Firewall - This is the part I'm stuck at, but I'm guessing i only need something more basic than previous information has suggested? That said we do want more control over security, simplicity of management and so on. School networks progress surprisingly fast (5 years ago we had about 250 PCs, now we have over 600 devices and things like ipads are becoming more and more prominent)

Is that helpful at all?

 

[mrbios]

For the internet connection we have got a price for an ADSL backup which we'll probably get, although being FTTC if anything fails to take out the FTTC connection the backup one will probably die too but you never know

I do like the sounds of what you're saying about lightspeed, I've got them coming some point during March to present their product to our management (will end up getting 3 companies in regardless as it's a council requirement for contract services)

As for firewalls..... am i confusing things when i say web filtering in the sense of something like lightspeed compared to web filtering in the sense of something such as application layer filtering? Is it one term sometimes used for two different reasons as I've got a bit confused in some areas i think.

We do have a home access system much like what your mate seems to have been implementing, whereby teachers can use RDP Remote app to use various applications on a terminal server, access files within their shares through a web browser and so on, surprisingly good system considering it's free and coded by a guy at a school in wales, take a look at this: hap.codeplex.com

So overall though I probably don't need any of the application layer firewall features i previously thought i might? Seeing as it's the one time we'll be doing this for the next X amount of years could it be a good idea to put one in anyway even if we don't use those features right away? (I honestly don't even know what features i could be thinking about here, i just want to make sure i get something that's going to cover growth )

Thank you for the help with all this by the way, I've been going in circles with it for a while, problem is I can never sit and focus on it. Such is the nature of school IT, jack of all trades, master of very few!

 

[mrbios]

I assume your mate has his network setup so that teacher and admin PCs are on separate Vlans or something then? Seems to be more common that people are doing that recently. Years ago when all school networks were just flat networks they were all cabled so that there were two separate physical networks, it was a vile way of setting up a network, glad those days are over!

Anyway I think I've been given a much better understanding as to what it is i need to be looking for. Prior to this thread i've been hunting through various product pages and being wow'ed by fancy bold features that each can do, without fully understanding them. Definitely a hell of a lot more to it than i thought when i first started looking though!