Adaptive out of Portsmouth NH is who we work with. All they do is PA…. Z
Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Pete Howard [mailto:pchow...@yahoo.com] Sent: Wednesday, February 06, 2013 4:59 PM To: NT System Admin Issues Subject: Re: OT: Guest network security Anyone have a favorite VAR to work with for PA's ? A few of my usual vendors dont carry them ________________________________ From: "Ziots, Edward" <ezi...@lifespan.org<mailto:ezi...@lifespan.org>> To: NT System Admin Issues <ntsysadmin@lyris.sunbelt-software.com<mailto:ntsysadmin@lyris.sunbelt-software.com>> Sent: Wednesday, February 6, 2013 4:08 PM Subject: RE: OT: Guest network security If you mean PA=Palo Alto, they are dead on (scary CCIE would say that being from the CISCO house) I work on Palo Alto Daily, and its sick how much these things can do. Been finding a lot that I wouldn’t have been able to obtain but regular firewall log parsing, and being able to quantifiy you own applications and make traffic rules based on them is pretty killer. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org<mailto:ezi...@lifespan.org> This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Kevin Lundy [mailto:klu...@gmail.com] Sent: Wednesday, February 06, 2013 3:48 PM To: NT System Admin Issues Subject: Re: OT: Guest network security I have two CCIE's that work for me. Both also used to work for a Cisco VAR - so obviously Cisco bigots. They both recommended PA to me over the ASA. From a security perspective, the PA do so much more than ASAs. We still use ASAs for some intranet firewalls. Are you using the Cisco controllers with your WAPs? If so, they have captive portal capability. They call it Lobby Ambassador. On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff <kurt.b...@gmail.com<mailto:kurt.b...@gmail.com>> wrote: Our Sidewinders are EOL at the end of April, and my manager doesn't like them. He's a Cisco bigot, and wants ASAs in here. I'm fighting him to at least take a look at the Palo Alto platform, or perhaps the newest iteration of the Sidewinders (which are now called McAfee Enteprise Firewalls). That's an interesting tip on the Sophos solution. What did you use for the hardware? Kurt On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall <rich...@gmail.com<mailto:rich...@gmail.com>> wrote: > I was going to suggest using the SonicPoint solution from SonicWall, but > you've got Sidewinders, don't you? > > Does McAfee have anything like SonicWall's wireless solution where it's all > managed from the firewall? > > PS Sophos has this too, and they give their UTM firewall away free for home > use. Just bring your own hardware. I just switched to this the other day > and love it so far. I should write a blog post about it. (But then I'd > have to create a blog...) > > > On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff > <kurt.b...@gmail.com<mailto:kurt.b...@gmail.com>> wrote: >> >> All, >> >> Quite some time ago, I set up an unsecured guest VLAN in our network, >> providing wireless access to all of the sundry devices that staff and >> visitors carry. I set up a small FreeBSD machine to serve IP addresses >> via DHCP, and that was dead simple. >> >> It is a layer2 VLAN, traversing our backbone, and terminating on our >> corporate firewall. >> >> However, there are now other tenants in our building, and the subnet >> is getting too much bandwidth and address consumption - the range I >> set up is completely filled, and the VLAN is consuming about half of >> our Internet pipe, which is far too much for my comfort. >> >> I suspect the other tenants are leeching. >> >> What I've read of captive portals seems to indicate that the portal is >> part of the firewall. I could be wrong about that, though. Regardless, the >> corporate firewall will not be allowed to be part of this solution. >> >> The only other alternative I see right now is to set up a password on >> the SSID, and have the front desk hand it out to guests, after mailing >> it to staff, and I'm getting pushback on that from my manager. >> >> Does anyone have some ideas I could pursue on this? >> >> Thanks, >> >> Kurt >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to >> listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> >> with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
<<inline: image001.jpg>>
