Solved

optimizing firewalls

Posted on 2016-10-25
4
28 Views
Last Modified: 2016-11-22
Thank you for taking the time to view my question.  Churches don't run at the speed of business.  Our Church needs to upgrade our firewall to improve throughput, content filtering and throttle guest users.  Our 10 authorized users occupy 16 stations thru the campus utilizing a 50/8 Mbps connection to sudden link.  Usually fewer than 20 guest users download content from the  4 protected wireless APs at peak times.

The Dell TZ 300 w/ a three year plan seems like a no brainer for speed and protection.  It even provides the fiber connections to future proof a new multi-use building due to come online next year.  Some naysayers want to over-purchase the TZ500 or equal to future proof DPI needs, but we plan to replace the unit in 5 years well before the time we plan to jump to 200 Mbps speeds.  For our level of networking this seems like overkill.  Is the DPI 100Mbps at each connection?  Help us save money for the orphans j/k.
0
Comment
Question by:josh black
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 27

Accepted Solution

by:
Dr. Klahn earned 250 total points (awarded by participants)
ID: 41859674
Is the DPI 100Mbps at each connection?

I'm not quite sure what you mean, but if the sense of your question is "Does each user have 100 Mbps access to the internet?" -- then no, because the connection to the ISP is only 50 Mbps.

As a side note, unless there are serious problems with hostile users it would be unusual to do deep packet inspection at every connection.
1
 
LVL 25

Assisted Solution

by:Cyclops3590
Cyclops3590 earned 125 total points (awarded by participants)
ID: 41862486
I agree, DPI dramatically slows throughput and most of the time doesn't capture anything.  It's kind of like the flu virus.  Yes, it may catch some stuff.  But the rules are based on yesterday's vulnerabilities.  So catching existing ones is far less likely.  Personally I'd leave it off.  Any issues you may have should be readily seeable thru abnormal traffic surges.  Or better yet, setup a snort server.  at least then it won't impact traffic and you can tune it to your needs much easier.
0
 
LVL 28

Assisted Solution

by:masnrock
masnrock earned 125 total points (awarded by participants)
ID: 41862497
In all honesty I'd be asking two questions:
1) Will the church actually replace the firewall in the mentioned 3 year window?
2) Will the upgrade in connection speed occur sooner?

If I take the questions out of account, I'd say the TZ300 is fine based on your current needs. Assuming that you have a VLAN for the guest wireless, I'd recommend doing something along the lines of using the Sonicwall's Bandwidth Management. That should address at least a subset of your problems.
0
 
LVL 28

Expert Comment

by:masnrock
ID: 41887605
Question answered
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to migrate from Juniper srx to pan 7.x? 2 35
Changing Monitor IDs 3 52
Server overheating 7 55
Linksys EA8500 3 14
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question