ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    USG Pro 4 and our Company Security

    IT Discussion
    12
    88
    5.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller
      last edited by

      So I would happily get onto the phone with this rep and your CEO if you'd like. CEO can be on mute. But I will only do a free "expose the scammer" call if someone with the authority to consider legal action is listening. But if the CEO wants to hear him get exposed lying in real time, I'm happy to make that call.

      wrx7mW 1 Reply Last reply Reply Quote 2
      • scottalanmillerS
        scottalanmiller
        last edited by

        It's also worth noting that the big features that people use to push UTMs, DPI SSL inspection, are also their biggest risk and why many places will never allow them. What DPI SSL is is the IT department implementing a "man in the middle" attack on encrypted traffic. In doing so, end users cannot trust the traffic in the company, and the UTM itself becomes a massive point of danger that normally does not exist. DPI SSL is "neat" and "terrible" at the same time. Neat in that you can break into user's secure sessions, terrible in that they compromise HTTPS security and provide a mechanism for breaching data at that point.

        For example, I would never allow DPI SSL in my own company. I think it is a terrible idea. I can see why some people, especially those that feel that they need to spy on their end users, value it. But it's dangerous, and if you ever allow a third party to manage it it is even more dangerous still. Imagine if this datacenter offered to manage a UTM for you, they could be harvesting your banking data with that! DPI SSL is a very, very dangerous sword to wield.

        It's not that DPI SSL is expensive, or hard, or "unneeded." It's that we don't see it as acceptable to implement in that way and won't allow it. For him to act like you can't be secure without doing something we see as that bad, is a pretty big statement for him to make.

        1 Reply Last reply Reply Quote 2
        • scottalanmillerS
          scottalanmiller
          last edited by

          Now, to be fair, all of this stuff is pretty minor. I don't want to sound ridiculous about it. Every slimy salesman pushes UTM, every single one. Just like they all used to push SAN. It's the standard sales tactic. Getting a UTM won't destroy your company, it just funnels money out of your wallet into his. That's really all.

          Azure over a better cloud isn't doom and gloom. You'll pay 20-80% more, your have 50% more outages, but it's all minor. You'll know the cost up front, and even 50% more outage is pretty trivial. Sounds bad, but it isn't.

          Will this guy actually steal your banking data? Not likely. What he might steal is stuff you'll probably not realize and it just won't matter to you very much.

          The reason that we are all up in arms isn't because this will kill your company or cause some huge disaster. It's that we are all offended that a clearly dishonest con man is pretending to be your adviser and discrediting our profession. He's crossed a clear line and is someone you can never trust and should never engage again. That's absolutely clear. But he's not going to stab you and burn down your house, he's just a crummy human who will use FUD and confusion to run a con on you, nothing more, nothing less.

          jmooreJ RojoLocoR 2 Replies Last reply Reply Quote 1
          • jmooreJ
            jmoore @jevans
            last edited by

            @jevans Sounds like he is reading a sales brochure. None of what he said gives you any reason to stay with him. Just my opinion.

            1 Reply Last reply Reply Quote 1
            • jmooreJ
              jmoore @scottalanmiller
              last edited by

              @scottalanmiller Absolutely great explanation!

              1 Reply Last reply Reply Quote 1
              • RojoLocoR
                RojoLoco @scottalanmiller
                last edited by

                @scottalanmiller is that really better than the stabby arsonist? At least with those you can tell they will stab you and burn your house down, with lying sales dicks (read: all of them), not as easy to spot, especially when you aren't aware of where they get their income. Wolf in sheep's clothing, and all that.

                scottalanmillerS 1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @RojoLoco
                  last edited by

                  @RojoLoco said in USG Pro 4 and our Company Security:

                  At least with those you can tell they will stab you and burn your house down, with lying sales dicks (read: all of them), not as easy to spot,

                  I'm "lucky", for me, the salesman is easier to spot. It's my super power.

                  1 Reply Last reply Reply Quote 0
                  • jevansJ
                    jevans
                    last edited by

                    Thank you Scott, and everyone. This was exactly what I needed. I felt something was not right and I was starting to question myself. Now I have what I need to formulate a plan and present it to our CEO so that we can stay the course with the initial plan using the USGs.

                    One other question I had about the USG. I see the specs for the USG Pro 4 should be able to handle all of our branches traffic but will it slow things down? Should I think about placing an XG at the DC to handle all 60-70 users or will the Pro 4 handle it just fine?

                    scottalanmillerS travisdh1T 2 Replies Last reply Reply Quote 1
                    • scottalanmillerS
                      scottalanmiller @jevans
                      last edited by

                      @jevans said in USG Pro 4 and our Company Security:

                      One other question I had about the USG. I see the specs for the USG Pro 4 should be able to handle all of our branches traffic but will it slow things down? Should I think about placing an XG at the DC to handle all 60-70 users or will the Pro 4 handle it just fine?

                      I don't think that you provided enough data for us to know. The Pro 4 is decently fast, but might be around its limit. Users is a silly guide that firewall makers tend to use, but it doesn't mean anything, really. What is the network bandwidth that you have at each site (DC and branches?) That, more than anything, determines what the units will have to handle.

                      1 Reply Last reply Reply Quote 0
                      • travisdh1T
                        travisdh1 @jevans
                        last edited by

                        @jevans said in USG Pro 4 and our Company Security:

                        Thank you Scott, and everyone. This was exactly what I needed. I felt something was not right and I was starting to question myself. Now I have what I need to formulate a plan and present it to our CEO so that we can stay the course with the initial plan using the USGs.

                        Glad we could help. We're always happy to make life difficult for scamy sales... things.

                        One other question I had about the USG. I see the specs for the USG Pro 4 should be able to handle all of our branches traffic but will it slow things down? Should I think about placing an XG at the DC to handle all 60-70 users or will the Pro 4 handle it just fine?

                        We'd need to know your ISP bandwidth to be able to answer this.

                        jevansJ 1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller
                          last edited by

                          The USG 4 should be able to push around 120Mb/s over IPSec. If you need more than that, then the bigger model is needed.

                          wrx7mW 1 Reply Last reply Reply Quote 1
                          • wrx7mW
                            wrx7m @scottalanmiller
                            last edited by

                            @scottalanmiller said in USG Pro 4 and our Company Security:

                            So I would happily get onto the phone with this rep and your CEO if you'd like. CEO can be on mute. But I will only do a free "expose the scammer" call if someone with the authority to consider legal action is listening. But if the CEO wants to hear him get exposed lying in real time, I'm happy to make that call.

                            Time for a party call!!

                            scottalanmillerS 1 Reply Last reply Reply Quote 1
                            • scottalanmillerS
                              scottalanmiller @wrx7m
                              last edited by

                              @wrx7m said in USG Pro 4 and our Company Security:

                              @scottalanmiller said in USG Pro 4 and our Company Security:

                              So I would happily get onto the phone with this rep and your CEO if you'd like. CEO can be on mute. But I will only do a free "expose the scammer" call if someone with the authority to consider legal action is listening. But if the CEO wants to hear him get exposed lying in real time, I'm happy to make that call.

                              Time for a party call!!

                              Yup, it'll be quite the party.

                              1 Reply Last reply Reply Quote 0
                              • wrx7mW
                                wrx7m @scottalanmiller
                                last edited by

                                @scottalanmiller said in USG Pro 4 and our Company Security:

                                The USG 4 should be able to push around 120Mb/s over IPSec. If you need more than that, then the bigger model is needed.

                                Is that aggregate?

                                scottalanmillerS 1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller @wrx7m
                                  last edited by

                                  @wrx7m said in USG Pro 4 and our Company Security:

                                  @scottalanmiller said in USG Pro 4 and our Company Security:

                                  The USG 4 should be able to push around 120Mb/s over IPSec. If you need more than that, then the bigger model is needed.

                                  Is that aggregate?

                                  Yeah

                                  1 Reply Last reply Reply Quote 0
                                  • JaredBuschJ
                                    JaredBusch @jevans
                                    last edited by

                                    @jevans said in USG Pro 4 and our Company Security:

                                    Also DPI SSL inspection

                                    Read: Breaks the SSL chain.

                                    scottalanmillerS 1 Reply Last reply Reply Quote 2
                                    • scottalanmillerS
                                      scottalanmiller @JaredBusch
                                      last edited by

                                      @JaredBusch said in USG Pro 4 and our Company Security:

                                      @jevans said in USG Pro 4 and our Company Security:

                                      Also DPI SSL inspection

                                      Read: Breaks the SSL chain.

                                      That sums it up 😉

                                      1 Reply Last reply Reply Quote 0
                                      • jevansJ
                                        jevans @travisdh1
                                        last edited by

                                        @travisdh1 said in USG Pro 4 and our Company Security:

                                        We'd need to know your ISP bandwidth to be able to answer this.

                                        We currently are using 50/10 on Comcast Cable, but we will be moving over to a private Fiber network within the next 6 months. With the dedicated Fiber line, we will have 20 Mbps for 13 branches, 50 Mbps for Corporate and 100 Mbps for the DC(Atmosera).

                                        JaredBuschJ scottalanmillerS 2 Replies Last reply Reply Quote 0
                                        • JaredBuschJ
                                          JaredBusch @jevans
                                          last edited by

                                          @jevans said in USG Pro 4 and our Company Security:

                                          @travisdh1 said in USG Pro 4 and our Company Security:

                                          We'd need to know your ISP bandwidth to be able to answer this.

                                          We currently are using 50/10 on Comcast Cable, but we will be moving over to a private Fiber network within the next 6 months. With the dedicated Fiber line, we will have 20 Mbps for 13 branches, 50 Mbps for Corporate and 100 Mbps for the DC(Atmosera).

                                          This means the USG is more than sufficient because you cna't go faster than it can process traffic.

                                          1 Reply Last reply Reply Quote 2
                                          • scottalanmillerS
                                            scottalanmiller @jevans
                                            last edited by

                                            @jevans said in USG Pro 4 and our Company Security:

                                            100 Mbps for the DC(Atmosera).

                                            That's really slow for a DC. You'd normally expect more than that in most cases. This isn't a big deal for you, as your sites are only so fast. but you might get caught with your DC being a bottleneck.

                                            jmooreJ 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 3 / 5
                                            • First post
                                              Last post