K-12 Firewall

pchang
New Contributor

Hello Fellow JAMF Nationers,

I'm curious what firewall K-12 schools are using out there? We are in the process of looking at replacing our firewall appliance and am curious what others use, with their pros and cons.

Thanks in advance!

11 REPLIES 11

dwilliams304
New Contributor

Good Evening, Pchang.

Our district uses two Dell Sonicwall NSA 5500 devices to service 3600 students and just under 600 staff members.

Pros would definitely be an easy to use interface and a wizard option to set up common items, such as public servers.

Biggest con (in my opinion) is the Single Sign On agent that they recommend installing oftentimes fails to detect which user is logged into a computer, essentially giving them the wrong content filtering. With Sonicwall, it will apply the least restrictive, most permissive policy on users that it cannot identify. This is bad, as any Ipad user will fall into that category.

We just filed for Erate to get some bids for new firewalls, I am not brand loyal at this point.

Don

MikeV-Holden
New Contributor

We use a Sophos device for firewall, content filtering, and spam filtering. Since we have a single campus, there is only one line in and out and we can get away with having one big beefy device.

wdpickle
Contributor

We use a Rocket (LightSpeed) appliance. Easy to set up and run. 10,000+ students, 2000+ staff, 9000(ish) connected machine/devices. Constant traffic of (around) 450MB.
Reports that are easy to understand. We set up emails for each building for suspicious search queries by SSID (suicide, cutting and other).

tobiaslinder
Contributor II
Contributor II

Hi pchang
What kind of features are you looking for? How many users? How fast is your connection.

We use appliances based on the open source project pfSense. The prices are very reasonable and the feature set is great. We use it as firewall, DNS-resolver, DHCP Server and VPN Gateway and combine it with OpenDNS Umbrella web filtering and tweak the DNS-Resolver to redirect users to Google safe search when they access Google.

Tobias

pchang
New Contributor

Thanks for replies!

We are currently using CyberHound which was formally known as Netbox Blue. The company just got acquired by Bloomberg, so they are in a transition phase and I'm just covering our bases in case things go sideways. With the Cyberhound unit we have a throughput of 800Mbps. Eight 100Mpbs PPPoE WAN Aggregated for our students.

We do have pfSense as well in our environment and I'm a big fan of using open source too. We did do a Proof of Concept a couple years ago with Sonic Wall, but it didn't meet our requirements of killing SSL sessions back then when we would schedule to close Social Media for our High School Students.

The Rocket LightSpeed looks interesting. I'll take a look into that.

Have any of you had experience or heard of securly?

Peter

Chris_Hafner
Valued Contributor II

I'll jump in with at least a basic offering here. Currently we use a Fortigate 600c but are evaluating a Palo Alto PA-5060. I will easily admit that I know rather little about them but I would be happy to get you any info you'd like from my Network Engineer. FYI, we will be building out a completely redundant additional fiber (Separate ISP) connection as we happen to literally sit on a backbone, and so will soon have two completely separate firewalls working in conjunction... ideally.

damienbarrett
Valued Contributor

We use Untangles and are fairly happy with them. Interface is easier than, say, a Cisco firewall. We like that it can aggregate and load-balance our two broadband connections (FIOS and Comcast) and also gives us connectivity failover. Because we have reserved DHCP leases for every device on our network, and every device also gets a DNS name, it makes looking up violations in the log files very easy. With typical DHCP, you'd then have to consult the DHCP logs to see which device had which IP number at a specific time. The Untangles also act as our web filter (I believe is uses WebSense) and also gives us the ability tarpit or block certain protocols (like torrenting or even gaming).

pchang
New Contributor

@wdpickle How long have you been a user of LightSpeed? How is the reliability and support? Any pros and/or cons ?

We recently had a webinar with them and we are very interested. If you can shed more light, that'd be great! :)

wdpickle
Contributor

K~12 school system. We had a Light Speed appliance for about 4 years then stepped up to a Rocket (still Light Speed) appliance. We have been using them for a total of about 8 years. Support has been real good. When we have had an issue they are quick to respond. If we need help with a particular issue they step right up. Pros: easy to see what is going on by device/location. If users log into the device/filter easy to see what they are doing. We automate sending suspicious reports (by location) to building supervisors, built in feature. We keep data for 90 days, so have a record for any thing that comes up.
Cons: there is a second filter that we can't remove restrictions from. It is located "outside". For our take home iPads we sometimes have to contact support to unblock a site for off site use. Support typically has the site open in under 24 hours, its just annoying to have to wait for another group. If you want more info you can email me directly and we can set up a conversation. william.pickle@bpsne.net

bbelew
Contributor

For our firewall we are currently using a Juniper SRX-220. As far as a firewall goes, it's a great firewall. I just dislike the interface and how sluggish it is. Great though if you know juniper cli.

We are moving to a Fortigate 600D. I was very pleased with the demo we had from Fortinet.

For content filter we use Lightspeed Rocket when the contract runs out we might move the filtering responsibility to the fortigate though to save some money.

darrell_rennie
New Contributor II

We've got a small school, and are using the Fortigate 240D. Very robust, no complaints at all.