cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2374
Views
0
Helpful
17
Replies

S series appliance sales

denisp_ironport
Level 1
Level 1

Hey, folks . I am a partner is sunny Dubai . We have numerous discussions here back and force with Ironport teams who are relucant for us to sale S series , many excuses , like not a good cache , no good url filtering yet and everything is coming , end users on the other hands are bugging me , since netcache and bluecoat are not that good .
Any experiences on saling S series ? Anybody installed it ? How hard it is to install it versus ordinary cache systems out their ?
Your views and sharing information will be much appreciated .

17 Replies 17

smohan_ironport
Level 1
Level 1

Denis,

My name is Shalabh Mohan and I am the Product Manager for the Web Security product line. I would be happy to have detailed discussions with you on our relative strengths v/s the competition as well as the features we plan to add through the rest of this year which will help us position our product better.

We can also share real-life experiences, installs and what customers are saying. Let's schedule a specific call for this. Please let me know what are some good days/times for you. My email address is smohan@ironport.com.

Thanks,
Shalabh

jwjorgensen
Level 4
Level 4

Hello Everyone,

I work for a partner out of Oklahoma City, and have worked with the Web appliance. The setup of the box is VERY straight forward, I had no trouble setting up the box the first time. I had to go through local channel support to get the AsyncOS 5.1 code and license keys. The 5.1 code is much improved over 5.0. The policies in 5.1 are more modular and can be applied to specific LDAP groups or subnet addresses. One feature I would like to see as well as many customers is support for google safe search. Someone in the forum said that safe search is on the roadmap for future release, so that's good. It appears as if you might be able to enforce safe search by using regular expressions and custom URL categories. My overall opinion of the box is good.


HTH

P.S.- Shalahb, I also would like to get with you sometime to discuss the box in detail.

denisp_ironport
Level 1
Level 1

Thank's for your reply , is it mandatroty for us to install L4-L7 monitor or it is complimentary ? Did you do it and if yes , did you push all the traffic from span port on the firewall or how did you deploy it ? What about reporting is it nice ?

jwjorgensen
Level 4
Level 4

Hello Denis,

The L4 traffic monitor does not have to be run in order for the other features to work. When setting up an eval, I would DEFINITELY set it up though. In my opinion, the traffic monitor is one of the defining features of the box. Traffic monitor allows you to see suspect traffic that is leaving your network(e.g. p2p or phone-home traffic). When I set up an eval, I definitely want the customer to see the full features of the box.

The reporting, in my opinion, could use a little work. It's pretty good, but it could be a little more granular. (maybe I just haven't dug in enough to see the full capabilities)

HTH

denisp_ironport
Level 1
Level 1

Jesse, thank's a lot for help. I am digging in these at the moment , S650 got 6 ports in total , one can be use for proxy and mngmnt , however for L4-L7 monitor two ports reserved , talking to some folks at Ironport they are telling me that for L4-L7 monitor only one port avaliable and it can be use only in span port mode , my questions are the following :

- what should we do with L4-L7 monitor , use one port or two ports in bridge mode on the box ?

- what is a thrugput of the L4-L7 monitor if I mirror a port of the firewall , where we have 5.000 users + and a gig speed will it handle it ?

did you try NTLM does it work as well ? did you try cache control , like wrongly cache object can it be ejected or not ?

I wish Ironport folks responding me ... :)

appreciate your respond

jwjorgensen
Level 4
Level 4

It really depends on the capabilities of the network it is being installed on. If your switches support span, then you could create a span port for transmit and recieve and run the port in duplex mode. You could also create two span ports, one for transmit and one for recieve and run in simplex mode. If span is not supported, you would need to install network taps and connect them to the monitor ports on the appliance. As far as throughput on the interface, I do not know for sure, but I assume they are running wire speed on the interface(1Gbps). If you feel that the running in duplex mode would oversubcribe the port, then I would run simplex mode to divide tx and rx traffic.

denisp_ironport
Level 1
Level 1

any idea on ntlm ... did you try it ?? we have many folks here in love with microsoft ...

jwjorgensen
Level 4
Level 4

NTLM authentication works well. You can enforce that only network users are able to access the net. Also, you can create policies based on Groups or Users in Active Directory

denisp_ironport
Level 1
Level 1

thank's a lot ... :)

smohan_ironport
Level 1
Level 1

Denis,

I responded to your specific queries separately over email. As far as NTLM is concerned, one of our advantages is that we support it natively out of the box - you do not need to install any binaries or agents on AD servers/Domain controllers.

We support several flavors of NTLM and you can also do transparent/single-sign on Authentication that allows for pop-less Auth (end users don't need to get prompted). Happy to share more technical details with you. I have also asked Patrice Roberts, your local SE to get in touch with you and walk you through all the features.

Thanks,
Shalabh

smohan_ironport
Level 1
Level 1

Jesse,

Thank you for responding actively on this forum. It is great to hear your perspective on the S-Series. I believe you wanted to discuss a few additional questions. Feel free to send them over. You can contact me directly at smohan@ironport.com.

Thanks,
Shalabh

jowolfer
Level 1
Level 1

Hi Denis,

I believe Shalabh has answered your questions via email, but I wanted to elaborate on one thing in this thread:

- what should we do with L4-L7 monitor , use one port or two ports in bridge mode on the box ?

The L4TM is not required, you 'can' run with just web proxy, but for maximum protection / detection, it's recommended you run the L4TM as well.

The 2 NIC ports for L4TM (T1 / T2) can be configured in 2 ways:

T1 only: Use a spanned port to send copies of packets
T1 and T2: Use a physical tap that copies incoming and outgoing traffic and puts this traffic into T1 and T2 respectively (one interface receieves incoming, the other receives the outgoing)

There is no 'bridge' mode for the L4TM. The L4TM solely works on sniffing copied packets from a physical tap, a spanned port, or a hub (all packets duplicated on each port - NOT recommended for performance / accuracy reasons).

I hope this helps!

denisp_ironport
Level 1
Level 1

Josh , thank's a lot . Do you advise to deploy L4-L7 between core switch and a default routed firewall ?? I assume it is on 0.0.0.0/0.0.0.0 gw firewall IP , so we can see non nated IP ?? what about traffic coming in non http and going out , we will just pass it on ?

appreciate your reply.

jowolfer
Level 1
Level 1

Denis,

You should deploy the L4TM in a location "pre-NAT". The reasons for this are two fold:

1. Reporting will be accurate in identifying which of your clients is attempting to access a malware destination

2. The 'bad' traffic will be sent a TCP RST packet from the M1 or P1 interface (depending on which is used for proxy data). If the L4TM is unable to see the pre NAT'd traffic, this RST will not reach the client, thus making the L4TM on report on the traffic without blocking.

Hope this helps!