nanog mailing list archives
Re: A multi-tenant firewall for an MSSP
From: Blake Dunlap <ikiris () gmail com>
Date: Tue, 18 Aug 2015 12:32:09 -0700
Since no one else has mentioned it, I'll dive on that fire. Be careful when setting up a multi-tenant security solution that you are not accidentally selling "DoS as a Service" to your clients. State is evil, and state sharing with other targets is dangerous. Target sharing with other targets that are outsourcing their security can get increasingly scary especially if one of these clients is a juicy target. Make sure you have the infrastructure in place to quickly isolate your clients so that they do not fate share if they become in the focus of DoS attacks. This can mean isolated infrastructure for those you wish to keep up, or sacrificial infrastructure for those you are willing to let drop for the greater good. -Blake On Tue, Aug 18, 2015 at 10:38 AM, Eugeniu Patrascu <eugen () imacandi net> wrote:
On Mon, Aug 17, 2015 at 7:46 AM, Ramy Hashish <ramy.ihashish () gmail com> wrote:Hello All, We are planning to implement a multi-tenant FW/UTM and start providing security as a service, I would like to hear if anybody had experience on this, and if there are any recommendations for the UTM's vendor.Check Point VS might be a good fit. Also there is McAfee NGFW that can be used as a multi-tenant solution. Other solutions are Fortigate (what you mentioned), ASA w/ contexts (not sure about UTM support in contexts though).People/customers here are more familiar with the Fortigate, however, we need to build a well-rounded solution that suits wide range of enterprises' business needs.I think that you first define what the most wanted needs of your clients are and work from that.
Current thread:
- Re: A multi-tenant firewall for an MSSP, (continued)
- Re: A multi-tenant firewall for an MSSP Rakesh M (Aug 16)
- Re: A multi-tenant firewall for an MSSP Colin Johnston (Aug 16)
- Re: A multi-tenant firewall for an MSSP Andrew Jones (Aug 17)
- Re: A multi-tenant firewall for an MSSP Colin Johnston (Aug 17)
- Re: A multi-tenant firewall for an MSSP alvin nanog (Aug 17)
- Re: A multi-tenant firewall for an MSSP Dave Taht (Aug 17)
- Re: A multi-tenant firewall for an MSSP Colin Johnston (Aug 16)
- Re: A multi-tenant firewall for an MSSP Ramy Hashish (Aug 17)
- Re: A multi-tenant firewall for an MSSP Rakesh M (Aug 17)
- Re: A multi-tenant firewall for an MSSP Christopher Morrow (Aug 17)
- Re: A multi-tenant firewall for an MSSP Rakesh M (Aug 16)
- Re: A multi-tenant firewall for an MSSP Blake Dunlap (Aug 18)
- Re: A multi-tenant firewall for an MSSP J. Oquendo (Aug 18)
- Re: A multi-tenant firewall for an MSSP Edward Dore (Aug 18)