Managed firewall services for hundreds of customers

["Peter Hoelsken" <hoelsken () gmx net>]

I'm searching for a firewall that would be capable to offer hundreds of
customers (small businesses) a managed firewall service (they call the
service center and ask for things like "Could you please forward any mail
traffic towards our internal mail server and btw please lock out all those
Napster users").

The customers will be fed into the firewall's internal interface with
private IP addresses like:

customer   IP range
1          10.0.1.0/24
2          10.0.2.0/24
3          10.0.3.0/24
.          .
.          .
.          .

The router that feeds the firewall doesn't do any forwarding between the
different subnets.

Since this should be scaled to approx. 1000 customers, change requests for
the ruleset will most likely be coming in every day. Therefore it would be
good, if one could use seperate rulesets fo each customer in order to keep
potential rule errors local. Also, changing the rules while operational has
to go seamless. Speed is not that important, since we could scale that with
load balancers. However the size of the state table might be an issue. All
this should come for $0 ;).

I know that some company offers a gibabit hardware firewall that can handle
about 100 virtual firewalls in one box, however the price tag is a bit tough
($300.000). Another solution I looked into was the freeware ipfilter, at
least it is capable of forming rule blocks (one block for each customer).

Do you have any considerations?

Best regards,

Peter Hoelsken


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards