Firewall Wizards mailing list archives
Re: Managed firewall services for hundreds of customers
From: Shane Amante <shane () amante org>
Date: Mon, 25 Dec 2000 18:36:42 -0700
In no particular order, you may want to consider the following vendors: - Cisco (Compatible Sytems) VPN Concentrator 5000 - Nortel Shasta BSN-5000 - Lucent Springtide IPSS 5000 - CoSine IPSX 9000 There are other vendors working on adding "high-touch" services to their existing platforms as well. I can assure you that the cost for the above is definitely > $0 ... ;-) The theory is legacy edge boxes don't have the horsepower (e.g.: ASICs/FPGAs), nor software, to "reliably" enable value-add services. If ISPs replace their existing legacy platforms with new "high-touch" hardware, they not only can service their existing "vanilla IP transit" customers, but also offer value-add services to new/existing customers. YMMV. -shane On Thu, Dec 21, 2000 at 05:05:38PM +0100, Peter Hoelsken wrote:
I'm searching for a firewall that would be capable to offer hundreds of customers (small businesses) a managed firewall service (they call the service center and ask for things like "Could you please forward any mail traffic towards our internal mail server and btw please lock out all those Napster users"). The customers will be fed into the firewall's internal interface with private IP addresses like: customer IP range 1 10.0.1.0/24 2 10.0.2.0/24 3 10.0.3.0/24 . . . . . . The router that feeds the firewall doesn't do any forwarding between the different subnets. Since this should be scaled to approx. 1000 customers, change requests for the ruleset will most likely be coming in every day. Therefore it would be good, if one could use seperate rulesets fo each customer in order to keep potential rule errors local. Also, changing the rules while operational has to go seamless. Speed is not that important, since we could scale that with load balancers. However the size of the state table might be an issue. All this should come for $0 ;). I know that some company offers a gibabit hardware firewall that can handle about 100 virtual firewalls in one box, however the price tag is a bit tough ($300.000). Another solution I looked into was the freeware ipfilter, at least it is capable of forming rule blocks (one block for each customer). Do you have any considerations? Best regards, Peter Hoelsken _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Managed firewall services for hundreds of customers Peter Hoelsken (Dec 24)
- Re: Managed firewall services for hundreds of customers Bennett Todd (Dec 27)
- Re: Managed firewall services for hundreds of customers Shane Amante (Dec 27)