nanog mailing list archives
RE: Multitenant FWs
From: "Stefan Fouant" <sfouant () shortestpathfirst net>
Date: Sun, 1 May 2011 23:05:48 -0400
-----Original Message----- From: David Oramas [mailto:david.oramas () aptel com au] Sent: Sunday, May 01, 2011 9:42 PM To: nanog () nanog org Subject: Multitenant FWs Hi, What do you guys recommend for Multitenant Firewalls with support for over 1,000+ users/contexts? I have looked at Centrinet's Accessmanager and Barracuda NG Firewall. Any other players/products? Many Thanks in advance for the input,
When I worked on building out Verizon's Network Based Firewall solution many years ago, I chose Juniper NS-5400 platforms due to their multitenancy capabilities and ability to support literally thousands of virtual firewall contexts and many times that for users. This decision was made after an exhaustive analysis of competing solutions from Checkpoint, Cisco, and Juniper. Juniper's SRX line of products might make a good fit, but they currently don't have full Logical System support which would certainly be a requirement for any multi-tenant offering. However, Logical System support is on the roadmap so you might want to look into this depending on your timeframe for deployment. As the other list member pointed out, Palo Alto does make some really nice gear and I have really been impressed with their Application Layer Firewalling capability (Application Identification, Web Firewalling, etc), however, I was suitably unimpressed with their multitenant capability and think you might be hard pressed to offer such an offering to more than one customer using such a device. Stefan Fouant
Current thread:
- Multitenant FWs David Oramas (May 01)
- RE: Multitenant FWs Mark Gauvin (May 01)
- RE: Multitenant FWs Stefan Fouant (May 01)
- Re: Multitenant FWs Christopher Morrow (May 01)
- RE: Multitenant FWs Stefan Fouant (May 01)
- Re: Multitenant FWs Christopher Morrow (May 01)
- RE: Multitenant FWs Stefan Fouant (May 01)
- Re: Multitenant FWs Christopher Morrow (May 01)