RE: Multitenant FWs

["Stefan Fouant" <sfouant () shortestpathfirst net>]

> -----Original Message-----
> From: David Oramas [mailto:david.oramas () aptel com au]
> Sent: Sunday, May 01, 2011 9:42 PM
> To: nanog () nanog org
> Subject: Multitenant FWs
>
> Hi,
> What do you guys recommend for Multitenant Firewalls with support for
> over 1,000+ users/contexts?
> I have looked at Centrinet's Accessmanager and Barracuda NG Firewall.
> Any other players/products?
> Many Thanks in advance for the input,

When I worked on building out Verizon's Network Based Firewall solution many
years ago, I chose Juniper NS-5400 platforms due to their multitenancy
capabilities and ability to support literally thousands of virtual firewall
contexts and many times that for users.  This decision was made after an
exhaustive analysis of competing solutions from Checkpoint, Cisco, and
Juniper.  Juniper's SRX line of products might make a good fit, but they
currently don't have full Logical System support which would certainly be a
requirement for any multi-tenant offering.  However, Logical System support
is on the roadmap so you might want to look into this depending on your
timeframe for deployment.

As the other list member pointed out, Palo Alto does make some really nice
gear and I have really been impressed with their Application Layer
Firewalling capability (Application Identification, Web Firewalling, etc),
however, I was suitably unimpressed with their multitenant capability and
think you might be hard pressed to offer such an offering to more than one
customer using such a device. 

Stefan Fouant