A multi-tenant firewall for an MSSP
Dave Taht
dave.taht at gmail.com
Mon Aug 17 16:53:34 UTC 2015
On Mon, Aug 17, 2015 at 9:27 AM, alvin nanog
<nanogml at mail.ddos-mitigator.net> wrote:
>
> hi
>
>> On Mon, Aug 17, 2015 at 10:16 AM, Ramy Hashish <ramy.ihashish at gmail.com>
>> wrote:
>>
>> We are planning to implement a multi-tenant FW/UTM and start providing
>> security as a service, I would like to hear if anybody had experience on
>
> that'd be a good thing ... but ...
>
>> this, and if there are any recommendations for the UTM's vendor.
>
> the possible vendors would depend on the answers to your idea of
> what is "well rounded solution"
>
> # fortinet's (possible) competitors
> http://ddos-Mitigator.net/Competitors
>
>> People/customers here are more familiar with the Fortigate, however, we
>> need to build a well-rounded solution that suits wide range of enterprises'
>> business needs.
>
> # i doubt there is one product that provides the "well rounded solution"
>
> in my world, "well rounded solution" would imply at least the following:
> - anti virus solution ( one or more products to resolve the virus issue )
> - anti spam solution ( one or more products to resolve the spam issue )
> - iptables with tarpit ( protect against the free tcp-based script kiddies tests )
> - udp limiting at isp ( part of iptables or your edge routers )
> - icmp limiting at isp ( part of iptables or your edge routers )
> - ingress/egress filters for your downlinks
> - geographically distributed colo to mitigate small/medium sized ddos attacks
> - regulatory compliance this and certified that vs "just anybody" ...
> - good response time to fix problems reported by competent customer's IT folks
> - other things you deem important to provide ..
+ Good AQM and queue management
Sophos has fq_codel. /me happy.
> pixie dust
> alvin
> #
> # ddos-Mitigator.net
> # ddos-Simulator.net
>
--
Dave Täht
worldwide bufferbloat report:
http://www.dslreports.com/speedtest/results/bufferbloat
And:
What will it take to vastly improve wifi for everyone?
https://plus.google.com/u/0/explore/makewififast
More information about the NANOG
mailing list