Hi, We do a lot of per user or per enterprise hosted Firewalls.
We use the Fortinet VMs, with automated provisioning of customer networks. John -----Original Message----- From: uknof [mailto:[email protected]] On Behalf Of James Bensley Sent: 02 June 2017 15:03 To: [email protected] Subject: Re: [uknof] Hosting Firewall Advice On 2 June 2017 at 14:46, David Derrick <[email protected]> wrote: > On 02/06/2017 14:20, Paul Bone wrote: >> >> Just wondering what peoples thoughts are on the merits of a shared >> hardware firewall (we are starting to hit overlapping IP issues) vs >> virtual appliances or even a virtual Linux installation per client. > > > Some firewalls can be split up into virtual instances which is a nice idea. > Sonicwall have been promising it for a long time but I'll believe it > when I see it. Checkpoints do this now but there are some limitations. > Being unable to put IP addresses on a VPN tunnel interface for > example. Don't know which other vendors offer it. > > Haven't used virtual appliances but that seems logical if you're > offering virtual servers. Pretty sure you could get some eval copies to play > with. Yeah I guess if you wanted to continue down the dedicated hardware route Cisco ASA's have virtual contexts, Juniper Netscreen's or SRX's might support logical systems? Others probably have similar functionality. However if you have virtual infrastructure already and the tools and staff in place to manage that, then if I was you I'd be migrating to virtual firewalls. You could use some small light weight firewalls on a per-customer instance basis, we have done this successfully before with stuff like virtual pfSense and virtual m0n0wawll boxes per customer. You could also use a virtual and centralised multi-tenanted system (Palo Alto offer this which we are currently evaluating, I'm sure others do too). Cheers, James.
