Re: A multi-tenant firewall for an MSSP

[alvin nanog <nanogml () Mail DDoS-Mitigator net>]

hi 

> On Mon, Aug 17, 2015 at 10:16 AM, Ramy Hashish <ramy.ihashish () gmail com>
> wrote:
>
> We are planning to implement a multi-tenant FW/UTM and start providing
> security as a service, I would like to hear if anybody had experience on

that'd be a good thing ... but ...

> this, and if there are any recommendations for the UTM's vendor.

the possible vendors would depend on the answers to your idea of
what is "well rounded solution"

        # fortinet's (possible) competitors
        http://ddos-Mitigator.net/Competitors

> People/customers here are more familiar with the Fortigate, however, we
> need to build a well-rounded solution that suits wide range of enterprises'
> business needs.

# i doubt there is one product that provides the "well rounded solution"

in my world, "well rounded solution" would imply at least the following:
- anti virus solution  ( one or more products to resolve the virus issue )
- anti spam solution  ( one or more products to resolve the spam issue )
- iptables with tarpit ( protect against the free tcp-based script kiddies tests )
- udp limiting at isp ( part of iptables or your edge routers )
- icmp limiting at isp ( part of iptables or your edge routers )
- ingress/egress filters for your downlinks
- geographically distributed colo to mitigate small/medium sized ddos attacks
- regulatory compliance this and certified that vs "just anybody" ...
- good response time to fix problems reported by competent customer's IT folks
- other things you deem important to provide ..

pixie dust
alvin
#
# ddos-Mitigator.net
# ddos-Simulator.net