On Mon, Aug 17, 2015 at 9:27 AM, alvin nanog <nanogml@mail.ddos-mitigator.net> wrote:
hi
On Mon, Aug 17, 2015 at 10:16 AM, Ramy Hashish <ramy.ihashish@gmail.com> wrote:
We are planning to implement a multi-tenant FW/UTM and start providing security as a service, I would like to hear if anybody had experience on
that'd be a good thing ... but ...
this, and if there are any recommendations for the UTM's vendor.
the possible vendors would depend on the answers to your idea of what is "well rounded solution"
# fortinet's (possible) competitors http://ddos-Mitigator.net/Competitors
People/customers here are more familiar with the Fortigate, however, we need to build a well-rounded solution that suits wide range of enterprises' business needs.
# i doubt there is one product that provides the "well rounded solution"
in my world, "well rounded solution" would imply at least the following: - anti virus solution ( one or more products to resolve the virus issue ) - anti spam solution ( one or more products to resolve the spam issue ) - iptables with tarpit ( protect against the free tcp-based script kiddies tests ) - udp limiting at isp ( part of iptables or your edge routers ) - icmp limiting at isp ( part of iptables or your edge routers ) - ingress/egress filters for your downlinks - geographically distributed colo to mitigate small/medium sized ddos attacks - regulatory compliance this and certified that vs "just anybody" ... - good response time to fix problems reported by competent customer's IT folks - other things you deem important to provide ..
+ Good AQM and queue management Sophos has fq_codel. /me happy.
pixie dust alvin # # ddos-Mitigator.net # ddos-Simulator.net
-- Dave Täht worldwide bufferbloat report: http://www.dslreports.com/speedtest/results/bufferbloat And: What will it take to vastly improve wifi for everyone? https://plus.google.com/u/0/explore/makewififast