[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Multitenant FWs
- Subject: Multitenant FWs
- From: morrowc.lists at gmail.com (Christopher Morrow)
- Date: Mon, 2 May 2011 01:35:46 -0400
- In-reply-to: <00c301cc0880$55526100$fff72300$@net>
- References: <[email protected]> <009f01cc0875$d75d3ef0$8617bcd0$@net> <[email protected]> <00c301cc0880$55526100$fff72300$@net>
On Mon, May 2, 2011 at 12:20 AM, Stefan Fouant
<sfouant at shortestpathfirst.net> wrote:
>> -----Original Message-----
>> From: christopher.morrow at gmail.com
>> [mailto:christopher.morrow at gmail.com] On Behalf Of Christopher Morrow
>>
>> one thing to keep in mind is that as near as I can tell no vendor (not
>> a singl eone) has actual hard limits configurable for each tenant
>> firewall instance. So, one can use all of the 'firewall rule'
>> resources, one can use all of the 'route memory' ... leaving other
>> instances flailing :(
>
> Ahem, actually ScreenOS does support just such a thing through the use of
> resource profiles - with this you can limit the amount of CPU, Sessions,
> Policies, MIPs and DIPs (used for NAT), and other user defined objects such
> as address book entries, etc. that each VSYS can avail. ?This was one of the
good to know... I wonder how well it isolates.
> primary drivers behind our decision to utilize the NS-5400 for Verizon's
> NBFW (you remember that place right Chris, heh')
i do, occasionally via the twitching :)
> Stefan Fouant
>
>
>