On Mon, Aug 17, 2015 at 9:27 AM, alvin nanog <nano...@mail.ddos-mitigator.net> wrote: > > hi > >> On Mon, Aug 17, 2015 at 10:16 AM, Ramy Hashish <ramy.ihash...@gmail.com> >> wrote: >> >> We are planning to implement a multi-tenant FW/UTM and start providing >> security as a service, I would like to hear if anybody had experience on > > that'd be a good thing ... but ... > >> this, and if there are any recommendations for the UTM's vendor. > > the possible vendors would depend on the answers to your idea of > what is "well rounded solution" > > # fortinet's (possible) competitors > http://ddos-Mitigator.net/Competitors > >> People/customers here are more familiar with the Fortigate, however, we >> need to build a well-rounded solution that suits wide range of enterprises' >> business needs. > > # i doubt there is one product that provides the "well rounded solution" > > in my world, "well rounded solution" would imply at least the following: > - anti virus solution ( one or more products to resolve the virus issue ) > - anti spam solution ( one or more products to resolve the spam issue ) > - iptables with tarpit ( protect against the free tcp-based script kiddies > tests ) > - udp limiting at isp ( part of iptables or your edge routers ) > - icmp limiting at isp ( part of iptables or your edge routers ) > - ingress/egress filters for your downlinks > - geographically distributed colo to mitigate small/medium sized ddos attacks > - regulatory compliance this and certified that vs "just anybody" ... > - good response time to fix problems reported by competent customer's IT folks > - other things you deem important to provide ..
+ Good AQM and queue management Sophos has fq_codel. /me happy. > pixie dust > alvin > # > # ddos-Mitigator.net > # ddos-Simulator.net > -- Dave Täht worldwide bufferbloat report: http://www.dslreports.com/speedtest/results/bufferbloat And: What will it take to vastly improve wifi for everyone? https://plus.google.com/u/0/explore/makewififast
