[j-nsp] SSG or J-series for virtual firewalling services?

TCIS List Acct listacct at tulsaconnect.com
Mon Sep 20 15:02:48 EDT 2010


We are looking to provide "virtual firewalling/VPN" services to customers hosted 
in our VMware and Hyper-V hosting environments (trying to avoid dedicating a 
physical NIC port for each customer on the host and hanging a firewall appliance 
off of each).  In a nutshell, each customer gets their own VLAN subinterface 
(which will cascade all the way down into their virtual machine), and we can 
define unique firewall rules (as well as establish IPSec VPN tunnels) on a 
per-customer basis.

I'm looking at the following platforms:

SSG-500 (ScreenOS)
Juniper J-series (JunOS)

It is not clear if I simply need the VR (virtual router) or VSYS (virtual 
system) feature(s) to do this -- I need a unique routing table, a unique set of 
firewall rules/zones, and the ability to define VPN tunnels even if there are 
overlapping VPN endpoint networks among multiple customers (e.g. both Customer 
"A" and Customer "B" use 192.168.1.x on their side).

Any insight would be much appreciated.

--Mike


More information about the juniper-nsp mailing list