[j-nsp] SSG or J-series for virtual firewalling services?
TCIS List Acct
listacct at tulsaconnect.com
Mon Sep 20 15:02:48 EDT 2010
We are looking to provide "virtual firewalling/VPN" services to customers hosted
in our VMware and Hyper-V hosting environments (trying to avoid dedicating a
physical NIC port for each customer on the host and hanging a firewall appliance
off of each). In a nutshell, each customer gets their own VLAN subinterface
(which will cascade all the way down into their virtual machine), and we can
define unique firewall rules (as well as establish IPSec VPN tunnels) on a
per-customer basis.
I'm looking at the following platforms:
SSG-500 (ScreenOS)
Juniper J-series (JunOS)
It is not clear if I simply need the VR (virtual router) or VSYS (virtual
system) feature(s) to do this -- I need a unique routing table, a unique set of
firewall rules/zones, and the ability to define VPN tunnels even if there are
overlapping VPN endpoint networks among multiple customers (e.g. both Customer
"A" and Customer "B" use 192.168.1.x on their side).
Any insight would be much appreciated.
--Mike
More information about the juniper-nsp
mailing list