Tuesday, November 13, 2018

“Cloud-based” firewalls?

I’m curious what other network engineers thoughts are on this.

The company I work for provides ISP services to our clients. All of our clients are education based. We lease the fiber through a local company, connect them up to our ISP customer edge, do some routing, tada they have internet. ISP isn’t our primary function, we’re more an MSP, do it all place for expertise in IT for education.

Management is asking us if it were to be possible to have a firewall in our data center and connect our clients into it and host their firewall for them. It’d be multi-tenant separated by VDOM. We’d just tag the VLANs all the way down to the customer site just like the firewall were on their premise.

What are your thoughts on the idea?

I personally don’t think I like it. I like the idea of a firewall on prem, it gives them more flexibility, and to me feels more secured. We’d have to buy a super big firewall, lots of licenses and I feel like it makes more sense to buy smaller firewalls to put on customer sites and manage them there.

What are your thoughts? I’d like to hear the arguments on this to see if my thinking is rational. Has anyone done this? Heard of this?



No comments:

Post a Comment