Current situation: We have a few data centers and 40 offices. Each of these sites is on Velocloud SDWAN. Each of these sites has an IPSec tunnel to Zscaler. All traffic from users to internet is restricted via Zscaler proxy policies (e.g. no porn) and Zscalers firewall (e.g. no bittorrent). We do about 15 to 20TB per month.
The Issue: Our sites use applications in customers data centers. These customers have extreme security requirements, including all public IP addresses of clients need to be permitted in their firewall. Traffic is SSH, FTP and HTTP. Zscaler has a big pool of IPs that it uses for all clients. So at the moment, we cant give these IP addresses to our customers as it would then allow in Zscalers other customers. These applications number in the 50s and change monthly.
Question? What can we use? Requirements: Centralised firewall (can block outbound traffic on a port by port or protocol by protocol basis), centralised web proxy (block porn, gambling, whatever), can be used by users at home and at the office, uses a small set of IPs just for our users.
Any ideas?
No comments:
Post a Comment