07-01-2017 10:48 PM - edited 03-10-2019 06:52 AM
Dear All,
Hope all is well.
We are an ISP of 2 Gbps backbone bandwidth, and want to have a security appliance on our backbone to keep our own and our customers network secure.
What would you guys recommend?
Thanks in advance for your replies.
07-03-2017 01:04 AM
A lot depends on your requirements.
Do you want customers to be able to have unique policies and view status of their security?
Or do you want something that's invisible to them with only you having the visibility?
Do you need to protect against DDOS?
What's your budget? What's your expertise level? Do you have existing vendor relationships?
07-03-2017 01:04 AM
we want something that's invisible to customers with only we have the visibility?
We need to protect against DDOS.
Our budget can go up to 10000$
07-03-2017 01:31 AM
At that budget level and throughput you are best off putting operational and configuration best practices into place to protect against DDOS. i.e. monitor your traffic levels for unusual patterns, rate limit syn packets, filter RFC 1918 address space, filter bogons etc.
These are specified in RFC 2827 / BCP 38.
https://www.ietf.org/rfc/rfc2827.txt
https://tools.ietf.org/pdf/bcp38.pdf
http://www.internetsociety.org/deploy360/blog/2014/07/anti-spoofing-bcp-38-and-the-tragedy-of-the-commons/
Putting a Cisco security appliance inline (with redundancy) for 2 Gbps of inspected throughtput would require something like a pair of FirePOWER 4110 appliances and cost over 10x your budget.
07-03-2017 02:42 AM
Thank you
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide