Hey Guys,

Was hoping to get some advice on most appropriate way to upgrade our network. We are multi-tenant housing multiple different domains, and we use an FWSM with multiple context to accomplish this. Our FWSMs support up to 100 contexts today. We are redundant from head to toe, but this solution is obliviously years end of life. I noticed most security vendors offer security contexts but these solutions are extremely pricey to keep the 100 contexts we have today. Ultimately I'd like to purchase newer hardware, but am unsure of the best direction. We need to block communication between all tenants and one have network that can see them all.

We utilize two chassis today via VSS with an FWSM in each. From a cost perspective, would it make more sense to add a third chassis to our VSS configuration with an FWSM to add additional redundancy vs. spending the money on all brand new hardware?

Is there a firewall solution that has been released in the past 5 years or so that could mimic what we are doing today for a cost effective rate?

Would separating our tenants utilizing a solution like private VLANs work in this same fashion if we only used one context at the firewall level and used the core switches for the private VLANs to separate the tenants?

Any and all advice is welcome and you guys are always amazing at assisting. Thanks in advance!