I too have come across this issue, with a client that has 5 7100's and 1 7200S, I'm proposing a VPN solution to the client, they only use SPNet between sites so SIP trunks are not an issue, I'm planning on using PC Engines ALIX 2D13 single board computers at all locations, running
pfSense and utilizing OpenVPN for the tunnels. I've successfully run about 8 tunnels at a time on these little router boxes without issue....
The idea being, make it so the Samsungs are only reachable from WITHIN the VPN tunnels, NO Port Forwards. For remote admin access, I'll simply enable the PPTP VPN server on each of the firewalls, so the only way to access the Samsung switches from outside would be to establish a PPTP VPN session with the router at that site.