IT Central Station is now PeerSpot: Here's why

How do I perform benchmarking of SD-WAN solutions with efficient security controls enabled?


How can I perform benchmarking of SD-WAN solutions (with efficient security controls in place)? 

Use case: we're adding remote users and connections to the cloud.

Please advise.

Thank you.

PeerSpot user
22 Answers

Damien Vico - PeerSpot reviewer


The question is very broad and it is difficult to answer it like that.

The best approach for benchmarking is of course to first describe your needs ad your limitations! The best solution for the one is not the best for another... 

how many segments do you want to deploy now and what is the forecast? 

Is there an installed-based (FW for example) that you can use in the solution?

Do you need some application signatures recognition? 

What are the security features I want to implement? 

What are the licensing mode and its impact on your budget are basic questions you need to answer.

What if the licensing is bandwidth-based and that you know you will need to upgrade your links? Is your budget still ok?

Also at the operational level, what team do you have, do they have the skills to manage or do you need to outsource?
All the elements of SD-WAN and security must also be perfectly integrated. I personally would rather have a single pane of glass than a lot of systems to manage.

I hope this answer can help you to find the solution that matches your needs.

Best Regards

Priyank Dubey - PeerSpot reviewer
Top 10Real User

Hi Matilde,

You may first install an EP client solution at your remote users' endpoints with a combination of SSL-VPN with auto-connect control after the first login, which is supporting your central physical DC firewall and you may route their access to cloud apps through central firewall only (including the internet for allowed sites at the firewall). Make sure your central DC router/firewall is UTM-enabled.

ENTERPRISE MANAGEMENT SERVICE with SSL-VPN can be used to split DC, cloud traffic to reduce traffic load on DC bandwidth and secure access through ZTNA.

Multifactor authentication (integrated with AD, RADIUS SERVER) can be added for add-on Security authentication for critical internal apps.

Alternatively, if it is a pure cloud solution, you may go for SASE (Secure Web Gateway) solution. All traffic is authorized at SWG as per policy. It is maturing now and costlier than the previous solution with less control in your hand than the previous solution.

The client remains the same, license and implementation are different.

Buyer's Guide
Software Defined WAN (SD-WAN) Solutions
May 2022
Find out what your peers are saying about Fortinet, Cisco, VMware and others in Software Defined WAN (SD-WAN) Solutions. Updated: May 2022.
599,220 professionals have used our research since 2012.