2022-06-03T16:54:00Z
fdiazm - PeerSpot reviewer
Product Manager at Entel Chile
  • 3
  • 103

Looking for a piece of advice and tips on the deployment of VPN concentrators for SD-WAN tunnels?

Hi peers,

At the moment, we are evaluating a solution where tunnel concentrators are going to be in virtual machines. And despite the fact where we should go in terms of technology, space, payment model and everything, this solution is something new in the company. 

So, we're looking for any previous experience and advice about how to make a proper solution and which product/s to use. Please share your thoughts.

Thanks. 

3
PeerSpot user
3 Answers
MV
Consultant with 11-50 employees
Consultant
Top 5
2022-06-22T03:36:30Z
Jun 22, 2022

Definitely look at Aruba EdgeConnect (formerly known as SilverPeak). 


My main client has had them in production for years for five hospital campuses and their headquarters site. They have hardware appliances and Virtual Appliances.

Assuming you go the VA route, make sure you're thinking about providing enough bandwidth on the pNIC(s) you have connected to the vSwitch your VA(s) in a site are connected to the outside world through. 


You'll be fine if you have something like a C7000 with Flex10 pNICs, but even if your hypervisor is some sort of 1U make sure it has 1G, 10G, 25G, 40G, 50G, or 100G pNIC(s) in it according to what your total MPLS and/or broadband Internet connections, i.e., Comcast or whatever, can provide and make sure there are no network chokepoints between your hypervisor(s) with your VA(s) and your enterprise WAN/Internet (for IPsec virtual WAN underlay tunnels) connections.

Start doing your homework NOW on what applications in your catalog are the highest priority, high priority, medium priority, best effort, etc. over the SD-WAN. 


Prepare yourself for difficult conversations with leadership about non-working vacillating de facto lack-of-decision like, "It's all top priority." No, you, leadership, set the POLICY on when something gets pitched over the side what goes first and what goes last. We implement YOUR policy.

Search for a product comparison in Firewalls
Frank Theilen - PeerSpot reviewer
IT Adviser/Manager with 51-200 employees
Real User
Top 10
2022-06-08T06:39:58Z
Jun 8, 2022

In my opinion, the way SD-WAN is designed, you will need multiple network endpoints or network-based concentrator hardware to handle multiple tunnels incoming. 


If you host them as virtual devices, you share the underlying network hardware and therefore lose performance, not gain it. If you want to virtualize them, use several, many endpoints (not just one).

KP
Senior Sales Manager at Fatpipe Networks Pvt Ltd
Vendor
2022-06-08T05:40:38Z
Jun 8, 2022

FatPipe Networks Inc - Hybrid Networking Connectivity. 


We use our patented MPSec technology in order to provide bandwidth aggregation, redundancy, common management, compression and inbound/outbound load balancing. This solution is used by many of our customers for video conference, VoIP and data for the seamless switchover.

MV
Consultant with 11-50 employees
Consultant
Top 5
Aug 20, 2022

@Kowligi Prakash, I looked at FatPipe *years* ago. I was intrigued by the technology, but the leadership I was under at the time didn't see the point. "Just get ISDN BRIs for the branch offices and an ISDN FG D / T1 for HQ."I didn't know you guys were still around! :)

PeerSpot user
Learn what your peers think about Fortinet FortiGate-VM. Get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
656,862 professionals have used our research since 2012.
Related Questions
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Oct 24, 2021
Why?
See 1 answer
Oct 24, 2021
Both of these solutions are excellent options that provide flexible scalability and solid security. Fortinet Fortigate VM integrates well and has excellent centralized reporting. It is very easy to use, provides greater security than many other solutions, and is very scalable and flexible. This solution has an amazing VPN offering, which can help filter traffic to ensure the right traffic is getting through while blocking the rest. Azure Firewall is easy to use and provides excellent support. Valuable features include integration into the overall cloud platform, autoscaling, and the ability for users to create virtual IP addresses. The cost of the solution is also competitive. Fortinet FortiGate VM can be challenging to deploy. Updates are not automatic and one needs to be vigilant to ensure they are not missing any in order to stay current. Also, some new updates can be a bit buggy and should be tested more thoroughly before release. For Azure Firewall, you have to specify each IP address used. We also found Azure to be challenging to implement from region to region, as it does not currently offer a universal approach across regions. Conclusion It really boils down to what you need the solution to do for you or your client. Fortinet FortiGate has VPN options that are super secure and flexible and best represents what many of our clients are really asking for, as so much of the workforce is still working remotely. Azure Firewall is great with cloud-based options and of course, being a part of the Azure ecosystem makes it a great fit for many of our clients. Both of these solutions help us offer excellent, necessary options to our varied client base across the globe.
RT
User at Sapra
Jun 14, 2021
What is the difference between FortiGate-VM and the physical (hardware) FortiGate firewall?
2 out of 4 answers
William Yragui - PeerSpot reviewer
President at infobond
Jun 11, 2021
Fortigate appliance is purpose built with NPU and SPUs designed to increase throughput while maximizing the ability to decrypt packets in search of malware.  VM deployments are software only and do not include the NPU and SPUs. 
ABHILASH TH - PeerSpot reviewer
Managing Director at FOX DATA
Jun 13, 2021
FortiGate VM  FortiGate-VM delivers the same FortiOS and FortiGuard real-time threat intelligence as the hardware models, in a virtual form factor. FortiGate-VM offers flexible licensing and provisioning for virtual network deployments. Support for multiple virtualizations and cloud platforms. Full support for Forti Hypervisor deployments enabling line-speed security in vCPE requirement. The architecture of a VM is a little more complex than that of Hardware. Virtual machines are less efficient than real machines because they access the hardware indirectly. FortiGate Hardware The hardware firewall is an ASIC-based device. It has hardware limitation, for example, Memory, CPU, etc Easy deployment in the network No complexity
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
Aug 21, 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technology products and we want your vote! If there’s a technology solution that’s really impressed you, here’s an opportunity to recognize that. It’s easy: go to the PeerSpot voting site, complete the brief voter registration form, review the list of nominees and vote. Get your colleagues to vote, too! ...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out what your peers are discussing and join in the conversation. Ask and answer questions on the topics that interest you most! Read and respond to articles or contribute your own! Trending These are the topics your peers are talking about on PeerSpot this week How do I estimate the requir...
See 1 comment
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Thank you to all the community members who share their knowledge with other peers! Also, special thanks to the articles' contributors included in this Community Spotlight: @Janet Staver, @Abhirup Sarkar, @Manoj Narayanan, @Beth Safire and @Shibu Babuchandran.
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Jul 5, 2022
Dear PeerSpot community members, This is our latest Community Spotlight for YOU. Here we've summarized and selected the latest posts (professional questions, articles and discussions) contributed by PeerSpot community members.  Check them out! Trending See what your peers are discussing at the moment! What were your main pain points during the SIEM product purchase process? What...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
May 30, 2022
Hi peers, This is our new bi-weekly Community Spotlight that includes recent contributions (questions, articles and discussions) by the PeerSpot community members.  Articles Check the top products and solutions below (selected based on peer reviews) or contribute your own article! Top Security Orchestration Automation and Response (SOAR) Solutions Top 8 Data Loss Prevention (DL...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Jul 11, 2022
Hi community members, As usual, this new Community Spotlight shares with you the latest articles, questions and trending discussions from your peers. Trending See what is trending at the moment and chime in to discuss! Top 8 Extended Detection and Response (XDR) Tools 2022 Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons? What is the...
See 2 comments
Ravi Suvvari - PeerSpot reviewer
Performance and Fault-tolerance Architect with 1,001-5,000 employees
May 30, 2022
Good very informative
Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a financial services firm with 5,001-10,000 employees
Jul 11, 2022
Analyze the wave of product at Gartner Hype Cycle. EDR was good in the past. After that, MDR joined the hype and now, XDR is the trend. Wait for more in a couple of months and (sic) know the ZDR!
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
Aug 21, 2022
PeerSpot User's Choice Award 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technol...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Community Spotlight #20
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out w...
Download Free Report
Download our free Fortinet FortiGate-VM Report and get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
DOWNLOAD NOW
656,862 professionals have used our research since 2012.