2022-06-03T16:54:00Z

Looking for a piece of advice and tips on the deployment of VPN concentrators for SD-WAN tunnels?

FD
  • 3
  • 143
PeerSpot user
3

3 Answers

MV
Consultant
Top 20
2022-06-22T03:36:30Z
Jun 22, 2022

Definitely look at Aruba EdgeConnect (formerly known as SilverPeak). 


My main client has had them in production for years for five hospital campuses and their headquarters site. They have hardware appliances and Virtual Appliances.

Assuming you go the VA route, make sure you're thinking about providing enough bandwidth on the pNIC(s) you have connected to the vSwitch your VA(s) in a site are connected to the outside world through. 


You'll be fine if you have something like a C7000 with Flex10 pNICs, but even if your hypervisor is some sort of 1U make sure it has 1G, 10G, 25G, 40G, 50G, or 100G pNIC(s) in it according to what your total MPLS and/or broadband Internet connections, i.e., Comcast or whatever, can provide and make sure there are no network chokepoints between your hypervisor(s) with your VA(s) and your enterprise WAN/Internet (for IPsec virtual WAN underlay tunnels) connections.

Start doing your homework NOW on what applications in your catalog are the highest priority, high priority, medium priority, best effort, etc. over the SD-WAN. 


Prepare yourself for difficult conversations with leadership about non-working vacillating de facto lack-of-decision like, "It's all top priority." No, you, leadership, set the POLICY on when something gets pitched over the side what goes first and what goes last. We implement YOUR policy.

Search for a product comparison in Firewalls
FT
Real User
2022-06-08T06:39:58Z
Jun 8, 2022

In my opinion, the way SD-WAN is designed, you will need multiple network endpoints or network-based concentrator hardware to handle multiple tunnels incoming. 


If you host them as virtual devices, you share the underlying network hardware and therefore lose performance, not gain it. If you want to virtualize them, use several, many endpoints (not just one).

KP
Vendor
2022-06-08T05:40:38Z
Jun 8, 2022

FatPipe Networks Inc - Hybrid Networking Connectivity. 


We use our patented MPSec technology in order to provide bandwidth aggregation, redundancy, common management, compression and inbound/outbound load balancing. This solution is used by many of our customers for video conference, VoIP and data for the seamless switchover.

MV
Consultant
Top 20
Aug 20, 2022

@Kowligi Prakash, I looked at FatPipe *years* ago. I was intrigued by the technology, but the leadership I was under at the time didn't see the point. "Just get ISDN BRIs for the branch offices and an ISDN FG D / T1 for HQ."I didn't know you guys were still around! :)

PeerSpot user
Learn what your peers think about Fortinet FortiGate-VM. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
FortiGate Virtual Appliances allow you to mitigate blind spots by implementing critical security controls within your virtual infrastructure. They also allow you to rapidly provision security infrastructure whenever and wherever it is needed. FortiGate virtual appliances feature all of the security and networking services common to traditional hardware-based FortiGate appliances. With the addition of virtual appliances from Fortinet, you can deploy a mix of hardware and virtual appliances,...
Download Fortinet FortiGate-VM ReportRead more

Related Q&As