At the moment, we are evaluating a solution where tunnel concentrators are going to be in virtual machines. And despite the fact where we should go in terms of technology, space, payment model and everything, this solution is something new in the company.
So, we're looking for any previous experience and advice about how to make a proper solution and which product/s to use. Please ...
FatPipe Networks Inc - Hybrid Networking Connectivity.
We use our patented MPSec technology in order to provide bandwidth aggregation, redundancy, common management, compression and inbound/outbound load balancing. This solution is used by many of our customers for video conference, VoIP and data for the seamless switchover.
In my opinion, the way SD-WAN is designed, you will need multiple network endpoints or network-based concentrator hardware to handle multiple tunnels incoming.
If you host them as virtual devices, you share the underlying network hardware and therefore lose performance, not gain it. If you want to virtualize them, use several, many endpoints (not just one).
Azure Firewall is easy to use and provides excellent support. Valuable features include integration into the overall cloud platform, autoscaling, and the ability for users to create virtual IP addresses. The cost of the solution is also competitive.
Check Point NGFW solution offers zero-day protection and provides absolute in-depth visibility with a multi-layer, multi-blade approach. This solution has a Smart Controller that allows you to manage all firewalls from one single location. It also has good antivirus protection and knowledgeable, responsive support. Check Point NGFW is cost-effective and provides valuable support to get through required compliance audits.
For Azure Firewall you have to specify each IP address used. We also found Azure to be challenging to implement from region to region, as it does not currently offer a universal approach across regions. Support can be very slow to respond and has caused us some downtime, affecting productivity and overall satisfaction.
Check Point NGFW VPN can be very complex to set up. The deployment can be more challenging than many other solutions on the market. Although once fully deployed, things do get easier. Debugging can also be very difficult and makes it seem less stable than other solutions out there. Training and support could be better overall.
Azure is great, especially since almost everyone is part of the Azure ecosystem. However, it may not be the best solution for larger enterprises, as stability is limited, and the scale-up scale-out approach needs improvement.
Check Point can be very challenging to set up and deploy, but the unique multi-layer, multi-blade approach gives greater flexibility and transparency, which makes it a great option for larger enterprises with more complex, intricate needs.
Check Point firewall does a deep inspection of packets till Layer 7 and is more compatible with the organizational environment.
The Azure firewall is also a cloud-based security solution that also provides Advance Threat Protection.