01-17-2018 01:05 PM - edited 03-08-2019 05:31 PM
Hello All,
Our Company (Company A) recently acquired another company (Company B). I am responsible to come up with a design solution for the merger process. Company A is using MPLS network with all the sites and has Checkpoint firewall solutions in place. Company B is mostly connected using IPSec VPNs and has a mix firewall solutions (Sonicwall, ISA, ASA, Mikrotik etc). The ideal and the desired solution is to connect the many sites of Company B using SD-WAN. However, I am not very experienced with the merger process and this is first of a kind task for me. Hence, I need a lot of help from you guys.
Can you please tell me how should I proceed? What is a good SD-WAN solution? Is it possible to connect MPLS network and SD-WAN network? Which firewall solutions should be implemented in the merger? Please also share any other important point which I should keep in mind.
Regards!
Solved! Go to Solution.
01-17-2018 05:40 PM
Cisco Meraki is particularly good for this - but it would mean putting an MX into every site ...
https://meraki.cisco.com/products/appliances
It can support both MPLS and Internet based VPN using SDN at the same time.
The two major methods of deploying in your scenario are:
https://documentation.meraki.com/MX-Z/Deployment_Guides/MPLS_Failover_to_Meraki_Auto_VPN
https://documentation.meraki.com/MX-Z/Site-to-site_VPN/Configuring_Site-to-site_VPN_over_MPLS
For the Internet only sites using VPN you would use AutoVPN:
https://meraki.cisco.com/technologies/auto-vpn
You should get a Cisco partner involved for a project of this complexity.
01-17-2018 05:40 PM
Cisco Meraki is particularly good for this - but it would mean putting an MX into every site ...
https://meraki.cisco.com/products/appliances
It can support both MPLS and Internet based VPN using SDN at the same time.
The two major methods of deploying in your scenario are:
https://documentation.meraki.com/MX-Z/Deployment_Guides/MPLS_Failover_to_Meraki_Auto_VPN
https://documentation.meraki.com/MX-Z/Site-to-site_VPN/Configuring_Site-to-site_VPN_over_MPLS
For the Internet only sites using VPN you would use AutoVPN:
https://meraki.cisco.com/technologies/auto-vpn
You should get a Cisco partner involved for a project of this complexity.
01-22-2018 01:00 PM
Thank you for your reply. I have one question regarding the Cisco Meraki MX. If I use, for instance, MX100 at the network edge, will it be able to perform all the FW/IPS/AV etc or should I have a Layer 3 switch below it?
01-22-2018 01:08 PM
Use a layer 3 switch if you need wire rate forwarding of traffic between VLANs. If you don't need this then you can do any routing on the MX.
01-22-2018 01:21 PM
Ok. One more thing, Can the firewall capabilities of MX devices match ASA or Checkpoint standards? My company is currently using Checkpoint (2200, 4200) so it will be a hard sell to go against that for new locations.
01-17-2018 07:03 PM
Hi
Cisco iWan solution could be fit:
https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Apr2017/CVD-IWANDeployment-APR17.pdf
As Philip said, Meraki as well is perfect fit.
As you'll need to have a device on each location, Meraki solution will be cheaper.
In terms of firewall, i would go with FTD on firepower or ASA appliances. The exact model will based on your needs.
01-22-2018 01:03 PM
Thank you for your reply.
What should be the key selection point in this case while selecting a firewall? MX devices are capable of stateful firewall as well, why not use that?
03-10-2022 10:57 AM - edited 03-10-2022 10:58 AM
What should be the key selection point in this case while selecting a firewall? MX devices are capable of stateful firewall as well, why not use that.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: