SD-WAN Internally

Senbonzakura · ‎05-26-2023

I have a quick question regarding SDWAN.

So imagine this network is currently a star topology, each of the ends are cisco switches and the center is a palo alto firewall. They are looking to make each of those sites that have a cisco switch to have there own palo alto firewall and connect them all with SD-WAN. Right now, they're true L2 with fiber trunking all the way back to the core switching with the Palo Alto. Most of the sites will be able to do this and the SD-WAN on the palo will create a IPSec tunnel to connect them but some of the other sites won't be able to do this at that time. Those branches that can't have there own ISPs were looking to be setup to SDWAN anyways even those they will be L2 all the way back how they are now and I was thinking not it wouldnt be a good idea to do that, can anyone explain why setting the SDWAN up internally wouldnt work? I'm thinking OSPF or iBGP should just be used internally instead of trying to use SDWAN to connect two sites internally since they are ALREADY setup L2.

Any advice and explanation would be appreciated!

Kanan Huseynli · ‎05-26-2023

Hi,

if you have only private connectivity on some sites (towards core segment - zone) and it is single connection, SD-WAN only has advantage to have one centralized management and monitoring system. You will not have routing advantage and you may use traditional routing without an issue.

In general, all these depend on business/technical requirements. Do we need good centralized management and monitoring system? Do we need security (IPSec) between sites (from InfoSec point of view it can be mandatory)?

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.