06-18-2019 06:14 AM
Good day,
I am new to SD-WAN technology but really amazed by it's capability, and currently working for a SD-WAN solution for one of our client.
The overall setup includes private cloud, public cloud and approx. 300 remote sites with a user count ranging from 5 to 1500.
Currently most of the sites have both MPLS and Internet links. These links are logically terminated on perimeter Firewall where Zones are configured. Internet is a "Untrusted Zone" and MPLS is a "Semi-Trusted Zone".
The question is, if I want to retain these site local perimeter firewalls, can I still keep 2 zones, one for Internet and another for MPLS? or in other words, can I extend the VPNs(VRFs) from vEdge devices up to the firewall?
The benefit I see here is, I can have strict policies enabled on firewalls for stateful inspection between these 2 Zones.
If anyone has any advice for me, please do share.
Thanks
Hemant
06-18-2019 01:31 PM
06-24-2019 08:25 AM
Hi,
So if you are building SD WAN, what is the underlay NEW network going to be? MPLS still?
Typical deployments in the UK I have seen have been SD WAN over MPLS, in which case you would typically terminate at the egde of the MPLS underlay. Basically routing would be consistent with traditional MPLS, and so you would transit route traffic from VEdge to Firewall.
Hope that helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide