Solved: Re: SD-WAN connectivity to the Internet

miras · ‎01-07-2019

From security perspective, would it be OK to connect the SD-WAN appliance directly to the Internet, or should it be connected behind the firewall with a 1 to 1 Static NAT configured?

tahiali · ‎01-07-2019

It is perfectly fine to connect sdwan appliance directly as it has built in security mechnism like control plane rate policing implict acls etc

the appliance will only be responding to communications from authenticated controllers , vedges or legitimate user traffic or to the services traffic u manuualy alow like dhcp dns etc

also sdwan with 18.4 can now have a firewall ips dns security and url filterting device (with some hardware exceptions)

still if you need a firewall it can sit behind a nat device as well

View solution in original post

tahiali · ‎01-07-2019

It is perfectly fine to connect sdwan appliance directly as it has built in security mechnism like control plane rate policing implict acls etc

the appliance will only be responding to communications from authenticated controllers , vedges or legitimate user traffic or to the services traffic u manuualy alow like dhcp dns etc

also sdwan with 18.4 can now have a firewall ips dns security and url filterting device (with some hardware exceptions)

still if you need a firewall it can sit behind a nat device as well