SD-WAN Forum

Netanya Carmi
Content Manager
IT Central Station
Apr 30 2021

Should I choose SASE? Why is it better?

Mike HounsomeSASE is cloud delivered architecture that provides central policy and unification of network and security services which are typically delivered by a MSP think of SASE as a cloud hub, it helps avoid the need to back haul traffic via central DC’s reducing the reliance on expensive security stacks and resources, allowing sites to go direct to internet for SaaS traffic which in turn improves performance without impacting security.  Its primary usecases are mobile working and direct internet access from branch sites, Covid has accelerated the adoption of SASE in the last year with a need to provide unified security and compliance to any user, device anywhere.  SDWAN is the transport layer to ensure the WAN performance and availability of onprem site traffic (in essence its a edge Router) that can also be used to direct traffic of intrest to the SASE cloud gateway for inspection. 
DAMIR REZNICEKhi, one does not necessarily exclude the other :)...For example - I have implemented on all our domestic ( per country ) WAN networks SD-WAN-  to be more flexible with the lines and not be dependant on one provider ..but to secure my end-users we will implement the SASE solution ...like ZSCALERS, CISCO, ...etc...NGFW will use to ensure good segmentation of the network. To additionally secure your users - you can deploy SWG, some security on your sites you have with SD-WAN equipment ( level will depend on which producer you will choose - one that background is from the network or the one that the background is security :) ) - but for sure not you will not achieve the level as with SWG. VPN - I intend to keep it only for special purposes after we deploy SASE..I hope this helps:)
NeilMistrySASE - Secure Access Service edge is an architecture and strategy. This is focused on Zero Trust which has a huge focus on Identity. Think about accessing your corporate applications and data anywhere, anytime, any device securely with a great experience. In that journey a technology stack supporting and enabling the SASE architecture is what you need. Look at Netskope - Okta - SentinelOne - Silverpeak (this may not be required depending on your env't). If you want to chat more let me know - neil@mis3.ca
Netanya Carmi
Content Manager
IT Central Station
Apr 19 2021

Which networking technology should I choose and why?

Baris-Bilengil
Network & Security Solutions Architect at Rahi Systems Pvt Ltd
Feb 19 2021

128 Technology explained their products with their tunnel-free technology.

Does anyone have any experience with installation, management and product prices?

User at Etisalat
Jan 24 2021

I'm researching SD-WAN solutions. I'm looking at Nuage and Versa FlexVNF. What are the differences between these two solutions?

Ken Kao
Product Manager at a comms service provider with 201-500 employees

If your company is using a SD-WAN solution, which brand is your choice? Why?

Lipaz HesselWe are working with Silver Peak, Fortinet (FortiGate and FortiAnalayzer) and also tried few other vendors. We think and knows, that’s Silver-Peak is the only End to End SD-WAN solution along with VMWare in the market. FortiGate is a FW with SD-WAN features.
reviewer1275930I have done PoC with AT&T, VMware, Dell and SilverPeak -- I selected SilverPeak (which is now owned by HPE).
Sevan ChandraNubewell Networks has full fledged feature set. 
Rony_Sklar
IT Central Station

What are some of the most common SD-WAN security vulnerabilities? How can I plan for these potential security issues? 

Lipaz HesselSD-WAN comes with firewall inside the device, the issue with that Firewalls is lack of features like SSL-VPN. It is recommended to recheck management access because this device is connected directly through Internet, and make sure it is always up to date. Remember this is the direct link from internet/branches with default security once installed, again make sure to configure it correctly
Paul FriendIt depends which SD-WAN vendor you are considering. Pure play SD-WAN generally lack enterprise grade security features and their architectures require a firewall - which means more complexity and cost. A number of firewall vendors have Secure SD-WAN appliances that incorporate NGFW and SDWAN functionality in one appliance. Pure play vendors are well known for overselling their security capabilities and leaving customers vulnerable. A risk with SD-WAN devices is that you move away from hub and spoke networking to meshed, which means that there is a potential for the compromise of one device to give attackers visibility into the traffic flow from across the network. Its more efficient, manageable and cost effective to have a Secure SD-WAN device from a security vendor.
reviewer1392588The Citrix-SD wan comes wish a full firewall, that is very capable.  You just need to make sure that you harden the rules.  I would follow an approach of blocking everything, then open only what you need.   One point to note, there is a difference in applying a block or a drop rule.  A block still takes some processing, the drop just ignores these packets.  This makes a big difference when facing DDOS attacked.   Use drop rather than block, or DDOS will still take your services down.   NOTE.  This is a quick response, not a tech note. Check all changes carefully before implementing.