I work for a company with a small IT Department, in an effort to cut costs we are moving away from MPLS and looking at SDWAN solutions with redundant circuits. We have tentatively settled on Talari or VeloCloud. I have four solutions in mind and wanted to get feedback on which makes the most sense. We currently do not run a Next Gen firewall and sites have basic firewalls (it is a cloud based firewall on an enhanced MPLS circuit.) We have several locations. I have the following solutions in mind. All of the SDWAN devices have basic firewalls with some stateful packet inspection, they just lack advanced feature sets. Currently I don't feel as though we are as secure as I would like and that we are grossly overpaying. Any advice/feedback is appreciated.
- Back-haul all internet traffic through the Next Gen Firewall at the data center, get a large data center internet pipe. Pass VoIP traffic directly to the VoIP provider and allow site to site SDWAN traffic.
- Back-haul unknown traffic through the Next Gen Firewall at the data center and pass known traffic directly to the internet (allow Dropbox, Office 365, CRM, and Bulk traffic (Facebook, YouTube, LinkedIn...etc) Smaller pipe at the data center.
- Cloud based secure web gateway (subscription per user) - Tunnel all traffic to a cloud based firewall similar to ZScaler and have a next gen firewall for natting at the data center.
- A next gen firewall at each site - Not optimal as this is costly and requires maintenance and config at each site.
No comments:
Post a Comment