Wednesday, July 15, 2020

LF WAN Experiences: Silver Peak vs. CloudGenix; Palo Alto vs. zScaler vs. Fortinet

Hello all,

We're near the end of a decision for our WAN overhaul.

Status: Distribution company, 1 HQ, 30-50 warehouses all US based (warehouse footprint from an IT perspective is 2-15 office workers [pre-Covid-19] and 5-20 warehouse pickers, about 2-5 of them have a handheld scanner, so low bandwidth)

Also have two service providers that we utilize for a total of 4 external datacenter connections in our WAN

Current:

Fortinets everywhere as firewalls

HQ has 2x1Gb internet connectivity

MPLS network everywhere, most warehouses also have 20+ Mb internet connection

VOIP connectivity/resilience is a priority (currently, when the MPLS goes down at a warehouse, VOIP will be down too)

Future:

SD-WAN with 2 network connections (plan to eventually go dual internet circuits, waiting for term'ing on MPLS)

Not so hot on our Fortinets, would prefer a better performer.

On the SD-WAN side of things, it appears that CloudGenix and Silver Peak would fit our needs; both (say they) can take an internet circuit and a MPLS circuit, and either can go down and we'll continue to have our connectivity. As we migrate away from MPLS, both indicate the transition will be seamless. Bandwidth isn't too much of a concern for us: VOIP and ERP are priorities, but both are relatively low bandwidth. Advice/opinions looked for here: was either one for you a bad experience? Are they products as advertised?

On the Firewall side of things, I'm in quite a conundrum: Fortinets are our current FW everywhere and our client VPN. I *could* leave the Fortinets everywhere, but I'm ready to leave the Fortinets behind (admittedly, this is a little political, CIO doesn't like Fortinets and generally prefers Cisco, so I'm already doing a bit of a sales job by suggesting something other than Cisco). We're expecting full IDS/IPS, web-filtering, and other strong "next-gen" security features from any solution. Here's my summed up thoughts on each:

Fortinets: cheapest option to keep them, but have to almost clean slate them to get us at correct spec. We do have IPS licensing, but we don't use it.

Palo Alto: the implementation would be physical firewalls at our HQ, and their Prisma "cloud firewall" for our warehouse locations. The Prisma would integrate to either the CloudGenix or SilverPeak for the firewall functionality. We'd go with their Client VPN as well (from the HQ firewalls).

zScaler: before all this, I have never heard of them. SilverPeak is partnered with them for the firewall. They seem to have everything we would need for a cloud firewall integration to the SD-WAN box that would be local to the warehouse. I'm told they can only do web filtering on ports 80 and 443 though. And they don't have any hardware to sell, so I'd still need a standalone firewall at the HQ.

Firewall comments: seems that either Fortinet or Palo Alto would be a "complete" firewall solution, but zScaler could only be useful as a firewall at our warehouse locations.

Firewall Questions: Has anyone done either SD-WAN + cloud firewall? What limitations have you experienced?

Are any of these amiss?

Biggest leap for me here is the "cloud firewall" of most of these, first time considering and possibly doing these.

I'm intentionally try to remove my leanings to make the most objective post I can. I'll try to respond to any questions or concerns.



No comments:

Post a Comment