Recently started with a new org. We have Unifi which was fine when the company was a handful of people in a single office, but now the org needs "proper" networking.
I also have used Meraki before and honestly, not really looking to go there again.
In discounting both Unifi and Meraki, but bearing in mind that the org is trying to be as cloud native as possible, what else is there that does full stack switching, wireless, firewall (doesn't need to be next gen as we have a strong endpoint management approach) and has a management ecosystem which will pull it all in to a single pane of glass?
And really, we need to run said management ecosystem in Azure, or it be a full cloud controller.
Oh yeah and we want SD-WAN, while still looking at a traditional design approach of defense in depth i.e. perimeter firewall in a different vendor.
I'm kinda thinking I need:
- SRX on the perimeter with a small JunOS Space (somewhere on vmware because they don't even support Hyper-V yet let alone Azure/AWS) footprint to manage it. Thinking perform the SD-WAN here. This could be any vendor I guess, but I am not ever going to be using FirePOWER and I'm not going to invest in ASA mode now, and I know SRX well.
- Fortinet gates for internal segmentation, L2 switches, ap and fortimanager/fortianalyzer for the main part of the stack / single pane of glass.
Is there any other vendor I could be considering particularly for the second main element?
As an aside, given we have a strong endpoint management approach, do we even NEED separate vendor firewall layers for defense in depth? We're protecting on the endpoint, and at network layer. Is that enough by itself? I've been in government/military/finance for the last 5 years and they throw so many firewalls at things your head spins: what's best practice in the corporate world now in this regard?
No comments:
Post a Comment