Hey everyone! Our org is working on some initiatives to tame our disparate infrastructure and implement some additional security for the management of our routing and switching gear, much of which is located in isolated networks with their own DIA connections.
One of the approaches we've considered is moving all management to private networks on their own VLAN so as to expose as little attack surface as possible. That's easy enough for the on net stuff, but we can't standardize on that unless we can bring those remote sites' management VLANs on net via secure tunnels.
So, we'd like to establish secure tunnels to each of these remote locations so as to bring those devices' management VLANs back to our core. Does anyone know of a good device for acting as a tunnel endpoint for these numerous sites? We're talking about potentially as many as 100 or so tunnels, so I imagine it would need to be pretty beefy or distributed across multiple devices. The traffic over those tunnels would be low, only SSH, smallish OSPF, and SNMP.
Does anyone have any suggestions, or perhaps even an alternative approach that achieves the same or similar desired result?
No comments:
Post a Comment