We manage our own MPLS network on top of ISPs VPLS/WDM links, and currently just manually configure our CE routers. Either with "VRF lite" with BGP peerings to our DC routers in each VRF or just full MPLS to the CE and do L3VPNs there. ISPs only provide us means to directly connect our different routers.
It works well with our 50 "PEs" (we also do MPLS in our campuses so couting those PE devices too) but it's of course a lot of manual work. We're also closing in on a deal that would add something like 100 or in best scenario 200 new sites but those would be mostly with few users, couple printers etc.
So, how would you feel about connecting all those sites using Fortigate firewalls instead of traditional routers? I'm hoping to achieve easier management, monitoring, visibility and maybe even some load balancing / QoS stuff with those. I could do QoS rules based on firewall objects I have in the central FortiManager, instead of manually updating rules in every router. Idea is to still get L2 connectivity from our ISPs, but connect the remote Fortigate to our DC FW and then towards the rest of the network.
It's a type of network where we want to segment stuff as much as we can instead of letting everyone to talk to everyone. Firewalls would of course help in that situation. Our DC FW terminates all the different VRFs we have in our campus network.
We have good enough deals with our ISPs for L2 so I'm not interested in replacing those links with consumer broadbands, might do those as a backup though.
Any ideas?
Thanks!
No comments:
Post a Comment