We are in the process of deploying Viptela SD-WAN to fully replace Site to Site VPNs and MPLS.
We have multiple locations each with PA firewalls and local internet breakout with two internet connections ( DIA & ADSL).
Question:
Where do we place the SD-WAN router in the design. Security policies says that the traffic should be inspect by PA firewalls.
I could place the routers in DMZ behind the firewalls and do one to one NAT but here is concerned over the broadband which has public Dynamic IP. Another problem, exposing router directly may get hammered with Russian and Chinese botnets and port scanning.
Any other better options ?
No comments:
Post a Comment