my company has traditionally been a cisco shop. generally when it came time for network gear refreshes, the companies approach was to goto cisco/CDW and ask for their recommendations. Last year we started looking at SD-wan and did what i would say is our first real POC in our department and we compared 3 vendors. of course just as we were kicking things off covid hit, which ment we had to refocus alot of efforts else where to support heavy work from home requirements, plus now dealing with trying to do this POC while remote. On top of this, one of the vedors really caused alot of delays.
Long story short, the exec team started getting unhappy about the length of time the POC was taking. now we are starting the process of replacing our aging ASA firewalls, and are looking to vendors other than just cisco given the reputation of FTD. we initially proposed looking at palo, fortinet, and FTD (because "cisco" shop and past relationships they are scared of shaking up with cisco). Execs came back and are telling us that they are afraid of how long it will take after the SDwan POC and want us to only look at FTD and one other vendor. While i will try my best to give FTD a fair shake, i cant really see it beating out palo based on everything i have heard and seen, and this is mostly going to be us convincing executives to again move away from cisco.
but where im really going with this is, what is a realistic time frame for these kind of POCs. obviously it depends on environment. Were looking to first replace our internet border firewalls, which currently only do filtering. we have a separate environment for AnyConnect, dont terminate tunnels on it, etc. we want more of the next gen features, but are not looking to add these things to the mix at our internet border routers. Were more of an MSP/ISP for our clients that host specific services for them, and also offers internet connectivity through our DC that runs through our security stacks. Each client is brought into their own VRF, and then then currently has an ASA context between them and our core. then there are a few internal contexts for our services and internal stuff, and finally the internet border firewalls that are between our core and internet (so client internet traffic goes through 2 firewalls, the context and the border firewall). the big push is to replace the borders this year, but the 5585x thats handling the contexts also needs to be replaced next year, and we need to consider it when choosing a vendor as we want a unified solution between them. so when considering this, how long should we realistically consider a POC should take?
No comments:
Post a Comment