[AusNOG] SDWAN Security
tim.dooley at outlook.com
Mon May 31 19:55:06 EST 2021
Long time reader, first time.... Sender I guess.
Meraki offers a simple SD-WAN solution, it works with dual internet solutions such as Telstra BIP/TID, or you can use 4/5G as a backup service.
It comes with simple inter site VPN and basic routing which is great for most customers with Central or cloud core infrastructure.
A service like Viptella allows far more complex and granular setups.
In terms of security, I'm not an expert, but the Cisco umbrella IDS/IPS seems pretty amazing.
A quickly search found this page which looks to have good comparisons.
I hope this is helpful.
Full disclosure, I work for a company that provides meraki with Telstra internet services.
Get Outlook for Android<https://aka.ms/AAb9ysg>
From: AusNOG <ausnog-bounces at lists.ausnog.net> on behalf of Radek Tkaczyk <radek at tkaczyk.id.au>
Sent: Monday, May 31, 2021 7:22:11 PM
To: Dale Shaw <dale.shaw+ausnog at gmail.com>
Cc: ausnog at lists.ausnog.net <ausnog at lists.ausnog.net>
Subject: Re: [AusNOG] SDWAN Security
I don’t think you will find that Cisco meraki is not a proper SDWAN solution. It’s just a glorified VPN with a cloud dashboard. If you call that SDWAN then SDWAN has been around for 30 years then.....
You need to be looking at proper SDWAN solutions like Velocloud(VMware), Cisco Viptella, Peplink, etc. These are proper SDWAN solutions that can replace an MPLS.
Sent from my iPhone
On 31 May 2021, at 4:09 pm, Dale Shaw <dale.shaw+ausnog at gmail.com> wrote:
Full disclosure: I work for VMware (we have a SD-WAN offering) but I’ll keep it agnostic—
On Mon, 31 May 2021 at 12:49 pm, dusty <dusty.au at gmail.com<mailto:dusty.au at gmail.com>> wrote:
After a number of years being more managerial than technical, I find myself staring at a proposal to swap a perfectly good MPLS network with some Meraki shenanigans.
This, frankly, gives me the heebie jeebies.
I've done a bunch of poking around but, alas, it is remarkably difficult to locate reliable analyses of the actual security (or lack thereof) of these solutions - plenty of glossy marketing and whizzbang, not a lot of facts.
Can anyone point me in the direction of some decent whitepapers, blogs, etc about the relative merits of these things?
--dusty (in Brisbane)
(tl;dr: talk to your friendly vendor SE.)
What sort of collateral would you look for, to give warm fuzzies, if you were evaluating a traditional WAN routing platform?
You should be able to find security whitepapers and other technical documents that describe management and data plane security, use of crypto/PKI etc.
Vendors targeting enterprise customers should be putting their products through security evaluation frameworks such as Common Criteria — look for certification, in-flight or completed, against the Network Device collaborative Protection Profile (NDcPP) plus optional modules like VPN. Crypto libraries may be FIPS 140-2 [US centric] certified.
For vendors offering things as-a-service, certifications and statements of conformance against other regulatory frameworks should be applicable (SOC, FedRAMP [again US centric], IRAP etc. may exist).
AusNOG mailing list
AusNOG at lists.ausnog.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the AusNOG