Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

SonicWall SD-WAN

Bhavin_NaikBhavin_Naik Newbie ✭
edited February 2020 in Mid Range Firewalls
Hey,
Anyone can brief how to configure and deploy or is there any step by step guide available?
Already followed few knowledge based article which are available but i think that not enough to understand and implement..!!
Category: Mid Range Firewalls
Reply

Best Answer

Answers

  • DavidRaiterDavidRaiter SonicWall Employee

    In the 6.5.3 firmware release notes when SDWan was first introduced there is a step by step walk through on configuring SDWan. go to mysonicwall.com. Download the release notes.

  • [Deleted User][Deleted User] Cybersecurity Overlord ✭✭✭
    edited February 2020

    Hi @Bhavin_Naik ,

    I have attached the release notes @Draiter was referring to. I believe the SD-Wan section starts around page 3. Let us know if this helps.


  • Hi @Draiter @Chris@Prabath ,

    We have one scenario where on HO site we have Mpls and Broadband line terminate on sonicwall and Branch site we have same. does SD-WAN possible in this scenario?

    I think Sd-wan is introduce to reduce cost of Mpls so we can say it can replace Mpls. but does it possible to configure Sdwan on Mpls Line.

  • WNRG_BenDavisWNRG_BenDavis Enthusiast ✭✭

    Hi Bhavin,

    It depends on the Zone you are using on your MPLS.

    For this to work properly you would need to set your MPLS to WAN then make sure there is a NAT that keeps your traffic from being NAT'ed when going across the MPLS.

    The SD-WAN only works on WAN Zone and tunnel interfaces.

    Thank you

    Ben Davis

    Western NRG

  • Mr_KlaatuMr_Klaatu SonicWall Employee

    @BHAVIN_NAIK 


    On Premise SD-WAN on the SonicOS does not fully replace MPLS, in fact what it does is that it attracts a subset of customers who essentially doesn't need the full merits of MPLS. SDWAN gives such customers the option of using normal High Speed Broadband WAN to simulate the link characteristics of MPLS for quality by measuring path constraints/attributes like Jitter, Packet Loss and Latency. 

    To give you a simple scenario, lets say you have a Main Site A and Branch Site B and you have 1. IPSec_VPN over ISP 1 (50Mbps) and 2. MPLS at Site B to reach Site A, where MPLS is the preferred path for a host in Site B accessing a server at Site A due to better quality over the IPSec_VPN over ISP 1 link making the latter as the backup link. Now lets say you managed to a get second WAN link ISP 2 (200Mbps). This is a scenario were you could leverage the higher throughput on the ISP 2 to simulate the link quality of MPLS using SDWAN and its software telemetry feature of consistently and continuously measuring link quality. To further explain, you could now create an IPSec_VPN over ISP 2 (200Mbps) and group it with IPSec_VPN over ISP 1 (50Mbps) under SDWAN and then setup measurement profiles where SDWAN will constantly test and measure both these VPN links for their quality using traffic samples from both the links for Jitter, Packet Loss and Latency. And based on the samples SDWAN selects one of the link's to be used for traffic routing when traffic arrives at Site B firewall from one of its LAN host to a server at Site A LAN. So to sum up SDWAN does 'traffic steering' based on 'quality' of the links between the 2 VPN's and in effect uses both the links when needed based on quality sensed proactively by its measuring function.

    As WNRG_BENDAVIS mentioned above, SDWAN doesn't support mixed grouping of WAN/MPLS and VPN. In your scenario, with Broadband-1 (for IPSec VPN-1) and MPLS to your HO, if you want to leverage SDWAN, you need a 2nd Broadband-2 ( for IPSec VPN-2) and grouped to avoid the MPLS altogether.

Sign In or Register to comment.