SonicWall SD-WAN
Bhavin_Naik
Newbie ✭
Hey,
Anyone can brief how to configure and deploy or is there any step by step guide available?
Already followed few knowledge based article which are available but i think that not enough to understand and implement..!!
Anyone can brief how to configure and deploy or is there any step by step guide available?
Already followed few knowledge based article which are available but i think that not enough to understand and implement..!!
Category: Mid Range Firewalls
1
Best Answer
-
CORRECT ANSWER
Prabath
Enthusiast ✭✭
Hi,
Please refer below links to understand and configuring Sonicwall-SD-WAN
Introducing SonicWall Secure SD-WAN
Configuring SD-WAN Using Numbered VPN Tunnel Interfaces
Introducing SonicWall Secure SD-WAN to Distributed Enterprises
Configuring SD-WAN in SonicOS
Configure SD-WAN Using VPN Numbered Tunnel Interfaces
7
Answers
In the 6.5.3 firmware release notes when SDWan was first introduced there is a step by step walk through on configuring SDWan. go to mysonicwall.com. Download the release notes.
Hi @Bhavin_Naik ,
I have attached the release notes @Draiter was referring to. I believe the SD-Wan section starts around page 3. Let us know if this helps.
Hi @Draiter @Chris@Prabath ,
We have one scenario where on HO site we have Mpls and Broadband line terminate on sonicwall and Branch site we have same. does SD-WAN possible in this scenario?
I think Sd-wan is introduce to reduce cost of Mpls so we can say it can replace Mpls. but does it possible to configure Sdwan on Mpls Line.
Hi Bhavin,
It depends on the Zone you are using on your MPLS.
For this to work properly you would need to set your MPLS to WAN then make sure there is a NAT that keeps your traffic from being NAT'ed when going across the MPLS.
The SD-WAN only works on WAN Zone and tunnel interfaces.
Thank you
Ben Davis
Western NRG
@BHAVIN_NAIK
On Premise SD-WAN on the SonicOS does not fully replace MPLS, in fact what it does is that it attracts a subset of customers who essentially doesn't need the full merits of MPLS. SDWAN gives such customers the option of using normal High Speed Broadband WAN to simulate the link characteristics of MPLS for quality by measuring path constraints/attributes like Jitter, Packet Loss and Latency.
To give you a simple scenario, lets say you have a Main Site A and Branch Site B and you have 1. IPSec_VPN over ISP 1 (50Mbps) and 2. MPLS at Site B to reach Site A, where MPLS is the preferred path for a host in Site B accessing a server at Site A due to better quality over the IPSec_VPN over ISP 1 link making the latter as the backup link. Now lets say you managed to a get second WAN link ISP 2 (200Mbps). This is a scenario were you could leverage the higher throughput on the ISP 2 to simulate the link quality of MPLS using SDWAN and its software telemetry feature of consistently and continuously measuring link quality. To further explain, you could now create an IPSec_VPN over ISP 2 (200Mbps) and group it with IPSec_VPN over ISP 1 (50Mbps) under SDWAN and then setup measurement profiles where SDWAN will constantly test and measure both these VPN links for their quality using traffic samples from both the links for Jitter, Packet Loss and Latency. And based on the samples SDWAN selects one of the link's to be used for traffic routing when traffic arrives at Site B firewall from one of its LAN host to a server at Site A LAN. So to sum up SDWAN does 'traffic steering' based on 'quality' of the links between the 2 VPN's and in effect uses both the links when needed based on quality sensed proactively by its measuring function.
As WNRG_BENDAVIS mentioned above, SDWAN doesn't support mixed grouping of WAN/MPLS and VPN. In your scenario, with Broadband-1 (for IPSec VPN-1) and MPLS to your HO, if you want to leverage SDWAN, you need a 2nd Broadband-2 ( for IPSec VPN-2) and grouped to avoid the MPLS altogether.