Hardware Firewalls
--
Questions
--
Followers
Top Experts
Watchguard dual WAN / Riverbed question
Intro: Currently we are exploring RiverBed WAN Optimization solutions because our MPLS is terrible. Â The MPLS costs $4500 a month. Â We can lease a high-end Steelhead for $1500 a month. Â I am exploring the idea of dropping the MPLS, getting a secondary "Business SDSL" type connection at both sites, and tunneling between them. Â This keeps business and internet traffic separate and allows a high-availability situation.
Essentially I want to know if this is a valid &Â feasible configuration. Â I do not know if the Watchguard can handle all of this. Â Basically I would be costing a route over one interface and establishing the tunnel via that route. Â We do not currently have OSPF running on the WG's, but we can add that no problem.
Ideally each site would have an internet connection "permanently" tunneled for business use &Â syncing the Steelheads... and another for regular internet usage. Â If these business lines drop on either end, the Watchguard will fail over and use the other ISP to renegotiate the SSL tunnel. Â Users would only notice a short "blip" in their connection. See Visio:
Thanks for any help!
Essentially I want to know if this is a valid &Â feasible configuration. Â I do not know if the Watchguard can handle all of this. Â Basically I would be costing a route over one interface and establishing the tunnel via that route. Â We do not currently have OSPF running on the WG's, but we can add that no problem.
Ideally each site would have an internet connection "permanently" tunneled for business use &Â syncing the Steelheads... and another for regular internet usage. Â If these business lines drop on either end, the Watchguard will fail over and use the other ISP to renegotiate the SSL tunnel. Â Users would only notice a short "blip" in their connection. See Visio:
Thanks for any help!
Zero AI Policy
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
ASKER CERTIFIED SOLUTION
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
I asked around in multiple different places and it sounds like this is do-able. Â Thanks.
HI All,
Recently we are integrating Riverbed WAN Optimizer with Watchguard Firewall/VPN, how the riverbed &Â Watchguard setup? WAN optimizer and Firewall/VPN inline integration? or Wan Optimizer and Firewall/VPN off-path integration?
So far i research the integration Riverbed solution across the firewall/VPN for Juniper, fortinet, Sonicwall are workable.
Please advise.
Thanks,
Steven Siow
Recently we are integrating Riverbed WAN Optimizer with Watchguard Firewall/VPN, how the riverbed &Â Watchguard setup? WAN optimizer and Firewall/VPN inline integration? or Wan Optimizer and Firewall/VPN off-path integration?
So far i research the integration Riverbed solution across the firewall/VPN for Juniper, fortinet, Sonicwall are workable.
Please advise.
Thanks,
Steven Siow
Hello Steven,
Typically the Steelhead would be placed physically in-path on the inside of the network.
LAN --> Steelhead --> Firewall --> Router --> Firewall --> Steelhead --> LAN
Although other deployment options are available, including having the Steelhead between the firewall and router instead. Â In some cases this is easier as it removes the possibility of the firewall stripping the Steelhead probe.
Regards,
Suncore
Typically the Steelhead would be placed physically in-path on the inside of the network.
LAN --> Steelhead --> Firewall --> Router --> Firewall --> Steelhead --> LAN
Although other deployment options are available, including having the Steelhead between the firewall and router instead. Â In some cases this is easier as it removes the possibility of the firewall stripping the Steelhead probe.
Regards,
Suncore
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
Hardware Firewalls
--
Questions
--
Followers
Top Experts
Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.