Mai 9, 2023

FlexEdge Secure SD-WAN Series Part 3—Service

Requirements for a 24/7 high availability secure SD-WAN service
Tuomo Syvanne

In the previous post, we reviewed how the Forcepoint SD-WAN orchestrator–– a capability built into our Forcepoint FlexEdge Secure-SD-WAN manages security and authentication.


In this penultimate post, we review the requirements for a 24/7 secure SD-WAN service.

SD-WAN offering 24/7 service

In today's distributed organizations, seamless connectivity through SD-WAN is critical for users to access resources anytime and from anywhere. With hardware failures, link issues, or network maintenance being unacceptable causes of downtime, the Forcepoint SD-WAN orchestrator ensures uninterrupted 24/7 availability. It eliminates the impact of geo-locations, time zones, or maintenance windows, ensuring high availability and continuous connectivity for organizations, enabling them to maintain smooth operations and access to critical applications, data, and systems.


Complete High availability

The Forcepoint SD-WAN orchestrator offers the capability to configure multiple orchestrators in a high availability setup, even across different geographic locations. Communication between these orchestrators is established through independent paths, ensuring resilience against ISP failures. Gateways within the Forcepoint SD-WAN orchestrator are aware of the addresses of all orchestrators across various ISPs. Additionally, all gateways can be configured with high availability, which can be concealed from other gateways and VPN orchestrators. Native multi-ISP support is inherent in all components, enabling automatic creation of connections between gateways and orchestrators using active ISP connections. This comprehensive setup ensures strong and uninterrupted connectivity.


Maintenance friendly High-availability

Forcepoint SD-WAN orchestrator's high availability goes beyond managing failures and extends to maintenance periods, preventing interruptions. Its architecture doesn't demand identical hardware or firmware versions, eliminating service disruptions during hardware replacements or firmware updates. Native ISP high availability ensures smooth transitions when switching ISPs, guaranteeing uninterrupted connectivity throughout the network.


Configuration changes without maintenance break

As the networking environment evolves, incorporating changes like gateway additions, movements, deletions, and SD-WAN configuration adjustments, it is crucial to assess the extent and impact of these changes. With network changes there are two things to consider:  The amount of change and the total impact of the change. Typically changing some installation wide secret can create a total outage. However, Forcepoint SD-WAN orchestrator eliminates the reliance on such secrets, minimizing downtime. Most changes can be conveniently executed from a central location, streamlining the process. For more intricate changes like altering adding a new gateway, modifications are typically required in the SD-WAN orchestrator configuration and a single gateway, ensuring efficient and controlled updates across the network.

Forcepoint SD-WAN orchestrator streamlines migration scenarios by segregating IKE negotiations within a dedicated overlay network from other negotiations. This means that even if a VPN is replaced and uses identical IP addresses for its tunnels, it can still function without conflicts. Similarly, multiple overlays can operate independently, even if the tunnels they utilize share the same addresses. This segregation ensures smooth and efficient migration processes while maintaining network integrity and minimizing disruptions.

On the next and final post, we describe look at capabilities that complete an SD-WAN solution.


Tuomo Syvanne

Tuomo Syvanne is a Principal Network Engineer at Forcepoint.

Read more articles by Tuomo Syvanne

À propos de Forcepoint

Forcepoint est l’entreprise leader en cybersécurité pour la protection des utilisateurs et des données. Notre objectif est de protéger les entreprises tout en stimulant la transformation et la croissance numériques. Nos solutions s’adaptent en temps réel à la façon dont les personnes interagissent avec les données, et offrent un accès sécurisé tout en permettant aux employés de créer de la valeur.