五月 16, 2023

FlexEdge Secure SD-WAN Series Part 4—Complete Secure SD-WAN

Bringing together security, ease of management and minimizing configuration errors
Tuomo Syvanne

In the third post, we reviewed how the Forcepoint SD-WAN orchestrator–– a capability built into our Forcepoint FlexEdge Secure-SD-WAN manages 24/7 service in largescale SD-WAN even during maintenance or link failure.


In this series conclusion, we review how the Forcepoint SD-WAN orchestrator brings a holistic approach to SD-WAN.


Complete Secure SD-WAN solution

A successful Secure SD-WAN solution requires a holistic approach, combining features that work together seamlessly. It's crucial to consider security, ease of management, and user functionality that is intuitive and minimizes human error. Dynamic routing, while secure, can be complex and time-consuming. Common models can unintentionally lead to misconfigurations that affect network traffic. Therefore, it's important to strike a balance between security, simplicity of management, and minimizing the chances of configuration mistakes for a successful SD-WAN implementation.


IPv4 and IPv6

The Forcepoint SD-WAN orchestrator effortlessly supports both IPv4 and IPv6 address families when establishing overlay networks. It has the flexibility to utilize a combination of IPv4 and IPv6 tunnels, regardless of the underlying addresses in the network. This versatility ensures seamless integration of different IP versions, providing compatibility and adaptability to diverse network environments.


Dynamic full mesh and application aware multilink at the same time

In contrast to other SD-WAN solutions, Forcepoint SD-WAN orchestrator eliminates the need for tunnel-level configuration when defining application path selection. This enhances efficiency, especially in large-scale SD-WAN deployments where dynamically creating tunnels can be challenging. In the underlay, the Forcepoint SD-WAN orchestrator dynamically establishes connectivity between gateways using a multilink VPN approach. This native ISP high availability ensures optimal utilization of all ISP connections concurrently, enabling each application to choose the most suitable path based on its specific requirements. This flexibility allows for efficient application-based routing, enhancing the overall performance of the SD-WAN environment.


High Availability as a standard feature

Unlike other SD-WAN solutions that place the burden on administrators to manage both the VPN and dynamic routing, even in simple setups, Forcepoint SD-WAN orchestrator offers a more streamlined approach. In many cases, individual dynamic full mesh configurations only support a single path between remote locations and hubs. To achieve ISP high availability, multiple parallel dynamic full mesh configurations are required, along with dynamic routing to select between them. However, Forcepoint SD-WAN orchestrator simplifies this process by providing native ISP high availability without the need for complex dynamic routing configurations, offering administrators a more automated and efficient solution.

In large-scale SD-WAN deployments, the number of required routes can become significant and complicated to manage. However, Forcepoint SD-WAN orchestrator simplifies this process by automatically providing the required route information to gateways, eliminating the need for additional dynamic routing configurations. This streamlines the management and ensures efficient routing, allowing administrators to focus on other critical tasks.

To address connectivity challenges with dynamic IP addresses, many solutions rely on dynamic DNS. However, Forcepoint SD-WAN orchestrator offers a more efficient alternative. It automatically detects public IP addresses and shares this information without the need for additional credentials. Caching in recursive DNS servers does not affect its functionality. Additionally, the orchestrator provides information about externally visible ports. By leveraging these capabilities, Forcepoint SD-WAN orchestrator eliminates the need for dynamic routing and dynamic DNS, reducing administrative workload and minimizing the risk of configuration errors, ultimately simplifying network management.

This concludes our series on how Forcepoint Secure SD-WAN orchestrator simplifies and manages challenges in large-scale SD-WAN implementations.

To learn more about FlexEdge Secure SD-WAN solution visit our Secure SD-WAN product page or review the Forcepoint Secure FlexEdge Secure SD-WAN datasheet.



Tuomo Syvanne

Tuomo Syvanne is a Principal Network Engineer at Forcepoint.

Read more articles by Tuomo Syvanne

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.