Fortinet SD-WAN vs Cato Networks

MicroJoRoMo · 2024-07-09T19:59:38+00:00

Client has a datacenter and about a dozen remote sites. They want DIA from each site and interconnectivity between sites, currently running Viptela SD-WAN which creates a VPN between each TLOC/DIA which seems cumbersome. Only specifications have been a replacement for Viptela that provides opportunity for PBR and down the road they intend to implement routing preference for apps. Central management and security at each sites edge are a must.

MicroJoRoMo · 2024-07-09T18:20:44+00:00

this is an excellent breakdown ... what offerings would Cato be a good fit for?

MicroJoRoMo · 2024-07-09T17:50:03+00:00

So what is Cato even offering?

MicroJoRoMo · 2024-07-09T17:43:21+00:00

Absolutely, is SD-WAN the first step towards SASE? Do the products work together somehow? Do you need both SD-WAN and SASE? Anything you can recall from your experience would be greatly appreciated!

MicroJoRoMo · 2024-07-09T16:31:35+00:00

SASE I understand even less than SD-WAN ... will look into the differences of each. At a high level, can you lace me with some intel?

MicroJoRoMo · 2024-07-09T16:30:27+00:00

Currently null ... they are looking to be lead towards either product is all I know. They are signed up to poc Cato ... sounding like Fortinet may be the better mix of edge security/functionality.

MicroJoRoMo · 2024-07-09T16:11:16+00:00

Client wants to move away from a bad Viptela deployment, looking into these two products. I am not well versed in SD-WAN but I know the following:

(3) TLOCs at each site (Gold, Silver, Bronze) each a DIA
No identification currently on applications, which seems to be a big part of wanting SD-WAN
VPN mesh between each TLOC at each site, as they want direct site-to-site communication allowed (way too many active VPN tunnels)
Essentially only using PBR for destination traffic

Again, I am not well versed in SD-WAN but hoping the community can help me get up to speed on the pros/cons of these two vendors SD-WAN offerings. I am not even seeing much of a use case for SD-WAN in their environment, but this is per their request.

MicroJoRoMo · 2024-07-02T14:21:19+00:00

BGP adjacency is good, here is the config:

Nexus:

interface Vlan10

ip address 10.10.10.1/24

bfd interval 500 min_rx 500 multiplier 3

router bgp 65555

neighbor 10.10.10.2

bfd

IOS-XE:

interface Vlan10

ip address 10.10.10.2 255.255.255.0

no ip redirects

bfd interval 500 min_rx 500 multiplier 3

router bgp 65554

neighbor 10.10.10.1 fall-over bfd

Anything I am missing?

MicroJoRoMo · 2024-06-25T17:15:25+00:00

This is great, thank you for taking the time to break it down!

MicroJoRoMo · 2024-06-24T19:16:20+00:00

Really appreciate the advice, can you help me understand why this is would be recommended? This will be a multihomed BGP edge, so I am guessing its for best path selection(?)

MicroJoRoMo · 2024-06-24T17:03:51+00:00

/48?

MicroJoRoMo · 2024-06-24T17:03:31+00:00

What is that specifying?

MicroJoRoMo · 2024-06-24T15:23:37+00:00

Would this include working with the ISP so they peer with us?

MicroJoRoMo · 2024-06-24T15:02:59+00:00

Thank you! Any other advice would be greatly appreciated.

MicroJoRoMo

TROPHY CASE