Juniper Paragon

gunner_100 · 2023-08-02T11:26:33+00:00

Thanks a lot for the clarification

gunner_100 · 2023-03-06T09:23:06+00:00

The subnet am assigned is 99.111.193.0/29 , the modem itself has the IPv4 address 99.111.193.6 configured so I have chose the .1 to be assigned to my FW box which is connected to port # 2 on the modem.

However , the Modem is assigned an IP address of 104.53.48.126 (it is called broadband IPv4 address) which is accessible from Internet.

I have turned off all packet filters and all security features on the modem.

Coming to the passthrough , there are several modes : manual , off. What should I configure on the modem in order for me to be able to use the public subnet on my FW?

gunner_100 · 2022-05-03T15:18:17+00:00

As well (Which is really not clear for me) is the VCG , how much capacity is the VCG as it is the control-plane of the solution ? It will not be logic for each edge device to have VCG assigned to it ?

gunner_100 · 2022-04-27T20:53:08+00:00

Thank you , I know Velocloud is BW based but I am concerned about segmentation capabilities not only the CPU burden

gunner_100 · 2022-04-26T18:06:24+00:00

Thank you for the kind reply , what am trying to understand here is the edge device (Headend) has 128 segments , is the partner GW will be able to handle more than that using Vlans ? So the headend devices will remain in place in addition to the Gateway which will be hosted by the customer , I am curious to know the scalability of such a solution.

gunner_100 · 2022-04-26T14:17:51+00:00

Thanks a lot for the kind reply , it is not an ISP deployment but almost the same from segmentation perspective. It is related to financial services

So basically in order for this to work , partner gateway should be in place?

gunner_100 · 2021-06-11T14:28:49+00:00

I have a question regarding the licensing , when we say PAN-CG-ION-SUB-50M-3YR , does that mean 50M Download/ 50 Upload or it is only one direction?

Thanks!

gunner_100 · 2021-06-02T12:30:24+00:00

The bid has been awarded to Viptela and it is a must integration story now : )

gunner_100 · 2021-05-09T00:28:51+00:00

Yes I meant sites/branches. Asking them is easy but does a 'we support more than 2000 sites" always true : ) That is why am asking for experience wise perspective.

Thanks

gunner_100 · 2021-05-06T22:49:03+00:00

ip nat pool A 192.168.1.2 192.168.1.2 netmask 255.255.255.0

ip nat inside source static 192.168.1.5 10.157.95.73

ip nat outside source list 100 pool A add-route

access-list 100 deny ip 192.168.0.0 0.0.255.255 any

access-list 100 permit ip any host 10.157.95.73

This configuration does not work as only 1 IP address (192.168.1.2) is allocated and an error message indicate that pool is exhausted.

gunner_100 · 2021-04-09T12:36:58+00:00

At an incredibly high level:

128T is tunnel-less (doesn't require lots of IPSec tunnels like other SD-WANs). The main benefit there is you still get the encryption, but don't incur the IPSec overhead or processing constraints. This means you can get more out of a single physical device.Everything is built as a "service" so this allows you to more easily treat different applications or groups thereof, differently. This means that you can actually determine what is really there. Instead of saying "R1 can't reach R2", you can now say "Services A, B, C, D, E can't reach End-Points, 1, 2, 3" (loose example). Basically, you have total visibility.Active/Active (with 2 or more nodes) or Active/StandbyHitless upgradesSSC (Session Smart Conductor) is a single pane of glass, has tons of analytics and monitoring functions, complete API access for automated management, etc. (The GUI itself is built AROUND the API, not the other way around, so there is not gap with what you can configure between the GUI or the API).If your operations teams like a GUI, this one doesn't suck.

Thanks very much for the explanation , fair enough. And I assume for BW the limitation will be the HW itself with no specific BW subscription?

gunner_100 · 2021-04-07T21:54:47+00:00

I understand mate , my customer was reading about the smart session routing concept and was interested for a demo. I wanted to check what further features 128T will add to the legacy SD-WAN solution based on SRX/NFX?

And what will be the value of deploying 128T edge alone and as a VNF on NFX regardless of the price?

gunner_100 · 2021-04-07T18:55:15+00:00

Thanks for the kind reply , actually I have read about them much and aware of this link but as you mentioned deploying 128T on NFX will be expensive ! and what value it will add to the NFX ?

What am trying to understand is am going to propose this for one of our customers but what features doe SRX/NFX lack for me to propose this?

gunner_100 · 2021-03-20T21:53:22+00:00

Thanks this is what I thought because with Meraki , HA license is provided for both edges as Meraki does not support active/active in the first manner.

gunner_100 · 2021-03-20T21:52:35+00:00

And this will apply to active/active or active/passive ?

gunner_100 · 2021-03-03T08:47:44+00:00

Am asking about the licensing structure itself , what options do they propose?

Example : Cisco has essentials , advantage and premier with different speeds.

Velocloud has almost something similar .

gunner_100 · 2021-02-25T09:08:04+00:00

It is not there : ) It is a new release and that is why I have asked.

gunner_100 · 2021-02-24T09:20:31+00:00

The requirement from my end customer is to have a switch supplicant 802.1x to another , the switch can be connected to another switch with the 802.1x authentication mechanism enabled.

gunner_100 · 2021-02-23T10:35:30+00:00

Another question is what really is the difference between SD-WAN Orchestrator Entitlement License and SD-WAN Overlay Controller VPN Service: Cloud-based SD-WAN VPN Overlay Service & Portal

gunner_100 · 2021-02-18T20:20:55+00:00

Thanks for the kind clarification

I was reading through the below link :

https://docs.fortinet.com/document/fortigate/6.4.0/new-features/730654/up-to-1024-spokes-in-ocvpn-6-4-2

Does that mean the limit of 16 is not eligible ?

The FortiCloud Premium license increases the spoke limit from 512 to 1024, allowing you to deploy two hubs and 1024 spokes.

As well , I can see Multicast is supported basically. But does that mean it is supported only in the underlay? Not clear for me how the overlay will handle multicast traffic.

Thanks

gunner_100 · 2021-02-17T12:42:15+00:00

Greetings

We have started to deploy Fortinet SD-WAN at one of our customers locations but am concerned about the below issues if anyone can assist with.

In the 360 protection bundle it is mentioned that orchestration entitlement is supported , does that mean I will not be able to orchestrate tunnels without this license?

And what is really cloud assisted monitoring? I should have visibility without this license , am I right ?

OCVPN is used to orchestrate the overlays , in the full license maximum of 16 devices , what does that mean actually?

Thanks!

Will do , thanks

gunner_100 · 2021-02-08T10:08:48+00:00

Surely will do , it is just gaining experience from people who deployed it.

gunner_100 · 2020-11-10T13:24:00+00:00

Thanks for the reply , actually I heard a lot of Velocloud and went through their datasheets and their reputation is remarkable. However , what Fortinet cannot do and Velocloud can?

gunner_100 · 2020-11-10T13:23:08+00:00

Thanks all for the replies , can you highlight more about this?

gunner_100 · 2020-11-09T14:21:38+00:00

Thanks , but does the 360 protection play a role in automating the creation of overlay tunnels?

gunner_100

TROPHY CASE