SD-WAN and VPN Orchestrations: Fast-Tracking Enterprise Growth

By

If you’re planning to onboard multiple branches or refresh existing sites with newer firewalls, SonicWall now offers options to help you effortlessly fast-track the process.

We recently announced the expansion of our Network Security Manager version 2.3, which introduced three essential firewall management capabilities: Template Variables, SD-WAN, and VPN Orchestration and Monitoring. These new features help facilitate the rapid deployment, provisioning and central management of your enterprise-wide SD-Branch operations globally.

Template Variables

Here’s a typical use case for Template Variables: Say a security operating center (SOC) for a large enterprise retailer wants to quickly build out hundreds of store locations using a single template configuration, eliminating manual configuration at each site. The administrator seeks an easy-to-use tool to automatically assign a unique interface, subnet, gateway IP and static routes to the firewall, all while keeping all other settings and policies consistent across all sites. NSM 2.3’s new Template Variables feature enables them to do precisely this.

When configuring a Template using Template Variables to assign a device-specific value — such as an IP address, subnet and gateway IP, and static route — the admin can make specific firewall parameters requiring a unique value into a variable object within a template configuration. For example, the Template Variables object “testv4Obj” in Figure 1 shows that it can be any octet of the IP address.

For the firewall device named “test,” the second, third and fourth octet are set as variable objects. So, when the Template with Template Variables configuration is committed and deployed, NSM resolves the device-unique value to the associated firewall device. This occurs when the Template gets pushed across multiple devices or device groups.

In this scenario, “test” is assigned an IP address of 10.5.5.10, while “demo_tz670_gen7” is given the value 10.101.1.10. Template Variables preserve the uniqueness of the device-specific value during the commit and deploy process.

Other examples of such parameters are DNS Server IP, Hostname, FDQN, etc. You can also use variables inside access rules in the form of address objects.

Whether you have a single site or hundreds of sites, the Template Variable within the Template configuration workflow makes building out any number of sites super-fast. It does this by auto-provisioning device-specific configurations for each firewall. As a result, distributed enterprises can onboard and secure new branch facilities quickly and easily, eliminating separate manual setups for each device at every location.

SD-WAN Orchestration and Monitoring

The use case for the SD-WAN Orchestration feature is similar to that of Template Variables. A typical scenario is a distributed enterprise SOC that wants to operationalize multiple branches with SD-WAN connectivity to communicate with one another.

The admin wants to — from one place — centrally deploy, provision and manage SD-WAN networks and application routing services across all sites. The goal in a case like this is to ensure business-critical applications never slow down or shut off and that they continually operate at peak performance. The NSM 2.3 SD-WAN Orchestration feature enables the enterprise SOC to do all that.

Using an intuitive, self-guided workflow, administrators can build, operate and manage an enterprise-wide SD-WAN network. This is done by establishing and enforcing application-based traffic and other traffic steering configurations across and between thousands of sites, all with minimal effort.

SD-WAN Monitoring feature lets admins proactively observe the health and performance of their SD-WAN environment, such as interface status, utilization and performance service level. The information allows network infrastructure teams to:

  1. Troubleshoot and resolve issues quickly
  2. Ensure consistent SD-WAN configurations across all sites
  3. Drive the optimal level of WAN and application performance

VPN Orchestration and Monitoring

Setting up and configuring VPNs in a distributed enterprise with multi-location and multi-cloud networks can be burdensome. It may even be problematic for specific deployment scenarios and less experienced administrators. Enterprise SOCs want to make this process easier for their network admins — and they expect a simple and procedural way to set up VPN settings and policies so that any network admin at any skill level can configure everything via a streamlined process. Once VPN tunnels are established across the enterprise, enterprise SOCs also demand visibility into all network traffic going through the VPN tunnels.

The NSM 2.3 VPN Orchestration feature helps admins establish site-to-site connectivity and communication quickly and without errors by using a repeatable, self-guided workflow. This feature enables them to centrally configure VPN settings and policies using a wizard-based, step-by-step setup process.

Additionally, the VPN Monitoring feature gives admins complete visibility into their entire VPN environment’s activities, health and performance. Admins can leverage this information to monitor connection status, data transfers and bandwidth consumed over those VPN tunnels. At the same time, alerts allow admins to proactively maintain the integrity of VPN connections, ensuring continuous connectivity between sites.

SonicWall Staff