VMware Communities
kbench
Contributor
Contributor
Jump to solution

Protect SD-WAN Interfaces with Virtual Wire

I'm debating a design choice and looking for some thoiughts.  We're deploying physical Palo Alto Firewalls behind our SD-WAN Edge.  While doing this I have the opportunity to do possibly protect the WAN interfaces of the SD-WAN device.  If you're familiar with Palo Alto, I'm looking at using a Virtual Wire.  This would allow me to filter the application ports allowed toward the Edge without doing a NAT.

I cannot quite decide if it is worth it though.  How common is it for people to protect the WAN interfaces of an Edge?  It would be another point of failure and troubleshooting but the protection could be nice in the event of a zero day on WAN interfaces of the Velo.

Reply
0 Kudos
1 Solution

Accepted Solutions
yusukehirata01
Enthusiast
Enthusiast
Jump to solution

VMware SD-WAN is a VPN device and is less secure than professional FW products.
Therefore, especially in large-scale locations, it is recommended to install a FW between them and the Internet.

Thank you

View solution in original post

1 Reply
yusukehirata01
Enthusiast
Enthusiast
Jump to solution

VMware SD-WAN is a VPN device and is less secure than professional FW products.
Therefore, especially in large-scale locations, it is recommended to install a FW between them and the Internet.

Thank you