A few months ago, we took a little time to explain what SD-WAN is, and why everybody’s making such a big deal out of it. Now, we’re going to talk a little about the SD-WAN features in the brand new Sophos XGS series of firewalls, which are called, simply, Sophos Firewall. In other words, how do the new XGS firewalls “do” SD-WAN? But first, a little brush-up on SD-WAN itself.
What’s SD-WAN?
The way we set up our networks has changed drastically over the last decade. One of the biggest game changers to come out is SD-WAN. What exactly is SD-WAN? It stands for software defined wide area network.
In the past, businesses would set up a MultiPtotocol Label Switching (MPLS) connection. With MPLS, each branch office connects back to the central location where they hosted all their applications.
But now, there’s a huge shift to cloud applications. Instead of having a locally hosted email, a business might rely on Microsoft for Office 365, or Gmail. And instead of a locally hosted CRM system, a business might rely on a cloud hosted solution like Salesforce. All of the custom apps that a business used to host locally can now be hosted in a cloud data center like AWS or Azure. Now with an MPLS system, all of the branch offices still have to connect back to the central location to get their access to the cloud. So, you know that central data center that used to be the brains of the operation? Now it’s a bottleneck.
So how do you resolve this issue without having to spend a bundle completely redoing your network?
Enter SD-WAN
SD-WAN allows you to do several things that you were not able to do with MPLS. For one thing, it separates the management plane from the data plane. So instead of having to go to each of your routers to make changes or add a new application, you can do it through a central dashboard.
It also allows you to prioritize one application over another. For example, maybe you want to make sure your VOIP phone system always has the best connection. But social networking doesn’t really matter. You can put your VOIP software at the top of the list and social networking at the bottom of the list. This ensures that you always have the best possible connection when talking on the phone.
You can also utilize multiple connections, like a broadband and an LTE connection. This way, if the broadband connection is starting to get bogged down, an application can fall back to the LTE connection. Broadband connections are also much cheaper than an MPLS connection. And managing SD-WAN is much easier than MPLS.
SD-WAN features in Sophos Firewall
Sophos Firewall supports multiple WAN links. This includes a variety of copper, fiber, and even cellular options. And, with the optional SPF modem, it can terminate MPLS circuits using ethernet handoff and VDSL. Sophos Firewall also offers essential WAN link monitoring, balancing, and failover capabilities.
It goes without saying that affordable zero-touch or low-touch deployment are very desirable. The goal is for set-up to be as painless and cost-effective as possible, while still supporting all enterprise connectivity requirements.
The desktop XGS appliances also make excellent branch SD-WAN “connectors” with their flexible connectivity options. These include VDSL and cellular in addition to copper and fiber interfaces, and support for SD-REDs.
Robust VPN support and orchestration are critical for SD-WAN. Sophos Firewall supports all the standard site-to-site VPN options you expect. This includes IPSec and SSL. Sophos even offers its own unique SD-RED Layer 2 tunnel with routing. It’s robust and reliable in high-latency situations such as over satellite links.
And Sophos Firewall Manager and Central Firewall Manager provide multi-site VPN orchestration tools. They make it easy to set up a mesh of VPN SD-WAN connections. There’s also a flexible option for automatic failback to the primary VPN connection when a WAN link is restored.
Application Visibility and Routing
You have to be able to ensure quality and minimize latency for critical applications. Applications like VoIP. Of course, you can’t route what you can’t identify. So accurate, reliable application identification is critical. This is one area where Sophos Firewall provides an incredible advantage. Synchronized Application Control gives you 100% clarity into all network applications. This provides a huge advantage in identifying mission-critical applications. And that’s especially important with obscure or custom applications.
Sophos’ Synchronized SD-WAN provides a level of application routing control and reliability that other firewalls can’t match. An enhanced clarity and stability of application ID comes with the sharing of Synchronized Application Control information between the managed endpoints and Sophos Firewall. Now, previously unidentified applications can also be added to SD-WAN routing policies.
As organizations adopt remote workforce policies, networks grow more spread out. SD-WAN has addressed the needs of a vast, “work from anywhere” workforce. It has greatly advanced our ability to truly, safely, work from anywhere. And, of course, Corporate Armor is ready to answer any questions you might have, and help you decide on a Secure SD-WAN solution that’s right for you. So email us, or call 877-449-0458. Thanks for reading!
Sophos Firewall SD-WAN highlights
Much lower TCO than other networking options |
Extremely scalable |
Functions as a single, holistic system, with total visibility |
Centrally managed in a single pane of glass interface |