MultiLink VPN works, it just does.
(19 votes, average: 5.00 out of 5)
Loading ...Most posts here are about new software-features or products, and the use of those. Today I want to give you a small insight of a real world setup, and a quite unusual one as well.
Starting 2005, calls for a company wide security policy came up, together with the wish to connect all relevant outposts of the company to the headquarters and their regional offices. We’re talking about 75 offices for phase 1, and 120 for phase 2.
Both classic vpn as well as mpls were concidered, but none combined high availability and scalability, together with provider independency and manageable costs. First tests with StoneGate soon revealed the power of MultiLink VPN and Firewall Policy Templates. After a 2-month test-phase, and a complete rebuild of the Headquarter Network, we rolled out 75 offices in 4 months, including several production plants. Last year, phase 2 was due, and another 50 offices were added. Now the picture in SMC5.1.1 looks like this:
In the HQ there are 3 internet connections, 2x 10mbit, 1x34mbit. In the backup datacenter, a 4mbit, 6mbit and 10mbit. In regional offices (19) there are 2 lines (sdsl). Normal offices have just one line, except when the load is too high (6 offices at this time). All offices have the exact same ruleset, only the HQ and backup datacenter have a special ruleset.
Which Internet Provider is used where, depends on availability and costs, but knows no limitations.
Internet load in the HQ is 15mbit at peaks, divided over all 3 links perfectly, and 9mbit in the backup datacenter. That leaves over 60% capacity for growth and temporary peaks.
This setup has proven its stability for over 3 years now. Downtime due to link loss or firewall dropout in HQ: 0 %.
Although the setup sounds difficult, due to the 100% standardization, everything is extremely manageable, and support calls can mostly be handled by normal Helpdesk, with escalation to 2 local admins (who normally take a look at the management twice a day) and the stonegate partner in the end. Normal maintenance of the system takes 1 day a week, updates go separately.
Believe me, standardization is your friend, and Stonegate an excellent product to help you out! And, in the end, MultiLink VPN works, it just does!
(and for the technically minded: yes, that are a LOT of tunnels. When we hit 85 firewalls, we ran in a limit of 8192 active VPN Tunnels, which was promply solved by Stonesoft)
4 Responses to “MultiLink VPN works, it just does.”
Leave a Reply
You must be logged in to post a comment.
March 8th, 2010 at 6:52 pm
jebATpop-i, you ROCK!!!
March 9th, 2010 at 11:01 am
Thanks for the flowers *grin*
StoneGate is just one of the few products that actually hold the promises they make, and I never have to worry about extra licenses, which is an extreme plus for me.
Lets use more Stonegates, they make admins and companies happy!
March 11th, 2010 at 4:00 pm
For this deployment was used SA per host? for the RTT work?
March 12th, 2010 at 12:52 am
Nono. That would have let the SG200 boxes that are still outthere go bezerk. The “loadbalancing” features of version 3.0 already sufficed for balancing the lines, and it only got better in time.