Best solution for branch offices?

  • 0
  • 1
  • Question
  • Updated 4 years ago
IDIOT DISCLAIMER: I am new to Extreme Networks, so forgive me if there is something obvious I am missing.

I have a central site which is presently 100% Cisco (ASA 5520's as the firewall and Catalyst switches) and then at my remote sites (for which there are many) I am running ASA 5505's.

I am trying to wrap my head around how I will go about replacing all of the facets of my network and making them better.  And I feel like there HAS to be a better way of connecting remote sites.  Right now I am using leased lines (mostly cable modems, and a few fiber) and then connecting them via VPN tunnels back to my main site.  The ASA 5505's are really ... *not good* ... and I keep running into stupid limitations that hinder my tracking and management.  Such as - you cannot pull the ARP table through SNMP.  What?  Or how about - no DHCP reservations?  WHY?!?!

I am presently reading about NAC, policies, etc.  And I have one extreme switch to play with (along with some evaluation VM's to run Netsight and Purview).  It seems to me like there should be a way to extend these policies out to a remote site.  What would I use to do that with, and where would the VPN terminate?  Or - better yet - is there a better option than VPN to accomplish remote site connections?

I feel like I am sacrificing a lot of speed to the encryption mechanisms and bandwidth to the overhead.  All the while, I could be doing this faster and more efficiently with a low end workstation running IPCop.  But again ... I am looking for the BETTER way and not a hack job.

Ideas?
Photo of Steve Ballantyne

Steve Ballantyne

  • 132 Points 100 badge 2x thumb

Posted 4 years ago

  • 0
  • 1
Photo of Ron Prague

Ron Prague

  • 742 Points 500 badge 2x thumb
I'm a fan of keeping the routing/firewall devices and your switching devices in their own Silos.

I've recently replaced all of our Cisco 2911 and ASA 55xx units with the Fortigate line of products from Fortinet, FG600C at the main corporate headquarters and FG60D units at the remote sites.  They have the added benefit of also working as a Wifi controller so we've been able to upgrade wifi in the remote offices and have actual working SSO via WPA2 enterprise tied into our AD.

We're also replacing our switching core and edge switches with Extreme gear, which has gone swimmingly so far.
Photo of Steve Ballantyne

Steve Ballantyne

  • 132 Points 100 badge 2x thumb
Thanks for the feedback Ron.  I am not familiar with Fortigate products, but I am checking out their website now.  That's pretty neat that they control WiFi as well.  but I would be more interested in having OneView statistics at those sites.  Are you using OneView at your shop?

Oh, and I too am looking at replacing my core with Extreme gear.  We have a few 6500's that are going to be end of life in the next 1.5 years.