This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Best solution for branch offices?

Best solution for branch offices?

Steve_Ballanty1
New Contributor

‎04-16-2015 03:27 PM

IDIOT DISCLAIMER: I am new to Extreme Networks, so forgive me if there is something obvious I am missing.

I have a central site which is presently 100% Cisco (ASA 5520's as the firewall and Catalyst switches) and then at my remote sites (for which there are many) I am running ASA 5505's.

I am trying to wrap my head around how I will go about replacing all of the facets of my network and making them better. And I feel like there HAS to be a better way of connecting remote sites. Right now I am using leased lines (mostly cable modems, and a few fiber) and then connecting them via VPN tunnels back to my main site. The ASA 5505's are really ... *not good* ... and I keep running into stupid limitations that hinder my tracking and management. Such as - you cannot pull the ARP table through SNMP. What? Or how about - no DHCP reservations? WHY?!?!

I am presently reading about NAC, policies, etc. And I have one extreme switch to play with (along with some evaluation VM's to run Netsight and Purview). It seems to me like there should be a way to extend these policies out to a remote site. What would I use to do that with, and where would the VPN terminate? Or - better yet - is there a better option than VPN to accomplish remote site connections?

I feel like I am sacrificing a lot of speed to the encryption mechanisms and bandwidth to the overhead. All the while, I could be doing this faster and more efficiently with a low end workstation running IPCop. But again ... I am looking for the BETTER way and not a hack job.

Ideas?
0 Kudos
2 REPLIES 2

Steve_Ballanty1
New Contributor

‎04-16-2015 08:54 PM

Thanks for the feedback Ron. I am not familiar with Fortigate products, but I am checking out their website now. That's pretty neat that they control WiFi as well. but I would be more interested in having OneView statistics at those sites. Are you using OneView at your shop?

Oh, and I too am looking at replacing my core with Extreme gear. We have a few 6500's that are going to be end of life in the next 1.5 years.
0 Kudos

Ron_Prague
New Contributor II

‎04-16-2015 08:54 PM

I'm a fan of keeping the routing/firewall devices and your switching devices in their own Silos.

I've recently replaced all of our Cisco 2911 and ASA 55xx units with the Fortigate line of products from Fortinet, FG600C at the main corporate headquarters and FG60D units at the remote sites. They have the added benefit of also working as a Wifi controller so we've been able to upgrade wifi in the remote offices and have actual working SSO via WPA2 enterprise tied into our AD.

We're also replacing our switching core and edge switches with Extreme gear, which has gone swimmingly so far.
0 Kudos
GTM-P2G8KFN