Guidelines for deploying FlexEdge Secure SD-WAN in the Firewall/VPN role
There are some general deployment guidelines for Firewalls, Master Engines, and the Secure SD-WAN Manager.
| Component | General Guidelines |
|---|---|
| Management Server | Position on a central site where it is physically accessible to the administrators responsible for maintaining its operation. |
| Log Servers | Place the Log Servers centrally and locally on sites as needed based on log data volume and administrative responsibilities. |
| Management Clients | Management Clients can be used from any location that has network access to the Management Server and the Log Servers. |
| Management Server | Position on a central site where it is physically accessible to the administrators responsible for maintaining its operation. |
| Firewalls | Position Firewalls at each location so that all networks are covered. Firewalls can be clustered. Functionally, the Firewall Cluster is equal to a single high-performance Firewall. Cluster deployment sets up a heartbeat link between the Firewalls. The heartbeat link allows the devices to:
|
| Master Engine | Position Master Engine where Virtual Engine are needed. For example, at a hosting location
for MSSP services or between networks that require strict isolation. Master Engine can be clustered. A clustered Master Engine provides scalability and high availability. In a Master
Engine Cluster, the Virtual Resource is active in one
Master Engine at a time. Cluster deployment sets up a heartbeat link
between the Firewalls. The heartbeat link allows the devices to:
|