dokucama

User Tools

Site Tools

Trace: netsim zscaler vagrant
network_stuff:sd-wan

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
network_stuff:sd-wan [2024/10/06 18:14] jotasandokunetwork_stuff:sd-wan [2025/01/22 17:38] (current) jotasandoku
Line 49: Line 49:
     - ZTNA verifies users every time they access a resource, enforcing strict identity checks, even inside the network. It treats all requests as untrusted, ensuring each interaction is authenticated and authorized.     - ZTNA verifies users every time they access a resource, enforcing strict identity checks, even inside the network. It treats all requests as untrusted, ensuring each interaction is authenticated and authorized.
     - In a SASE framework, ZTNA works alongside SD-WAN to ensure appropriate access controls, so no implicit trust is given based on network location.     - In a SASE framework, ZTNA works alongside SD-WAN to ensure appropriate access controls, so no implicit trust is given based on network location.
 +    - Real-Life Example of ZTNA in SD-WAN:
 +      - A company uses SD-WAN for branch offices to access cloud applications. With **ZTNA**, when an employee tries to access a sensitive application, the system verifies the user’s identity and device, regardless of their location (office or home). Only after passing strict checks can the employee access the resource, ensuring secure and controlled access.
 +
  
 ===== Key Takeaways ===== ===== Key Takeaways =====
Line 55: Line 58:
   * DMVPN provided static or semi-dynamic IPSec VPNs, while SD-WAN turns those tunnels into an intelligent, software-defined overlay that adapts to network conditions and application requirements.   * DMVPN provided static or semi-dynamic IPSec VPNs, while SD-WAN turns those tunnels into an intelligent, software-defined overlay that adapts to network conditions and application requirements.
   * SASE adds cloud-based security services on top of SD-WAN, while ZTNA enforces strict user access controls within that framework.   * SASE adds cloud-based security services on top of SD-WAN, while ZTNA enforces strict user access controls within that framework.
 +
 +
 +----
 +=== CISCO SD-WAN - LAB NOTES ===
 +Three elements. Only one of them needs high resources for the lab:
 +  * sd-wan manager (vmanage, centralized dashboard): ~20GB RAN
 +  * controllers (vsmart, policy engines): router with 'policy' role (~control plane)
 +  * edge nodes (vedge): these are just the dumb switches
 +  * vbond (CA)
 +
 +No need for smart account. Just a button with **pay as you go** license. **this is in the vmanage itself, we need to have last version. (20.6.3 (Jul 2022))
 +All air gapped, you need to do your your Wan edge certificates yourself and your controller certificates.So you need to know how to generate open SSL root CA and then sign certs from that CA.\\
 +basically the first step in onboarding a router like ACSR 1000V or a Catalyst 8000V virtual router is to take the CA certificate and install it.  put it on the boot flash of the router and then you import it into the router's trust store.So what that does is when it does that initial connection to the controllers, it now uses your certificate to validate them and form that mutual trust instead of using the one that Cisco would use if you were in the cloud.\\
  
network_stuff/sd-wan.1728238449.txt.gz · Last modified: by jotasandoku

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki