Deployment Options Flashcards
What are the two deployment types? ( x2 traffic flow paths)
- In Path (in line)
- Out of Path - Quite complicated
What are the 3 different deployment modes for the EdgeConnect appliance?
- Router Mode - as in: In Line Router Mode (ILRM)
- Bridge Mode - also inline but is ‘transparent’ within the same subnet
- Server Mode - Default for EdgeConnect VMs but will likely be changed to a different type of mode.
What is one advantage of Bridge Mode on a physical appliance.
Fail-to-Wire feature that acts like a cross over cable when the device is powered off.
How does the Server Mode deployment type work?
Only one network interface.
Traffic must be redirected to the SilverPiek device in both directions
What are some limitations of bridge mode?
- No Local Breakout
- Less path flexability
- No EdgeHA Mode
- No ZBF (Zone based Firewall) functionality
What is the best protocol to support traditional HA deployments of EdgeConnect in Edge mode
VRRP - Virtual Router Redundancy Protocol
Two edge routers share a virtual IP and MAC address.
What is the best way to deploy an HA pair of edge devices without the need for extra switches on the WAN side of the devices?
Edge High Avalability
devices share the wan connections between then where needed.
How does a router direct traffic to a silver piek that is not inline with the traffic?
Either…
Adversite the destination networks using the best metrics to local routers
or…
Policy Based Routing (PBR) on the in-line router.
Would you employ rate limiting on the device sending traffic or on the Silver Peak appliance?
On the Silver Peak Appliance.
What does the Firewall mode “WAN Hardening” do?
Only tunnel traffic will be allowed through the interface along with DHCP, DNS, and cloud portal managment traffic.
Return traffic from internet browsing would be blocked if internet breakout was attempted.
What does the Stateful Firewall mode of the EdgeConnect device do?
Acts as a very basic statful firewall but does not do any filtering such as IPS or inspection.
What does the Stateful+ Firewall mode of the EdgeConnect device do?
Acts as a statful firewall plus NAT functionality but does not do any filtering such as IPS or inspection.
How does ta SilverPeak Edge device support internal Server?
Inbound Port Forwarding
What is a Zone Based Firewall (ZBF)?
Each inside and outside port as well as “business intent overlays” are assigned to a zone and then traffic behind zones can be controlled.
The Zone list is shared among all sites to allow setup or rules for the entire multi-site WAN network.
Does the EdgeConnect device need direct access to the internet.
No. The EdgeConnect device can talk over a private network link to the Orchestrator and the orchestrator can act as a proxy to reach the Silver Peak Cloud Portal to register.
Will the SilverPeak EdgeConnect device work behind a device that performs NAT?
Yes.
