Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - ahenning

Pages: [1] 2 3 ... 42
1
PCI compliant SSL settings were added to v.4.2.9

2
Deployment / Re: New deployment
« on: April 26, 2020, 09:59:43 AM »
Hi Fabio,

The reason is most likely due to the second appliance not having a trial loaded. The second license was sent after the forum post. But since this a very common scenario and someone else might find this post with the same question, here are a few things to check:

Assuming a fresh install with two appliances/VM's in bridge mode and only IP addresses are added as the only config so far:
1) Load trial licenses on both sides. Check license status.
2) Check that wan0 interfaces point to each other. lan0 interfaces connect to the test workstations.
3) Wanos appliance/VM's have at least 2GB RAM. If any peers are in the peer status that should not be there, delete them.
4) Start a few TCP sessions from the test machines. Windows machines may need a reboot before start testing. Alternatively test between wanos appliances with this trick: From Wanos-A command line run:
wget http://wanos-b-ip/

5) Once peers show up on both sides, then start testing with larger files.

In a lab/test environment this should always be the bare minimum to get the peers up and start testing optimization. For deployments that involves firewalls there is a more comprehensive troubleshooting guide here:
Peer Down | Optimization not working | No Optimization

3
Hi Leighton,

For some reason your support ticket did not make it to us via the partner. Do you still require the solution for this?

4
Hi, Yes of course, please kindly send the support request via the relevant partner.

5
Deployment / Re: Setup in Lab between branch Office and HQ through a VPN
« on: December 03, 2019, 11:21:15 AM »
Yes, WAN Optimization works well on Zerto replication. It still depends on the data that is being replicated and zerto builtin encryption/compression disabled.

6
Deployment / Re: Would wanos benefit a fa
« on: September 03, 2019, 10:03:39 AM »
Yes, I think the trial would be the best answer to that question.

E.g. The trial might determine that its a best case scenario where only a 20/200 is needed and run only TCP-X to bump the 60 Mbps to e.g. 150 or 200 Mbps

7
Deployment / Re: Would wanos benefit a fa
« on: September 02, 2019, 03:48:02 PM »
Hi DDIT,

There seems to be 2 unique use case in this topology:
London << 60Mbps/200ms >> Hong Kong << 90Mbps/40ms >> Shanghai.

London -> Hong Kong, could benefit from Wan Optimization, but especially TCP acceleration if the link currently does not perform close to 60Mbps. For example in similar client scenarios the throughput between these two would be closer to 10 Mbps under normal conditions.

On the second leg of the topology I suspect only the Wan Optimization features would provide benefits and the 40ms latency would not affect the TCP performance too badly.

Express 6/60 is the older v.3 version with 6Mbps Wan Optimization output, and 60Mbps pass-through/qos license.

Note: the forum questions usually involve small links because that is the typical use case for express users that use free forum support. Plus clients and trial users get direct support.

8
General Discussion / Re: Academic Project: Request for information
« on: January 17, 2019, 01:20:17 PM »
Hi Alexandre,

Please kindly email support @ wanos and we'll be able to email you the requested files and also possibly put you in touch with previous students of the course.

9
Troubleshooting / Re: TXP-X : How To Verify?
« on: September 09, 2018, 09:31:47 PM »
Is Iperf3 running on the test machines or directly on Wanos?

It is worth testing with deduplication set to level 0. This would eliminate some potential RAM and Disk IOPS or Disk latency bottlenecks.

The Optimized Iperf3 results looks as expected. Also perhaps test with TCP-X enabled, but please read the doc first has in bridge mode the network routes much be carefully configured on Wanos to ensure the TCP accelerator can reach all the source and destination subnets.

10
Deployment / Re: Suggested deployment between two firewalled sites
« on: July 30, 2018, 08:30:32 PM »
Hi,

Yes, tunnel mode should work fine in that configuration as long as the redirect config is applied both sides.
Traceroute from both sides to the other should show the path going over Wanos, then all should be good to go.

11
Recommended action:
Set WAN Tx rate to link rate on both sides.
Clear datastores on both sides manually.
Check if this resolves the issue.

Re TCP-X:
Wanos is probably not able to find the routes it needs to reach the source/destination and additional static routes may be needed.

12
Deployment / Re: Suggested deployment between two firewalled sites
« on: May 09, 2018, 01:14:07 PM »
Outbound/Transmit optimization, after optimization/compression, excluding pass-through = 10Mbps (Typically the links speed TX rate)
Outbound/Inbound pass-through, QoS, Path-Selection, TCP acceleration = 100Mbps

13
Deployment / Re: Suggested deployment between two firewalled sites
« on: May 09, 2018, 12:04:02 PM »
One thing to check with this design is whether the FW will allow the subnets from the remote site, to be the source IP when Wanos sends it back to the FW once the traffic gets off the tunnel. What happens is the FW sees the remote site subnets source IP coming from the Wanos/DMZ/Additional LAN section, when the routing table says the traffic should come from the External interface. What we sometimes need to do is disable Reverse Path Check or Asymmetric routing checks on the FW interface going to Wanos.

More info available at: http://kb.fortinet.com/kb/documentLink.do?externalID=FD30543

14
Troubleshooting / Re: WanOS bridge on oVirt (KVM) pass only icmp
« on: May 09, 2018, 09:57:50 AM »
Hi Robert,

If it was a case where the ICMP, UDP and HTTPS passed, but other TCP e.g. HTTP and FTP not, then traffic policies etc could be looked at. I think the problem is lower down on the KVM virtual Interface/VLAN config level.

Can you dedicate a separate physical interface for lan0 and wan0? If not, perhaps test with tunnel mode.

Feel free to send the support query to support at wanos

15
Deployment / Re: Suggested deployment between two firewalled sites
« on: May 09, 2018, 09:48:06 AM »
It depends on the firewall capability. In similar scenarios we use an additional Interface on the firewall where Wanos connects to and the FW PBR is set to redirect traffic from the local subnets (Internal Interface) to the Wanos interface. Wanos has the firewall as default gateway, so traffic flow looks as follows:

LAN Subnets -> (Internal)-FW  -> Wanos -> FW-(external) -> VPN

What is the max speed per TCP session that you get over the 20ms?

Pages: [1] 2 3 ... 42