Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - ahenning

Pages: [1] 2 3 ... 42
1
Deployment / Re: Setup in Lab between branch Office and HQ through a VPN
« on: December 03, 2019, 11:21:15 AM »
Yes, WAN Optimization works well on Zerto replication. It still depends on the data that is being replicated and zerto builtin encryption/compression disabled.

2
Deployment / Re: Would wanos benefit a fa
« on: September 03, 2019, 10:03:39 AM »
Yes, I think the trial would be the best answer to that question.

E.g. The trial might determine that its a best case scenario where only a 20/200 is needed and run only TCP-X to bump the 60 Mbps to e.g. 150 or 200 Mbps

3
Deployment / Re: Would wanos benefit a fa
« on: September 02, 2019, 03:48:02 PM »
Hi DDIT,

There seems to be 2 unique use case in this topology:
London << 60Mbps/200ms >> Hong Kong << 90Mbps/40ms >> Shanghai.

London -> Hong Kong, could benefit from Wan Optimization, but especially TCP acceleration if the link currently does not perform close to 60Mbps. For example in similar client scenarios the throughput between these two would be closer to 10 Mbps under normal conditions.

On the second leg of the topology I suspect only the Wan Optimization features would provide benefits and the 40ms latency would not affect the TCP performance too badly.

Express 6/60 is the older v.3 version with 6Mbps Wan Optimization output, and 60Mbps pass-through/qos license.

Note: the forum questions usually involve small links because that is the typical use case for express users that use free forum support. Plus clients and trial users get direct support.

4
General Discussion / Re: Academic Project: Request for information
« on: January 17, 2019, 01:20:17 PM »
Hi Alexandre,

Please kindly email support @ wanos and we'll be able to email you the requested files and also possibly put you in touch with previous students of the course.

5
Troubleshooting / Re: TXP-X : How To Verify?
« on: September 09, 2018, 09:31:47 PM »
Is Iperf3 running on the test machines or directly on Wanos?

It is worth testing with deduplication set to level 0. This would eliminate some potential RAM and Disk IOPS or Disk latency bottlenecks.

The Optimized Iperf3 results looks as expected. Also perhaps test with TCP-X enabled, but please read the doc first has in bridge mode the network routes much be carefully configured on Wanos to ensure the TCP accelerator can reach all the source and destination subnets.

6
Deployment / Re: Suggested deployment between two firewalled sites
« on: July 30, 2018, 08:30:32 PM »
Hi,

Yes, tunnel mode should work fine in that configuration as long as the redirect config is applied both sides.
Traceroute from both sides to the other should show the path going over Wanos, then all should be good to go.

7
Recommended action:
Set WAN Tx rate to link rate on both sides.
Clear datastores on both sides manually.
Check if this resolves the issue.

Re TCP-X:
Wanos is probably not able to find the routes it needs to reach the source/destination and additional static routes may be needed.

8
Deployment / Re: Suggested deployment between two firewalled sites
« on: May 09, 2018, 01:14:07 PM »
Outbound/Transmit optimization, after optimization/compression, excluding pass-through = 10Mbps (Typically the links speed TX rate)
Outbound/Inbound pass-through, QoS, Path-Selection, TCP acceleration = 100Mbps

9
Deployment / Re: Suggested deployment between two firewalled sites
« on: May 09, 2018, 12:04:02 PM »
One thing to check with this design is whether the FW will allow the subnets from the remote site, to be the source IP when Wanos sends it back to the FW once the traffic gets off the tunnel. What happens is the FW sees the remote site subnets source IP coming from the Wanos/DMZ/Additional LAN section, when the routing table says the traffic should come from the External interface. What we sometimes need to do is disable Reverse Path Check or Asymmetric routing checks on the FW interface going to Wanos.

More info available at: http://kb.fortinet.com/kb/documentLink.do?externalID=FD30543

10
Troubleshooting / Re: WanOS bridge on oVirt (KVM) pass only icmp
« on: May 09, 2018, 09:57:50 AM »
Hi Robert,

If it was a case where the ICMP, UDP and HTTPS passed, but other TCP e.g. HTTP and FTP not, then traffic policies etc could be looked at. I think the problem is lower down on the KVM virtual Interface/VLAN config level.

Can you dedicate a separate physical interface for lan0 and wan0? If not, perhaps test with tunnel mode.

Feel free to send the support query to support at wanos

11
Deployment / Re: Suggested deployment between two firewalled sites
« on: May 09, 2018, 09:48:06 AM »
It depends on the firewall capability. In similar scenarios we use an additional Interface on the firewall where Wanos connects to and the FW PBR is set to redirect traffic from the local subnets (Internal Interface) to the Wanos interface. Wanos has the firewall as default gateway, so traffic flow looks as follows:

LAN Subnets -> (Internal)-FW  -> Wanos -> FW-(external) -> VPN

What is the max speed per TCP session that you get over the 20ms?

12
Deployment / Re: Suggested deployment between two firewalled sites
« on: May 08, 2018, 04:27:27 PM »
Just checking, 300Mbps and 20ms? That would be a short fat pipe, unless the 20 should be 200+?

PBR sounds like the way to go, with some IP Track SLA type of config for redundancy.

Wanos has IPsec, but if you have the infrastructure already, go with what is working now and just add Wanos for Optimization.

13
Hi Philippe,

Thanks, techsup received. Log files don't report any problems, so we will need to look a little deeper to find the cause.

But firstly the test to send mirrored traffic to Wanos is not a valid test due to "noise" filters. Consider Wanos as a two port switch rather than a traditional bridge that would just pass everything through.

It is recommended to test with real traffic.

Also please disable TCP-X and if enabled web caching as these features requires a routing table and Wanos would not know to send the traffic to the laptop.

14
Deployment / Re: WAN Optimization Solution
« on: March 28, 2018, 10:13:33 PM »
Yes, should work, bridge mode does exactly that.

15
Troubleshooting / Re: no tun0 interface
« on: February 18, 2018, 11:22:29 AM »
Thanks for the suggestion.

The reason tunnel id is not part of the SPI is because the SPI must match on both sides. Say for example a hub and spoke, the hub would have 5 tunnels, but the spoke would have 1. In order to make the suggestion work, which we considered initially, it would be required to teach the user to make the tunnel id match on both ends. We would like the learning curve to be as low as possible for the user.

The issue that it is possible to configure the SPI with chars and not digits, is an oversight.

What are your end goals in testing IPSec?

Pages: [1] 2 3 ... 42