@hobbit666 said in MPLS alternative:

So following on from another thread.

I'm today's modern day how would you handle:-
*Multiple site connections around 60 sites.
*Internet access via a
for "security" either at a single point or something per connection? Nice to have Intruction detection blah blah blah 😁 and content filtering. Will need to allow certain ports in and out (I know this is normally standard on Firewalls/UTMs but worth mentioning)
*semi managed with high SLA.

How would multiple vpns be handled. Would it be a case each sites router would have multiple vpns to each site? Or a single VPN to a singe "master" site/device.

About two years ago, we stopped using MPLS in favor of site-to-site virtual private networks. Costs are decreasing, speeds are increasing, and visibility is improving. We're using Fortigates for the firewalls, but you should be able to use whichever firewall you're comfortable maintaining. Similar use profile in terms of traffic type (Citrix ICA). We used hub and spoke vpn architecture, which works well for us; what works best for you will rely on the rest of your infrastructure topology.