ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Connection query

    Scheduled Pinned Locked Moved IT Discussion
    11 Posts 2 Posters 903 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      justin867
      last edited by

      Hi,
      Q1. What are the options for guest A office to connect their office LAN (computers/printers) to their head office aside from IP sec tunnel?
      Our network has 2 guest WIFI vlans, 1 is public guest WIFI and another is for guest A which is an office.
      Guest A needs their office to be connected to their head office, they said they usually use IP sec to connect to main office.
      We have 2 ISP and one of them is down now.
      Q2. What are the things I need to be aware and prepared with regards to my network for Guest A connection requirements?

      scottalanmillerS 1 Reply Last reply Reply Quote 1
      • scottalanmillerS
        scottalanmiller
        last edited by

        IPSec VPNs work basically anywhere. There is very little to know (from a high level, actually setting up the tunnel is a huge number of knobs and buttons that have to match correctly on both ends.)

        IPSec is just a VPN, the most common and normal one, in fact. So once you have an IPSec tunnel, there is nothing to know at all for Q1 - the two ends of the tunnel are on the same network as soon as you have the tunnel so they are fully connected immediately. It "just works."

        1 Reply Last reply Reply Quote 1
        • scottalanmillerS
          scottalanmiller @justin867
          last edited by

          @justin867 said in Connection query:

          Q2. What are the things I need to be aware and prepared with regards to my network for Guest A connection requirements?

          Just the IPSec connection details to make a new tunnel.

          1 Reply Last reply Reply Quote 0
          • J
            justin867
            last edited by

            how about the bandwidth and security factors on my network?

            scottalanmillerS 2 Replies Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @justin867
              last edited by

              @justin867 said in Connection query:

              how about ... security factors on my network?

              VPNs are always a huge security concern because they expand the LAN. You are hooking two LANs together which, presumably, only is useful when you are using your LAN as your security barrier and then, naturally, by attaching two LANs together under that premise you make your risk pool way larger. Any use of a LAN as a security barrier and any LAN extension of this nature carries a lot of inherent risk. This is why things like VPNs and MPLS today are throwbacks and not how we want to design modern networks. Most companies still operate in this 1990s "LAN based" model, so this is expected and common. But it doesn't change the fact that it in inherently insecure and exactly what things like ransomware leverage.

              1 Reply Last reply Reply Quote 1
              • scottalanmillerS
                scottalanmiller @justin867
                last edited by

                @justin867 said in Connection query:

                how about the bandwidth .... on my network?

                IPSec doesn't really use any bandwidth. But using your IPSec tunnel will use as much bandwidth as you push data across it. Send one 100KB file over it, you will use 100KB of traffic. Send thousands of 10GB files over it, and you'll use many TB of traffic. This comes down 100% to your use case.

                1 Reply Last reply Reply Quote 0
                • J
                  justin867
                  last edited by justin867

                  I assume our fortinet will be able to see if the guest A is a bandwidth hogger. correct?

                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @justin867
                    last edited by

                    @justin867 said in Connection query:

                    I assume our fortinet will be able to see if the guest A is a bandwidth hogger. correct?

                    Not necessarily. It depends how it monitors the traffic. And how the traffic is used.

                    1 Reply Last reply Reply Quote 0
                    • J
                      justin867
                      last edited by

                      thank you very much Sir

                      scottalanmillerS 2 Replies Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller @justin867
                        last edited by

                        @justin867 said in Connection query:

                        thank you very much Sir

                        No problem.

                        1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @justin867
                          last edited by

                          @justin867 said in Connection query:

                          thank you very much Sir

                          Here is a thread with a video about the LAN based security model.

                          https://mangolassi.it/topic/11257/scott-alan-miller-the-brave-new-lanless-future

                          1 Reply Last reply Reply Quote 1
                          • 1 / 1
                          • First post
                            Last post