Policy Based Routing in the branch – ArubaOS 8.x_ Q&A
Q1: What about performance when doing PBR?
A1: The Aruba 7000 series branch gateway is an enterprise-class product with a small form-factor and high performance. Starting with the Aruba 7005, which provides 2 Gbps of firewall and 1.2 Gbps of IPsec VPN and going up to the Aruba 7030, with 8 Gbps of firewall and 2.4 Gbps of IPsec VPN in a 1 Unit appliance.
Q2: What devices do you suggest to use in HQ as internet gateway facing ISP with BGP?
A2: 7200 are recommend for headend gateways and it not support BGP protocol.
Q3: How far is the security features on the sdbranch appliances in comparison with others sdwan players ? Is it interfacable with cloud security applications such as Zscaler or ?
A3: Branch talks to Cloud platform Central using HTTPS and with HQ using scured Ipsec VPN.
Q4: Can the 7000 sdwan appliance create GRE tunnels with cloud applications ?
A4. No. Could you please give us any use-case with respect to this question.
Q5: Is there an option to do PBR in an Instant Environment?
A5. NO. PBR is only performed on Branch Gateway.
Q6: Hello, since hub-and-spoke vpns tunnels are supported, suppose on each branch there are different vpn-instances/vrf for different services. Can you apply PBR to have users to go throught VPN tunnels to access services in the HQ, but internet to surf the WEB?
A6. Yes, Split tunnelling is spported.
Q7: how does the sd branch controller see that a client has the authenticated role applied. this role is by default applied to the wireless controller
A7. The LAN facing port should be untrusted for the Branch gateway to see traffic.
Q8: Are Aruba 7000/7200 either mobile controllers or gateways as of now.
you are talking about IAP in combination with SD-WAN/branch controller - thus campus-AP are not support currently ?
A8. These are Mobility Controller but Campus AP are not supported
Q9.you are talking about IAP in combination with SD-WAN/branch controller - thus campus-AP are not support currently ?
A9. No, CAP are not supported in Branch Gateway.
Q10: When can we expect the support of Campus-AP on SD-branch firmware ?
A10. Its in pipe line. Please get in touch with Aruba Sales/Account team to get more updated information
Q11: VPNC does not supprt AP termination, that is right ?
A11. NO, it only serves as VPN concentrator.
Q12: What appliance is supported as HeadEnd/VPNC, and what image OS-Version?
A12. Please refer link. http://help.central.arubanetworks.com/latest/documentation/online_help/content/public_cloud/get_started/supported_gateways.htm. SDWAN available in support site 8.1.0.0-1.0.3.0
Q13: What appliance is supported as Branch Gateway and what version Image?
A13. The Aruba 7000 series branch gateway is an enterprise-class product with a small form-factor and high performance—starting with the Aruba 7005, which provides 2 Gbps of firewall and 1.2 Gbps of IPsec VPN and going up to the Aruba 7030, with 8 Gbps of firewall and 2.4 Gbps of IPsec VPN in a 1U appliance. The Aruba 7200 series headend gateway delivers 12 Gbps of firewall and 4.5 Gbps of IPsec VPN with the 7205 going up to 40 Gbps of firewall and 30 Gbps of IPsec VPN on the high-end 7280.,we have introduced a new SD-WAN code, which is avaiable in Aruba Support site
Q14: With the Full-tunnel you created with both ADSL and MPLS with same priority. Will it load-balance or select the tunnel with lowest latency/highest speed to forward the traffic in?
A14: Load balance is the default behaviour with same priority.
Q15: Are there any plans of having vrf's / virtual routers for Aruba controllers?
A15: Not as of now.
Q16: Is the PBR not supported on MC-VA, if not, what is the reason why?
A16. MC-VA is not supported in SD-WAN. However we can do generic PBR on VA based MM controller.