[149736] in North American Network Operators' Group
RE: Sonicwall 3500/netflow
daemon@ATHENA.MIT.EDU (Blake Pfankuch)
Tue Feb 14 09:42:08 2012
From: Blake Pfankuch <blake@pfankuch.me>
To: Jay Mitchell <jay@miscreant.org>, Jay Ashworth <jra@baylink.com>
Date: Tue, 14 Feb 2012 14:40:40 +0000
In-Reply-To: <325D1DEE-D12B-4204-BBE4-B9B0A11D665A@miscreant.org>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
JRA,
If you have questions contact me off list. I would shoot for a little hig=
her device to support that bandwidth if you are going to be enabling Servic=
es at all. Also if you use services, make sure they are enabled only on 1 =
zone as to not double scan traffic. Also I would skip the DPI-SSL services=
for now, as they are extremely throughput intensive. The company I work f=
or manages a few hundred Sonicwalls, some of them in a pretty complex setup=
. SonicWall netflow is a little unique, they have a GUI feature called APP=
Flow which makes it pretty easy to trim down to watch exactly what you need=
(once you get the hang of it). Some of the additional free features make =
the SonicWall very nice. The SSLVPN portal is very handy for remote troubl=
eshooting. You can bind it to a VLAN interface with private addresses for =
management purposes as well as remote access. =20
Careful though, they can either be a beast, or a joy to manage depending on=
how you set it up.
If you want to do entirely CLI management on the SonicWall, be prepared for=
a headache. Everything is case sensitive, and not the cleanest. If you b=
uild quick templates in your favorite text editor, it can be very simple to=
manage this way. =20
SonicWall is pushing 5.8.1.4 firmwares to all of the partners as far as I k=
now (maybe to everyone) if you call in with an issue. Check the caveats th=
ough, we have a few conflicts related to VPN stuff as well as dynamic routi=
ng a few places.
Blake
-----Original Message-----
From: Jay Mitchell [mailto:jay@miscreant.org]=20
Sent: Tuesday, February 14, 2012 3:59 AM
To: Jay Ashworth
Cc: NANOG
Subject: Re: Sonicwall 3500/netflow
According to the spec sheet it does, haven't had the opportunity to play wi=
th one to comment any further though.
http://www.sonicwall.com/us/products/NSA_3500.html#tab=3Dspecifications
--jay
On 14/02/2012, at 2:21 PM, Jay Ashworth <jra@baylink.com> wrote:
> This will be my first time in Sonicwall territory. I'm assuming this=20
> thing will (effectively) *be* my edge router; does it support netflow,=20
> as has been being discussed in the recent thread?
>=20
> I'm likely going to have 100M from L3, with FiOS/150 and Roadrunner/50=20
> for backup/load bal; I don't think this will be a BGP application. =20
> :-)
>=20
> Cheers,
> -- jra
> --=20
> Jay R. Ashworth Baylink jra@baylin=
k.com
> Designer The Things I Think RFC=
2100
> Ashworth & Associates http://baylink.pitas.com 2000 Land Rove=
r DII
> St Petersburg FL USA http://photo.imageinc.us +1 727 647=
1274
>=20
