WAN accelerator directly over the Internet - Advisable?

Availability for the Always-On Enterprise

WAN accelerator directly over the Internet - Advisable?

Veeam Logoby PSI-INDY » Mon Feb 20, 2017 3:59 pm

Hello all,

I've been trying to search online and the KB, but so far I can't find a clear answer: Is it considered unsafe to allow the source and destination WAN accelerators to communicate directly over the Internet on ports 6164/6165? Or is it necessary to route the traffic through an IPSEC tunnel? I ask because bandwidth across our SITE-TO-SITE tunnel to the target server is limited due to a Comcast issue. I can probably work around the issue by routing the traffic outside the tunnel. I understand that the traffic between WAN accelerators is encrypted, but I still don't want to do this if it significantly decreases security.
PSI-INDY
Novice
 
Posts: 4
Liked: never
Joined: Wed Mar 09, 2016 11:41 pm
Full Name: PSI indy

Re: WAN accelerator directly over the Internet - Advisable?

Veeam Logoby foggy » Mon Feb 20, 2017 4:10 pm

Generally, VPN is recommended, though, if encryption is enabled and firewalls are properly configured, you're good to go.
foggy
Veeam Software
 
Posts: 14904
Liked: 1096 times
Joined: Mon Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson

Re: WAN accelerator directly over the Internet - Advisable?

Veeam Logoby PSI-INDY » Mon Feb 20, 2017 4:42 pm

Thank you.
PSI-INDY
Novice
 
Posts: 4
Liked: never
Joined: Wed Mar 09, 2016 11:41 pm
Full Name: PSI indy

Re: WAN accelerator directly over the Internet - Advisable?

Veeam Logoby Gostev » Mon Feb 20, 2017 9:04 pm

I think it's a bad idea to not use VPN since control traffic will not be encrypted in this case.
Gostev
Veeam Software
 
Posts: 21442
Liked: 2362 times
Joined: Sun Jan 01, 2006 1:01 am
Location: Baar, Switzerland


Return to Veeam Backup & Replication



Who is online

Users browsing this forum: Bing [Bot], Google [Bot] and 16 guests