• Best VPN Service

    Top VPNs that Unlock Netflix, provide Secure Torrenting, Strong Encryption, Fast Downloads, DNS Leak Protection, Identity Protection and have Cheap VPN prices.

    read more

    Hyper-V Concepts

    It's time to get familiar with Hyper-V Virtualization, virtual servers, virtual switches, virtual CPUs, virtual deployment infrastructure (VDI) and more.
    Read more

Hot Downloads

SD-WAN is the Emerging, Evolving Solution for the Branch Office

Posted in SD-WAN

sd-wan the evolving solution for branch officesA lot has changed in how people work during the past twenty years. Co-working spaces, mobility, and the cloud now are common. Businesses are spread out and branch offices are empowered.

This new functionality is a good thing, of course. But, at the same time, it raises a big challenge: Multiprotocol Label Switching (MPLS), the way in which most branch offices network today, is a poor match for this new environment. It is an expensive and rigid one-size-fits-all approach to an environment that prizes fluidity and flexibility.

The answer is Software Defined-Wide Area Networking (SD-WAN). It matches the network to branch offices’ needs and provides a superior user experience. It also the potential to reduce costs.

Our Complete Guide to SD-WAN Technology article provides an in-depth coverage on SD-WAN Security, Management, Mobility, VPNs, Architecture and more.

SD-WAN is still a work in progress, no doubt, but the technology is positioned to be the next wave in branch office connectivity -- here's why.

Welcome to the New Branch

Enterprises generally configure WANs in a classic hub-and-spoke manner. Branches are the ends of the spokes and resources are in the hub, typically the headquarters or datacenters. Internet traffic is backhauled across the MPLS-based WAN to the hub for delivery through a secured, Internet access connection.  

That’s a solid, bulletproof approach. However, branch operations have changed radically since MPLS was introduced in the early 1990s. Back then, branch offices were comfortable with a T1 or two. Today's offices need 5x that amount. Back then, most applications and services terminated at MPLS-attached datacenters, not the Internet. Today, most traffic goes out to the Internet. Back then most work was done in offices. Today, work is done, well, everywhere.

MPLS Problems Hurt the New Branch

MPLS-based architectures are a poor fit for the new branch. Bandwidth is far more costly than Internet access (exact amounts will vary between regions and packages). Installation can take months, especially if the provider doesn’t have any available circuits; bandwidth upgrades weeks. This, needless to say, is too slow for today’s environment. International deployments only add to the problems.

The cost and inflexibility of MPLS leads many organizations to skimp on branch office bandwidth and, often, skip on redundancy. Instead, the sites instead are linked by non-redundant cable, DSL or wireless services and therefore are vulnerable to circuit failures and downtime. The use of separate networks makes creating a fully meshed architecture, where every office has a direct connection to every other office, far more difficult, impacting Active Directory and VoIP design. Those connected to MPLS face delays when more bandwidth is needed, such as for branch expansions and seasonal traffic spikes.  

The same antiquated approach extends to contracts. Branch offices often are temporary. One may start in somebody’s home. That worker may quickly be grouped with other workers at a larger branch across town. The three-year contracts offered by MPLS providers is simply inappropriate for such small- or transient-branch offices.

And none of this says anything about two shifts in enterprise networking -- the cloud and mobility. Backhauling Internet traffic adds too much latency, disrupting with the user experience. Often traffic is backhauled only to be sent back across the Internet to a site near the edge. This back and forth -- aptly called the “trombone effect” -- causes significant latency problems and consumes expensive MPLS bandwidth, particularly when the central portal and branch office are far from each other.

No Support for Mobile Users

Check Point Software and Cato Networks Co-Founder Shlomo Kramer Shares His Journey: From ‘Firewall-1’ Software to Today’s Firewall as a Service

Posted in SD-WAN

shlomo kramer cato networks founderBy: Shlomo Kramer, Check Point Software & Cato Networks Co-Founder

As one of the founders of Check Point Software and more recently Cato Networks, I’m often asked for my opinion on the future of IT in general, and security and networking in particular. Invariably the conversation will shift towards a new networking technology or the response to the latest security threat. In truth, I think the future of firewall lays in solving an issue we started to address in the past.

FireWall-1, the name of Check Point’s flagship firewall, is a curious name for a product. The product that’s become synonymous with firewalls wasn’t the first firewall. The category already existed when I invented the name and saved that first project file (A Yacc grammar file for the stateful inspection compiler, if you must know.) In fact, one of the first things Gil did when we started our market research for Check Point in 1992 was to subscribe to a newly formed firewall-mailing-list for, well, firewall administrators.

But FireWall-1 was the first firewall to make network security simple. It’s the stroke of simplicity that made FireWall-1. From software to appliances, firewall evolution has largely been catalyzed by simplicity. It’s this same dynamic that three years ago propelled Gur Shatz and me to start Cato Network and capitalize on the next firewall age, the shift to the cloud.

To better understand why simplicity is so instrumental, join me on a personal 25-year journey of the firewall. You’ll learn some little-known security trivia and develop a better picture of where the firewall, and your security infrastructure, is headed.

The Software Age and Simplicity Revolution

When we started developing FireWall-1, the existing firewalls were complicated beasts. Solutions, such as Raptor Firewall or Trusted Information Systems Firewall Toolkit (FWTK) relied on heavy professional services. Both came out of corporate America (If I remember correctly Raptor from DuPont and FWTK from Digital).

The products required on going attention. Using new internet applications could mean installing a new proxy server on the firewall. Upgrading an existing application could require simultaneously upgrading the existing proxy servers, or risk breaking the application. No surprise, the solutions were sold to large organizations willing to pay for the extensive customization and professional services required to implement and maintain them.

They say “necessity is the mother of invention” and that was certainly the case for Gil, Marius, and I. We were anything but corporate America. Extensive on-site support, custom implementations, professional services — the normative models wouldn’t work for us sitting in my grandmother’s apartment 10,000 miles away from the market, suffering the sweltering Israeli summer with no air conditioning and only $300,000 in the company bank account.

We needed a different strategy. What we needed was a solution that would be:

  • Simple to use without customer support,
  • Simple to deploy without professional services,
  • Simple to buy from a far, and, above all,
  • Simple enough for three capable developers to build before running out of budget (about 12 months).

To make the firewall simple to use, two elements were key:

  • A stateful and universal inspection machine that could handle any application given the right, light-weight configuration file. No longer was there a need to deploy and update custom proxy servers for each application. In the coming years, when Internet traffic patterns changed to include an ever growing number of applications, stateful inspection became critical.
  • An intuitive graphical user interface that any sys admin could understand and use almost immediately.

Actually, we didn’t get the UI right the first time around. After a few months of development, we ran a "focus group” with friends that luckily were PC developers. During those days, PC developers were much more advanced UI folk than us Sun Workstation guys. Our focus group hated the UI, which led us to start all over, and develop a PC-like interface that looked like this:

 checkpoint firewall 1 rule base editor

Caption: A screenshot of FireWall-1’s early interface.

 I still think it’s pretty great. By the way, you might notice a host called “Monk” in the rule base. It was one of the two Sun workstations we owned (actually borrowed as a favor from the Israeli distributor of Sun), and named Monk after Thelonious Monk, the American jazz pianist and composer. The other machine was named Dylan. And all of those cool Icons? They were drawn by Marius who doubled as our graphic artist. He worked on a PC.

To make the product simple to deploy, we made a special effort to compress the entire distribution into a single diskette with the install manual printed on the diskette’s label:

 checkpoint firewall-1 solaris fdd

Caption: An early FireWall-1 disk. Note the installation instructions on the label.

The last critical point was making the product simple to buy. In a world where the competition sold direct and made a considerable part of their revenues off of professional services, we decided to become a pure channel company and sell exclusively through partners.

We were very lucky to sign up early on with SunSoft, the software arm of the then leading computer manufacturer, Sun Microsystems, and become part of their popular Solstice suite. Sun's distribution know-how and capabilities were critical in the early days. In the pull market that followed, the fact that buying FW-1 through our partners was simple became critical.

MPLS vs. SD-WAN vs. Internet vs. Cloud Network. Connectivity, Optimization and Security Options for the ‘Next Generation WAN’

Posted in SD-WAN

sdwan networksThe Wide Area Network (WAN) is the backbone of the business. It ties together the remote locations, headquarters and data centers into an integrated network. Yet, the role of the WAN has evolved in recent years. Beyond physical locations, we now need to provide optimized and secure access to Cloud-based resources for a global and mobile workforce. The existing WAN optimization and security solutions, designed for physical locations and point-to-point architectures, are stretched to support this transformation.

This article discusses the different connectivity, optimization and security options for the ‘Next Generation WAN’ (NG-WAN). The NG-WAN calls for a new architecture to extend the WAN to incorporate the dynamics of cloud and mobility, where the traditional network perimeter is all but gone.

The Wide Area Network (WAN) connects all business locations into a single operating network. Traditionally, WAN design had to consider the secure connectivity of remote offices to a headquarters or a data center which hosted the enterprise applications and databases.

Without further delay, let's take a look at the topics cover in this article:

Let’s look at evolution of the WAN.

First Generation: Legacy WAN Connectivity

Currently, there are 2 WAN connectivity options which offer a basic tradeoff between cost, availability and latency:

Option 1: MPLS - SLA-Backed Service at Premium Price

With MPLS, a telecommunication provider provisions two or more business locations with a managed connection and routes traffic between these locations over their private backbone. In theory, since the traffic does not traverse the internet, encryption is optional. Because the connection is managed by the telco, end to end, it can commit to availability and latency SLAs. This commitment is expensive and is priced by bandwidth. Enterprises choose MPLS if they need to support applications with stringent up-time requirements and minimal quality of service (such as Voice over IP (VOIP).

hq connection to remote office via mpls

Headquarters connecting to remote offices via MPLS Premium service

To maximize the usage of MPLS links, WAN optimization equipment is deployed at each end of the line, to prioritize and reduce different types of application traffic. The effectiveness of such optimizations is protocol and application specific (for example, compressed streams benefit less from WAN optimization).

Complete Guide to SD-WAN. Technology Benefits, SD-WAN Security, Management, Mobility, VPNs, Architecture & Comparison with Traditional WANs. SD-WAN Providers Feature Checklist.

Posted in SD-WAN

SDWAN Global Secure NetworkSD-WAN is the answer for enterprises and organizations seeking to consolidate network functions and services while at the same time simplify their WAN infrastructure and its management.

SD-WANs are suitable for any organization regardless of their size and location(s). Forget about managing routers, firewalls or proxies, upgrading internet lines, high-cost WAN links, leased lines (MPLS), filtering incoming traffic, public-facing infrastructure, VPNs and mobile clients. SD-WANs provide all the above and allow managers, administrators and IT staff to manage their WAN infrastructure via an intuitive, easy-to-use GUI interface, lowering equipment and service contract costs but also minimize the need for continuous upgrades and other expensive and time-consuming exercises.

The diagram below clearly shows a few of the network and security services leading global SD-WAN providers such as  CATO Networks provide to businesses no matter where they are geographically located around the world.

 sdwan network services

SD-WAN Networks offer zero-touch deployment with advanced network security services

Let’s kick-off this guide by taking a look at the SD-WAN topics covered:

What is SD-WAN?

Software-Defined Wide Area Network (SD-WAN) is a new architectural approach to building Wide Area Networks (WANs) whereby applications and the network configuration are isolated from the underlying networking services (various types of Internet access or private data services sold by network service providers). As a result, the networking services can be reconfigured, added, or removed without impacting the network. The benefits to such an approach address long-standing concerns with traditional WANs around the cost of bandwidth, time to deploy and reconfigure the WAN and more.

The Problem with Traditional WANs

For years, organizations connected their locations with private data services, namely MultiProtocol Label Switching (MPLS) services. Companies contract with their network service provider to place MPLS routers at each location. Those routers connect with one another or a designated site across the MPLS service. MPLS services are seen as being:

  • Private because all customer traffic is separated from one another.
  • Predictable as the MPLS network is engineered to have very low packet loss
  • Reliable as the carrier stands behind the MPLS with service and support, backing it up contractually with uptime (and reliability) guarantees.

 Traditional High-Cost MPLS VPN Networks

Traditional High-Cost MPLS VPN Networks

As such, MPLS services are expensive (relative to Internet connectivity), in some cases costing 90 percent more than Internet bandwidth. And with bandwidth being so expensive, companies have to be very judicious in their bandwidth usage. Sites are often connected by single MPLS line, creating a potential single point of failure. Delays from line upgrades are a problem, as lines often lack the necessary excess capacity to accommodate traffic changes or new applications. Finally, new deployments take significantly longer than Internet lines — weeks in some cases, months at the extreme — whereas Internet access can be deployed in days if not minutes (with 4G/LTE).

Organizations accepted MPLS limitations for years for numerous reasons. For too long, the Internet was far too erratic to provide the consistent performance needed by enterprise applications. That’s changed significantly within Internet regions over the past few years. A decade ago, most enterprise traffic stayed on the MPLS network, terminating at a headquarters or datacenter housing the company’s applications. Today, Internet and cloud traffic are the norm not the exception, often constituting half of the traffic on and MPLS backbone. The net result is that data transmission costs end up consuming a significant portion of an IT Department’s annual expenditure on its WAN with Internet- and cloud-traffic being a major cause.

How Does SD-WAN Work?

Network Management Systems Help Businesses Accurately Monitor Important Application Performance, Infrastructure Metrics, Bandwidth, SLA Breaches, Delay, Jitter and more

Posted in OpManager - Network Monitoring & Management

Accurately monitoring your organization’s business application performance, service provider SLA breaches, network infrastructure traffic, bandwidth availability, Wi-Fi capacity, packet loss, delay, jitter and other important metrics throughout the network is a big challenge for IT Departments and IT Managers. Generating meaningful reports for management with the ability to focus on specific metrics or details can make it an impossible task without the right Network Management System.

The continuous demand for businesses network infrastructure to support, uninterrupted, more applications, protocols and services has placed IT departments, IT Managers and, subsequently, the infrastructure they manage, under tremendous pressure. Knowing when the infrastructure is reaching its capacity and planning ahead for necessary upgrades is a safe strategy most IT Departments try to follow.

The statistics provided by the Cisco Visual Networking (CVN) Index Forecast predict an exponential growth in bandwidth requirements the coming 5 years:

cisco visual networking index forecast

These types of reports, along with the exponential growth of bandwidth & speed requirements for companies of all sizes, raises a few important questions for IT Managers, Network Administrators and Engineers:

  • Is your network ready to accommodate near-future demanding bandwidth requirements?
  • Is your current LAN infrastructure, WAN and Internet bandwidth sufficient to efficiently deliver business-critical applications, services and new technologies such as IoT, Wi-Fi - 802.11n and HD Video?
  • Do you really receive the bandwidth and SLA that you have signed for with your internet service provider or are the links underutilized and you are paying for expensive bandwidth that you don’t need?
  • Do you have the tools to monitor network conditions prior to potential issues becoming serious problems that impact your business?

All these questions and many more are discussed in this article aiming to help businesses and IT staff understand the requirements and impact of these technologies on the organization’s network and security infrastructure.

We show solutions that can be used to help obtain important metrics, monitor and uncover bottlenecks, SLA breaches, security events and other critical information.

Let’s take a quick look at the topics covered in our article:

Finally, we must point out that basic knowledge of the Networking and Design concepts is recommended for this article.

Click to Discover how a Network Management System can help Monitor your Network, SLAs, Delay Jitter and more.

Network Performance Metrics and their Bandwidth Impact

Network performance metrics vary from business to business and provide the mechanism by which an organization measures critical success factors.

The most important performance metrics for business networks are as follows:

  • Connectivity (one-way)
  • Delay (both round-trip and one-way)
  • Packet loss (one-way)
  • Jitter (one-way) or delay variation
  • Service response time
  • Measurable SLA metrics

Bandwidth is one of the most critical variables of an IT infrastructure that can have a major impact to all the aforementioned performance metrics. Bandwidth over saturated links can cause poor network performance with high packet loss, excessive delay, and jitter which can result in lost productivity and revenue, and increased operational costs.

New Applications and Bandwidth Requirements

This rapid growth for bandwidth affects the Enterprises and Service Providers which are continually challenged to efficiently deliver business-critical applications and services while running a network at optimum performance. The necessity for more expensive bandwidth solutions is one of the crucial factors that may have a major impact on a network and applications performance. Let’s have a quick look at the new technologies with high bandwidth needs which require careful bandwidth and infrastructure planning:

High Definition (HD) Video Bandwidth Requirements

This surpassed standard definition by the end of 2011. User demand for HD video has a major impact on a network due to the demanding bandwidth requirements as clearly displayed below:

dvd 720 1080p bandwidth requirements

DVD, 720p HD and 1080p HD bandwidth requirements:

  • (H.264) 720p HD video requires around 2,5 Mbps or twice as much bandwidth as (H.263) DVD
  • (H.264) 1080p HD video requires around 5Mbps or twice as much bandwidth as (H.264) 720p
  • Ultra HD 4320p video requires around 20Mbps or four times as much bandwidth as (H.264) 1080p

BYOD and 802.11ac Bandwidth Requirements

802.11ac is the next generation of Wi-Fi. It is designed to give enterprises the tools to meet the demands of BYOD access, high bandwidth applications, and the always-on connected user. The 802.11ac IEEE standard allows for theoretical speeds up to 6.9 Gbps in the 5-GHz band, or 11.5 times those of 802.11n!

Taking into consideration the growing trend and adoption of Bring-Your-Own-Device (BYOD) access, it won’t be long until multi-gigabit Wi-Fi speeds will become necessary.

Virtual Desktop Infrastructure (VDI) Bandwidth Requirements

Each desktop delivered over WAN can consume up to 1 Mbps bandwidth and considerably more when employees access streaming video. In companies with many virtual desktops, traffic can quickly exceed existing WAN capacity, noticeably degrading the user experience.

Cloud IP Traffic Statistics

The Annual global cloud IP traffic will reach 14.1 ZB (1.2 ZettaBytes per month) by the end of 2020, up from 3.9 ZB per year (321 ExaBytes per month) in 2015.
Annual global data center IP traffic will reach 15.3 ZB (1.3 ZB per month) by the end of 2020, up from 4.7 ZB per year (390 EB per month) in 2015. These forecasts are provided by the Cisco Global Cloud Index (GCI) which is an ongoing effort to forecast the growth of global data center and cloud-based IP traffic.

Application Bandwidth Requirements and Traffic Patterns

Bandwidth requirements and traffic pattern are not common among various applications and need careful planning as displayed below:

 Data, Video, Voice and VDI bandwidth requirements & traffic patterns

Data, Video, Voice and VDI bandwidth requirements & traffic patterns

An effective strategy is essential in order to monitor network conditions prior to potential issues becoming serious problems. Poor network performance can result in lost productivity, revenue, and increased operational costs. Hence, detailed monitoring and tracking of a network, applications, and users are essential in optimizing network performance.

Network Monitoring Systems (NMS) for Bandwidth Monitoring


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup