SummaryWhen installing an Exinda in the network, there are a few best practices to keep the Exinda running optimally.
OverviewNetwork topologies can be complicated and widely varying in design and operation, depending on the needs of the network and the end users. They are constantly evolving and can cahnge in the future. Administrations and designers need to think of things such as scalability and future proofing in order to get the best possible performance out of their topology. When putting an Exinda in the network, the same general rules will need to apply in order to get the best possible performance out of the appliance.
1. Have a firewall or other security device in between the Exinda and the WAN. The Exinda is not intended to be a security device and cannot handle security aspects or defer attacks as well or easily as an actual security device can. If a Distributed Denial of Service (DDoS) attack goes through the Exinda, the Exinda will not handle it correctly until the device goes down. Though the appliance itself might not be the target of the attack specifically, the goal will be achieved none the less.
2. Place the Exinda as close to the edge of the network as possible otherwise. The best practices for an internet going path would be the following path: Core switch -> Exinda -> Firewall -> Router to Internet. This keeps the security of having the firewall in front of the Exinda, but the appliance will not miss any internal traffic going outside of the network.
Note: It is possible to put the Exinda between a firewall and an external router, but it is important to note that if the firewall is what is performing NAT, then the Exinda will be unable to determine any internal, private IP addresses and instead will only see the public IP after the NAT is finished. This is part of the reason, along with security, that it is better to put the Exinda to the LAN side of a firewall.
3. Ensure that the appliance in the network can handle the traffic load being put through it. There are times when the topology will either grow, or more traffic will be put through. If this is the case, ensure that the Exinda can handle this new/increased traffic from where it is sitting on the network (ie, if there was a small WAN branch that was using a 2061 but the branch suddenly tripled in size, it might be a good idea to look at getting a 4062 series device).