This following covers networking vendors for site-to-site VPN connectivity to Mediaocean. In all cases the client will be responsible for purchase, vendor support, configuration and management of the device(s) required. Mediaocean is willing to put reasonable effort into trying new vendors or scenarios not listed but may determine the option does not work.
Data Center or Office Options
Recommended
These are the preferred options for connecting to Mediaocean. They are the most secure and easily supported based on our observations working with multiple clients.
Firewalls
- Fortigate 40F or higher
- Palo Alto PA-410 or higher
- Cisco FPR 1010 or higher
Routers
- Cisco C8200L-1N-4T or higher (must have security license)
Also Supported
Products by these vendors are used successfully by our clients. They generally support the features required to connect to Mediaocean including NAT, IKEv2, and multi-phase VPN. Both newer hardware and virtual options are known to work. Depending on the age of the hardware, certain vendors may not support all features required for proper setup.
- Fortigate (Fortinet)
- Palo Alto
- Cisco
- Juniper
- Checkpoint
- Sonicwall
- pfSense
- Watchguard
- Sophos
- Zywall
- StrongSwan
- Mikrotek
Not Supported
Products by these vendors do not support the features required to connect to Mediaocean. Clients using these products have not been able to setup connectivity.
-
Ubiquiti
- Limited NAT functionality does not meet requirements for VPN connectivity to Mediaocean
- NAT only on the WAN interface has caused issues
- Meraki
- Limited NAT functionality does not meet requirements for VPN connectivity to Mediaocean
- NAT only works with other Meraki devices (confirmed by Vendor)
-
Aviatrix
- Limited NAT functionality does not meet requirements for VPN connectivity to Mediaocean
- Unable to NAT internal client IPs to alternate NAT IPs in subnet provided by Mediaocean
-
Zyxel
- Limited NAT functionality does not meet requirements for VPN connectivity to Mediaocean
- Only 1 phase2 tunnel supported at a time
-
Draytek
- Only known working model is the Vigor 2960 but getting NAT to work was complicated
- The Vigor 2860 and 3910 models failed to NAT at all even with help from Draytek support
- Limited support from Draytek
Cloud Options
Recommended
Mediaocean recommends purchasing and using a virtual enterprise option from these confirmed vendors. Native cloud solutions have generally not worked due to the reasons below. Other vendors listed above may work but Mediaocean has no confirmed cases.
- Fortigate (Fortinet)
- Palo Alto
- Cisco
- Sonicwall
- pfSense
Not Supported
These options have not worked in recent implementations.
- AWS and Azure native VPN
- NAT/PAT not supported
- Only 1 phase2 supported at a time
- No stateful inspection
- Difficult to troubleshoot
NOTE: Mediaocean has had no client requests nor done any testing for connectivity in Google Cloud, Oracle Cloud or Alibaba Cloud.
Comments
0 comments
Article is closed for comments.