Flexible Integration

The highly flexible nature of the Edge platforms enables a number of different implementation methods.

Speak With An XRoads Networks Sales Engineer
If you have questions regarding how our products work, or how they might be implemented within your network environment, please click the button above to contact one of our sales engineers.

Transparent Drop-In Mode:

The Edge platform has the ability to be easily inserted between two existing network devices, i.e. an existing firewall and the gateway router. In this situation the Edge operates in a switching/router mode and transfers traffic between the gateway router and the firewall without the network administrator having to make any IP address changes. This scenario also works when an Edge appliance is placed between a firewall or gateway router and the rest of the LAN network.

The only requirement for transparent mode installation is that the EdgeXOS appliance needs two available IP addresses for management

Bypass Mode:

In the event that the Edge platform stops working, the bypass mode option allows traffic to continue operating through the unit, even with the power cord removed. This option is available when in proxy mode.

Installation Methods:

  • Post-Firewall - Where the Edge appliance is placed between the firewall and the WAN router (this is the most common deployment method).
  • Pre-Firewall - Where the Edge appliance is placed in front of an existing firewall on the LAN side of the network.
  • Firewall Replacement - Where the Edge appliance replaces the existing firewall with its enterprise-class object oriented firewall.

Post-Firewall Deployment

In this scenario the Edge appliance is placed between the firewall and the WAN router. In this scenario the Edge appliance typically can not control individual user sessions, but can shape based on application type and thus control P2P traffic. This method also provides for full network load balancing with the existing firewall providing all inbound protections.

Site2Site Integration Note: An important factor in this scenario is that the Edge appliance can only tunnel traffic as it is seen from the firewall, so any LAN traffic that is NAT'd by the firewall would have to be tunneled as NAT'd traffic. Most applications will not have a problem with this, however please confirm whether this might be a problem prior to choosing this type of deployment.

Transparent Bandwidth Management

Pre-Firewall Deployment

In this scenario the Edge appliance is placed in front of the firewall on the LAN network. In this configuration, all LAN traffic passes through the Edge prior to traversing the primary WAN1 firewall. In this scenario the Edge is able to identify end-user traffic and route/prioritize accordingly. Network balancing may achieved by specifically routing certain traffic out the protected WAN2 interface.

ISP Balancing Without BGP

Firewall Replacement

In this scenario the Edge appliance replaces an existing firewall. There are many reasons for doing this, including: ease of management, better control of traffic, lower latency, and better QoS handling. As the Edge appliance supports an enterprise-class SPI firewall that is ICSA compliant and includes content filtering, DoS protection, and virus detection, it may be the best option.

Dual-WAN Network Balancing