Firewall-friendly Design

If you’re looking for an SD-WAN that works with your existing firewall, you’re not alone. Your team has invested valuable time into an auditable best-practice security architecture, and that top-of-the-line firewall wasn’t cheap. Most of all, your firewall represents a solution that your team is comfortable managing. That’s why we built Bigleaf from day one to work with your firewall without compromising any of its functionality

Bigleaf - The firewall-friendly SD-WAN
“Bigleaf’s design meant it was purely at the edge, abstracted and transparent to the firewall.”

-John Pentlin, Vice President of IT, TruHome

Bigleaf looks like an Internet connection to your firewall

To your firewall, Bigleaf looks like an open, public internet connection. To install Bigleaf, all you do is update your firewall’s WAN IP address to the public IPs provided by Bigleaf — no compromises to your security or compliance. Once that’s done, you may need to update IP addresses used by any site-to-site VPNs, and any DNS pointing at your WAN IPs. Since Bigleaf doesn’t NAT or proxy your traffic, you retain total firewall control.

Respects existing security policies

We designed Bigleaf’s SD-WAN to work with all your firewall’s features, unlike  many solutions that require you to disable specific features in your firewall and hand them over to the SD-WAN device. That means you can enjoy the performance and reliability of SD-WAN with the certainty and reliability of your existing security solution.

Enhances site-to-site VPN traffic

Bigleaf optimizes VPN tunnel traffic to improve stability and performance. Bigleaf will ensure the VPN rides the most stable ISP connection. Bigleaf will also fail-over VPN tunnels when necessary (during both full outages and brownouts) without dropping the VPN session and prioritize critical traffic within the VPN tunnels, through coordinated packet marking.