AppGate SDP (software-defined perimeter) from Cyxtera Technologies headquartered in Addison is a zero trust network security product.
N/A
F5 BIG-IP DNS
Score 9.2 out of 10
N/A
F5 BIG-IP DNS (formerly BIG-IP Global Traffic Manager) secures DNS infrastructure.
N/A
VMware NSX
Score 8.8 out of 10
N/A
VMware NSX is network virtualization technology. VMware NSX is no longer sold as a standalone product and is now available as a part of VMware Cloud Foundation.
It is best suited for larger companies with lots of remote workers that need complex access management. We've barely scratched the surface on what Appgate can do via its API.
Less appropriate: - Not best bet for startup’s as their budget is always tight - Not good for those companies where the engineers are not highly skilled otherwise the use Irules and security policies will not be utilised in optimal manner as it requires more cpu resources to work especially irules - For companies fully on cloud doesn’t best fit as I already highlighted cloud require more improvements when it comes to seamless performance Best Suited -Large enterprise companies where budget is not an issue - Companies whose traffic Rate Per Second is very high as it can handle huge RPS without latency - Companies whose business is surely depends on their availability
With proper design, VMware NSX can and should be deployed to virtually any VMware virtualization environment, but the deployment should be tailored to the needs of that environment. There isn't really a one size fits all deployment design for all environments. That versatility is what provides its greatest strength to a business.
I love this product, especially DoH because it's not able to do the same functionality in NextGen firewalls on our edge location because of the nature that integrated with the F5 BIG-IP, the V we provide for our external clients and we love it the most because it's, it's right in the same box, we use it and then we get the benefits out of the same big IP boxes, same VE boxes. And I think that's the only aspect we liked the most.
Live logging in the client. Currently you have to "download" the logs into a zip file and then open that zipfile to look at the logs. There's no logfile to tail or watch.
Load balancing between controllers could be better. Currently relies on round robin DNS and sometimes a browser will pick a different IP than previous and you'll get a big "LOST CONNECTION TO CONTROLLER" message.
I'd like to see better reporting capabilities on the decision-making process for DNS resolutions. Currently there are plenty of log messages for that, but I'd like to see tighter integration into the GUI.
It could be an improvement to better discriminate features intended for AA vs LDNS functionality within the GUI.
We use this heavily and it is one of the best products out there for this type of use case. We already have LTMs and to leverage GTM on top of that is just a piece of cake. Everything is so well integrated its amazing
Most important usability of F5 BIG-IP DNS is it’s stability which other vendors lack -As mentioned earlier as well, it’s scalability is humongous as it can honour millions of request per second without latency - irules feature makes it top and worthy to fight with top contenders like cloudflare and Cisco - Moreover it’s stable even when the Rate Per second is high and at the same time, DDos occurs - Interface is user friendly for simple tasks but requires more manual work - TAC should provide more assistance when it comes to normal support as well but they do offer professional support license for tasks which other vendor assist on normal license as well
The company has been supportive overall of our needs and desired features. I have not personally called the support services, but I've heard no direct complaints either.
The existing system was FortiGate. The management of the system was a hassle. Because IT personnel had to manually create VPN accounts, user passwords were known to who created them and the end user did not have a way to change them. This created a security issue in the event an IT engineer left the company.
As I mentioned, the GSLB capability, being able to do intelligent DNS by having access to monitor specific endpoints associated to my current BIG-IP infrastructure, I believe that brings a huge value, then combine fast responses and security.
We use both Cisco ACI and VMware NSX, and while they have different strengths and capabilities, I would recommend VMware NSX, as it can be used in all VMware environments, without costly physical infrastructure changes. Cisco ACI provides some of the same capabilities, but not all. It's focus relies on physical networking changes.
Well, yes, I would say a big impact for ours. We were able to have more visibilities and trying to allow those traffic that we weren't able to see what is behind the scene and then reduce a lot of attackers. And then it led us to actually allow our clients freely using the DOT or DOH.
