Hello folks,
We've got a dark fibre circuit being delivered over the coming weeks. We've
ordered 3 x CRS326-24S+2Q+RM (one for each end plus a cold spare). Our plan
is to route local network traffic over the service, which obviously
requires us to secure it through some form of encryption.
This then leads me to my next question. Some people I've spoken to are
telling us to run an IPsec tunnel across between the two FortiGate
appliances we have at either end, some are telling us to look at MACsec to
offload the traffic from the L3 side of things onto L2.
How new is the MACsec implementation on the CRS326? What performance
benefits or detriments are we likely to see from using MACsec as opposed to
IPsec tunnels? The only reason I'm considering it is because it reduces the
IP overhead and reduces the workload on the FortiGate appliances.
Regards,
Christopher Hawker
