Hi everyone. We have many customers that will use a HD4 for example at a remote site with 4 LTE SIM cards and then we will use FusionHub on AWS to bond the traffic and send it to the internet. Lots of them will have their own site to site VPN, such as Cisco Meraki. The challenge is we lose a lot of speed because we are doing encryption, then the customer’s full tunnel VPN is also doing encryption so we lose a lot due to overhead.
If a customer is using IPSec VPN via SpeedFusion and has a full tunnel so all traffic is bonded going through SpeedFusion, do we really need the 256 bit encryption on our connection if the customer’s VPN is already doing that? Or should I have both on there?
Sure, that’s why encryption is optional, so whenever you are sending traffic that doesn’t need to be encrypted (or encrypted again), such as when you are already using private links (like MPLS. direct fiber or secure private wireless links connectivity) as the ONLY WAN links - you don’t need encryption.
If you’re offering a bonding service for public internet WAN traffic ONLY you don’t need encryption and in fact you’ll get better performance from a SpeedFusion bonded tunnel without encryption since it reduces the VPN overhead (and is easier for the Peplink device to encapsulate).
Personally, I will encrypt everything as a defacto standard and then consider turning off encryption only when there is proven need or benefit in doing so - but only when I’m 100% sure of the traffic types that are passing and what the WAN links are.