Sei sulla pagina 1di 18
Mini-Lab Student Guide 1
Mini-Lab Student Guide 1

Mini-Lab Student Guide

Mini-Lab Student Guide 1

1

Introduction You have recently been hired to manage the IT syste ms for a local

Introduction

You have recently been hired to manage the IT systems for a local doctor’s office group in San Francisco. Nightingale Medical Associates has managed to survive with a consumer ISP-provided gateway for many years, but recent Electronic Medical Records (EMR) mandates, HIPAA compliance, more patients, new offices opening up, and the demand for guest Internet access has them excited about an enterprise-class solution. As their new IT admin, you suggest that Nightingale Medical Associates deploy Cisco Meraki as their solution. This will not only meet their needs now, but can scale with them as they grow their main location and open new offices, as well as provide them with a simple, intuitive management interface and rich application visibility, reporting and analytics. In order to get started, you’ve decided to equip them with a stack of Meraki gear, and today you’ll be configuring that gear for one of the offices.

How to perform lab work

1. Navigate to http://meraki.com/merakilab and fill out the form using the Session Code provided.

2. Navigate to http://dashboard.meraki.com and login with the username and password provided by the instructor. It is recommended to use Google Chrome. IMPORTANT: Be sure you are selecting the correct Organization for your Minilab session after logging into the portal. Your instructor will provide the correct session number if needed. If necessary, be sure to choose your correct lab station number (from your Topology Sheet) from the network dropdown box in the upper left of Dashboard.

3. Feel free to use the Cisco Meraki knowledge base articles and documentation to assist with the lab. They can be found at: http://documentation.meraki.com You can also use the Dashboard search box for assistance, which is very helpful.

4. Time for “exploring” Dashboard and for finding/using help has been worked into the suggested times for each lab section.

Reference materials:

Meraki Main Page – meraki.cisco.com Cloud Architecture Overview – meraki.com/trust Datasheets/Whitepapers Library – meraki.cisco.com/library Meraki Product Documentation – documentation.meraki.com Meraki Webinars & Training – meraki.cisco.com/webinars Meraki YouTube Channel – www.youtube.com/user/milesmeraki/videos

2

How to Read the Lab Guide Throughout the lab guide you wi ll see various

How to Read the Lab Guide

Throughout the lab guide you will see various notations that serve to call out different types of information. These are classified into the following categories:

Important: These are high priority, critical bits of instructions that you must read carefully and pay close attention to performing correctly or they could have an adverse effect on your lab station.

Note: These are typically warnings that usually serve as reminders as they are sometimes easily overlooked or missed.

Hint: These are useful pieces of advice that could help point you in the right direction or help draw your attention to hard-to-find or confusing configurations.

Information: These serve as additional footnotes and reference materials sourced from the official Meraki documentation portal (located at: https://documentation.meraki.com) for various topics or technologies.

3

As you log into Dashboard, you should pay close attention to ensure that you are

As you log into Dashboard, you should pay close attention to ensure that you are working within the right lab network. For example, if you have been assigned to Lab Station #7 within POD 4, then you should see very clearly at the top that you are signed in using the right user account and working in the right lab station network. Your instructor should let you know what POD you’re working in today.

Verification for Lab Station #7, POD 4

working in today. Verification for Lab Station #7 , POD 4 Hint: The Cisco Meraki Dashboard

Hint: The Cisco Meraki Dashboard is compatible with the most recent version of Firefox, Internet Explorer, and Chrome web browsers. However, the most recommended browser is Chrome as it provides the best and most consistent user interface experience. It should also be noted that MV security camera streaming is not supported on Windows 7 + Internet Explorer 11.

4

1. Lab Station References (IP Addressing) Throughout the lab exercises, you will occasionally see instruct

1. Lab Station References (IP Addressing)

Throughout the lab exercises, you will occasionally see instructions that reference your lab station number. These references appear as a green “n” or “X” whereby it should be immediately replaced by your lab station number:

Example Instruction: Rename the MX’s name as “MX [n]”

Lab Station 7’s results: MX 7

Lab Station 18’s results: MX 18

A similar but slightly different instruction may tell you to add your lab station number – again referenced as “n” – to an existing value. This should be treated as a simple add (+) operation, as illustrated in the following example:

Example Instruction: Use the following as the subnet: 10.0. [ 10 + n ] .0/24

Lab Station 7’s correct results: 10.0.17.0/24

Lab Station 18’s correct results: 10.0.28.0/24

(10 + 7 = 17) (10 + 18 = 28)

Important: It would be incorrect if a concatenation were to be used, such as 10.0.107.0/24 for Lab Station 7 or 10.0.1018.0/24 for Lab Station 18 – these are incorrect and possibly invalid IP addressing values.

This type of replacement applies not just to subnets but also to IP addressing and VLAN instructions in the lab guide. Here are some more examples:

Example Instruction: Use the following as the IP address: 10.0. [ 150 + n ] .1

Lab Station 7’s correct results: 10.0.157.1

Lab Station 18’s correct results: 10.0.168.1

(150 + 7 = 157) (150 + 18 = 168)

Example Instruction: Configure the access port to be in VLAN [ 600 + n ].

Lab Station 7 would configure the port to be in VLAN 607

Lab Station 18 would configure the port to be in VLAN 618

(600 + 7 = 607) (600 + 18 = 618)

5

Your Station’s Network Topology Overview “ n ” is your lab station number Security Appliance

Your Station’s Network Topology Overview

n” is your lab station number

Security Appliance Configuration:

(Step 1.1.1)

VLAN 10 (Corp) Subnet: 10.0.10+n.0/24 Interface: 10.0.10+n.1

VLAN 30 (Voice) Subnet: 10.0.30+n.0/24 Interface: 10.0.30+n.1

VLAN 100 (Guest) Subnet: 10.0.100+n.0/24 Interface: 10.0.100+n.1

Switch Configuration:

(Lab 2, Step 2.1.1)

VLAN 10 (Corp) Subnet: 10.0.10+n.0/24 Interface: 10.0.10+n.201 Default gateway: 10.0.10+n.1

VLAN 150 (Legacy) Subnet: 10.0.150+n.0/24 Interface: 10.0.150+n.1

VLAN 600 (OSPF) Subnet: 192.168.0.0./24 Interface: 192.168.0.n

Subnet: 10.0.150+ n .0/24 Interface: 10.0.150+ n .1 VLAN 600 (OSPF) Subnet: 192.168.0.0./24 Interface: 192.168.0. n

6

Exercise 1 | Small / Medium Site (90-120 minutes) To get started, let’s set up

Exercise 1 | Small / Medium Site (90-120 minutes)

To get started, let’s set up your first three pieces of Meraki gear. Meraki Support has already set up a Dashboard account and added the MX, MS and MR equipment to a network. In this exercise, you will create an initial configuration for a doctor’s office, create a baseline security policy, configure a guest wireless network, and interconnect all of the remote branches over a secure VPN.

Important: Make sure you are in the CORRECT POD and the CORRECT NETWORK that corresponds to your Lab Number

1.1.1 Initial MX Setup (20-30 minutes)

Hint: If you need help to find where commands are located use the search function in the upper left corner, right of the POD number, or Cisco Meraki logo. It says “Search Dashboard”

1. Verify that your MX is operational noting that it’s green in Dashboard and the WAN uplinks are healthy.

2. Edit the name of your MX such as “Lab <n> MX” and assign a city/address (refer to your topology sheet), and use the live tools to ping the appliance, maybe run a traceroute to google.com. Check the status of your WAN1 and WAN2 uplinks using the “Uplinks” tab.

3. VLAN configuration

a. On the “Addressing and VLANs” page, first Enable VLANs and then create VLANs 10 (Corp), 30 (Voice) and 100 (Guest) as per your topology diagram. See additional notes b/c/d below.

b. Do not remove/modify VLAN 1 (default/untagged VLAN) which is there by default.

c. Use the “Add a Local VLAN” link to configure VLANs 10, 30 and 100.

d. All non-tagged traffic will be part of VLAN1 (default vlan).

4. On VLAN 10 (Corp) reserve IP addresses .150 through .250 under DHCP Settings.

Note: This addressing section is required before moving onto any further labs.

1.1.2 Setting a Security Policy (20-30 minutes)

1. Apply the following global default policies [Hint: This first part does not use group policies.]

a. Completely block peer-to-peer BitTorrent traffic.

b. Set a maximum bandwidth of 5Mbps per client.

7

c.

For Netflix and Pandora, shape traffic to 1M down, 500K up and ensure they are low priority.

to 1M down, 500K up and ensure they are low priority. d. For all voice and

d. For all voice and video conferencing, remove all bandwidth restrictions and ensure they are high priority.

e. Apply content filtering to block adult and gambling websites, but allow 777.com.

2. Enable Advanced Malware Protection (AMP) and Intrusion detection with Balanced Ruleset.

3. Enable network alerts if the MX goes offline for more than 10 minutes or a DHCP pool is exhausted.

4. Create a group-policy called “Guest” to ensure that guest users will conform to below restrictions

a. Guests will be restricted to 2M per client.

b. Guest group policies will only be turned on during working hours 8am–5pm Mon-Fri.

c. No traffic can communicate to/from North Korea or Syria.

d. Add another L7 firewall rule to block all gaming applications.

e. Append the default content filter to add all sports web sites.

f. Now that all sports sites are blocked, allow [Hint: Append to Whitelist] sports.yahoo.com.

5. Apply the “Guest” group policy to the “Guest” VLAN. (Hint: Addressing & VLANs page)

1.1.3 - Interconnect All Sites via Full-Mesh Auto VPN (20 minutes)

1. Configure a full-mesh VPN between all sites, and enable VPN for the Corp and Voice VLANs,

but not the default or guest VLANs.

Hint: Navigate to Site-to-site VPN and configure your site as a hub (and do not configure an exit hub)

Verify connectivity by pinging the data center core switch (10.0.250.1) from the Live tools on the Appliance status screen. What is your latency to the data center?

2. Navigate to VPN Status to verify connectivity to other branches. Note: If you don’t see site-to-

site peers listed, try clicking the “View old version” link on the right-hand side and you can then verify connectivity to other branches.

3. Examine the MX’s routing table. Do you see your local VLANs and VPN peer networks? Can you ping any of the VPN peers? (Check with your neighbors if they have also reached this step.)

1.2.1 Initial Switch Configuration (20-30 minutes)

1. Verify that your MS switch is operational (green status, passing traffic)

8

2.

Edit the name of your switch and apply the tag(s) and city/location from your topology handout.

the tag(s) and city/location from your topology handout. 3. Customize your flex table view under Switch

3. Customize your flex table view under Switch > Switches to include local IP, Tags and S/N.

4. Configure ports 4 – 7 for VoIP phone access

a. Tag these 4 ports with the “voip” tag.

b. Make them access ports on VLAN 1 with voice VLAN 30.

c. Create a QoS rule for the network to mark all traffic in voice VLAN 30 as DSCP 46 (EF) for voice.

5. Create an energy-saving port schedule to turn off ports (power down phones) during off hours.

a. First confirm (or set) the appropriate time zone for your network. (Network-Wide à General)

b. Apply the port schedule to ports 4 – 7 simultaneously (try searching for “voip”).

6. Cable test and packet capture

a. Go to the Switch monitoring page and click on port 2.

b. In the Troubleshooting section, run a cable test on port 2 by clicking on the arrow next to it.

c. Run a packet capture on port 1 of your switch for 30 seconds. View the output in Dashboard, or download to a .pcap file if you have Wireshark installed on your device.

7. Extra Credit: Server ports

a. Configure ports 23 and 24 to be access ports on VLAN 1.

b. Give them a name of “File Server” and a “Server” tag.

c. Set up an email alert if any switch port with a tag of “Server” goes down for > 5 minutes

1.3.1 – Configuring Guest and Corporate Wireless (30-60 minutes)

1. Begin by first verifying that your MR access point is online and operational (i.e. MR is in good health status, firmware & configuration are up to date, etc.) – you should see only one AP listed on the Monitor > Access points page.

2. By default, the MR’s name will appear as its MAC address - look for and click on the pencil icon which will allow you to change/edit the name. Proceed to rename the MR’s name as “MR [n]” where n is your station number. You can also edit the address here to place the AP. (More detailed placement is available at Wireless > Map & Floor Plans)

3. Navigate to the “Tools” tab to ping the Access Point from Dashboard to confirm it’s online. You should also be able to ping your station’s MX at 10.0.10+n.1 or even other stations MR’s across the VPN.

4. Navigate to Configure > SSIDs and proceed to enable as well as rename two SSIDs. Rename the first SSID as “Corp n” and the other as “Guest n” (where n is your station number.) – be sure to save your changes before leaving the page.

Hint: You should rename/repurpose the default SSID (usually named “LabX – Wireless WiFi”) as one of the two SSIDs you are creating.

5. To configure settings for these SSIDs, go Configure > Access control where you must

5. To configure settings for these SSIDs, go Configure > Access control where you must first make sure that the “Corp” SSID has been selected from the SSID drop-down menu at the top. This SSID needs to have the following settings:

Association Requirements: PreShared Key with WPA2, password: ‘meraki123’

Client IP Assignment: Bridge mode

VLAN tagging: enabled, VLAN ID: 10

6. Switch to the “Guest” SSID by using the drop-down menu at the top, and give this SSID the following settings:

Splash page: Click-through

Client IP Assignment: Bridge mode

VLAN tagging: enabled, VLAN ID: 100

7. Because we are using a click-through splash page for our guest wireless network, we will want to have them re-authenticate every 30 minutes. Navigate to Configure > Splash page and change the frequency to every half hour.

8. We want to ensure that our wireless guest users have no way of accessing any of the internal local network resources while also restricting their usage. Go to Configure > Firewall & traffic shaping and make the following configurations on the “Guest” SSID:

Edit the default Layer 3 firewall by adjusting the policy to deny access to the Local LAN for all wireless clients that might try to access the LAN

Add three Layer 7 firewall rules to block P2P, File sharing, and Gaming services

Limit the per-client bandwidth to 1 Mbps

Make the Guest SSID unavailable on weekends.

9. Let’s implement some best & common practices for the RF settings.

a. For the Corporate SSID, make it dual-band operation, but use band steering to get more users onto the cleaner 5GHz radio.

b. For all SSIDs, disallow very old legacy 802.11b devices.

c. Ensure automatic power reduction so the AP isn’t always running at 100% Tx power.

d. Ensure a default 5GHz channel width of 80MHz.

e. Ensure the AP is choosing its channel assignment automatically.

Hint: These items are on different pages, as some controls are per-SSID, and some are for the AP as whole. Be sure to check out both Access Control and Radio Settings pages. On Radio Settings, you can also hover over the current settings on each AP to see available options.

10. Let’s check on the RF utilization of the 2.4Ghz band since we powered on the AP. It’s in a very busy place, so we want to see how badly overutilized that band has been. Back on the AP’s status page, use the RF tab on the far right.

10

11. Extra Credit – Systems Manager: Create a 3rd SSID called BYOD to be used

11. Extra Credit – Systems Manager: Create a 3rd SSID called BYOD to be used for mobile device onboarding, force iOS and Android clients to have Meraki Systems Manager installed to join the SSID and get network access, Windows or Mac laptops will just see a splash page – Mobile clients will download System Manager upon joining the BYOD SSID, the firewall blocks everything else. [Hint: This is under access control]

11

Exercise 2 | Large Site / Campus Since deploying their enterprise network, Nightingale Medical Associates

Exercise 2 | Large Site / Campus

Since deploying their enterprise network, Nightingale Medical Associates has continued to grow. They’ve just acquired another medical group that has a legacy private network interconnecting all of their sites. In order to increase collaboration during the acquisition, Nightingale Medical Associates has rolled out the private network to all sites. Also, to protect their new Electronic Medical Records (EMR) system, Nightingale Medical Associates wishes to increase the security of their wired and wireless network.

2.1.1 - Layer 3 Routing on the Switch (30-60 minutes)

1. Navigate to the Switch -> Routing and DHCP screen and create the interfaces below

a. Name: Corp, Subnet: 10.0.10+x.0/24, Interface: 10.0.10+x.201, VLAN: 10, Default gateway: 10.0.10+x.1, Disable DHCP

b. Name: Legacy, Subnet: 10.0.150+x.0/24, Interface: 10.0.150+x.1, VLAN: 150, DHCP Enabled

c. Name: OSPF, Subnet: 192.168.0.0/24, Interface IP: 192.168.0.x, VLAN: 600, Disable DHCP

2. Go to the MX Appliance and create a static route to the “Legacy” subnet using the IP address on your L3 switch SVI in the “Corp” VLAN as next hop. Reference the topology sheet for

supplemental information. [Hint: The Legacy network now lives on the MS only so we need to tell the MX where this network is now. The answers can be found in 1.a and 1.b above]

a. “In VPN” option should be “Yes”

3. On the switch, configure OSPF with following settings:

a. First configure switch port 13 to be access VLAN 600

b. Enable OSPF with default Area 0

c. Edit Legacy and OSPF interfaces to use the default Area 0 and Cost 1

d. Edit the default static route to be preferred over OSPF routes

NOTE: Let the instructor know you reached this point and ask them to enable the private network for exercise 2.

4. Navigate to the switch monitoring page

a. Verify that port #13 is now operational

b. Verify that your switch is using 192.168.0.x as the Router ID. If not, change it.

c. Verify the OSPF neighbors and routes using the live tools

i. Do you see the other lab stations as OSPF neighbors?

ii. Do you see the data center switch as an OSPF neighbor (192.168.0.254)?

5. Start a ping to the data center switch (192.168.0.254) from the Legacy Source interface

(10.0.150+x.1).

a. Ping 10.0.250.1 again with port 13 disabled. Wait about 30 seconds after disabling the port.

b. What path is the switch now taking to get to 10.0.250.1?

12

c. Does the switch still have OSPF neighbors? d. See the diagram at the end

c. Does the switch still have OSPF neighbors?

d. See the diagram at the end of this document to better understand the logical data flow / topology.

6. Re-enable port 13.

2.1.2 Wired 802.1X and DHCP protection (20 minutes)

1. Create an Access policy (Switch > Configure > Access Policies)

a. Give it a name of “Test Policy 1” or something similar.

b. Use Radius host IP 10.0.250.100. Port 1812. Secret = “meraki123”

c. Place clients into VLAN 100 if they are unable to participate in 802.1x via a guest VLAN.

[Hint: MS switches support hybrid auth, so they’ll try 802.1X 1 st and fall back to MAB 2 nd .]

d. Allow phones (Voice VLAN Clients) to bypass authentication.

2. Navigate to Switch > Switch Ports

a. Apply the access policy to ports 4 – 7 simultaneously. Note you can type “voip” or “4-7” in the search box, then select all 4 ports at once.

b. On the switch ports page, update the flex table to include the “Access Policy” column.

3. Navigate to Switch -> DHCP Servers

a. In order to improve the security of the LAN, change the default DHCP server policy to block DHCP servers.

b. Allow any existing DHCP servers detected within the last day (If there are some you simply click the “allow” link in the policy column)

2.2.1 Wireless IPS and 802.1X Authentication (20-30 minutes)

1. On your “Corp” SSID, use WPA2-Enterprise for authentication and add a RADIUS server with IP address 10.0.250.100, port 1812 and shared key “meraki123”.

2. Configure the AP to act as a dynamic authorization server by responding to Change-of- Authorization messages coming from the RADIUS server. [Hint: This is below the RADIUS server

configuration section in the same general location]

3. All of your devices should be newer corporate-issued devices. Let’s ensure maximum security and performance on this SSID by:

a. Allowing Apple devices to use FastLane automatically (hint: It’s also known as adaptive

802.11r)

b. Turning on protected management frames (802.11w)

c. Blocking all Windows Phone and Blackberry devices from connecting. (Hint: Group

policies by device type, still on the Access Control page)

4. Navigate to the Air Marshal screen and configure the Access Points to block users from connecting to Rogues seen on the LAN.

5. Configure the access point to automatically contain any SSIDs [Hint: SSID Blacklist] being broadcast with “Nightingale” in the name of the SSID. This should automatically contain any other local SSIDs with “Nightingale” in the SSID name.

6. Navigate to “Other SSID’s” and find your neighbor’s Corp SSID. Whitelist it so it doesn’t ever get contained.

13

2.2.2 Advanced Wireless RF Design (20-30 minutes) 1. Navigate to RF Spectrum, and identify top

2.2.2 Advanced Wireless RF Design (20-30 minutes)

1. Navigate to RF Spectrum, and identify top interfering AP’s on your AP’s current 2.4Ghz channel.

2. Nightingale corporate IT has identified that as the site grows, we will need to have a more advanced RF Profile applied to very dense offices. Navigate to Radio Settings, and create a

new RF Profile for future AP’s at this location, called “Nightingale High Density” from scratch:

a. Ensure the 5Ghz band is the only one used, and ignore 2.4Ghz.

b. Ensure a narrower channel width of 20Mhz.

c. Ensure Client Load balancing is enabled.

d. Leave the full range of power settings for Auto Power.

e. Set the minimum bitrate to 24Mbit, for the entire AP (not per SSID)

f. Set the RX-SOP (Minimum received power) to ignore any clients weaker than -80dBm.

3. Navigate back to Wireless > Radio Settings, and select your AP, and apply the High Density profile to it. (Accept any overrides) [Hint: Check out the Edit Settings button]

4. We need to prioritize new wireless VoIP phones on the network, from the AP itself. Navigate to Wireless > Firewall & Traffic Shaping.

a. Turn on traffic shaping for your Corp SSID.

b. Prioritize All Voice & Video applications.

c. Ignore any bandwidth restrictions for this rule.

d. Place this traffic in PCP 6 (a priority queue), and tag it with DSCP “EF” (46) so other network devices will prioritize the traffic upstream.

14

Exercise 3 | Distributed Enterprise (60-120 minutes) Nightingale Medical Associates has been using the ir

Exercise 3 | Distributed Enterprise (60-120 minutes)

Nightingale Medical Associates has been using their Meraki network for an entire year now. Their Cloud Managed Network has helped them roll out electronic medical records, ensure HIPAA compliance, and has accommodated the demand for guest Internet. To keep up with the growing number of doctor’s offices joining the group and increase the level of performance and reliability required by a growing distributed network, they will need to add centralized Data Center services, increase redundancy, and ensure that their business-critical applications are always preferring the best performing WAN path.

3.1.1 VPN Topology & Redundancy (30-60 minutes)

1. Evolve the lab VPN design to a more scalable model using the Hub-and-Spoke topology.

a. Configure your site as a spoke and add both “Data Center 1” and “Data Center 2” as

hubs.

b. Prioritize “Data Center 2”.

c. Configure a full tunnel VPN by configuring both hubs with a default route.

d. Enable VPN for only Corp and Voice networks.

2. Verify that you can still ping each other’s lab MX LAN IP’s just as you did earlier with the full mesh configuration.

3. Verify connectivity to all 3 Data Center subnets.

Hint: Use MX ping tool as well as check the Route Table on your MX.

a.

10.0.250.0/24 (Shared)

b.

10.0.251.0/24 (DC1)

c.

10.0.252.0/24 (DC2)

NOTE: Let the instructor know that you have reached this point and ask them to initiate a failure at Data Center 2 by disabling its uplink for your lab pod.

4. Perform the following verification tasks.

a. Verify that Data Center 2 in unreachable by pinging the default gateway of its unique subnet (10.0.252.2).

b. Verify that the DC shared subnet is still reachable by pinging its default gateway

(10.0.250.1).

c. Verify connectivity to your neighbors despite the data center failure by pinging their

MX.

3.1.2 Software Defined WAN (SD-WAN) (30-60 minutes)

1. Navigate to Security appliance > Configure > Traffic shaping.

a. Configure uplink bandwidths: WAN 1 = 10Mbps, WAN 2 = 5Mbps.

15

b. Enable load balancing. c. Configure a flow preference for “Guest” internet traffic to prefer

b. Enable load balancing.

c. Configure a flow preference for “Guest” internet traffic to prefer WAN2. Hint: any traffic with a source IP of 10.0.100+x.0/24 should prefer WAN2.

2. Create a custom performance class named “Acceptable Delay” with a setting of 200ms of

latency.

3. Under VPN traffic, configure the following rules:

a. Any traffic destined to 8.8.8.8/32 should prefer WAN 2 unless performance is worse than “Acceptable Delay”.

b. Any traffic from the “Corp” subnet should load balance on uplinks that meet “Acceptable Delay”.

c. Any traffic from the “Voice” subnet should use the best uplink for VoIP.

4. Verify path selection by navigating to the Uplink Decision section of the VPN status page.

a. Which uplink is used for traffic destined for 8.8.8.8?

i. WAN2 is cycling between 50ms and 400ms of latency every 20 seconds resulting is the uplink cycling between WAN1 and WAN2.

b. Click one of the links in the uplink decision column.

i. What is the average latency and MOS score between your branch and Data Center 2 for both of your branch’s WAN links?

5. (Optional) Feel free to adjust the “Acceptable Delay” latency setting and see how the uplink cycling between WAN1 and WAN2 changes.

16

Final Logical Data Flow / Topology 17

Final Logical Data Flow / Topology

Final Logical Data Flow / Topology 17

17

Congratulations! Thanks to you, Nightingale Medical Associates has been able to adopt an enterprise solution

Congratulations!

Thanks to you, Nightingale Medical Associates has been able to adopt an enterprise solution that has scaled with the group’s growth. You’ve expanded their small original location to a larger enterprise deployment, supporting a multi-site architecture that meets all of their security and reliability requirements. You have saved them a lot of time and money given the single-pane-of-glass management across their full stack of infrastructure, zero-touch deployment model, simple troubleshooting and reporting, and great visibility and analytics to improve business practices.

18