Access Rights and Access Controls in the WAN Domain

Because there are limited components in the WAN versus SD-WAN, there are also limited opportunities to enforce access control for the domain. There are essentially two places to control access to the WAN. First, you can deploy controls to limit access to the WAN access device. Device and user authentication and authorization controls should limit which users can access the WAN access point. The second way to control WAN access is in the access device itself. The WAN access point has the ability to enforce access controls. In this way, the WAN access device controls which users can get through the device and onto the WAN.

WAN access devices and WAN optimization devices both contain the ability to selectively grant access to the WAN. Although the WAN access device generally operates like a firewall or gateway, WAN optimization devices can make more sophisticated decisions about WAN access. Granting access may include decisions regarding time- or bandwidth-sensitive rights. Some users might be granted WAN access only during slow periods, while other users might get access on demand. You have the ability to grant or deny WAN access based on your security and functional needs.

Implementing more complex controls means you should spend more time testing the controls under different circumstances. If you implement load-based controls using WAN optimization, ensure you test the controls under different network loads, either real or simulated. Use auditing to create logging entries for repeated access denials to ensure your controls aren’t hampering your users’ ability to do their jobs. As always, avoid auditing too many events. Only audit the ones you’ll need to analyze your WAN’s ongoing performance.