Thanks, Drew, for taking the time to be precise. I agree that the ability of the provider to do QoS inside their network is an advantage of MPLS that can be difficult to match - but I would guess that even VoIP would be fine in most cases. In this case, since both sites will have a UTM, a combination of IPsec and RED tunnels over a faster connection could be better and cheaper. I bet it's cheaper to put a UTM in each site than to pay for MPLS, and that would offer the same mesh opportunities as MPLS. Once there are more than a few sites, I agree that it's probably worth paying for MPLS to offload the admin overhead.
Azwanarif, you're correct that QoS won't work on a bridged interface. I don't know how to use Multipath rules to automatically send HTTP traffic to an alternate Uplink interface with Web Filtering in Full Transparent mode.
In this situation, I would recommend NOT using Full Transparent with bridged interfaces. If their IPVPN goes down, there would be a quick failover to the other line for the HTTP traffic. Using Uplink Monitoring, it also would be possible to enable a site-to-site IPsec VPN to the other site over the ADSL connection.
If they are concerned about the UTM failing, then I would recommend a Hot-Standby unit with power and UPS on a different circuit. A full-mesh networking setup with LAGs as in the picture below would make the setup even more robust.
Thanks, Drew, for taking the time to be precise. I agree that the ability of the provider to do QoS inside their network is an advantage of MPLS that can be difficult to match - but I would guess that even VoIP would be fine in most cases. In this case, since both sites will have a UTM, a combination of IPsec and RED tunnels over a faster connection could be better and cheaper. I bet it's cheaper to put a UTM in each site than to pay for MPLS, and that would offer the same mesh opportunities as MPLS. Once there are more than a few sites, I agree that it's probably worth paying for MPLS to offload the admin overhead.
Azwanarif, you're correct that QoS won't work on a bridged interface. I don't know how to use Multipath rules to automatically send HTTP traffic to an alternate Uplink interface with Web Filtering in Full Transparent mode.
In this situation, I would recommend NOT using Full Transparent with bridged interfaces. If their IPVPN goes down, there would be a quick failover to the other line for the HTTP traffic. Using Uplink Monitoring, it also would be possible to enable a site-to-site IPsec VPN to the other site over the ADSL connection.
If they are concerned about the UTM failing, then I would recommend a Hot-Standby unit with power and UPS on a different circuit. A full-mesh networking setup with LAGs as in the picture below would make the setup even more robust.
