I am trying to understand when designing SD-WAN solution whether to choose one-armed mode or NAT mode MX for a customer environment. I understand one-armed mode is recommended for DC which support BGP and required for DC-DC fail over but if customer has only one HO and dont really need BGP on the overlay what other reasons would justify a one-armed mode?
Hi @Aamir if you simply want to leverage the MX as a VPN Concentrator you can leverage one-armed mode even if you do not require BGP functionality. The other time when you would use this mode is for passthrough, in which case you would also have devices connected behind the LAN interfaces, and the MX basically becomes a bump-in-the-wire and operates in bridge mode but can still give you the security capabilities, but not as a VPNC.
Sounds like you've already reviewed the docs but just in case, review Appendix 1 here: