Open-source · MIT · Docker-ready
current: jsuzanne/stigix:stable

A lab platform for
real SASE / SD-WAN
validation

Stigix generates realistic SaaS and application traffic, runs security policy tests, measures failover convergence, simulates voice and IoT devices, and orchestrates VyOS network impairments — in labs, demos, and POC environments.

View on GitHub Quick Start →
Runs on Docker — AMD64 & ARM64 Ready in under 60 seconds Linux · macOS · Windows (WSL 2)
Note: This is a personal, community-driven open-source project. It is not an official Palo Alto Networks product and is not supported or endorsed by Palo Alto Networks. All opinions and configurations are the author's own. Use at your own risk.
Origin
"I built this after years of writing one-off scripts for SD-WAN POCs and never finding a single lab platform that matched what I see in the field."

The pattern was always the same: a new POC, a new set of one-off scripts to simulate SaaS traffic, test URL filtering, or measure failover convergence. Nothing reusable. Nothing that handled both the traffic side and the security validation side in the same tool.

Stigix was built to change that — a single platform for generating realistic application traffic, running security policy tests, simulating voice and IoT devices, measuring SD-WAN convergence time, and giving you a real-time view of what's happening across the network.

Problems it solves

  • No realistic SaaS traffic for SD-WAN application steering demos
  • No single tool combining URL filtering, DNS security, and threat prevention validation
  • No precise failover convergence measurement in a lab
  • IoT and voice simulation requiring custom scripting every time
  • No link between network impairment orchestration and traffic observation
  • No zero-config multi-node setup for branch/hub lab scenarios
  • No Docker-based deployment running on both x86 and ARM
Platform

Core capabilities

Each area is independently usable and fully integrated into the same dashboard and config system.
Capability
Description
Key specs
Traffic Generation
traffic control
67 pre-configured SaaS applications including Google Workspace, Microsoft 365, Salesforce, and Zoom. Authentic HTTP/S requests with proper User-Agent headers and Referers. Weighted distribution per application group with live rate control from the dashboard.
67 apps HTTP/S Weighted Rate slider
Digital Experience
performance monitoring
Synthetic connectivity probes (HTTP, ICMP, TCP) with per-site latency tracking and endpoint health monitoring. Real-time log streaming via WebSocket. Live statistics dashboard with success/failure rates, latency metrics, and bandwidth tracking. Historical traffic volume charts. Export results in JSON, CSV, or JSONL. 7-day persistent JSONL storage with auto-rotation.
HTTP/ICMP/TCP WebSocket JSON/CSV 7-day log
Bandwidth Test (XFR)
performance
High-performance throughput and latency validation between Stigix instances. Real-time telemetry with searchable history. Complements iPerf3-based bandwidth testing. Suitable for sustained bandwidth measurement across SD-WAN paths in POC environments. Every instance is an XFR responder by default.
Throughput Latency iPerf3 XFR
Security Validation
security
URL filtering validation across 66 categories (malware, phishing, gambling, adult content). DNS security tests against 24 domains including DGA and C2 patterns. EICAR-based IPS/threat prevention validation. Scheduled testing with persistent result history and export.
66 URL cats DNS security EICAR/IPS EDL support
IoT Simulation
protocol simulation
Layer-2/3 device simulation with Scapy-based DHCP and ARP, placing virtual devices directly on the wire. Simulates cameras, sensors, and other IoT profiles. Attack mode for validating malicious behavior detection: DNS flood, C2 beacon, port scan, data exfiltration.
DHCP/ARP Layer-2/3 Attack mode Cameras
Voice Simulation
protocol simulation
Scapy-based RTP packet forging to simulate real-time voice calls using G.711 and G.729 codecs. QoS analytics and MOS score estimation. Tests QoS policy prioritization and jitter behavior across SD-WAN paths. Built-in voice echo target active on all instances.
RTP G.711/G.729 MOS score Scapy
Failover Monitoring
network testing
High-precision UDP probe monitoring at up to 1000 packets per second. Measures exact SD-WAN tunnel transition times with packet-level accuracy. Tracks RX/TX loss during convergence events. Designed for rigorous failover lab scenarios where timing precision matters.
UDP probes 1000 PPS max RX/TX loss Timing
VPN Topology
integration
Live VPN topology overlay showing SD-WAN tunnel status (Active/Backup/Down), hub mapping, and peer device discovery directly from the Prisma SASE API. Automatic discovery of Prisma SD-WAN sites and LAN interfaces for zero-config connectivity probes and path validation.
Prisma API Autodiscovery Topology Hub/Branch
VyOS Control
orchestration
Orchestrate network impairments on VyOS routers via the VyOS API without touching the CLI for each test. Inject latency, packet loss, rate-limiting, and IP blocking on demand. Enables repeatable, automated lab scenarios with controllable network conditions.
VyOS API Latency Loss Rate-limit
Peer Autodiscovery
multi-node
Automatic peer-to-peer discovery via a Cloudflare Workers-based registry. Zero-config multi-node setup with stateless JWT authentication. Every Stigix instance is simultaneously a source and a target — discovered peers appear instantly in the dashboard.
CF Workers Multi-node Source+Target JWT
Applications

What engineers use it for

01

SD-WAN Policy Validation

Generate weighted SaaS traffic across specific interfaces and verify that application steering rules behave as intended. Confirm that video, voice, and critical SaaS flows follow the expected path based on policy — before and after configuration changes.

02

Security Policy Testing

Validate URL filtering categories, DNS security, and IPS policies against real test destinations. Run scheduled security test cycles and capture results persistently. Confirm that blocking and alerting rules fire correctly before go-live or after a policy change.

03

Demo & Presales Labs

Build repeatable, visually compelling demo environments for customer presentations and partner enablement sessions. Live traffic generation, real-time security results, and VPN topology overlays provide an authentic view without requiring access to a production environment.

04

Failover & Convergence Analysis

Measure exact tunnel transition times during link failure or SD-WAN path change events. Use VyOS network impairment orchestration to induce failures on demand and capture convergence timing with high-precision UDP probes at up to 1000 PPS.

05

Troubleshooting

Quickly generate the specific type of traffic needed to reproduce a QoS issue, a policy misclassification, or a failover anomaly. Use real-time logs, statistics, and live topology data to correlate what the platform generates with what the network is actually doing.

06

IoT & Voice Validation

Simulate realistic IoT device presence at Layer 2/3 and validate that DHCP profiling, micro-segmentation, and traffic classification work correctly. Test QoS policy prioritization for voice traffic using Scapy-based RTP packet simulation with MOS score estimation.

Installation

Up and running in under a minute

Docker must be installed and running. No other dependencies required.

bash — stigix install
# One-liner install (Linux / macOS)
$ curl -sSL https://raw.githubusercontent.com/jsuzanne/stigix/main/install.sh | bash
🚀 Stigix (All-in-One) — Installation
✅ Docker is running.
✅ Pulling jsuzanne/stigix:stable ...
✅ Services started. Dashboard → http://localhost:8080
# Manual install — download compose file directly
$ mkdir -p stigix && cd stigix
$ curl -sSL -o docker-compose.yml https://raw.githubusercontent.com/jsuzanne/stigix/main/docker-compose.yml
$ docker compose up -d
Every Stigix instance is both a sender and a responder. Once deployed, the instance immediately starts generating traffic and listening as an HTTP echo, XFR bandwidth, voice echo, and SLA probe target — with no additional configuration. Deploy on a branch node, a hub, or a cloud VM: all instances are auto-discovered and appear in the peer list of every other instance on the same registry.
Linux
Docker Engine · x86 / ARM64 servers, VMs, or any Docker-capable appliance — including routers, switches, and access points that support container workloads. Host network mode for full Layer-2/3. See HW requirements.
macOS
Docker Desktop / OrbStack · macOS 11+. Bridge mode. Some Layer-2 constraints apply.
Windows
Docker Desktop + WSL 2 · Windows Install Guide — one-liner not supported on PowerShell.
Resources

Documentation & GitHub

GitHub RepositorySource code, issues, releases
 🚀
Quick Start GuideRunning in 5 minutes
 ⚙️
Configuration GuideEnv vars and advanced options
 🛡️
Security TestingURL, DNS, threat prevention
 🔄
Convergence LabFailover timing and loss
 🔧
VyOS ControlNetwork impairment orchestration
 🔌
IoT SimulationLayer-2/3 device simulation
 🎙️
Voice SimulationRTP forging and MOS scoring
 ☁️
Prisma SD-WAN IntegrationAPI setup and site discovery
 🪟
Windows Install GuideDocker Desktop + WSL 2
 🐛
IssuesBug reports and feature requests
 📋
ChangelogFull release history