The Network

Leader’s Guide to
Secure SD-WAN
Security-Driven Networking Delivers
Comprehensive WAN Edge
Table of Contents

Executive Overview 3

Introduction 4

Which Way to SD-WAN? 6

Fortinet Delivers Best-of-Breed SD-WAN 7

Security-Driven Networking 14

In a Volatile SD-WAN Market, Fortinet Is the Safe Bet 15

Executive Overview
Many organizations that are in the midst of digital transformation (DX) initiatives for their distributed businesses are
seeking to replace their outdated wide-area network (WAN) infrastructures. The high cost and complexities of reliable
wide-area connectivity over traditional carrier-based networks is driving most decision-makers toward some form of
software-defined wide-area networking (SD-WAN). Fortinet Secure SD-WAN delivers both networking and security
capabilities in a unified solution. It supports application performance, consolidated management, and advanced
protection against threats.

3
Introduction
While selecting the right SD-WAN solution for a specific implementation may require a few compromises, security
should not be one of them. There are several options for combining SD-WAN networking and advanced security—but
only one solution can truly be called Secure SD-WAN. Fortinet, the most trusted name in network security, has added
best-of-breed SD-WAN capabilities to its industry-leading FortiGate next-generation firewalls (NGFWs). FortiGate
NGFWs featuring Secure SD-WAN provide optimal performance for business-critical Software-as-a-Service (SaaS)
applications as well as digital voice and video tools. At the same time, they help protect organizations against the latest
risk exposures and evolving sophisticated attacks.

4
IDC predicts that worldwide
SD-WAN infrastructure and services
revenue will see a compound annual
growth rate (CAGR) of over 40% to
reach $4.5 billion by 2022.1

5
Which Way to SD-WAN?
SD-WAN offers the ability to use available WAN services combination with SD-WAN to address security issues,
more effectively and economically—giving users across as branches are directly exposed to the internet via
distributed organizations the freedom to better engage broadband connections with SD-WAN. To address
customers, optimize business processes, and innovate. these business requirements, organizations need a
It also makes WAN management more cost-effective, comprehensive SD-WAN offering—Fortinet Secure
which is why SD-WAN solutions will continue to be a SD-WAN, the only one with built-in security and the
robust growth market for the foreseeable future. performance capabilities an SD-WAN deployment
requires.
To answer this demand, there have been many SD-WAN
solutions introduced in the last few years. But not all of
them are created equal.

SD-WAN experts and industry analysts say that the

optimal SD-WAN for an enterprise depends on the
organization’s application performance requirements,
security priorities, and IT skill sets. It is also widely
recommended that companies use an NGFW solution in

6
Fortinet Delivers Best-of-Breed SD-WAN
Fortinet Secure SD-WAN replaces separate WAN routers, Application Awareness for Improved Service Levels
WAN optimization, and security devices such as firewalls
and secure web gateways (SWGs) with a single FortiGate Fortinet Secure SD-WAN is powered by the new SOC4
NGFW. This provides industry-best performance application-specific integrated circuit (ASIC, which provides
with capabilities that include application awareness, faster application steering and unrivaled application
automated path intelligence, and WAN overlay support identification performance. This includes deep secure
for VPN. Fortinet Secure SD-WAN delivers security- sockets layer (SSL)/transport layer security (TLS) inspection
driven networking for branch networks with outstanding with the lowest possible performance degradation.
performance enabled by fast application identification
Technically, SD-WAN works by routing applications over
and automated path intelligence.
the most efficient WAN connection at any point in time.
To ensure optimal application performance, SD-WAN
solutions must be able to identify a broad range of
Fortinet Secure SD-WAN Delivers: applications and apply routing policies at a very granular
§§Fast application identification level. Without these capabilities, SaaS applications, video,
§§Enhanced application accuracy and performance and voice can slow and impede end-user productivity.

§§Application database updates from FortiGuard To address these issues, Fortinet Secure SD-WAN uses
Labs research an application control database with the signatures of
more than 5,000 applications (plus regular updates from
FortiGuard Labs threat intelligence services). Fortinet
Secure SD-WAN identifies and classifies applications—
even encrypted cloud application traffic—from the very
first packet.

7
Fortinet Secure SD-WAN
automatically recognizes and
optimally routes over 5,000
applications.

8
FortiGate can be set to recognize applications by When it comes to WAN efficiencies, key capabilities in
business criticality. Business-critical applications (e.g., Fortinet Secure SD-WAN include:
Office 365, Salesforce, SAP), general productivity
applications (e.g., Dropbox), and social media (e.g., Automated Path Intelligence. Application awareness

Twitter, Instagram) can be given different routing priorities. enables prioritized application routing across network

Unique policies can be applied at a deeper level for sub- bandwidth based on the specific application and user.

applications (e.g., Word or OneNote within Office 365). The new SOC4 ASIC gives Fortinet Secure SD-WAN

This deep and broad application-level visibility into traffic the fastest application steering in the industry. SD-WAN

patterns and utilization offers a better position to allocate service-level agreements (SLAs) are easily defined by

WAN resources according to business needs. dynamically selecting the best WAN connection for the
specific business circumstances. For low- to medium-
Effortless WAN Efficiency priority applications, organizations can specify the quality
criteria, and the FortiGate will select the corresponding
Fortinet Secure SD-WAN greatly simplifies the process link. For high-priority and business-critical applications,
of transforming legacy WAN edge infrastructures to organizations can define strict SLAs based on a
provide enhanced application performance, a better user combination of jitter, packet loss, and latency metrics.
experience, and improved security. Once WAN policies
are set based on application criticality, performance WAN Overlay. Responsive overlay VPN capabilities
requirements, security policies, and other considerations, enable a better overall WAN experience for branch users.
the Fortinet Secure SD-WAN solution takes over from Cloud overlay controller orchestration, powered by
there. FortiGate NGFWs featuring the SOC4 ASIC 360 Protection Bundle subscription services, simplifies
deliver 10 times faster security performance than the overlay VPN deployment with cloud-based automated
competition.2 provisioning.

9
Automatic Failover. Multi-path technology can Tunnel Bandwidth Aggregation. For applications
automatically fail over to the best available link when the that require greater bandwidth, Fortinet Secure SD-
primary WAN path degrades. This automation is built into WAN enables per-packet load balancing and delivery
the FortiGate, which reduces complexity for end-users by combining two overlay tunnels to maximize network
while improving their experience and productivity. capacity.

WAN Path Remediation. WAN path remediation utilizes Simplified Management and Industry-Best TCO
forward error correction (FEC) to overcome adverse WAN
WAN managers are often in a quandary when it
conditions such as poor or noisy links. This enhances
comes to deploying SD-WAN edge devices to their
data reliability and delivers a better user experience for
numerous remote sites and branch offices. Truck rolls
applications like voice and video services. FEC adds
are expensive, and technical staff is often limited. On
error correction data to the outbound traffic, allowing
the other hand, shipping fully configured devices is not
the receiving end to recover from packet loss and other
secure. Also, once edge devices are deployed, staff
errors that occur during transmission. This improves the
must manage both the WAN optimization functions and
quality of real-time applications.
security functions, often from two different interfaces.
Fortinet Secure SD-WAN solves both deployment and
the management problems to reduce total cost of
ownership (TCO).

10
In NSS Labs’ 2018 SD-WAN Group
Test Results, Fortinet Secure
SD-WAN received top marks for
both VoIP (the highest score) and
video quality of experience (QoE).3

11
Zero-Touch Deployment. Fortinet Secure SD-WAN’s For users who need secure communications over the
simplified deployment capabilities allow enterprises to public internet links, VPNs can be set up with just
ship unconfigured FortiGate NGFW appliances to each one click. All this saves time and simplifies SD-WAN
remote site. When plugged in, the FortiGate automatically administration (on-premises or via the cloud), alleviating
connects to the FortiDeploy service in FortiCloud. Within pressure on lean network teams. Fortinet offers one of
seconds, FortiDeploy authenticates the remote device the only solutions that can manage SD-WAN networking,
and connects it to a central FortiManager system. security, and access layer controls from the same
management console.
Single-Pane-of-Glass Management. FortiManager
enables centralized visibility of all deployed Secure SD- TCO. Fortinet Secure SD-WAN offers industry-leading
WAN-enabled FortiGate NGFWs across the distributed TCO with the best price/performance at 1 Gbps
organization. Highly intuitive visualizations make it easy to threat-protection throughput.4 The move to public
monitor both the physical and logical network topologies broadband means that expensive MPLS connections
at a high level and drill down when needed to investigate can be replaced with more cost-effective options. With
any issues. Administrators can update and disseminate the Fortinet transport-agnostic solution, enterprises
corporate WAN policies to all locations or reconfigure can utilize the entire available bandwidth by using the
individual devices. connections in active-active mode.

12
Fortinet Secure SD-WAN delivers
industry-best TCO—10x better than
the competition.5

13
Security-Driven Networking
Fortinet enables best-of-breed, certified SD-WAN that is Secure SD-WAN-enabled FortiGate NGFWs also monitor
both high-performance and protected. FortiGate NGFWs firewall rules and policies and highlight best practices to
featuring the SOC4 ASIC deliver the fastest SD-WAN improve the organization’s overall security posture. This
security performance in the industry. In NSS Labs’ first helps to simplify compliance with security standards as
“Software-Defined Wide Area Networking Test Report,” well as privacy laws and industry regulations. Automated
Fortinet was the only vendor with security capabilities to auditing and reporting workflows save staff hours while
receive a “Recommended” rating.6 reducing the risk of omissions and errors.

Specifically, Fortinet Secure SD-WAN has robust SD- Enabling the SD-Branch
WAN threat protection, including Layer 3 through Layer 7
security controls not commonly found in other SD-WAN- Many enterprise branches are deciding to simultaneously
plus-firewall solutions: replace both their WAN and LAN devices in favor of a
solution with deeper integration and simplified branch
§§Complete threat protection, including firewall, antivirus,
operations management. Using separate WAN and
intrusion prevention system (IPS), and application control
LAN infrastructures increases branch complexity; there
§§High-throughput SSL inspection with minimal
are more devices to deploy and update with multiple
performance degradation, ensuring that organizations do
management consoles. It also reduces visibility and control
not sacrifice throughput for complete threat protection7
of operations while increasing the opportunities for security
§§Web filtering to enforce internet security without requiring gaps that hackers can exploit. To solve these challenges,
a separate SWG device Fortinet Secure SD-WAN includes an accelerated security
§§Highly scalable and high-throughput overlay VPN tunnels extension to the access layer that enables SD-Branch
to ensure that confidential traffic is always encrypted transformation.

14
In a Volatile SD-WAN Market, Fortinet Is the Safe Bet
As cloud-based applications and tools like voice and video become increasingly critical to distributed businesses,
Fortinet Secure SD-WAN can help organizations embrace the benefits of DX without bottlenecking application
performance, impacting end-user productivity, or putting data at risk.

Fortinet Secure SD-WAN is scalability, helping organizations confidently support more remote sites, more bandwidth-
sensitive business-critical applications, more cloud services, and whatever else the branch network requires.

Fortinet Secure SD-WAN has been adopted worldwide in wide-ranging industries—from finance, to retail, to
manufacturing, to customer service. Whether they need to support a few hundred mobile endpoints or tens of
thousands of branch offices, Fortinet Secure SD-WAN customers are each achieving their own optimal mix of best-of-
breed security and SD-WAN functionality.

15
1
“SD-WAN Infrastructure Market Poised to Reach $4.5 Billion in 2022,” IDC, August 7, 2018.

2
Based on internal testing by Fortinet.

3
Nirav Shah, “Fortinet Secure SD-WAN Gives the Performance of a Lifetime, Recommended by NSS Labs,” Fortinet, August 9, 2018.

4
Ibid.

5
Ibid.

6
Ibid.

7
Ibid.

16
 www.fortinet.com

Copyright © 2019 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company
names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect
performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the
identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in
the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current
version of the publication shall be applicable. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the
publication shall be applicable.

372656-0-0-EN
March 25, 2019 8:34 AM
eb-network-leaders-guide-to-SD-WAN