© Copyright Fortinet Inc. All rights reserved.
Fortinet Secure SD-WAN Solution Protecting Distributed Enterprises
2 Fortinet - Confidential
Trends in Distributed Enterprise
Fortinet SD-WAN Solution
Case-Study
Agenda
3 Fortinet - Confidential
Trends in Distributed Enterprises – Key Drivers for WAN Transormation
Business Traffic Growing 30% every year
Mobile No control of endpoints
(BYOD)
SSL Traffic Growth 50% of total traffic is
encrypted
Increasing Cyber-Threats
Increasing malwares and botnets per
organizations – Fortinet Thrat Landscape
Report
SaaS Applications On average, companies have
30+ applications running via the
Cloud
IoT 35B devices, mostly
headless attaching
to the network
4 Fortinet - Confidential
I hate my WAN : SD-WAN to the Rescue
Traditional WAN Architecture has become suboptimal
Enterprise WANs are mired in complexity and cost
Improve performance for all applications including cloud
Secure connectivity with the ability to integrate networking
By the end of 2019, 30% of enterprises will use SD-WAN technology in all
their branches, up from less than 1 % today - Gartner
5 Fortinet - Confidential
Link Path Controller and Health Monitoring
Dynamic SaaS Application Database
IPSec VPN Tunneling
Prioritized Business Applications
(Traffic Shaping)
Centralized Management
Orchestration (Service Chaining)
Zero-touch Deployment
Security Processor-powered Appliance
Hybrid Appliance for vCPE
Virtual Machine
VPN MPLS Broad
band
Transport LTE
DC SaaS Internet IaaS
Security
Destination
Management
Expanding Secure SD-WAN with Latest FOS 5.6 Fortinet Press Release – April 4th
7 Fortinet - Confidential
Fortinet’s Key Benefits of Secured SD-WAN Solution
MPLS to Direct Internet Access for Cloud Reduces WAN Cost Spending
Higher SLA for Business App Efficient WAN Path Controller
Better Security Posture Effective Security – Direct Internet Access
Scalable Single Pane of Glass Simplify the deployment and management
8 Fortinet - Confidential
Fortinet – SD-WAN Deployment Models
FortiGate
#1 Market share in distributed enterprise
SPU acceleration for high performance
Consolidated networking and security
Expanded SD-WAN as part of FOS 5.6
FortiGate Enterprise Firewall
FortiHypervisor
FortiHypervisor Eco-System
FortiHypervisor
FortiGate SPU with KVM Hypervisor
FortiGate VM for security and SSL
Supports fabric ready SD-WAN partners
3rd Party
VNF
Fortinet
VNF
3rd Party
VNF
FortiGate Enterprise Firewall
SD-WAN Deployment Summary
10 Fortinet - Confidential
ENTERPRISE FIREWALL
FortiOS FortiGuard SPU
Enterprise Bundle
Services
FortiManager
FortiAnalyzer FortiGate
Rugged
Cloud
Virtual
Physical
5.6
11 Fortinet - Confidential
FortiGate 30 – 90 Series FortiGate 100 – 900 Series
System
on a Chip
Accelerated Entry/Mid-range FortiGate Enable Secure SD-WAN at Branch and Campus
Mid-range FortiGate Optimized for NGFW at the Campus
Content
Processor
Network
Processor
FortiGate 80E Series with High IPsec VPN and SSL Performance FortiGate 100E & 200E Series with High Threat Protection and SSL Performance
Entry-level FortiGate Optimized for Branch Office & SD-WAN
CPU
12 Fortinet - Confidential
Support for various Transport types – Flexibility
Support for Industry’s most secure Encryption Algorithms – Security
Industry’s best IPSec Throughput – Powerful
SD-WAN Requirements - Multiple Links and VPN
Distributed Edge/Branch Office
Hybrid Cloud Data Center
HQ/Datacenter
Public Cloud
SaaS
13 Fortinet - Confidential
Houses a 3G/4G modem for redundancy
Can be installed for optimal coverage
Connects to FortiGate via Ethernet cable
FortiExtender 3G/4G – Wireless WAN Option
14 Fortinet - Confidential
Supports various link path controller algorithms for effective WAN utilization
Dynamic Cloud Application Database for Cloud applications
SDWAN Requirements – Effective WAN Utilization
Distributed Edge/Branch Office
Public Cloud
SDWAN Virtual Link
HQ/Datacenter
SaaS
15 Fortinet - Confidential
Dynamic Routing based on Link quality measurements
Maintain High availability of Business critical applications
Best effort for low priority applications through low cost links
SDWAN Requirements – Link Quality Measurement
Distributed Edge/Branch Office
Public Cloud
SDWAN Virtual Link
HQ/Datacenter
SaaS
Latency = 25 ms
Jitter = 1 ms
Packet Loss = 0 %
BW = 200 Mbps
16 Fortinet - Confidential
Deep Application Visibility for maintaining High SLA for Critical Applications
SSL Inspection for Visibility into Encrypted Applications
Deep Application Visibility for non-encrypted and SSL traffic
Distributed Edge/Branch Office
Public Cloud
SDWAN Virtual Link
HQ/Datacenter
SaaS
Over 3000 Supported Applications
Supports Mandated SSL Ciphers
17 Fortinet - Confidential
DSCP Support for SIP and low latency Applications
Smart Routing and quick failover to provide high SLA
No Call Drop Failover for over 20000 simultaneous SIP Calls
SDWAN Requirements – QoS/Priority for Voice Traffic
Distributed Edge/Branch Office
SDWAN Virtual Link
HQ/Datacenter
Public Cloud
SaaS
18 Fortinet - Confidential
SDWAN Requirements – Priority and Traffic Shaping
TOP
CRITICAL
HIGH
MEDIUM
LOW
Guarantee SLA for Business Critical Apps
19 Fortinet - Confidential
Topology Visibility and Link Utilization
NGFW.1 ISFW.1
ISFW.2 Switch.2
Switch.1
Sandbox Analytics
Private Cloud
Public Cloud
New Downstream Device Quarantine
New Devices and Link Utilizations
New Aggregate FortiGate View
AWSFW.1
ACI.1
Internet
Now 5 M 1H 24H 7D
500MB
300MB
50MB
Physical Logical
New Historic Trending
20 Fortinet - Confidential
Secured SD-WAN : Proven Security Effectiveness
190 Terabytes of threat
samples
18,000 Intrusion prevention rules
5,800 Application control rules
250M Rated websites in
78 categories
262 Zero-day threats discovered
Total FortiGuard Database
Intrusion
Prevention
Service
Antivirus
Service
Anti-spam
Service
Web
Filtering
Service
IP
Reputation
Service
Web
Security
Service
Database
Security
Service
Application
Control
Service
Vulnerability
Management
Service
Mobile
Security
FortiSandbox
Cloud
22 Fortinet - Confidential
Centralized Management for SD-WAN is Critical
Management
SD-WAN Devices
device settings
Unified policies
firmware updates
ad-hoc analytics
security events
co-relation engine
console alerts
23 Fortinet - Confidential
FortiManager – Single Pane Of Glass
For more information, check FUSE or the P&S archives
Key Features
1. Enterprise Class Management
2. Full Control of Your Network
3. Integrated VPN GUI
• Clean, modern look & feel
• Similar navigation to FortiGate
• Fewer clicks = faster enforcement
• End to End Fortinet devices supported
• Single pane of glass for extended enterprise
• Consolidated devices = easier to manage
Fo
rtiM
an
ag
er
• VPN Manager Selector
• Coming up : Map based VPN connections
24 Fortinet - Confidential
Case Study —Restaurant Chain with 6500 Locations
Driver:
Reduce WAN Costs
SSL Inspection
Reduce Complexity
Environment:
6500+ branches
Internet as WAN
3G/4G for back-up
Solution:
Result:
Consolidation
Significant savings
Secured connectivity
with full SSL inspection
Key take-away: “Replaced Incumbent networking vendor as they couldn’t
meet combination of security and networking functionality for secured SD-
WAN”
FortiGate SD-WAN
FortiHypervisor SD-WAN Eco-System
26 Fortinet - Confidential
Fabric-ready APIs
Partner Ecosystem to Extend Control Across Your Infrastructure
Cloud Endpoint
Virtualization/SDN
Management
(FNDN)
Vulnerability
Management
SIEM
27 Fortinet - Confidential
FortiHypervisor-90E » Suitable for small branch
» Based on FortiGate-90E
» 1 x 1TB HDD
» 8GB RAM
FortiHypervisor-500D » Based on FortiGate-500D
» SPU accelerated (CP8 / NP6)
» 2 x 2TB HDD
» 16GB RAM
» 10 x GE RJ-45 ports (2 Mgmt ports)
» 8 x GE SFP slots
FHV-500D and FHV-90E
KVM Environment for FGT-VM and Other VNFs (FortiWeb-VM, Third Party VNFs, etc)
28 Fortinet - Confidential
FortiHypervisor NFV : Secured SD-WAN Eco-System
FortiGate VNF Security
» IPS
» SSL Inspection
» Web Filtering
» Antimalware
» Sand-boxing
Security Fabric Partner » SD-WAN VNF
» 3rd party business applications
Rapid service delivery
Consolidated services
Reduced Capex
Security Processer based Parallel
Path Processing acceleration
29 Fortinet - Confidential
Summary
#1 Market Share for distributed enterprise firewall
9 of Top 10 Fortune retail and commercial banks
Expanding Network capabilities with FOS 5.6
» Integrated SD-WAN Smart Load balancing
» Dynamic SaaS data-base for efficient routing
» New NOC view and VPN Map integration
Growing POC for FortiHypervisor vCPE
Partners with SD-WAN networking vendors for VNF
Top Related