Business & Technology
A secure connection is only as safe as the devices and networks located at either end of that connection. Which is why, for many organizations, dynamic and secure SD-WAN connectivity only addresses part of their challenge. The reality is that there is often a local LAN located behind that WAN connection that also needs advanced network and security support, and very few SD-WAN solutions are in a position to address that problem.
This is especially true for distributed retail locations. Many times, these locations not only need a fast and reliable connection back to their central network, but they also have a local LAN that includes things like point-of-sale devices, inventory controls, security systems, and other end user and IoT devices. They may also require direct Wi-Fi access to the internet to access applications as well as to support their customers and their mobile devices.
This was the case for a major retailer in Southern Africa with more than 1,000 locations, thousands of employees, and several private brands to manage. Their first objective was to upgrade their current MPLS connections between their retail locations and three different data centers. Their bandwidth requirements varied from 5Mbps to 20Mbps, depending on the services running at the branch, with their most common services being voice, point-of-sale, SAP, and a number of home-grown applications. They also needed direct internet access from each location.
While MPLS provided reliable connections and performance, their roadmap included plans to move their applications to the cloud, and they were looking for a Secure SD-WAN solution that would allow them to reduce their WAN Edge costs while maintaining or improving their current application experience. However, they also realized that connectivity wasn’t their only issue.
As a major retailer, they also have point-of-sale services deployed at a majority of their branch locations. This requires the local LAN in place at these locations to be PCI/DSS complaint, which also requires having specific kinds of security in place to protect the personal data of their customers and to prevent against advanced threats. Unfortunately, most SD-WAN providers were unable to provide a solution to address this challenge without introducing multiple point products at each location. With limited IT resources, there simply wasn’t enough budget or expertise to deploy and maintain such a strategy.
However, because Fortinet’s Secure SD-WAN appliances are built on a FortiGate NGFW framework, the same device used to provide secure SD-WAN connectivity for each retail location is also able to provide essential NGFW and IPS capabilities as part of Fortinet’s SD-Branch solution. This allowed them to achieve their WAN Edge objectives and comply with strict PCI/DSS regulations, while also simplifying their LAN architecture by consolidating networking and security point products into a single device. The result was an integrated network and security solution that provided all of the services needed at every branch location.
The Fortinet team won this opportunity specifically because we were able to consolidate the WAN Edge and LAN architecture across the branch, and then support it through a unified management console. Other vendors, such as Cisco Systems, were simply unable to demonstrate the sort of integrated and cohesive solution that was required. Additionally, the Fortinet solution was also able to recognize and optimize business applications to provide a high quality application experience. And with its integrated security capabilities, the SD-WAN appliance was also able to support and Secure Direct Internet Access from each retail location.
The final end-to-end Fortinet solution deployed two WAN links at each branch with secure support for direct internet access across all branches. These WAN links are internet-based, and use different transport modes – 3G/4G, ADSL, or Fiber – depending on the branch type and location. On the LAN side, this architecture was designed to also provide Secure Wireless Access and Unified Access Switching.
The key drivers that put Fortinet above the competition in this opportunity included:
Consolidation of WAN and LAN Functions at a lower TCO: We were able demonstrate our ability to consolidate our SD-WAN solution with LAN Wireless and Access Switching requirements to reduce costs and simplify operations across 1000+ branches. This was key requirement.
Optimize Application Experience for Multi-Cloud: We also showcased our ability to provide an optimized quality of experience for business-critical applications using our Secure SD-WAN Multi-Path intelligence capabilities, which optimize critical connections even over internet links and across different transport modes, including 3G/4G, DSL, and Fiber. And with their strong cloud migration roadmap, our ability to futureproof their solution using things like our unique cloud optimizing capabilities for applications that span Multi-Cloud environments was a compelling solution.
PCI/DSS compliance requirement: Fortinet was not only able to demonstrate significant cost savings by enabling Secure Direct Internet Access at branch locations using our Secure SD-WAN platform, but also showcase its ability to meet PCI/DSS compliance requirements at branch locations without the need to introduce new point products.
Retail locations often have unique requirements that not only include all of the usual SD-WAN connectivity functionality and access to critical applications, as well as essential security to secure those communications, they also have local networks at each branch that need to be managed and secured. Resolving those issues cannot involve a collection of point products that each require configuration, optimization, and monitoring, as retailers simply do not have the technical resources on-site to manage or troubleshoot those resources. Fortinet’s Secure SD-WAN and SD-Branch solutions provide the full range of networking, access control, and security solutions in the smallest possible appliance footprint to help organizations better compete in today’s digital economy.
Find out how you can consolidate branch services while delivering security, agility, and performance with Fortinet SD-Branch.
Read these customer case studies to see how Warrior Invictus Holding Co., Inc. and the District School Board of Niagara implemented Fortinet’s Secure SD-WAN to alleviate network complexity, increase bandwidth, and reduce security costs.