Business & Technology

SD-Branch — Extending Security into the Next-Gen Branch Network

By John Maddison | June 17, 2019

As organizations look to enable their remote branches and locations with all of the power and potential of digital transformation, they are finding that they need to rethink their entire WAN strategy. For many, the first step has been to replace aging WAN connections with SD-WAN in order to provide robust applications, such as unified communications, better enable interconnectivity between different branch offices, and extend security to the edge of the branch.

However, this still leaves the branch office itself—usually without onsite IT staff—needing to come up to speed with the rest of the network. However, today’s next-gen branch offices not only require the same functionality, they also suffer from the same risks as the rest of the distributed network. Direct access to the internet and SaaS applications, for example, significantly expand the potential attack surface of the branch, as does the growing proliferation of IoT and BYOD devices, creating multiple network edges beyond the WAN edge.

This explosion of edges, which all must be secured, is causing many organizations to struggle to implement adequate security throughout their distributed enterprises, including at the new branch. The complexity of managing these edges – including often complicated and overlapping point products and appliances — adds an additional challenge. As a result, organizations adopting SD-WAN are finding that they need to find a vendor that can more tightly integrate their SD-WAN security and management functionality into their branch networks.

The New Fortinet Secure SD-Branch

To combat this challenge, Fortinet is delivering the industry’s first complete Secure SD-Branch solution, enabling customer to converge security and network access and extend the Fortinet Security Fabric to the branch. This new SD-Branch solution is comprised of the following elements:

  • FortiGate Next-Generation Firewall for robust security, connectivity, and management across the branch environment. The FortiGate NGFW also includes the industry’s first purpose-built SD-WAN processor, combined with advanced network traffic management functionality such as application steering to ensure high application performance on any WAN link. The FortiGate solution now also includes advanced sensor functionality for increased device visibility and traffic anomaly detection with the need for additional hardware.
  • FortiSwitch and FortiAP provide consolidation of branch services through the convergence of security and network access with FortiLink. FortiSwitch and FortiAP integrate with FortiGate to extend SD-WAN’s benefits into the network access layer. This enables network administrators to create and enforce the same network security policies across the enterprise, including out to the network branch.
  • FortiNAC Network Access Control provides visibility into the branch infrastructure by quickly identifying, profiling, and classifying all devices seeking access to the branch LAN, including IoT and BYOD. It then provides device security through dynamic micro-segmentation, and automated response by constantly monitoring the network.

Securing the WAN Edge

This integrated solution set secures the WAN edge in two key areas:

  • Network Edge protection: FortiGate’s next-generation firewall security is extended through the access layer using FortiSwitch and FortiAP. In addition to enterprise-class security, it also offers an essential consolidation of services through the convergence of security and network access, making an ideal architecture solution for Secure SD-Branch deployments. In addition, new WiFi 6 FortiAP Access Points offer greater capacity and throughput to keep up with expanding bandwidth needs, with new multi-gigabit FortiSwitch switches support those higher WiFi 6 speeds while also offering higher power (PoE) to run even the most power-hungry IoT devices.
  • Device Edge protection: The FortiNAC network access controller provides automatic discovery, classification, and security for IoT devices as they enter the network. The new FortiNAC release 8.6 also increases anomaly detection via traffic scanning by leveraging FortiGate as a traffic sensor, with no additional hardware required at the branch.


Digital Transformation is driving an evolution at the enterprise branch. As services migrate to the cloud, more network edges are created, even at the branch. These additional network entry points expand the potential attack surface, making security an even greater concern.

Fortinet Secure SD-WAN offers simplicity, visibility, and industry leading security to improve the WAN experience for branch users. Fortinet Secure SD-Branch is the essential extension of SD-WAN by simplifying the enterprise branch through enhanced management and visibility, while securing the branch network, IoT and end user devices, and all direct Internet connection edges. 

Find out how to consolidate branch services, while delivering security, agility, and performance with Fortinet’s Security Fabric. Read more about Fortinet's Secure SD-Branch solution in the news release.