Business & Technology

Fortinet Secure SD-WAN Gives the Performance of a Lifetime, Recommended by NSS Labs

By Nirav Shah | August 09, 2018

The rapid adoption of cloud-based networking and services is transforming business. According to Forrester, more than 50% of global enterprises rely on at least one public cloud platform to drive digital transformation, and nowhere is that more apparent than in the growth in next-generation branch offices. Today’s cloud-enabled branch offices need to be able to manage and track workflows directly, access data and process transactions at digital speeds, and easily participate in global collaboration.

The coming adoption of UCaaS (Unified Communications as a Service) by organizations is especially important in the further empowerment of the branch. UCaaS includes enterprise messaging, presence technology, online meetings, team collaboration, telephony, and video conferencing. And according to some sources, UCaaS is expected to attain mainstream adoption in the next few years.

The challenge is that most existing WAN infrastructures are not equipped to handle these changes. Low bandwidth, lack of visibility into applications and increased latency due to backhauling traffic to the datacenter results in poor user experience. SD-WAN addresses these problems, allowing branch offices to operate more efficiently by providing essential features such as granular application visibility,  automated WAN path control and simplified provisioning. But not all SD-WAN solutions are alike.

Organizations looking to migrate to a Next-Gen Branch solutions using SD-WAN as their communications and transport backbone need to ensure two critical things. First, that they can establish and maintain high-quality performance for business-critical and latency-sensitive applications such as voice and video. Second, they need to ensure that direct internet connectivity from the branch is seamlessly secured using advanced NGFW protection.

In a crowded SD-WAN market, it can be difficult for customers to differentiate between the vendors, and predict how the solution would perform in their enterprise network. Fortunately, third-party testing facilities can help customers sort through options with validated testing and analysis. NSS Labs is the first facility to conduct a group test of today’s market-leading SD-WAN solutions. Their SD-WAN test bed replicated a real-world deployment where two branch locations were connected to a data center over MPLS and ISP, and a real-world traffic mix of real-time, interactive, and bulk traffic was sent across VPN. They also used network scenarios such as PDV (latency and jitter), packet loss, packet reordering, packet duplication, and link congestion to ensure that all SD-WAN solutions were subjected to the same conditions that organizations experience.

Testing evaluated SD-WAN vendors on the overall quality of the solution as perceived by the customer. This included complex testing to provide details for those enterprises looking to collaborate across different locations, and QoE measured under simulated brownout scenarios. VPN Throughput measured the VPN performance between the branch and datacenter under a variety of scenarios.

This test also looked at security, which is increasingly important for enterprises going through cloud adoption to measure security effectiveness and protection against evasions. While still seen as optional by many vendors, security plays a critical role in ensuring that enterprise protections extend to branch offices, which have traditionally been seen as the weakest link in an enterprise security strategy. Rather than being an option, security is especially a must-have for branches with local internet breakout

Finally, the test measured value (TCO), including the cost of purchasing, provisioning and maintaining the solution. 

Highlights from the NSS Labs test:

Ensuring the quality of video and voice services is business critical for remote branch connectivity solutions. Degradation in the quality of experience (QoE) can impact productivity, operations, and even revenue. Fortinet achieved the highest quality of experience for VoIP, even during brownout conditions, scoring 4.38 out of 4.41. Fortinet also scored high in video, achieving 4.26 out of 4.53. Fortinet Secure SD-WAN also delivers visibility into 3,000+ apps and supports a long list of cloud applications. Integrated functions such as application steering, multi-path intelligence, multi-broadband support, and application steering enable organizations to prioritize and route applications and identity potential performance degradations before they happen.

VPN performance is also critical for branch offices, and Fortinet performed extremely well, providing 749 Mbps out of 1092 Mbps of throughput. This was achieved in part by Fortinet’s patented security processor unit (SPU) technology. As enterprises increase their workloads, VPN performance becomes increasingly important, making this a business-critical feature of any SD-WAN deployment.

From a security standpoint, Fortinet blocked 100% of evasion threats, demonstrating the value of an SD-WAN with built-in security—especially one that is part of a larger security fabric. With upwards of 75% of network traffic expected to be encrypted by next year, networking teams quickly lose visibility into enterprise traffic. This makes native SSL inspection a nonnegotiable requirement, but it cannot be used at the expense of performance. Secure SD-WAN fits the bill here as well, with FortiGate NGFWs performing SSL inspection with minimal performance degradation in NSS Labs’ recent “Enterprise Firewall” report.

Finally, when the rubber meets the road, Fortinet Secure SD-WAN was hands down the best solutions in terms of value at $5.00, maximizing the investment customers make in their deployment.

It is also important to note that Fortinet is the only vendor in the industry to have received an NSS Labs “Recommended” rating for both SD-WAN and Next-Gen Firewall Security. In fact, Fortinet is the only vendor to have received eight other “Recommended” ratings from NSS Labs, demonstrating Fortinet’s leadership in network security in both the breadth and quality of its offerings across multiple areas.

Closing Thoughts:

Like you, we are committed to SD-WAN and security. Through this and other evaluations, Fortinet solutions have been proven to be the best of breed option for networking and security solutions, from the network to the branch and out to the cloud. But best of breed isn’t enough. To address today’s digital transformation challenges such and interconnectivity and advanced threats, solutions also need to be able to work together as a single cohesive solutions that spans the entire distributed network, including branch offices. The Fortinet Security Fabric does just that, enabling traditionally isolated devices to share and correlate information, and collaborate on a unified response to events that can impact the integrity and performance of today’s digital network.

Read more about the Fortinet Security Fabric and the Third Generation of Network Security

Visit Fortinet’s FortiGate SD-WAN homepage to learn more about this advanced security solution.