Business & Technology

Secure SD-WAN: The Foundation for Network Transformation

By Nirav Shah | June 30, 2022

Over the past several years, virtualization and cloud adoption has led to a massive migration of applications and resources to cloud environments. Today, nearly every organization has some portion of its resources in the cloud, with 89% of organizations having a multi-cloud strategy in place. And Gartner estimates that by 2025 over 95% of new digital workloads will be deployed on cloud-native platforms.

SD-WAN has played a pivotal role in enabling the global digital transformation of organizations. At first, it simply provided a more flexible way for branch offices to quickly connect to cloud-based applications. But as networks continued to evolve, SD-WAN became essential, providing fast and secure access between clouds, clouds and data centers, and as the centerpiece of SASE solutions that extend that same access coupled with security to home and mobile workers. Today, new SD-WAN platforms serve as essential building blocks for highly dynamic and broadly distributed networks. Here’s a look at the evolution of SD-WAN over the past 8 years:

1.0 – SD-WAN

Competing in the digital marketplace forced organizations to transition to an application-centric business model. As a result, existing fixed WAN infrastructures couldn't keep up. Fixed MPLS connections at branch offices forced all application traffic to route through the core network, bogging down the network and impacting user experience—the productivity—of remote workers. SD-WAN innovations like accelerated cloud on-ramp, application-aware routing, self-healing connections, and failback ensured the consistent, flexible access to critical business applications for branch offices that MPLS couldn't provide.

1.5 – Secure SD-WAN for secure branch access

However, it turned out that one of the biggest challenges was securing those connections. SD-WAN connections, by their nature, are highly dynamic and responsive. Legacy security systems were simply not designed to dynamically adapt to rapidly evolving networks. So, as IT teams struggled to build and maintain an overlay security solution, security gaps inevitably developed that could be easily targeted.

Fortinet was the first vendor to address this issue by pioneering the concept of Security-driven Networking, where security and network functions are built together so they function as a single system. We delivered the industry's first security-driven networking solution by building our Secure SD-WAN solution inside the FortiGate platform. Advanced SD-WAN functions—including connection failover, accelerated cloud on-ramp, application identification and acceleration, and self-healing connections—were built using the same OS as the FortiGate's portfolio of enterprise-grade security and advanced switching and access control solutions, including built-in support for LTE and 5G connections. Because they are literally the same product, Fortinet Secure SD-WAN provides a level of interoperability, management, automation, and orchestration between networking and security functions that is simply not possible using technologies designed as discrete solutions.

Because these systems were designed to natively interoperate, we were also able to tie Secure SD-WAN connectivity to the branch LAN, known as SD-Branch. FortiGate’s secure wired and wireless network access control, network switching, traffic inspection, and enterprise-grade security solutions deployed in the branch work seamlessly with Secure SD-WAN, ensuring consistent, end-to-end monitoring and protection of every device, workflow, and application.

2.0 – Secure SD-WAN everywhere

This unified approach also allowed Fortinet to be the first vendor to seamlessly extend Secure SD-WAN connectivity and controls beyond the branch. Fortinet Secure SD-WAN enables organizations to create a seamless, secure, and on-demand network experience across all enterprise resources. Because Fortinet Secure SD-WAN is delivered via FortiOS, Fortinet’s flagship operating system, it can be deployed anywhere in any form factor—from appliances to VMs to cloud-native solutions to containers. This universal deployment strategy enables organizations to build a single infrastructure that can span clouds, data centers, mobility, and "as-a-service" technologies, creating reliable, flexible, adaptive, and secure connections end-to-end.

3.0 – Secure SD-WAN as a platform

But that is just the start. Today, Fortinet Secure SD-WAN does more than simply address security and connectivity needs between disparate parts of the distributed network. New advanced functionality now enables it to operate as a foundational platform, providing the advanced networking services today's complex and rapidly evolving networks, including hybrid and multi-cloud environments, require.

Multi-cloud SD-WAN

Fortinet Secure SD-WAN integrates with security services on major cloud providers to establish and maintain secure, high-performance connectivity to applications running on hybrid and multi-cloud networks. This also reduces IT overhead by consolidating a distributed infrastructure's security and networking functions—including orchestration, automation, and management. This unified strategy enables centralized network security, uniform segmentation policies, and consistent enforcement across on-premises, private cloud, and multi-cloud deployments. And the prioritization of critical application traffic, combined with reliable connection resiliency, ensures consistent cloud on-ramp and optimal user experience.

ZTNA for Secure SD-WAN

Quickly and securely connecting users from different locations to widely distributed applications and resources, especially across multiple clouds, can be challenging. To address the challenge of ensuring secure and authenticated access to critical resources, Fortinet Secure SD-WAN now includes ZTNA (zero-trust network access) to enforce zero-trust access policies. Explicit per-application/per-session controls and granular monitoring detect activities that can impact performance and impact security.

To ensure optimal user experience, built-in ZTNA Access Proxy functions provide advanced security and deep visibility across all users, applications, and devices, whether on or off the network. This enables a single policy to be consistently enforced across all edges, eliminating device sprawl while simplifying solution management.

Fortinet ZTNA ensures that users and systems only have access to those resources to which they are explicitly entitled, regardless of where they are deployed or the path across the network required to reach them. And because it is built directly into the Security Fabric, it ensures that every connection is fully and consistently secured, inspected, and monitored across every network segment, end-to-end. This unique approach ensures consistent quality of experience and scalable protection as users move between work environments.

SASE plus SD-WAN for remote workers

With more companies embracing a hybrid work-from-anywhere strategy, providing secure connectivity requires extending SD-WAN functionality to every remote worker. Adding SD-WAN to cloud-based security ensures that every worker enjoys the benefits of enterprise-grade security and an optimized user-to-application experience regardless of their location.


As SD-WAN is deployed more extensively across the network, management can quickly become an issue. Adding FortiAIOps to Secure SD-WAN empowers network admins to identify, manage, and remediate Fortinet Secure SD-WAN connections. It pulls information from the LAN, WAN, and security layers to identify issues faster, accelerate troubleshooting, optimize network performance and resiliency, and maintain operational efficiency.

And its centralized monitoring and management of the distributed Fortinet wired, wireless, and SD-WAN estate—whether on-prem, in the cloud, or across the WAN—enables it to detect and respond to unusual events, monitor SLAs, and generate tickets with recommended remediations if an SLA begins to fail. 

Secure SD-WAN is the most flexible and secure foundation for ongoing network transformation

As networks continue to evolve, one concept will remain true: users and devices will need fast, accurate, reliable, and secure access to critical applications and resources. Whether deployed on-prem, in the cloud, as a cloud-based service, or even as part of a larger solution, Secure SD-WAN will continue to securely connect users, devices, and networks with critical applications and resources regardless of where they are deployed. 

Take a security-driven networking approach to improve user experience and simplify operations at the WAN edge with Fortinet Secure SD-WAN.