A crucial aspect of nearly every employee’s work experience is the ease with which they can get their jobs done. With increasing digital innovation, more and more job tasks involve networked applications, which may reside in public clouds or in remote data centers. This transforms wide-area networks (WANs) into productivity choke points. When a WAN link fails or is congested, applications lag and both employee and customer experience suffer.
Among the methods for ensuring WAN availability and performance, software-defined WAN (SD-WAN) is becoming a standard best practice. Sited at every WAN edge, SD-WAN consolidates leased lines with ISP and cellular services, automatically rerouting traffic in case the main link fails. SD-WAN can also allocate bandwidth among the various links to preserve the performance of critical applications.
While SD-WAN can keep traffic flowing, it doesn’t inherently offer any protection from cyber threats. Many companies planning an SD-WAN migration soon realize they need a secure SD-WAN solution, one in which advanced threat protection is not just bolted on, but baked in.
And just as SD-WAN addresses the challenges of managing and securing traffic as it leaves branches, remote offices, and facilities, there is a need to simplify and secure the local area network (LAN) at these locations as well. There are hundreds, if not thousands, of devices that must be monitored and protected, and to competently and efficiently ensure both high performance and security at scale, the networking and security of the WAN and the LAN must converge.
This is the rationale behind the Fortinet Secure SD-Branch solution, which encompasses Fortinet Secure SD-WAN and secure LAN Edge solutions such as FortiAP access points, FortiSwitch secure access switches, and NAC (network access control).
To see how this convergence plays out in the real world, consider the recent experience of a major snack food manufacturer.
Founded more than 80 years ago, this company is a leader in its country’s snack foods market. Its success is due not only to the tasty experiences it creates for its customers, but also to its strong sense of community and the way it supports its employees. And that includes their experience as network users.
The company’s network covers its corporate offices, a data center, several manufacturing facilities, and retail outlets across the country. Users connect to applications which reside in the company’s data center as well as in its Amazon Web Services (AWS) cloud environment.
The WAN edges of all the company’s sites were weak points in its productivity chain, as ISP services are not reliable in the region in which the company operates. Every time the WAN link went down, the company’s IT team scrambled to manually switch over to a backup WAN connection. Whenever this happened, everyone—IT staff as well as the rest of the company’s employees—lost valuable productive time. Even when the primary WAN link was up, it had to be constantly monitored by an IT staff member.
The manufacturer’s IT team looked to SD-WAN to remedy these problems. Not only would SD-WAN provide automatic failover, but it also promised to provide the IT staff with more control over bandwidth allocation so that they could ensure traffic to and from business-critical applications would always flow unimpeded. The team envisioned a solution that would allow them to set rules and service-level agreements (SLAs) to determine link utilization.
As the IT team researched their SD-WAN options, they also knew they needed to take a holistic view of their branches and address the management, security and visibility of the local area network and the devices that connect to it and eventually SD-WAN.
This prompted a discussion of management options. If they were going to deploy this at scale (more than 80 locations and growing), they needed to handle both SD-WAN and security functions at every site. Plus, the team needed a solution they could manage from a central location, preferably from a single dashboard.
As it considered how to deploy SD-WAN, the manufacturer realized that securing the WAN edges was not enough. They would also need to secure the access points and switches within the LANs at each location, which connected to the WAN edge devices.
The IT team considered several options to meet all these criteria. One shortlisted option was a networking-centric solution based on separate WAN, LAN, and security devices. The other was a security-driven networking solution, Fortinet Secure SD-Branch.
The manufacturer’s IT team opted for Fortinet, not only because they had a highly positive experience with their existing FortiGate next-generation firewalls (and with FortiAP access points in some locations), but also because of the integrated nature of the Fortinet Security Fabric solution.
Since all the components of the Security Fabric leverage the same operating system, IT staff who were familiar with enterprise and branch-level FortiGate devices can now manage the Fortinet Secure SD-Branch devices with no additional training. This reduces the total cost of ownership (TCO) of the deployment, as does the simpler licensing afforded by the integrated networking and security solution.
The manufacturer’s IT team is leveraging the FortiManager and FortiAnalyzer components of the Fortinet Fabric Management Center to monitor the entire Secure SD-Branch deployment from a single dashboard. The alternative networking solution would have required multiple points of control, which would have been difficult to manage at scale.
As with many network deployments during the COVID-19 pandemic, the snack manufacturer’s Secure SD-Branch project was affected by the mass exodus of employees to their homes. To secure the remote connectivity to the data center, home-bound employees used virtual private network (VPN) connections, which terminated in the FortiGate NGFWs. The IT team wanted to make sure they could supplement the secure transmission with two-factor authentication (2FA). They deployed FortiAuthenticator as an authentication server for the FortiGate VPN headends. Employees use the FortiToken Mobile app on their smartphones to accept authentication requests from FortiAuthenticator. Fortinet experts helped the manufacturer’s IT team ensure that they configured the FortiGate devices correctly for 2FA, so that secure, reliable remote connectivity would be one less thing for the team to worry about.
The manufacturer expects to see dramatic performance and operational efficiency improvements with Fortinet Secure SD-Branch, while remaining confident in the comprehensive security coverage and support it has always enjoyed with Fortinet. The result: a positive user experience with security baked in. Just like the quality baked into their snacks.
Extend the benefits of the Fortinet Security Fabric to distributed locations by converging your security, WAN, and LAN with Fortinet SD- Branch.