Industry Trends

Empowering Distributed Enterprises with Secured SD-WAN

By Nirav Shah and Bill McGee | April 04, 2017

The Move from WAN to SD-WAN

As organizations transition to a digital business model, it is having a significant impact on their network topologies. The adoption of cloud services, the virtualization of the traditional network, and an increasingly mobile workforce accessing applications in the cloud are accelerating advancements in wide area networking technologies. The traditional wide area network (WAN) is struggling to keep up because it relies on a static infrastructure of devices that simply can’t accommodate shifting, and often temporary resource allocation and workloads.

As a result, IT teams are adopting an on-demand consumption model for their compute infrastructure and applications to improve efficiency and productivity. Unlike traditional WAN architectures, new software-defined wide area networks, or SD-WANs, are able to dynamically distribute traffic across multiple locations while automatically responding to changing application policies. SD-WAN is also transport and carrier-agnostic, which means expensive MPLS can be replaced with more cost-effective connections, such as internet and LTE, allowing time and cost-saving functions such as intelligent path selection to be enabled.

At the same time, business-critical applications and services, such as IP-Telephony, need to operate across distributed network environments without down time. On-demand connectivity is critical, especially for latency-sensitive services such as voice and video. Fortunately, manufacturers and vendors like Fortinet have been able to resolve this challenge, thereby accelerating the adoption of SD-WAN.

According to Network World, a recent survey of enterprise communications professionals found that 30% plan to migrate to SD-WAN within two years. IDC expects SD-WAN sales to approach $1.4 billion this year, and almost double in 2018 to $2.6 billion.

With SD-WAN, Security and SSL Inspection is a MUST

Just as with software-defined networks (SDN), a significant change in the infrastructure also has huge implications for security. While the infrastructure is undergoing a radical transformation, cyberthreats are also increasing in both volume and sophistication. We are seeing a dramatic rise in Ransomware, more advanced attacks, and increasing IPS attacks per minute.

In addition to traditional attack vectors, cybercriminals are increasingly targeting new distributed networking paradigms. For example, direct internet access to SaaS applications, especially when devices are off-network, has made deploying new security strategies designed for the distributed enterprise very critical. That’s because traditional security solutions tend to be placed in a single location on the perimeter. But as the perimeter disappears, security needs to be able to protect connections from any device in any location, and see and automatically adapt to the changing infrastructure on demand.

At the same time, encrypted traffic across the distributed network (~50% of total traffic is encrypted, with experts predicting that will soon rise to 80%), along with malware targeted at SSL traffic is rising. Which means that the need for real-time SSL Inspection, without slowing down business-critical traffic, is critical.

Enhancing SD-WAN Deployment with FortiGate Firewalls and FOS 5.6

Fortinet has developed a suite of proven technologies designed to enhance and secure SD-WAN deployments. They are built on the foundation of the latest release of FortiOS, version 5.6, which extends Fortinet Security Fabric functionality into the cloud and distributed network. IDC recently designated FortiGate as a market share leader for the distributed enterprise, and NSS Labs has verified FortiGate’s proven security and performance efficacy. Fortinet solutions  provide broad deployment options, the highest performance – whether deploying physical or highly optimized software versions, and the automation and adaptability that new network strategies like SD-WAN require.

For example, our new security processor-based based FortiGate Enterprise Firewall not only consolidates networking and security functionality, but also provides market-leading performance and the highest price/performance ratio in the industry. It also comes in a variety of form factors, such as integrated wireless, 3G/4G, POE, and DSL to simplify deployment.

Other features supporting SD-WAN include:

Application Visibility and Extended Fabric Topology View: Provides complete visibility into applications, users, and threats to help admins understand overall traffic patterns to more effectively deploy and troubleshoot business critical applications. The extended fabric topology in FortiOS 5.6 provides the dynamic view of physical and logical topology along with link utilizations.

IPSEC VPN (AES256): Delivers the industry’s highest throughput (~10X higher than the competition) based on SPU off-load, as well as high scalability to support up to thousands of distributed devices and locations. Fortinet also recently announced ADVPN, which enables dynamic VPN tunneling.

Smart Link Load Balancing and Link Monitoring: FortiOS 5.6 has integrated SD-WAN functionality for WAN Link Load balancing so that customers can choose the best link for business critical applications. However, should link health degrade, it simply fails over and to the next best SLA for applications. FortiOS 5.6 also supports TWMAP and other protocols so that customers can get a detailed view on sensitive applications and services, such as jitter, packet loss, latency etc.

Dynamic Cloud (SaaS) application database:  The average Enterprise uses ~30 SaaS applications. The cloud application database in FortiOS 5.6 supports hundreds of applications, and dynamically updates their ip address and port for the most efficient routing.

SSL Inspection and Threat Prevention: Organizations shouldn’t have to choose between performance and protection. However, because more and more data is passing through the network in an encrypted form, many security solutions become a bottleneck as they attempt to open and inspect traffic. Fortinet solutions not only support industry-mandated ciphers, but the FortiGate firewalls provide the industry’s highest SSL inspection throughput.

FortiHypervisor: Growing the SD-WAN Security Fabric Ecosystem

Enterprises need the flexibility to adapt their branch offices to changing business needs rapidly and securely. They also need the ability to turn up new services on demand from a single platform, without the cost and complexity of deploying and managing additional devices, expertise that most branch personnel simply do not have. Unfortunately, most branch infrastructures today use multiple, dedicated CPE hardware, making it challenging and costly to deploy custom services fast or bring a new branch online.

FortiGate’s unique hybrid platform is designed to also run FortiHypervisor. This enables organizations to leverage Fortinet’s patented security processers for high performance, while also achieving maximum flexibility with vCPE.

FortiHypervisor provides organizations with the flexibility and performance necessary to customize services and deploy them quickly, while keeping costs under control. Fortinet’s hybrid virtual appliance simplifies and accelerates the deployment of customized services on demand, and provides support for both universal CPE and cloud-based hosting models. Interoperability is essential, so in addition to FortiGate’s open API design, Fortinet has partnered with a growing number of third-party vendors to enhance and simplify interoperability with existing investments

Orchestration and Centralized Management

An increasingly distributed infrastructure also usually means growing complexity in terms of management. The Fortinet Security Fabric framework leverages FortiManager to seamlessly manage and orchestrate unified security policies across thousands of dynamically changing branch and cloud locations, while providing single pane of glass visibility across all the entire distributed enterprise. And when combined with FortiDeploy, you can also realize zero touch deployment.


The advent of SD-WAN is radically changing the network landscape, freeing organizations to adopt digital business models and manage the growing volume of data and increasing numbers of endpoint and IoT devices that are an essential part of their business strategy. To do this securely, however, they need to radically rethink their traditional security model. The Fortinet Security Fabric, supported by a rich suite of tightly integrated security tools and an open model of interoperability and collaboration with both Fortinet and third-part solutions, allows organizations to build the network they need without compromising the security they require.

For More Information:

Fortinet SD-WAN Solution