Industry Trends

Moving Beyond Branch Routers to Secure SD-WAN

By Fortinet | June 04, 2020

This is a summary of an article written for Network Computing by Nirav Shah, Senior Director of Products and Solutions at Fortinet. The entire article can be accessed here

The cloud is continuing to change how businesses operate and how branch connections are managed. With the digital era’s new emphasis on data, connectivity, and collaboration, the applications and services that organizations rely on are consuming growing volumes of bandwidth every day. On top of this, these same applications are highly sensitive to things like dropped packets, lag times, and jitter, especially when fixed branch connections – such as traditional branch routers and MPLS solutions – provide no visibility into applications, while also requiring that these resources, and all of their data, be backhauled through the central network, overwhelming already overburdened internal networking infrastructure.

The Need to Move Beyond Branch Routers 

Traditional branch routers and MPLS solutions cannot sufficiently support or secure today’s branch network traffic. These business networks require bandwidth management, application identification and steering, and seamless integration with security. These capabilities already extend beyond what branch routers can offer. What will happen when branch locations require even more bandwidth, tighter security, and application agility? If IT leaders want to future-proof their networks and help their organizations thrive in the digital era, especially with 5G right around the corner, they must reconsider their old branch router strategy. 

Further considerations include: 

  • Application Agility: Cloud services and business apps like Office 365 come with advanced requirements for bandwidth management. Branch routers can only see as far as a packet, which offers minimal visibility into the requirements of an application. Without proper visibility, routers are unable to identify which apps are critical and consequently cannot support their unique needs. And basic routing functions, such as BGP, cannot steer application traffic around things like congestion, which means that essential latency-sensitive services can easily become unreliable.
  • Cost: Branch locations using MPLS and routers rely upon expensive hardware that is difficult to install, manage, and maintain. And in many regions, MPLS connections are far more expensive than other high-bandwidth connectivity options. Furthermore, specialists often have to be dispersed to a branch office every time a new router needs to be configured, which eats up valuable IT time – not to mention travel budgets. 
  • Scalability: MPLS systems do not handle traffic spikes very well because their connection speeds and volumes are set in advance. When the branch experiences multiple simultaneous users on their unified communications systems – especially if multiple users are engaged in video conference sessions where they have to provide screen sharing, or when there is a sudden need to process a large amount of data, those MPLS limitations will degrade app performance. Today’s business apps are highly sensitive to dropped packets, lag time, and jitter, so once a branch starts to scale, the traditional MPLS and router configuration is likely to result in loss of productivity and reduced user experience. 
  • Traffic and Link Management: Branch locations using outdated technology to directly access the internet often use split-tunneling to supplement their MPLS. In those cases, link and traffic management is virtually nil since most branch routers are incapable of handling these types of requirements. Even as traffic reroutes to another path, branch routers still lack the capabilities required to prevent dropped connections. They also fail to provide dynamic jitter buffering or mitigate transport issues. As a result, traffic is often allowed to go unchecked and unregulated to the point that congestion becomes a noticeable problem for users. And worse, organizations are exposed to added risk due to the lack of adequate security that can see, manage, and secure all of these connections and applications.

What is the Alternative?

For organizations that need continual access to their business-critical apps and services on the cloud, Fortinet’s Secure SD-WAN solutions are the perfect alternative to outdated branch router strategies. They not only enable cloud access for high-performing applications used in branch locations, but they also facilitate video conferencing and unified communications – this is especially critical as businesses look to enhance their teleworker strategies. And security and networking are integrated into a single system, ensuring that security is automatically included in every connectivity decision, no matter how often changes need to be made.

Additional advantages of choosing Fortinet Secure SD-WAN over a traditional architecture using branch routers include: 

  • Identification and Steering of Applications: SD-WAN solutions are similar to routers in that they are designed to choose the most appropriate path to critical resources based on link health and business policies. However, unlike routers, they can also monitor connections and automatically adjust routes to mitigate the degradation of application performance. They can also identify and steer applications across the backbones of service or cloud providers to achieve optimum application performance. And SD-WAN can also provide service-level agreements (SLAs) for sub-groups of applications, while automatically updating business applications to ensure that everything is up to date. 
  • High Scalability: Organizations can easily scale up to tens of thousands of branches with SD-WAN, creating a dynamic, interactive networking model, while also interoperating with both physical and cloud infrastructures. Additionally, with remote troubleshooting and zero-touch provisioning, there is no need for specialists to travel to branch locations for deployment or maintenance.
  • Integrated Security Systems: Fully-integrated security is a critical feature of Fortinet’s Secure SD-WAN solutions. While traditional router-based traffic backhauled through the core network receives the inspection and protection services of the full stack of network security solutions that are in place, most SD-WAN solutions were never designed to replace these protections – a serious gap in most SD-WAN deployments. And because of its dynamic nature, building an overlay security is both only both expensive to deploy and maintain, is not always able to keep up with the speed of connection changes – leaving critical connections and data vulnerable to risk. With Fortinet’s integrated Secure SD-WAN system in place, however, connectivity, traffic management functions, and advanced security features that actually provide a full stack of enterprise-grade protections can as a single system.
  • Simplified Management: Fortinet’s Secure SD-WAN deployments can also all be managed from a central location through a single dashboard. This ensures that policies, configuration changes, security updates, and new services can all be quickly added, updated, and propagated across the extended WAN. This ultimately eliminates the need for the configuration or management of devices and services on an individual basis.

Choose a Secure SD-WAN Solution That Meets Your Needs

Many SD-WAN solutions only support limited deployments, while others only offer inadequate and overly-simplified security solutions. Fortinet’s Secure SD-WAN, however, is the only solution to provide a full spectrum of advanced SD-WAN and security capabilities, enabling it to manage and optimize connections, steer applications, accelerate cloud on-ramp, scale up quickly to support thousands of branches – all while bridging cyber vulnerabilities and protecting branch traffic and data from today’s most advanced and persistent threats. 

When looking to replace your outdated and outmoded branch router solutions, be sure to choose a Secure SD-WAN solution that fits your business model, protects your assets, and grows with you as you look to compete more effectively in today’s rapidly evolving digital marketplace.

Take a security-driven approach to networking to improve user experience and simplify operations at the WAN edge with Fortinet’s Secure SD-WAN solution.

Read these customer case studies to see how Warrior Invictus Holding Co., Inc. and the District School Board of Niagara implemented Fortinet’s Secure SD-WAN to alleviate network complexity, increase bandwidth, and reduce security costs.