SD-WAN

SD-WAN:具有集成 NGFW 安全功能的应用程序感知、多路径 WAN 控制器

网络领导者保护 SD WAN 指南
适用于:
  • 设备
  • 虚拟机

FortiGate SD-WAN

Distributed enterprise branches transitioning to a digital business model are having a significant impact on network WAN. The adoption of cloud services and increasingly mobile work force are accelerating advancements in WAN technologies. With enterprises directly accessing the internet, it’s becoming critical to deploy next-generation security strategies along with enabling multi-path WAN to improve application performance.

Fortinet is the only NGFW vendor to provide native SD-WAN along with integrated advanced threat protection.  FortiGate SD-WAN replaces separate WAN routers, WAN optimization, and security devices with a single solution that is application-aware, offers automatic WAN path control and multi-broadband support.  It provides the industry's best VPN performance and a scalable solution that can be deployed across several branches.  

 

SD-WAN News

7/12/2018:  Fortinet Continues to Gain Traction in the SD-WAN Marketplace. By continuing to evolve our firewall-native SD-WAN features based on customer feedback, Fortinet provides secure SD-WAN for three distinct use cases. 

___________________________________________________________________________________________________

5/17/2018: Building an Adaptive and Secure SD-WAN Framework.  With more than 60 SD-WAN vendors, learn how to choose the right SD-WAN solutions for you, and build an adaptive and secure SD-WAN framework. 

___________________________________________________________________________________________________

5/03/2018: Fortinet CEO: We Believe we're Leading the SD-WAN Space. Fortinet CEO, Ken Xie, discusses the benefits of integrating security and network access functions together through SD-WAN. 

 

   

SD-WAN Videos

FortiGate FortiOS 6.0 SD-WAN Demo

Learn more on how the FortiOS 6.0 can provide SD-WAN capabilities on a FortiGate for greater application visibility and application steering to prioritize business application performance.

立即观看
Alorica chose SD-WAN to power their network today
Transform Your Enterprise Branch with Fortinet Secure SD-WAN
Roll out SD-WAN with Fortinet's Zero Touch Deployment

FortiGate SD-WAN Product Details:

FortiGate SD-WAN transforms branches to increase productivity and application performance without compromising on security.  With the help of application steering, business-critical applications are always given priority.  Granular WAN patch information is collected to automatically fail over to the best available WAN link. A centralized controller with a single pane of glass simplifies management and monitoring, allowing enterprises to quickly provision branches and scale easily.  FortiGate SD-WAN has been adopted worldwide in industries as diverse as finance, retail, manufacturing and customer service. 

Features

intelligent icon

Application aware solution, support a broad range of 3000+ applications as well as granular visibility into sub-applications

monitoring icon

Path awareness intelligence to monitor application-level transactions, and dynamically failover to the best available path

platform support icon

Single-pane-of-glass management simplifies deployment, management and monitoring of SD-WAN devices

Benefits

icon benefits tools
Reduced complexity and high total cost of ownership by using best of breed SD-WAN and NGFW functionality on a single appliance
high performance icon
Improve cloud application performance by prioritizing business critical applications and enabling branches to directly communicate to the internet
reduce cash icon
Reduce operating expenses by migrating from MPLS and utilizing multi-broadband such as Ethernet, DSL, and LTE

FortiGate SD-WAN Models and Specifications

FortiGate SD-WAN is available in many different form factors with many different models to choose from to meet your needs ranging from entry-level hardware appliances to VM options that be deployed in your branch offices.  FortiManager, that can be used to monitor and manage the FortiGate appliances is also available in different form factors and models.

Hardware appliances

NGFW Throughput
250 Mbps
Threat Protection Throughput
200 Mbps
VPN Throughput
2 Gbps
Max G/W to G/W IPSEC Tunnels
200
Ports
10x GE RJ45
NGFW Throughput
360 Mbps
Threat Protection Throughput
250 Mbps
VPN Throughput
2.5 Gbps
Max G/W to G/W IPSEC Tunnels
200
Ports
14x GE RJ45, 2x Shared Port Pairs
NGFW Throughput
360 Mbps
Threat Protection Throughput
250 Mbps
VPN Throughput
4 Gbps
Max G/W to G/W IPSEC Tunnels
2000
Ports
20x GE RJ45, 2x Shared Port Pairs
NGFW Throughput
1.8 Gbps
Threat Protection Throughput
1.2 Gbps
VPN Throughput
9 Gbps
Max G/W to G/W IPSEC Tunnels
2000
Ports
18x GE RJ45, 4x GE SFP
NGFW Throughput
3.5 Gbps
Threat Protection Throughput
3 Gbps
VPN Throughput
20 Gbps
Max G/W to G/W IPSEC Tunnels
2000
Ports
16x GE RJ45, 16x GE SFP
NGFW Throughput
5 Gbps
Threat Protection Throughput
4.7 Gbps
VPN Throughput
20 Gbps
Max G/W to G/W IPSEC Tunnels
2000
Ports
2x 10 GE SFP+, 10x GE RJ45, 8x GE SFP

Virtual machines

NGFW Throughput
850 Mbps
Threat Protection Throughput
700 Mbps
VPN Throughput
1 Gbps
Max G/W to G/W IPSEC Tunnels
2000
Ports
Up to 10
NGFW Throughput
1.5 Gbps
Threat Protection Throughput
1.2 Gbps
VPN Throughput
1.5 Gbps
Max G/W to G/W IPSEC Tunnels
2000
Ports
Up to 10
NGFW Throughput
2.5 Gbps
Threat Protection Throughput
2 Gbps
VPN Throughput
3 Gbps
Max G/W to G/W IPSEC Tunnels
2000
Ports
Up to 10
NGFW Throughput
4.5 Gbps
Threat Protection Throughput
3.5 Gbps
VPN Throughput
5.5 Gbps
Max G/W to G/W IPSEC Tunnels
40,000
Ports
Up to 10
NGFW Throughput
9 Gbps
Threat Protection Throughput
7 Gbps
VPN Throughput
6.5 Gbps
Max G/W to G/W IPSEC Tunnels
40,000
Ports
Up to 10

 

Public Cloud

Amazon Web Services (AWS) and Microsoft Azure supported for both BYOL (bring your own license) and On-demand (pay-as-you go). Please see the AWS and Azure Marketplace listings for more information:

 

Hardware appliances

Devices/VDOMs (Maximum)
1200
Sustained Log Rates
50
GB/Day
2
Devices/VDOMs (Maximum)
4000
Sustained Log Rates
150
GB/Day
10

Virtual machines

Devices/VDOMs (Maximum)
+1,000
GB/Day of Logs
10
Devices/VDOMs (Maximum)
+5,000
GB/Day of Logs
25
Devices/VDOMs (Maximum)
+10,000
GB/Day of Logs
50
Actual performance may vary depending on the network and system configuration. Performance metrics were observed using a DELL R740 (CPU Intel Xeon Platinum 8168 2.7 GHz, Intel X710 network adapters), running FOS v5.6.3. Tested with VMware vSphere 6.5 Enterprise Plus. SR-IOV is enabled. 1. IPS performance is measured using 1 Mbyte HTTP and Enterprise Traffic Mix. 2. Application Control performance is measured with 64 Kbytes HTTP traffic. 3. NGFW performance is measured with IPS and Application Control enabled, based on Enterprise Traffic Mix. 4. Threat Protection performance is measured with IPS and Application Control and Malware protection enabled, based on Enterprise Traffic Mix.

 

Public Cloud

Amazon Web Services (AWS) and Microsoft Azure supported for both BYOL (bring your own license) and On-demand (pay-as-you go). Please see the AWS and Azure Marketplace listings for more information:

FortiGuard Services for FortiGate SD-WAN

FortiGate SD-WAN employs multiple FortiGuard services.  Application control provides visibility into thousands of  applications, as well as granular sub-applications.  Other security services such as web filtering, sandboxing, antivirus and intrusion prevention protect the branches from the latest advanced threats.

FG Application Control

Application Control

Improve security and meet compliance with easy enforcement of your acceptable use policy through unmatched, real-time visibility into the applications your users are running. With FortiGuard Application Control, you can quickly create policies to allow, deny, or restrict access to applications or entire categories of applications.

FG Web Filtering

Web Filtering

Protects your organization by blocking access to malicious, hacked, or inappropriate websites.

Icon cloudsandbox

FortiSandbox Cloud

FortiSandbox Cloud Service is an advanced threat detection solution that performs dynamic analysis to identify previously unknown malware. Actionable intelligence generated by FortiSandbox Cloud is fed back into preventive controls within your network—disarming the threat.

FG Antivirus

Antivirus

FortiGuard Antivirus protects against the latest viruses, spyware, and other content-level threats. It uses industry-leading advanced detection engines to prevent both new and evolving threats from gaining a foothold inside your network and accessing its invaluable content.

FG Intrusion Prevention

Intrusion Prevention

FortiGuard IPS protects against the latest network intrusions by detecting and blocking threats before they reach network devices.

Service Bundles

 

Enterprise Protection Bundle

Protection to address today's advanced threat landscape. It delivers all FortiGuard security services available for the FortiGate including: NGFW Application Control and IPS, Web Filtering, FortiCloud Sandbox, Antivirus, Mobile Security, IP Reputation & Antibotnet, Antispam, and core FortiCare security services with a choice of 8x5 or 24x7 support.

UTM Protection Bundle

Traditional UTM security services including NGFW Application Control and IPS, Web Filtering, Antivirus, Antispam, and core FortiCare security services with a choice of 8x5 or 24x7 support.

Threat Protection Bundle

Core protection technologies including: Application Control, IPS, AV, Botnet IP/Domain and Mobile Malware Service. FortiCare security services include 24x7 support. 

 

You can find more information on the service bundles here.

Product Demo

product demo fortigate 80e

FortiGate SD-WAN Demo

Welcome to the FortiGate Secure SD-WAN 6.0 demo site. This demo shows the dynamic WAN path controller, application SLA enforcement, intelligent application steering and traffic shaping capabilities of Fortinet SD-WAN and how it can help your organization achieve more efficient use of your WAN resources while lowering TCO. 

Access the demo

SD-WAN

Fortinet believes that independent, third-party tests provide a critical and impartial measure of the quality of a product, and a mandatory reference for anyone making an IT Security purchase decision. Fortinet is committed to participation in unbiased credible testing so customers can see how we compare to alternative solutions and select the solution that is right for their needs. This commitment is why we consistently submit our products to a large number of third party independent tests for evaluation.

NSS Labs SD-WAN Comparative reports provide detailed comparison of all 9 participated vendors for quality of experience, performance and total cost of ownership (TCO). With these reports, you can compare Fortinet’s outstanding results with VMWare VeloCloud, Citrix, Versa, Talari Networks, and many other vendors. In several areas, Fortinet showcased the strong results:

  • Highest Quality of experience for business-critical applications such as voice
  • Only Recommended vendor with security rating
  • Fortinet showcased highest value among all vendors
  • Excellent VPN Performance

Please take a look at the comparative reports to learn more:

Enterprises are rapidly upgrading their existing WAN infrastructure to enable digital transformation, reduce operating expenses and to facilitate agility. The NSS Labs SD-WAN Group test provides comprehensive technical research of available SD-WAN products in the market. The Security Value Map (SVM) shows that Fortinet achieved the highest quality of experience for voice, lowest TCO at $5 per Mbps and excellent VPN performance. Additionally, Fortinet is the only recommended vendor with security rating, blocking 100% of evasions. Please take a look at the SVM and Test Report to learn more.

In a broad set of the most recent NSS Labs reports, Fortinet has consistently earned “Recommended” ratings. In NSS Labs’ CAWS real- time service, customers can also see how Fortinet consistently delivers highly effective security over time.   Fortinet was recommended by NSS Labs for NGFW Security Effectiveness in 2017

Fortinet has been named a “Leader” in the Gartner MQ for Enterprise Network Firewalls 2017. Fortinet’s excellence in price/performance and the Fortinet Security Fabric have moved us into the Leader category.

FortiGate and FortiWeb products are evaluated against ICSA criteria in 6 popular Certification programs. ICSA Labs manages and sponsors security consortia that provides a forum for intelligence sharing among the leading vendors of security products. In addition, ICSA Labs publishes surveys, security industry studies, and buyer's guides for computer security products.

 

SD-WAN

Below are answers to common questions regarding product and related services:

Why is security important for SD-WAN?

SD-WAN allows branches to directly communicate to the internet, providing high application performance.  Traditionally, branches had limited security considering that all traffic was backhauled to the datacenter.  With SD-WAN branches are directly exposed, allowing attackers to target the weakest link.  The change in the malware landscape warrants a strong security solution to protect enterprises from sophisticated threats to avoid financial and reputation damages. 

What is the key differentiator for FortiGate SD-WAN?

The key differentiator for FortiGate SD-WAN is that SD-WAN functionality is integrated with security.  Fortinet is the only SD-WAN vendor to be recommended by NSS labs for the last 5 consecutive years for performance and security effectiveness.   Integrated security reduces complexity and simplifies management and monitoring.  Fortinet security fabric also provides broad and integrated protection across all attack vectors, including endpoints, mail, switches and access points. 

How can we prioritize business-critical applications, and enforce SLA?

FortiGate SD-WAN is application-aware and has broad visibility into more than 3000 applications.  Using application steering, you can ensure that business critical applications such as Office365 and Skype always go through the preferred link.  Granular application-level transaction SLA criteria, such as jitter, packet loss and latency can be specified for each application. In the event of an SLA breach, there is a dynamic failover to the next best link. 

 You can also configure bandwidth management to guarantee or limit the bandwidth given to high and low priority applications respectively.  

Which transport interfaces do you support?

FortiGate SD-WAN is transport agnostic.  This not only includes support for a variety of connectivity protocols (Ethernet, 3G/4G, VPN, etc.), but also allows you to use any two of these connections in active-active mode while load balancing traffic across both circuits simultaneously.

Do I need a separate appliance for routing and security?

FortiGate SD-WAN provides the advantage of reducing the number of specialized devices deployed at the branch by consolidating routing, security and SD-WAN functionality in a single appliance.   It can also work in conjunction with existing devices if necessary. 

How do we monitor and manage SD-WAN appliances?

Both the security and SD-WAN functionality on FortiGate SD-WAN devices can be managed easily with FortiManager.  FortiManager provides a single pane of glass, and allows administrators to monitor SD-WAN from a high-level view and drill down into more details when required.  Please see the FortiManager datasheet for more details. 

How can we enable SD-WAN on FortiGate?

FortiGate SD-WAN is a feature available on FortiGate NGFW.  It is available as part of the base license, and doesn’t include any additional cost.