SD-WAN

SD-WAN:具有集成 NGFW 安全功能的应用程序感知、多路径 WAN 控制器

网络领导者保护 SD WAN 指南
适用于:
  • 设备
  • 虚拟机

FortiGate SD-WAN

Distributed enterprise branches transitioning to a digital business model are having a significant impact on network WAN. The adoption of cloud services and increasingly mobile work force are accelerating advancements in WAN technologies. With enterprises directly accessing the internet, it’s becoming critical to deploy next-generation security strategies along with enabling multi-path WAN to improve application performance.

Fortinet is the only NGFW vendor to provide native SD-WAN along with integrated advanced threat protection.  FortiGate SD-WAN replaces separate WAN routers, WAN optimization, and security devices with a single solution that is application-aware, offers automatic WAN path control and multi-broadband support.  It provides the industry's best VPN performance and a scalable solution that can be deployed across several branches.  

 

SD-WAN News

7/12/2018:  Fortinet Continues to Gain Traction in the SD-WAN Marketplace. By continuing to evolve our firewall-native SD-WAN features based on customer feedback, Fortinet provides secure SD-WAN for three distinct use cases. 

___________________________________________________________________________________________________

5/17/2018: Building an Adaptive and Secure SD-WAN Framework.  With more than 60 SD-WAN vendors, learn how to choose the right SD-WAN solutions for you, and build an adaptive and secure SD-WAN framework. 

___________________________________________________________________________________________________

5/03/2018: Fortinet CEO: We Believe we're Leading the SD-WAN Space. Fortinet CEO, Ken Xie, discusses the benefits of integrating security and network access functions together through SD-WAN. 

 

   

SD-WAN Videos

FortiGate FortiOS 6.0 SD-WAN Demo

Learn more on how the FortiOS 6.0 can provide SD-WAN capabilities on a FortiGate for greater application visibility and application steering to prioritize business application performance.

立即观看
Alorica chose SD-WAN to power their network today
Transform Your Enterprise Branch with Fortinet Secure SD-WAN
Roll out SD-WAN with Fortinet's Zero Touch Deployment

FortiGate SD-WAN Product Details:

FortiGate SD-WAN transforms branches to increase productivity and application performance without compromising on security.  With the help of application steering, business-critical applications are always given priority.  Granular WAN patch information is collected to automatically fail over to the best available WAN link. A centralized controller with a single pane of glass simplifies management and monitoring, allowing enterprises to quickly provision branches and scale easily.  FortiGate SD-WAN has been adopted worldwide in industries as diverse as finance, retail, manufacturing and customer service. 

Features

intelligent icon

Application aware solution, support a broad range of 3000+ applications as well as granular visibility into sub-applications

monitoring icon

Path awareness intelligence to monitor application-level transactions, and dynamically failover to the best available path

platform support icon

Single-pane-of-glass management simplifies deployment, management and monitoring of SD-WAN devices

Benefits

icon benefits tools
Reduced complexity and high total cost of ownership by using best of breed SD-WAN and NGFW functionality on a single appliance
high performance icon
Improve cloud application performance by prioritizing business critical applications and enabling branches to directly communicate to the internet
reduce cash icon
Reduce operating expenses by migrating from MPLS and utilizing multi-broadband such as Ethernet, DSL, and LTE

FortiGate SD-WAN Models and Specifications

FortiGate SD-WAN is available in many different form factors with many different models to choose from to meet your needs ranging from entry-level hardware appliances to VM options that be deployed in your branch offices.  FortiManager, that can be used to monitor and manage the FortiGate appliances is also available in different form factors and models.

Hardware appliances

NGFW Throughput
250 Mbps
Threat Protection Throughput
200 Mbps
VPN Throughput
2 Gbps
Max G/W to G/W IPSEC Tunnels
200
Ports
10x GE RJ45
NGFW Throughput
360 Mbps
Threat Protection Throughput
250 Mbps
VPN Throughput
2.5 Gbps
Max G/W to G/W IPSEC Tunnels
200
Ports
14x GE RJ45, 2x Shared Port Pairs
NGFW Throughput
360 Mbps
Threat Protection Throughput
250 Mbps
VPN Throughput
4 Gbps
Max G/W to G/W IPSEC Tunnels
2000
Ports
20x GE RJ45, 2x Shared Port Pairs
NGFW Throughput
1.8 Gbps
Threat Protection Throughput
1.2 Gbps
VPN Throughput
9 Gbps
Max G/W to G/W IPSEC Tunnels
2000
Ports
18x GE RJ45, 4x GE SFP
NGFW Throughput
3.5 Gbps
Threat Protection Throughput
3 Gbps
VPN Throughput
20 Gbps
Max G/W to G/W IPSEC Tunnels
2000
Ports
16x GE RJ45, 16x GE SFP
NGFW Throughput
5 Gbps
Threat Protection Throughput
4.7 Gbps
VPN Throughput
20 Gbps
Max G/W to G/W IPSEC Tunnels
2000
Ports
2x 10 GE SFP+, 10x GE RJ45, 8x GE SFP

Virtual machines

NGFW Throughput
850 Mbps
Threat Protection Throughput
700 Mbps
VPN Throughput
1 Gbps
Max G/W to G/W IPSEC Tunnels
2000
Ports
Up to 10
NGFW Throughput
1.5 Gbps
Threat Protection Throughput
1.2 Gbps
VPN Throughput
1.5 Gbps
Max G/W to G/W IPSEC Tunnels
2000
Ports
Up to 10
NGFW Throughput
2.5 Gbps
Threat Protection Throughput
2 Gbps
VPN Throughput
3 Gbps
Max G/W to G/W IPSEC Tunnels
2000
Ports
Up to 10
NGFW Throughput
4.5 Gbps
Threat Protection Throughput
3.5 Gbps
VPN Throughput
5.5 Gbps
Max G/W to G/W IPSEC Tunnels
40,000
Ports
Up to 10
NGFW Throughput
9 Gbps
Threat Protection Throughput
7 Gbps
VPN Throughput
6.5 Gbps
Max G/W to G/W IPSEC Tunnels
40,000
Ports
Up to 10

 

Public Cloud

Amazon Web Services (AWS) and Microsoft Azure supported for both BYOL (bring your own license) and On-demand (pay-as-you go). Please see the AWS and Azure Marketplace listings for more information:

 

Hardware appliances

Devices/VDOMs (Maximum)
1200
Sustained Log Rates
50
GB/Day
2
Devices/VDOMs (Maximum)
4000
Sustained Log Rates
150
GB/Day
10

Virtual machines

Devices/VDOMs (Maximum)
+1,000
GB/Day of Logs
10
Devices/VDOMs (Maximum)
+5,000
GB/Day of Logs
25
Devices/VDOMs (Maximum)
+10,000
GB/Day of Logs
50
Actual performance may vary depending on the network and system configuration. Performance metrics were observed using a DELL R740 (CPU Intel Xeon Platinum 8168 2.7 GHz, Intel X710 network adapters), running FOS v5.6.3. Tested with VMware vSphere 6.5 Enterprise Plus. SR-IOV is enabled. 1. IPS performance is measured using 1 Mbyte HTTP and Enterprise Traffic Mix. 2. Application Control performance is measured with 64 Kbytes HTTP traffic. 3. NGFW performance is measured with IPS and Application Control enabled, based on Enterprise Traffic Mix. 4. Threat Protection performance is measured with IPS and Application Control and Malware protection enabled, based on Enterprise Traffic Mix.

 

Public Cloud

Amazon Web Services (AWS) and Microsoft Azure supported for both BYOL (bring your own license) and On-demand (pay-as-you go). Please see the AWS and Azure Marketplace listings for more information:

FortiGuard Services for FortiGate SD-WAN

FortiGate SD-WAN employs multiple FortiGuard services.  Application control provides visibility into thousands of  applications, as well as granular sub-applications.  Other security services such as web filtering, sandboxing, antivirus and intrusion prevention protect the branches from the latest advanced threats.

View FortiGuard Labs Services and Bundles.

 

FG Application Control

应用控制

可对您的用户正在运行的应用程序获得无可比拟的实时可见性,并轻松执行您可接受的使用策略,从而提供安全性并满足合规要求。通过 FortiGuard 应用控制,您可以快速创建策略来允许、拒绝或限制对应用程序或整个类别的应用程序的访问。

FG Web Filtering

网页过滤

通过对恶意、被侵入或不当网站的访问阻拦来保护您的组织。

Icon cloudsandbox

FortiSandbox 云

FortiSandbox 云服务是一个高级威胁检测解决方案,能够执行动态分析来提前识别未知的恶意软件。FortiSandbox 云生成的可执行威胁情报会反馈到防火墙网络安全策略配置中,进行威胁阻断。

FG Antivirus

反病毒

FortiGuard 反病毒可阻断最新病毒、间谍软件以及其他内容层面的威胁。它采用行业领先的高级检测引擎来阻止不断变化的新威胁在您的网络中获得据点、访问网络中宝贵的内容。

FG Intrusion Prevention

入侵防御

FortiGuard IPS 通过检测威胁并在威胁侵入到网络设备前对此阻断,以此抵御最新的网络入侵。

Product Category Thumb SS virus outbreak

Virus Outbreak Protection Service

FortiGuard Virus Outbreak Protection Service (VOS) closes the gap between antivirus updates with FortiCloud Sandbox analysis to detect and stop malware threats discovered between signature updates before they can spread throughout an organization. OS initiates a real-time look-up to our Global Threat Intelligence database.

 

 

FortiGuard Services Bundles

FortiGate Enterprise Bundle

Our Enterprise (ENT) bundle now includes:

  • CASB - providing visibility, compliance, data security and threat protection for your cloud-based services.
  • Industrial Security Service protection – SCADA (supervisory control and data acquisition) and ICS (industrial control systems). These signatures address attacks against critical infrastructure and manufacturing industries, where we are seeing frequent and sophisticated cyberattacks.
  • Security Rating Service - this service performs checks against your fabric-enabled network and provides scoring and recommendations to your operation teams. The subsequent scorecard can be used to gauge adherence to various internal and external organizational polices, standards, and regulations requirements, including providing a ranking of your firm against industry peers. 

The FortiGuard Enterprise (ENT) Protection bundle is designed to address today’s advanced threat landscape. The Enterprise Bundle consolidates the comprehensive protection needed to protect and defend against all cyberattack channels from the endpoint to the cloud. Including the technologies needed to address today’s challenging OT, compliance, and management concerns. The Enterprise Bundle offers the most comprehensive protection overall. The Enterprise Bundle includes: 

  • NGFW Application Control
  • IPS
  • Antivirus
  • Botnet
  • IP/Domain Reputation
  • Mobile Security
  • Web Filtering
  • Antispam
  • FortiSandbox Cloud
  • Virus Outbreak Protection
  • Content Disarm & Reconstruction 
  • CASB
  • Security Rating 
  • Industrial Security Service
  • FortiCare
FortiGate UTM Bundle

The FortiGuard Unified Protection Bundle (UTM) is our traditional Unified Threat Management security bundle. The Unified Protection Bundle extends threat protection across the entire digital attack surface, providing industry-leading defense against sophisticated attacks. The UTM bundle has you covered for web and email-based attacks. The UTM bundle delivers the best package available for a unified threat protection offering. The UTM Bundle includes: 

  • NGFW Application Control
  • IPS
  • Antivirus
  • Botnet
  • IP/Domain Reputation
  • Mobile Security
  • Web Filtering
  • Antispam
  • FortiSandbox Cloud
  • Virus Outbreak Protection
  • Content Disarm & Reconstruction 
  • FortiCare

The FortiGuard Advantage: 

  • FortiGuard processes over 69 million websites every hour, providing up-to-the-minute reputation and categorization. 
  • Prevent malicious downloads and browser hijacking attacks with top-rated web filtering (VBWeb Verified)
  • Improved email productivity through superior spam prevention validated with 3rd party independent testing (VBSpam + Verified)
FortiGate Advanced Threat Protection Bundle

The FortiGuard Advanced Threat Protection (ATP) bundle provides the foundational security needed to protect and defend against known and unknown cyber threats. The Advanced Threat Protection bundle includes: 

  • NGFW Application Control
  • IPS
  • Antivirus
  • Botnet
  • IP/Domain Reputation
  • Mobile Security
  • FortiSandbox Cloud
  • Virus Outbreak Protection
  • Content Disarm & Reconstruction 
  • FortiCare 24*7
Services Table
Service Advanced Threat Protection
(ATP)
 
Unified Protection
(UTM)
 
Enterprise Protection
(ENT)
 
A La Carte Protection


Threat Intelligence Service
     
Industrial Security Service
   

Security Rating
   

CASB
   

Web Filtering
 

Antivirus + Sandboxing




IPS




Antispam
 

 
Internet DB



 
IP Reputation


 
Application Control



 

Product Demo

product demo fortigate 80e

FortiGate SD-WAN Demo

Welcome to the FortiGate Secure SD-WAN 6.0 demo site. This demo shows the dynamic WAN path controller, application SLA enforcement, intelligent application steering and traffic shaping capabilities of Fortinet SD-WAN and how it can help your organization achieve more efficient use of your WAN resources while lowering TCO. 

Access the demo

FortiGate Secure SD-WAN tackles the most difficult challenges of secure SD-WAN deployment and was the only Next-Generation Firewall (NGFW) security vendor to receive a “Recommended” rating in NSS Labs’ first-ever software-defined wide area networking report - delivering Highest VoIP Quality of Experience and Lowest Total Cost of Ownership per Mbps Among All Nine Vendors

Key Highlights:

  1. Highest quality of experience for VoIP: FortiGate SD-WAN showcased robust results for VoIP and video applications of 4.38 out of 4.41 and 4.26 out of 4.53, respectively. 
  2. Lowest total cost of ownership (TCO): FortiGate SD-WAN delivers the lowest TCO per Mbps (VPN throughput) among all participating vendors at a ratio of $5@749 Mbps.
  3. Native NGFW Security: FortiGate SD-WAN with native NGFW security blocked 100 percent of evasions and achieved 99.9 percent security effectiveness.    

 

file

Comparative Report - Value Matrix

Fortinet solutions have consistently demonstrated superior performance and feature quality TCO when put to the test. Recent customer traction shows that organizations around the world are increasingly choosing FortiGate SD-WAN to upgrade their WAN infrastructure.  The 2018 NSS Labs SD-WAN test results further prove that Fortinet delivers the highest quality of experience for VoIP,  the best TCO and the right security to go with it, solidifying FortiGate SD-WAN as a compelling balance of quality, security and value. Take a look at the comparative value matrix report and understand how Fortinet emerged as a top choice for Secure SD-WAN. 

Download the Report

 

 

SD-WAN Value Map

SD-WAN Value Map

In a crowded SD-WAN market, enterprises are finding it increasingly difficult to identify the right solution for them. NSS Labs provides a comprehensive and impartial test, in real-world situations, that identifies the key requirements for SD-WAN and the effectiveness of each solution. The SD-WAN capabilities that were assessed by NSS Labs include Application-Aware Traffic Steering, Dynamic Path Selection with SLA Measurements and other WAN Impairments.  Fortinet is the Only Vendor with Security Capabilities to Receive SD-WAN Recommended Rating.  Take a look at the SVM and compare the following: 

  • Quality of Experience of VoIP
  • Quality of Experience of Video 
  • VPN Performance 
  • Total Cost of Ownership
现在下载

 

 

Fortinet FortiGate 61E Test Report

Fortinet FortiGate 61E Test Report

Take a closer look at how Fortinet excelled in every category assessed by NSS Labs.  Fortinet showcased a number of advantages including the highest quality of experience for VoIP, lowest TCO and native NGFW security.

Download the Report

 

 

Comparative Report -  Performance

Comparative Report - Performance

NSS Labs SD-WAN Performance Comparative report provides a detailed comparison of all 9 participating vendors for quality of experience and performance. Fortinet showcased the highest quality of experience for business-critical applications such as VoIP and excellent VPN performance.      

Download the Report

 

 

file

Comparative Report - TCO

NSS Labs SD-WAN TCO Comparative report provides a detailed comparison of all 9 participating vendors for quality of experience and performance. FortiGate SD-WAN has achieved the best price/performance among all 10 vendors with TCO of $5.

Download the Report

SD-WAN

Below are answers to common questions regarding product and related services:

Why is security important for SD-WAN?

SD-WAN allows branches to directly communicate to the internet, providing high application performance.  Traditionally, branches had limited security considering that all traffic was backhauled to the datacenter.  With SD-WAN branches are directly exposed, allowing attackers to target the weakest link.  The change in the malware landscape warrants a strong security solution to protect enterprises from sophisticated threats to avoid financial and reputation damages. 

What is the key differentiator for FortiGate SD-WAN?

The key differentiator for FortiGate SD-WAN is that SD-WAN functionality is integrated with security.  Fortinet is the only SD-WAN vendor to be recommended by NSS labs for the last 5 consecutive years for performance and security effectiveness.   Integrated security reduces complexity and simplifies management and monitoring.  Fortinet security fabric also provides broad and integrated protection across all attack vectors, including endpoints, mail, switches and access points. 

How can we prioritize business-critical applications, and enforce SLA?

FortiGate SD-WAN is application-aware and has broad visibility into more than 3000 applications.  Using application steering, you can ensure that business critical applications such as Office365 and Skype always go through the preferred link.  Granular application-level transaction SLA criteria, such as jitter, packet loss and latency can be specified for each application. In the event of an SLA breach, there is a dynamic failover to the next best link. 

 You can also configure bandwidth management to guarantee or limit the bandwidth given to high and low priority applications respectively.  

Which transport interfaces do you support?

FortiGate SD-WAN is transport agnostic.  This not only includes support for a variety of connectivity protocols (Ethernet, 3G/4G, VPN, etc.), but also allows you to use any two of these connections in active-active mode while load balancing traffic across both circuits simultaneously.

Do I need a separate appliance for routing and security?

FortiGate SD-WAN provides the advantage of reducing the number of specialized devices deployed at the branch by consolidating routing, security and SD-WAN functionality in a single appliance.   It can also work in conjunction with existing devices if necessary. 

How do we monitor and manage SD-WAN appliances?

Both the security and SD-WAN functionality on FortiGate SD-WAN devices can be managed easily with FortiManager.  FortiManager provides a single pane of glass, and allows administrators to monitor SD-WAN from a high-level view and drill down into more details when required.  Please see the FortiManager datasheet for more details. 

How can we enable SD-WAN on FortiGate?

FortiGate SD-WAN is a feature available on FortiGate NGFW.  It is available as part of the base license, and doesn’t include any additional cost.