FortiGate FortiOS 6.0 SD-WAN Demo
Learn more on how the FortiOS 6.0 can provide SD-WAN capabilities on a FortiGate for greater application visibility and application steering to prioritize business application performance.
Guarda oraFortiGate SD-WAN
Controller WAN application-aware e con più percorsi e sicurezza NGFW integrata
La guida dei leader di rete per la SD-WAN sicuraDisponibile in:
-
Apparecchio
-
Macchina virtuale
-
Cloud
FortiGate SD-WAN Overview
Distributed enterprise branches transitioning to a digital business model are having a significant impact on network WAN. The adoption of cloud services and increasingly mobile work force are accelerating advancements in WAN technologies. With enterprises directly accessing the internet, it’s becoming critical to deploy next-generation security strategies along with enabling multi-path WAN to improve application performance.
Fortinet is the only NGFW vendor to provide native SD-WAN along with integrated advanced threat protection. Fortinet, has received the “Recommended” rating for the first ever test conducted by NSS Labs for Software-Defined Wide Area Networking. Fortinet delivered excellent quality of experience for voice and video, high VPN throughput and best price/performance.
FortiGate SD-WAN replaces separate WAN routers, WAN optimization, and security devices with a single solution that is application-aware, offers automatic WAN path control and multi-broadband support. It improves application performance, reduces WAN Operating expenses and minimizes management complexity.
SD-WAN News
8/09/2018: Fortinet received Recommended Rating in the First SD-WAN Group Test conducted by NSS Labs, Delivers High Voice Quality and VPN Throughput for next-generation branch connectivity.
___________________________________________________________________________________________________
7/12/2018: Fortinet Continues to Gain Traction in the SD-WAN Marketplace. By continuing to evolve our firewall-native SD-WAN features based on customer feedback, Fortinet provides secure SD-WAN for three distinct use cases.
___________________________________________________________________________________________________
5/17/2018: Building an Adaptive and Secure SD-WAN Framework. With more than 60 SD-WAN vendors, learn how to choose the right SD-WAN solutions for you, and build an adaptive and secure SD-WAN framework.
FortiGate SD-WAN Product Details:
FortiGate SD-WAN transforms branches to increase productivity and application performance without compromising on security. With the help of application steering, business-critical applications are always given priority. Granular WAN patch information is collected to automatically fail over to the best available WAN link. A centralized controller with a single pane of glass simplifies management and monitoring, allowing enterprises to quickly provision branches and scale easily. FortiGate SD-WAN has been adopted worldwide in industries as diverse as finance, retail, manufacturing and customer service.
Features
Application aware solution, support a broad range of 3000+ applications as well as granular visibility into sub-applications
Path awareness intelligence to monitor application-level transactions, and dynamically failover to the best available path
Single-pane-of-glass management simplifies deployment, management and monitoring of SD-WAN devices
Benefits
Reduced complexity and high total cost of ownership by using best of breed SD-WAN and NGFW functionality on a single appliance
Improve cloud application performance by prioritizing business critical applications and enabling branches to directly communicate to the internet
Reduce operating expenses by migrating from MPLS and utilizing multi-broadband such as Ethernet, DSL, and LTE
FortiGate SD-WAN Models and Specifications
FortiGate SD-WAN is available in many different form factors with many different models to choose from to meet your needs ranging from entry-level hardware appliances to VM options that be deployed in your branch offices. FortiManager, that can be used to monitor and manage the FortiGate appliances is also available in different form factors and models.
▼
Hardware appliances
NGFW Throughput |
250 Mbps |
Threat Protection Throughput |
200 Mbps |
VPN Throughput |
2 Gbps |
Max G/W to G/W IPSEC Tunnels |
200 |
Ports |
10x GE RJ45 |
NGFW Throughput |
360 Mbps |
Threat Protection Throughput |
250 Mbps |
VPN Throughput |
2.5 Gbps |
Max G/W to G/W IPSEC Tunnels |
200 |
Ports |
14x GE RJ45, 2x Shared Port Pairs |
NGFW Throughput |
360 Mbps |
Threat Protection Throughput |
250 Mbps |
VPN Throughput |
4 Gbps |
Max G/W to G/W IPSEC Tunnels |
2000 |
Ports |
20x GE RJ45, 2x Shared Port Pairs |
NGFW Throughput |
1.8 Gbps |
Threat Protection Throughput |
1.2 Gbps |
VPN Throughput |
9 Gbps |
Max G/W to G/W IPSEC Tunnels |
2000 |
Ports |
18x GE RJ45, 4x GE SFP |
NGFW Throughput |
3.5 Gbps |
Threat Protection Throughput |
3 Gbps |
VPN Throughput |
20 Gbps |
Max G/W to G/W IPSEC Tunnels |
2000 |
Ports |
16x GE RJ45, 16x GE SFP |
NGFW Throughput |
5 Gbps |
Threat Protection Throughput |
4.7 Gbps |
VPN Throughput |
20 Gbps |
Max G/W to G/W IPSEC Tunnels |
2000 |
Ports |
2x 10 GE SFP+, 10x GE RJ45, 8x GE SFP |
Virtual machines
NGFW Throughput |
850 Mbps |
Threat Protection Throughput |
700 Mbps |
VPN Throughput |
1 Gbps |
Max G/W to G/W IPSEC Tunnels |
2000 |
Ports |
Up to 10 |
NGFW Throughput |
1.5 Gbps |
Threat Protection Throughput |
1.2 Gbps |
VPN Throughput |
1.5 Gbps |
Max G/W to G/W IPSEC Tunnels |
2000 |
Ports |
Up to 10 |
NGFW Throughput |
2.5 Gbps |
Threat Protection Throughput |
2 Gbps |
VPN Throughput |
3 Gbps |
Max G/W to G/W IPSEC Tunnels |
2000 |
Ports |
Up to 10 |
NGFW Throughput |
4.5 Gbps |
Threat Protection Throughput |
3.5 Gbps |
VPN Throughput |
5.5 Gbps |
Max G/W to G/W IPSEC Tunnels |
40,000 |
Ports |
Up to 10 |
NGFW Throughput |
9 Gbps |
Threat Protection Throughput |
7 Gbps |
VPN Throughput |
6.5 Gbps |
Max G/W to G/W IPSEC Tunnels |
40,000 |
Ports |
Up to 10 |
Public Cloud
Amazon Web Services (AWS) and Microsoft Azure supported for both BYOL (bring your own license) and On-demand (pay-as-you go). Please see the AWS and Azure Marketplace listings for more information:
Hardware appliances
Virtual machines
Devices/VDOMs (Maximum) |
+1,000 |
GB/Day of Logs |
10 |
Devices/VDOMs (Maximum) |
+5,000 |
GB/Day of Logs |
25 |
Devices/VDOMs (Maximum) |
+10,000 |
GB/Day of Logs |
50 |
Actual performance may vary depending on the network and system configuration. Performance metrics were observed using a DELL R740 (CPU Intel Xeon Platinum 8168 2.7 GHz, Intel X710 network adapters), running FOS v5.6.3. Tested with VMware vSphere 6.5 Enterprise Plus. SR-IOV is enabled. 1. IPS performance is measured using 1 Mbyte HTTP and Enterprise Traffic Mix. 2. Application Control performance is measured with 64 Kbytes HTTP traffic. 3. NGFW performance is measured with IPS and Application Control enabled, based on Enterprise Traffic Mix. 4. Threat Protection performance is measured with IPS and Application Control and Malware protection enabled, based on Enterprise Traffic Mix.
Public Cloud
Amazon Web Services (AWS) and Microsoft Azure supported for both BYOL (bring your own license) and On-demand (pay-as-you go). Please see the AWS and Azure Marketplace listings for more information:
FortiGuard Services for FortiGate SD-WAN
FortiGate SD-WAN employs multiple FortiGuard services. Application control provides visibility into thousands of applications, as well as granular sub-applications. Other security services such as web filtering, sandboxing, antivirus and intrusion prevention protect the branches from the latest advanced threats.
View FortiGuard Labs Services and Bundles.
Application Control
Improve security and meet compliance with easy enforcement of your acceptable use policy through unmatched, real-time visibility into the applications your users are running. With FortiGuard Application Control, you can quickly create policies to allow, deny, or restrict access to applications or entire categories of applications.
Web Filtering
Protects your organization by blocking access to malicious, hacked, or inappropriate websites.
FortiSandbox Cloud
FortiSandbox Cloud Service is an advanced threat detection solution that performs dynamic analysis to identify previously unknown malware. Actionable intelligence generated by FortiCloud Sandbox is fed back into preventive controls within your network—disarming the threat.
Antivirus
FortiGuard Antivirus protects against the latest viruses, spyware, and other content-level threats. It uses industry-leading advanced detection engines to prevent both new and evolving threats from gaining a foothold inside your network and accessing its invaluable content.
Intrusion Prevention
FortiGuard IPS protects against the latest network intrusions by detecting and blocking threats before they reach network devices.
Virus Outbreak Protection Service
FortiGuard Virus Outbreak Protection Service (VOS) closes the gap between antivirus updates with FortiCloud Sandbox analysis to detect and stop malware threats discovered between signature updates before they can spread throughout an organization. OS initiates a real-time look-up to our Global Threat Intelligence database.
FortiGuard Services Bundles
FortiGate Enterprise Bundle
Our Enterprise (ENT) bundle now includes:
- CASB - providing visibility, compliance, data security and threat protection for your cloud-based services.
- Industrial Security Service protection – SCADA (supervisory control and data acquisition) and ICS (industrial control systems). These signatures address attacks against critical infrastructure and manufacturing industries, where we are seeing frequent and sophisticated cyberattacks.
- Security Rating Service - this service performs checks against your fabric-enabled network and provides scoring and recommendations to your operation teams. The subsequent scorecard can be used to gauge adherence to various internal and external organizational polices, standards, and regulations requirements, including providing a ranking of your firm against industry peers.
The FortiGuard Enterprise (ENT) Protection bundle is designed to address today’s advanced threat landscape. The Enterprise Bundle consolidates the comprehensive protection needed to protect and defend against all cyberattack channels from the endpoint to the cloud. Including the technologies needed to address today’s challenging OT, compliance, and management concerns. The Enterprise Bundle offers the most comprehensive protection overall. The Enterprise Bundle includes:
- NGFW Application Control
- IPS
- Antivirus
- Botnet
- IP/Domain Reputation
- Mobile Security
- Web Filtering
- Antispam
- FortiSandbox Cloud
- Virus Outbreak Protection
- Content Disarm & Reconstruction
- CASB
- Security Rating
- Industrial Security Service
- FortiCare
FortiGate UTM Bundle
The FortiGuard Unified Protection Bundle (UTM) is our traditional Unified Threat Management security bundle. The Unified Protection Bundle extends threat protection across the entire digital attack surface, providing industry-leading defense against sophisticated attacks. The UTM bundle has you covered for web and email-based attacks. The UTM bundle delivers the best package available for a unified threat protection offering. The UTM Bundle includes:
- NGFW Application Control
- IPS
- Antivirus
- Botnet
- IP/Domain Reputation
- Mobile Security
- Web Filtering
- Antispam
- FortiSandbox Cloud
- Virus Outbreak Protection
- Content Disarm & Reconstruction
- FortiCare
The FortiGuard Advantage:
- FortiGuard processes over 69 million websites every hour, providing up-to-the-minute reputation and categorization.
- Prevent malicious downloads and browser hijacking attacks with top-rated web filtering (VBWeb Verified)
- Improved email productivity through superior spam prevention validated with 3rd party independent testing (VBSpam + Verified)
FortiGate Advanced Threat Protection Bundle
The FortiGuard Advanced Threat Protection (ATP) bundle provides the foundational security needed to protect and defend against known and unknown cyber threats. The Advanced Threat Protection bundle includes:
- NGFW Application Control
- IPS
- Antivirus
- Botnet
- IP/Domain Reputation
- Mobile Security
- FortiSandbox Cloud
- Virus Outbreak Protection
- Content Disarm & Reconstruction
- FortiCare 24*7
Services Table
| Service | Advanced Threat Protection (ATP) |
Unified Protection (UTM) |
Enterprise Protection (ENT) |
A La Carte Protection |
| Threat Intelligence Service |
✔ |
|||
| Industrial Security Service |
✔ |
✔ |
||
| Security Rating |
✔ |
✔ |
||
| CASB |
✔ |
✔ |
||
| Web Filtering |
✔ | ✔ |
✔ |
|
| Antivirus + Sandboxing |
✔ |
✔ |
✔ |
✔ |
| IPS |
✔ |
✔ |
✔ |
✔ |
| Antispam |
✔ |
✔ |
||
| Internet DB |
✔ |
✔ |
✔ |
|
| IP Reputation |
✔ |
✔ |
✔ | |
| Application Control |
✔ |
✔ |
✔ |
▼
Webinars and Videos
White Papers
Data Sheets
Product Demo
FortiGate SD-WAN Demo
Welcome to the FortiGate Secure SD-WAN 6.0 demo site. This demo shows the dynamic WAN path controller, application SLA enforcement, intelligent application steering and traffic shaping capabilities of Fortinet SD-WAN and how it can help your organization achieve more efficient use of your WAN resources while lowering TCO.
Access the demo
FortiManager SD-WAN Demo
Welcome to the Fortinet Secure SD-WAN demo. This demo shows the dynamic WAN path controller, application SLA enforcement, intelligent application steering and traffic shaping capabilities of FortiGate SD-WAN, plus centralized SD-WAN management, orchestration, and controller capabilities of FortiManager and how it can help your organization achieve more efficient use of your WAN resources while lowering TCO.
Access the demoFortiGate Secure SD-WAN tackles the most difficult challenges of secure SD-WAN deployment and was the only Next-Generation Firewall (NGFW) security vendor to receive a “Recommended” rating in NSS Labs’ first-ever software-defined wide area networking report - delivering Highest VoIP Quality of Experience and Lowest Total Cost of Ownership per Mbps Among All Nine Vendors
Key Highlights:
- Highest quality of experience for VoIP: FortiGate SD-WAN showcased robust results for VoIP and video applications of 4.38 out of 4.41 and 4.26 out of 4.53, respectively.
- Lowest total cost of ownership (TCO): FortiGate SD-WAN delivers the lowest TCO per Mbps (VPN throughput) among all participating vendors at a ratio of $5@749 Mbps.
- Native NGFW Security: FortiGate SD-WAN with native NGFW security blocked 100 percent of evasions and achieved 99.9 percent security effectiveness.
Comparative Report - Value Matrix
Fortinet solutions have consistently demonstrated superior performance and feature quality TCO when put to the test. Recent customer traction shows that organizations around the world are increasingly choosing FortiGate SD-WAN to upgrade their WAN infrastructure. The 2018 NSS Labs SD-WAN test results further prove that Fortinet delivers the highest quality of experience for VoIP, the best TCO and the right security to go with it, solidifying FortiGate SD-WAN as a compelling balance of quality, security and value. Take a look at the comparative value matrix report and understand how Fortinet emerged as a top choice for Secure SD-WAN.
SD-WAN Value Map
In a crowded SD-WAN market, enterprises are finding it increasingly difficult to identify the right solution for them. NSS Labs provides a comprehensive and impartial test, in real-world situations, that identifies the key requirements for SD-WAN and the effectiveness of each solution. The SD-WAN capabilities that were assessed by NSS Labs include Application-Aware Traffic Steering, Dynamic Path Selection with SLA Measurements and other WAN Impairments. Fortinet is the Only Vendor with Security Capabilities to Receive SD-WAN Recommended Rating. Take a look at the SVM and compare the following:
- Quality of Experience of VoIP
- Quality of Experience of Video
- VPN Performance
- Total Cost of Ownership
Fortinet FortiGate 61E Test Report
Take a closer look at how Fortinet excelled in every category assessed by NSS Labs. Fortinet showcased a number of advantages including the highest quality of experience for VoIP, lowest TCO and native NGFW security.
Comparative Report - Performance
NSS Labs SD-WAN Performance Comparative report provides a detailed comparison of all 9 participating vendors for quality of experience and performance. Fortinet showcased the highest quality of experience for business-critical applications such as VoIP and excellent VPN performance.
Comparative Report - TCO
NSS Labs SD-WAN TCO Comparative report provides a detailed comparison of all 9 participating vendors for quality of experience and performance. FortiGate SD-WAN has achieved the best price/performance among all 10 vendors with TCO of $5.
SD-WAN
Below are answers to common questions regarding product and related services:
Why is security important for SD-WAN?
SD-WAN allows branches to directly communicate to the internet, providing high application performance. Traditionally, branches had limited security considering that all traffic was backhauled to the datacenter. With SD-WAN branches are directly exposed, allowing attackers to target the weakest link. The change in the malware landscape warrants a strong security solution to protect enterprises from sophisticated threats to avoid financial and reputation damages.
What is the key differentiator for FortiGate SD-WAN?
The key differentiator for FortiGate SD-WAN is that SD-WAN functionality is integrated with security. Fortinet is the only SD-WAN vendor to be recommended by NSS labs for the last 5 consecutive years for performance and security effectiveness. Integrated security reduces complexity and simplifies management and monitoring. Fortinet security fabric also provides broad and integrated protection across all attack vectors, including endpoints, mail, switches and access points.
How can we prioritize business-critical applications, and enforce SLA?
FortiGate SD-WAN is application-aware and has broad visibility into more than 3000 applications. Using application steering, you can ensure that business critical applications such as Office365 and Skype always go through the preferred link. Granular application-level transaction SLA criteria, such as jitter, packet loss and latency can be specified for each application. In the event of an SLA breach, there is a dynamic failover to the next best link.
You can also configure bandwidth management to guarantee or limit the bandwidth given to high and low priority applications respectively.
Which transport interfaces do you support?
FortiGate SD-WAN is transport agnostic. This not only includes support for a variety of connectivity protocols (Ethernet, 3G/4G, VPN, etc.), but also allows you to use any two of these connections in active-active mode while load balancing traffic across both circuits simultaneously.
Do I need a separate appliance for routing and security?
FortiGate SD-WAN provides the advantage of reducing the number of specialized devices deployed at the branch by consolidating routing, security and SD-WAN functionality in a single appliance. It can also work in conjunction with existing devices if necessary.
How do we monitor and manage SD-WAN appliances?
Both the security and SD-WAN functionality on FortiGate SD-WAN devices can be managed easily with FortiManager. FortiManager provides a single pane of glass, and allows administrators to monitor SD-WAN from a high-level view and drill down into more details when required. Please see the FortiManager datasheet for more details.
How can we enable SD-WAN on FortiGate?
FortiGate SD-WAN is a feature available on FortiGate NGFW. It is available as part of the base license, and doesn’t include any additional cost.