SD-WAN Overview
Software-defined Wide Area Networking (SD-WAN) is designed to revolutionize network routing capabilities at the network edge. More and more large enterprises and organizations are making the move from legacy technologies like branch routers in favor of SD-WAN to become cloud-ready and improve overall customer experience. SD-WAN solutions help companies to dramatically improve network performance for cloud-based resources; which represent a growing percentage of most organizations’ networks.
Not only are SD-WAN solutions easier to manage, they also simplify overall WAN operations and configuration. SD-WAN appliances optimally route application flows to intended destinations over multiple different media transports, including multiprotocol label switching (MPLS) circuits, broadband Internet, and LTE/4G/5G. Establishing multiple paths enables organizations to meet or exceed the same performance and reliability provided by MPLS while reducing sole dependence on MPLS, which is an expensive and geographically-limited infrastructure.
Fortinet, Cisco/Viptela, HPE/Silver Peak, VMware/VeloCloud, Versa Networks, and Palo Alto Networks/CloudGenix are among technology vendors in the SD-WAN market. Most SD-WAN vendors offer management simplicity and traffic optimization, but every provider’s SD-WAN product is different. Beyond the initial purchase price and total cost of ownership (TCO), it is crucial to consider an SD-WAN solution’s ability to meet business requirements for application performance and security. SD-WAN allows branch networks to leverage low cost, high bandwidth broadband Internet circuits while maintaining “MPLS like” performance SLA characteristics. However, utilizing direct Internet breakout also exposes branch networks to Internet borne threats. Without fully integrated security, SD-WAN becomes just another conduit for malware and cyber criminals to attack critical assets.
A primary function of SD-WAN is to offer improved application performance and availability across the corporate WAN. To achieve this, an SD-WAN solution should include dynamic path selection and the ability to be deployed on any edge within the enterprise WAN. This ensures that traffic can be optimally routed directly between any two edges on the corporate WAN, whether they be located in an on-premises data center, at a branch office location, or in an organization’s cloud infrastructure.
A key differentiator between various SD-WAN vendors is whether their solution offers SD-WAN or Secure SD-WAN. SD-WAN by itself is designed to improve an organization’s wide area network (WAN) performance through optimized traffic routing. Secure SD-WAN integrates security infrastructure, such as a next-generation firewall (NGFW), into an SD-WAN solution, which empowers IT, improves security posture effectiveness, and enables greater management simplification.
While many SD-WAN providers claim to offer integrated security solutions, this is often implemented via a chain of standalone networking and security tools that aren’t truly integrated and require multiple management consoles. This approach may meet certain security needs, but it often does so at the expense of network performance and increased TCO. Standalone security solutions are not designed to natively integrate with other solutions, and deploying, monitoring, and maintaining multiple appliances increases associated overhead with an organization’s SD-WAN infrastructure—often negating intended cost savings that SD-WAN investments usually deliver.
Criteria For Choosing SD-WAN Vendor
Fortinet, Cisco/Viptela, HPE/Silver Peak, VMware/VeloCloud, Palo Alto Networks/CloudGenix, and Versa Networks rank among top SD-WAN vendors. When choosing between SD-WAN vendors, it is important to optimize network performance, security, and TCO.
Different features within a Secure SD-WAN offering contribute to its ability to meet each of these three goals. Six vital points of Secure SD-WAN comparison between solutions include:
ASIC Accelerated SD-WAN:
An SD-WAN ASIC is a hardware purposely designed and built to optimize SD-WAN operations. This enables an SD-WAN appliance to achieve a much higher scale and efficiency with no performance degradation compared to SD-WAN solutions running on commercial off-the-shelf (COTS) hardware.
Integrated NGFW:
A Secure SD-WAN solution must natively incorporate an integrated NGFW, removing the need to deploy additional standalone security solutions. This integration capability should provide protection from Layer 4 through Layer 7, including inspection of SSL/TLS encrypted traffic, and segmentation to stop lateral movement of threats at distributed locations.
TCO per Protected Mbps:
Measurement of the total cost of ownership (TCO) in terms of protected Mbps captures the impact of both security (if applicable) and SD-WAN functionality on a solution's price and performance.
Multi-Platform Availability:
SD-WAN appliances must include both physical and virtual form factors that allow them to be deployed throughout the corporate WAN. This includes data centers, branch offices, and public/private cloud deployments.
Self-Healing:
SD-WAN increases network resiliency using dynamic path selection with sub-second fail-over along with WAN remediation techniques such as FEC and packet duplication. Together, they enable an SD-WAN solution to ensure both application performance and availability.
Secure SD-Branch
Secure SD-Branch consolidates operations and eliminates silos. Convergence of the WAN, security, and access layer (wired and wireless) consolidates management, reduces risk, and increases agility.
SD-WAN Providers Comparison Chart
6 Leading SD-WAN Providers
- Fortinet
- Cisco Viptela
- HPE Silver Peak
- VMware VeloCloud
- Palo Alto Prisma SD-WAN
- Versa Networks
| Fortinet | Cisco Viptela |
HPE Silver Peak |
VMware VeloCloud |
Palo Alto Prisma SD-WAN |
Versa Networks |
|
|---|---|---|---|---|---|---|
| ASIC Accelerated SD-WAN | Y | N | N | N | N | N |
| Integrated NGFW | Y | Y1 | N2 | N3 | N | Y |
| TCO per Protected Mbps | $4 | Unknown | $37 | $28 | Unknown | $10 |
| Multi-Platform Availability | Y | Y6 | Y7 | Y8 | Y | Y9 |
| Self Healing SD-WAN | Y | Y | Y | Y | N | N |
| ZTNA Access Proxy | Y | N | N | N | N | N |
| Secure SD-Branch | Y | N | N | N | N | N |
Fortinet Secure SD-WAN is the clear leader in terms of SD-WAN performance, security, and TCO. It is the only SD-WAN solution that incorporates both an SD-WAN ASIC and integrated NGFW and also offers zero-touch deployment, self-healing SD-WAN, and multi-platform support.
[1] NGFW is an add-on software to the platform
[2] https://www.silver-peak.com/sd-wan/top-benefits-sd-wan
[3] Gartner Magic Quadrant for WAN Edge Infrastructure Report
[4] https://go.versa-networks.com/l/633831/2019-04-09/bn4k/633831/27574/The_Benefits_of_SD_WAN_with_Integrated_Branch_Security.pdf
[5] https://searchnetworking.techtarget.com/news/252465526/Fortinet-TCO-low-Silver-Peak-high-in-NSS-Labs-SD-WAN-report
[6] https://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/sd-wan/nb-06-sd-wan-sol-overview-cte-en.html?oid=otren012099#Securitythatisbuiltinnotboltedon
[7] https://www.silver-peak.com/sd-wan/top-benefits-sd-wan
[8] https://www.velocloud.com/products/features
[9] https://www.versa-networks.com/sd-wan/
[10] Gartner Magic Quadrant for WAN Edge Infrastructure Report
Additionally, its TCO per protected Mbps is less than half that of the closest competitor. This result was reported by NSS Labs, a third-party testing authority, to demonstrate an SD-WAN solution’s ability to balance network performance, security, and value. With its custom ASIC, Fortinet Secure SD-WAN is capable of performing traffic inspection and intelligent routing across the SD-WAN overlay more efficiently than other solutions.
Fortinet is the only SD-WAN provider that offers an SD-WAN solution with both hardware-accelerated SD-WAN functionality and a NGFW integrated as a single appliance, powered by one OS. This enables Fortinet to offer Layer 4-7 security inspection, including inspection of encrypted traffic (SSL/TLS), with minimal impact on network performance and throughput. Without dedicated hardware, such as an SD-WAN application-specific circuit (ASIC), SSL/TLS traffic inspection dramatically decreases network throughput.
Fortinet Secure SD-WAN is also capable of identifying over 5,000 unique applications including encrypted traffic based upon first packet classification and deep packet inspection. The solution leverages the SD-WAN ASIC to decrypt and inspect SSL traffic for the most accurate and granular application steering while still maintaining high levels of throughput. FortiGuard labs leverage AI/ML to continuously provide the most up-to-date application classification. This enables Secure SD-WAN to apply application-specific prioritization and route it over the optimal choice of transport media to maximize application performance and reliability.
Fortinet is the only vendor that can provide the broadest hardware selections and best performance for the virtual appliances - over 20Gbps of IPsec performance that’s 10 times the industry average.
Comparing SD-WAN Vendors
Each SD-WAN vendor offers a unique solution with a different focus. While the primary purpose of SD-WAN is to improve application performance, it is also essential to integrate security and provide high value for performance.
Many SD-WAN solution providers make significant tradeoffs in terms of network performance, security, or TCO. Finding the best SD-WAN vendor for your requirements should involve a comparison of SD-WAN vendors based upon their ability to balance these requirements.
1. Cisco
Cisco’s SD-WAN solution is implemented as software that can be deployed to a range of different Cisco appliances. While Fortinet Secure SD-WAN shares Cisco’s zero-touch approach for deployment, the Fortinet solution implements SD-WAN functionality supported by a custom ASIC. This enables Fortinet Secure SD-WAN to achieve much higher throughput than would be possible with a software-based solution. Additionally, the use of hardware acceleration designed to support SD-WAN functionality and an integrated NGFW enables Fortinet solutions to achieve higher efficiency and more robust protection through full network and security integration. Finally, Cisco’s overall SD-WAN solution encompasses several different products acquired through Meraki and Viptela, combined with Cisco Integrated Services Routers and Catalyst 8K series. The outcome is inconsistent capabilities, performance and management. The Fortinet SD-WAN was created as one, unified solution developed organically.
2. HPE/Silver Peak
Silver Peak advertises a Secure SD-WAN solution that operates throughout the corporate WAN. This solution is implemented through partnerships with multiple different third-party security vendors, whose solutions are connected to Silver Peak’s SD-WAN solution. While this enables an organization to implement the required security controls for privacy and regulatory compliance, it does so at the cost of increased management overhead, complexity, and TCO.
Fortinet offers a fully-integrated Secure SD-WAN solution. Rather than relying upon a collection of standalone point solutions, FortiGate NGFWs have integrated SD-WAN functionality and are part of the Fortinet Security Fabric. This enables them to optimize network and security operations and provide single-pane-of-glass visibility and management of an organization’s entire WAN infrastructure.
3. VMware/VeloCloud
VMware SD-WAN by VeloCloud is positioned as being designed to provide high-performance, reliable SD-WAN connectivity throughout the enterprise WAN. However, it lacks essential features including built-in security, traditional WAN optimization features and full support for IPv6.
VeloCloud supports a wide range of deployment environments and while VeloCloud’s support for VNFs enable it to support a wide range of third-party security solutions, it often does so at the cost of performance. Integration of a third-party NGFW as a VNF on some VeloCloud models decreases the overall appliance throughput.
In contrast, Fortinet solutions use a custom-built ASIC to provide SD-WAN functionality and incorporate an integrated NGFW. The increased efficiency provided by this custom-built hardware enables Fortinet Secure SD-WAN to perform full inspection of unencrypted and encrypted network traffic with industry-leading performance.
4. Palo Alto Networks/CloudGenix
CloudGenix, a Palo Alto Networks company, claims to offer an SD-WAN focused on lightweight appliances that can be easily deployed throughout the corporate WAN. However, these described lightweight solutions lack many vital features for Secure SD-WAN, including WAN optimization and integrated NGFW capabilities. CloudGenix also has limited adoption by service providers, which slows its ability to grow.
Fortinet Secure SD-WAN offers zero-touch provisioning, enabling it to be deployed easily as well. However, Fortinet Secure SD-WAN also provides a number of integrated network optimization and security capabilities. This enables it to provide high-performance, secure network connectivity throughout the corporate WAN with an industry-leading TCO. In addition, Fortinet’s security-driven networking approach to SD-WAN and its broad API ecosystem allow managed security service providers to expand their service offerings and differentiate themselves in a crowded WAN edge market.
5. Versa Networks
Versa markets its Secure SD-WAN platform as designed to decrease the cost of implementing SD-WAN on an organization’s network. Rather than requiring the purchase of custom hardware, Versa enables network service virtualization (NSV) to run its own software on commercial off-the-shelf (COTS) hardware. This simplifies the acquisition process of an organization’s SD-WAN solution; however, it provides lower performance than dedicated hardware, such as Fortinet’s custom SD-WAN ASIC.
Versa implements its Secure SD-WAN using “service chaining,” where multiple standalone systems are serialized end-to-end. Such an approach may achieve the goal of securing traffic flowing over the corporate WAN, but it lacks the efficiency and simplified management of a fully integrated solution. Additionally, Versa lacks traditional WAN optimization features, which further limits its performance.
Fortinet Secure SD-WAN
Fortinet Secure SD-WAN is the WAN edge market’s most comprehensive WAN edge appliance and provides full integration of networking and security functionality in a single platform. By using specialized hardware for both its SD-WAN and NGFW, including a custom SD-WAN ASIC, Fortinet Secure SD-WAN performs full inspection of both unencrypted and encrypted traffic with minimal impact on system or network performance.
Fortinet Secure SD-WAN also boosts network performance using integrated application identification and awareness. Based on first packet classification, Secure SD-WAN can identify over 5,000 applications. This enables integrated automated path intelligence to prioritize application flows and optimally route them based upon application-specific business rules. With the SOC4 ASIC, Fortinet Secure SD-WAN achieves the industry’s fastest application steering.
Fortinet Secure SD-WAN is part of the Fortinet Security Fabric. This enables an organization to configure, monitor, and manage its entire network and security infrastructure from a single pane of glass. This centralization decreases the complexity of security monitoring, management, and analytics and enables rapid response to potential threats. Additionally, the Fortinet Security Fabric has the ability to connect with over 250 Security Fabric Partner solutions via Fabric Connectors, Fabric APIs, and DevOps scripts. This enables easy integration of Fortinet solutions with an organization’s existing security deployment.
Fortinet Secure SD-WAN is the only SD-WAN solution to offer full integration of hardware-based SD-WAN and NGFW functionality. This integration enables the best available balance of network performance, security, and TCO in an SD-WAN solution. For more information about the capabilities of Fortinet Secure SD-WAN, visit Fortinet’s Secure SD-WAN page.
Gartner’s SD-WAN Leaders
Fortinet was named a Leader in the 2022 Gartner Magic Quadrant for SD-WAN.
Gartner’s Magic Quadrant evaluations are designed to highlight the strengths and weaknesses of the available solutions for specific technology markets. The Gartner Magic Quadrant for WAN Edge Infrastructure ranks SD-WAN providers based upon the completeness of their vision and their ability to execute on it.
In the 2022 Gartner Magic Quadrant for SD-WAN, Fortinet was named a Leader three years in a row and placed highest in Ability to Execute two years in a row. Download the report here.
