SD-WAN

SD-WAN: 애플리케이션 인식, NGFW 보안과 통합된 다중 경로 WAN 컨트롤러

SD WAN을 보호하기 위한 네트워크 리더 가이드
구매 형태 :
  • 어플라이언스
  • 가상 머신
  • 클라우드

FortiGate SD-WAN

여러 곳에 흩어진 기업 브랜치를 디지털 비즈니스 모델로 전환하는 것은 WAN 네트워크에 상당한 영향을 미칩니다. 클라우드 서비스를 도입하고 모바일 워크가 늘어나면서 WAN 기술의 발전이 가속화되고 있습니다. 기업이 인터넷에 직접 액세스하게 되면 다중 경로 WAN을 지원하는 것과 동시에 차세대 보안 전략을 도입해서 애플리케이션 성능을 향상하는 것이 중요합니다.

Fortinet이 통합적인 고급 위협 보호와 더불어 네이티브 SD-WAN을 제공하는 유일한 차세대 방화벽 벤더입니다. FortiGate SD-WAN은 다수의 벤더로 구성된 WAN 라우터, WAN 최적화, 보안 기기를 하나의 솔루션으로 대체합니다. 이 솔루션은 애플리케이션을 인식하여 자동 WAN 경로 제어 및 다중 광대역 지원을 제공합니다. 업계 최고의 VPN 성능을 자랑하고 여러 지점에 동시에 배포할 수 있는 확장형 솔루션입니다.

 

SD-WAN 뉴스

7/12/2018:  Fortinet, SD-WAN 시장에서 추진력을 얻다. Fortinet은 방화벽에 기본으로 설치된 SD-WAN 기능을 고객 피드백을 바탕으로 거듭 개선하여 3가지 사용 사례에 안전한 SD-WAN을 제공합니다.

___________________________________________________________________________________________________

5/17/2018: 안전한 적응형 SD-WAN 프레임워크 구축 SD-WAN 벤더는 60개가 넘습니다. 자신에게 맞는 적절한 SD-WAN 솔루션을 선택하고 안전한 적응형 SD-WAN 프레임워크를 구축하는 방법을 알아보세요.

___________________________________________________________________________________________________

5/03/2018: Fortinet CEO: SD-WAN 분야를 선도하는 것은 우리 Fortinet CEO인 Ken Xie가 SD-WAN을 통해 보안과 네트워크 액세스 기능을 통합하는 장점을 설명합니다.

   

SD-WAN 동영상

FortiGate FortiOS 6.0 SD-WAN Demo

Learn more on how the FortiOS 6.0 can provide SD-WAN capabilities on a FortiGate for greater application visibility and application steering to prioritize business application performance.

지금 보기
Transform Your Enterprise Branch with Fortinet Secure SD-WAN
Roll out SD-WAN with Fortinet's Zero Touch Deployment

FortiGate SD-WAN 제품 상세 정보:

FortiGate SD-WAN은 기업의 지점이 보안을 해치지 않고 생산성과 애플리케이션 성능을 높이도록 혁신합니다. 애플리케이션 스티어링의 도움을 받으면 비즈니스에 중요한 애플리케이션이 항상 우선됩니다. 자세한 WAN 패치 정보를 수집해 가장 가용성이 높은 WAN 링크로 시스템을 자동 대체합니다. 단일 대시보드를 사용한 중앙형 컨트롤러를 사용하기 때문에 관리와 모니터링이 간단하며, 신속히 지점을 프로비저닝하고 간단하게 확장할 수 있습니다. FortiGate SD-WAN은 전 세계적으로 금융, 리테일, 제조, 고객 서비스 등의 다양한 산업 부문에서 도입되고 있습니다.

특징

intelligent icon
애플리케이션을 인식하는 솔루션으로 3000개 이상의 애플리케이션을 광범위하게 지원하고 하위 애플리케이션에 대한 자세한 가시성 확보
monitoring icon
경로를 인식하는 인텔리전스로 애플리케이션 수준의 트랜잭션을 모니터링하여 가장 가용성이 높은 경로로 시스템을 동적으로 대체
platform support icon
단일 대시보드 관리로 SD-WAN 기기의 배포, 관리, 모니터링을 간편하게 해결

 

장점

icon benefits tools
최고의 SD-WAN 및 NGFW 기능을 단일 어플라이언스에서 사용하여 복잡성과 높은 총소유비용(TCO) 감소
high performance icon
비즈니스에 중요한 애플리케이션을 우선하고 각 지점이 인터넷으로 직접 통신하도록 지원하여 클라우드 애플리케이션 성능 향상
reduce cash icon
MPLS에서 마이그레이션하고 이더넷, DSL, LTE 등의 여러 광대역을 활용하여 운영 경비 절감

FortiGate SD-WAN Models and Specifications

FortiGate SD-WAN is available in many different form factors with many different models to choose from to meet your needs ranging from entry-level hardware appliances to VM options that be deployed in your branch offices.  FortiManager, that can be used to monitor and manage the FortiGate appliances is also available in different form factors and models.

Hardware appliances

NGFW Throughput
250 Mbps
Threat Protection Throughput
200 Mbps
VPN Throughput
2 Gbps
Max G/W to G/W IPSEC Tunnels
200
Ports
10x GE RJ45
NGFW Throughput
360 Mbps
Threat Protection Throughput
250 Mbps
VPN Throughput
2.5 Gbps
Max G/W to G/W IPSEC Tunnels
200
Ports
14x GE RJ45, 2x Shared Port Pairs
NGFW Throughput
360 Mbps
Threat Protection Throughput
250 Mbps
VPN Throughput
4 Gbps
Max G/W to G/W IPSEC Tunnels
2000
Ports
20x GE RJ45, 2x Shared Port Pairs
NGFW Throughput
1.8 Gbps
Threat Protection Throughput
1.2 Gbps
VPN Throughput
9 Gbps
Max G/W to G/W IPSEC Tunnels
2000
Ports
18x GE RJ45, 4x GE SFP
NGFW Throughput
3.5 Gbps
Threat Protection Throughput
3 Gbps
VPN Throughput
20 Gbps
Max G/W to G/W IPSEC Tunnels
2000
Ports
16x GE RJ45, 16x GE SFP
NGFW Throughput
5 Gbps
Threat Protection Throughput
4.7 Gbps
VPN Throughput
20 Gbps
Max G/W to G/W IPSEC Tunnels
2000
Ports
2x 10 GE SFP+, 10x GE RJ45, 8x GE SFP

Virtual machines

NGFW Throughput
850 Mbps
Threat Protection Throughput
700 Mbps
VPN Throughput
1 Gbps
Max G/W to G/W IPSEC Tunnels
2000
Ports
Up to 10
NGFW Throughput
1.5 Gbps
Threat Protection Throughput
1.2 Gbps
VPN Throughput
1.5 Gbps
Max G/W to G/W IPSEC Tunnels
2000
Ports
Up to 10
NGFW Throughput
2.5 Gbps
Threat Protection Throughput
2 Gbps
VPN Throughput
3 Gbps
Max G/W to G/W IPSEC Tunnels
2000
Ports
Up to 10
NGFW Throughput
4.5 Gbps
Threat Protection Throughput
3.5 Gbps
VPN Throughput
5.5 Gbps
Max G/W to G/W IPSEC Tunnels
40,000
Ports
Up to 10
NGFW Throughput
9 Gbps
Threat Protection Throughput
7 Gbps
VPN Throughput
6.5 Gbps
Max G/W to G/W IPSEC Tunnels
40,000
Ports
Up to 10

 

Public Cloud

Amazon Web Services (AWS) and Microsoft Azure supported for both BYOL (bring your own license) and On-demand (pay-as-you go). Please see the AWS and Azure Marketplace listings for more information:

 

Hardware appliances

Devices/VDOMs (Maximum)
1200
Sustained Log Rates
50
GB/Day
2
Devices/VDOMs (Maximum)
4000
Sustained Log Rates
150
GB/Day
10

Virtual machines

Devices/VDOMs (Maximum)
+1,000
GB/Day of Logs
10
Devices/VDOMs (Maximum)
+5,000
GB/Day of Logs
25
Devices/VDOMs (Maximum)
+10,000
GB/Day of Logs
50
Actual performance may vary depending on the network and system configuration. Performance metrics were observed using a DELL R740 (CPU Intel Xeon Platinum 8168 2.7 GHz, Intel X710 network adapters), running FOS v5.6.3. Tested with VMware vSphere 6.5 Enterprise Plus. SR-IOV is enabled. 1. IPS performance is measured using 1 Mbyte HTTP and Enterprise Traffic Mix. 2. Application Control performance is measured with 64 Kbytes HTTP traffic. 3. NGFW performance is measured with IPS and Application Control enabled, based on Enterprise Traffic Mix. 4. Threat Protection performance is measured with IPS and Application Control and Malware protection enabled, based on Enterprise Traffic Mix.

 

Public Cloud

Amazon Web Services (AWS) and Microsoft Azure supported for both BYOL (bring your own license) and On-demand (pay-as-you go). Please see the AWS and Azure Marketplace listings for more information:

FortiGuard Services for FortiGate SD-WAN

FortiGate SD-WAN employs multiple FortiGuard services.  Application control provides visibility into thousands of  applications, as well as granular sub-applications.  Other security services such as web filtering, sandboxing, antivirus and intrusion prevention protect the branches from the latest advanced threats.

View FortiGuard Labs Services and Bundles.

 

FG Application Control

애플리케이션 제어

사용자가 실행하는 애플리케이션에 업계 최고의 실시간 가시성을 제공하여 보안을 개선하고 허용 가능한 사용 정책을 준수합니다. FortiGuard 애플리케이션 제어를 사용하면 애플리케이션 또는 애플리케이션 카테고리에 대한 액세스 허용, 거부 또는 제한 정책을 신속히 설정할 수 있습니다.

FG Web Filtering

웹 필터링

악성 또는 해킹되거나 부적절한 웹사이트 액세스를 차단하여 기관을 보호합니다.

Icon cloudsandbox

FortiSandbox 클라우드

FortiSandbox 클라우드 서비스는 이전에 알려지지 않았던 멀웨어를 동적 분석으로 식별하는 지능형 위협 보호 솔루션입니다. FortiSandbox 클라우드가 생성한 조치 가능한 인텔리전스를 네트워크 내부의 예방적 제어 기능에 입력하여 위협을 무력화합니다.

FG Antivirus

바이러스 백신

FortiGuard 바이러스 백신은 최신 바이러스, 스파이웨어 및 기타 콘텐츠 수준 위협을 방어합니다. 업계 최고의 진보된 탐지 엔진을 사용해 새로운 위협과 지능형 위협이 네트워크 내에서 발판을 마련하고 귀중한 콘텐츠에 액세스하지 못하도록 차단합니다.

FG Intrusion Prevention

침입 방지

FortiGuard IPS는 위협이 네트워크 장치에 도달하기 전에 탐지, 차단함으로써 새로운 네트워크 침입으로부터 보호합니다.

Product Category Thumb SS virus outbreak

바이러스 실행 차단 서비스

FortiGuard 바이러스 실행 차단 서비스(VOS)는 안티바이러스 업데이트와 FortiCloud 샌드박스 분석 사이에 존재하는 공백을 메워, 서명 업데이트 사이에 발견된 멀웨어 위협이 조직 전체로 확산되기 전에 탐지해서 차단합니다. OS가 포티넷의 글로벌 위협 인텔리전스 데이터베이스를 실시간으로 검색합니다.

 

 

FortiGuard Services Bundles

FortiGate Enterprise Bundle

Our Enterprise (ENT) bundle now includes:

  • CASB - providing visibility, compliance, data security and threat protection for your cloud-based services.
  • Industrial Security Service protection – SCADA (supervisory control and data acquisition) and ICS (industrial control systems). These signatures address attacks against critical infrastructure and manufacturing industries, where we are seeing frequent and sophisticated cyberattacks.
  • Security Rating Service - this service performs checks against your fabric-enabled network and provides scoring and recommendations to your operation teams. The subsequent scorecard can be used to gauge adherence to various internal and external organizational polices, standards, and regulations requirements, including providing a ranking of your firm against industry peers. 

The FortiGuard Enterprise (ENT) Protection bundle is designed to address today’s advanced threat landscape. The Enterprise Bundle consolidates the comprehensive protection needed to protect and defend against all cyberattack channels from the endpoint to the cloud. Including the technologies needed to address today’s challenging OT, compliance, and management concerns. The Enterprise Bundle offers the most comprehensive protection overall. The Enterprise Bundle includes: 

  • NGFW Application Control
  • IPS
  • Antivirus
  • Botnet
  • IP/Domain Reputation
  • Mobile Security
  • Web Filtering
  • Antispam
  • FortiSandbox Cloud
  • Virus Outbreak Protection
  • Content Disarm & Reconstruction 
  • CASB
  • Security Rating 
  • Industrial Security Service
  • FortiCare
FortiGate UTM Bundle

The FortiGuard Unified Protection Bundle (UTM) is our traditional Unified Threat Management security bundle. The Unified Protection Bundle extends threat protection across the entire digital attack surface, providing industry-leading defense against sophisticated attacks. The UTM bundle has you covered for web and email-based attacks. The UTM bundle delivers the best package available for a unified threat protection offering. The UTM Bundle includes: 

  • NGFW Application Control
  • IPS
  • Antivirus
  • Botnet
  • IP/Domain Reputation
  • Mobile Security
  • Web Filtering
  • Antispam
  • FortiSandbox Cloud
  • Virus Outbreak Protection
  • Content Disarm & Reconstruction 
  • FortiCare

The FortiGuard Advantage: 

  • FortiGuard processes over 69 million websites every hour, providing up-to-the-minute reputation and categorization. 
  • Prevent malicious downloads and browser hijacking attacks with top-rated web filtering (VBWeb Verified)
  • Improved email productivity through superior spam prevention validated with 3rd party independent testing (VBSpam + Verified)
FortiGate Advanced Threat Protection Bundle

The FortiGuard Advanced Threat Protection (ATP) bundle provides the foundational security needed to protect and defend against known and unknown cyber threats. The Advanced Threat Protection bundle includes: 

  • NGFW Application Control
  • IPS
  • Antivirus
  • Botnet
  • IP/Domain Reputation
  • Mobile Security
  • FortiSandbox Cloud
  • Virus Outbreak Protection
  • Content Disarm & Reconstruction 
  • FortiCare 24*7
Services Table
Service Advanced Threat Protection
(ATP)
 
Unified Protection
(UTM)
 
Enterprise Protection
(ENT)
 
A La Carte Protection


Threat Intelligence Service
     
Industrial Security Service
   

Security Rating
   

CASB
   

Web Filtering
 

Antivirus + Sandboxing




IPS




Antispam
 

 
Internet DB



 
IP Reputation


 
Application Control



 

FortiGate Security SD-WAN Demo

product demo fortigate 80e

FortiGate SD-WAN Demo

Welcome to the FortiGate Secure SD-WAN 6.2 demo site. This demo shows the dynamic WAN path controller, application SLA enforcement, intelligent application steering and traffic shaping capabilities of Fortinet SD-WAN and how it can help your organization achieve more efficient use of your WAN resources while lowering TCO. 

Access the demo

FortiGate FortiOS 6.2 SD-WAN Failover Demo

This video demonstrates how SD-WAN on FortiOS 6.2 can help greatly improve the quality of experience of four popular applications – Dropbox, VoIP, Office 365, and video. Fortinet Secure SD-WAN features a dynamic WAN path controller with a proprietary library of over 5000 applications to help organizations with their digital transformation, WAN OpEx reduction, and branch consolidation efforts.

지금 보기

    

Certifications

Fortinet Secure SD-WAN excels in most challenging enterprise SD-WAN deployment tests receiving a second consecutive "Recommended" rating in NSS Labs for SD-WAN Group Test report; while delivering Lowest Total Cost of Ownership (TCO) per Mbps Among All Eight Vendors.

Key Highlights:

  1. Lowest Total cost of Ownership (TCO):  FortiGate Secure SD-WAN showcased significant operational savings with the lowest TCO per Mbps (VPN Throughput) at $3.5@845Mbps and zero touch provisioning of new branches under six minutes. 
  2. Best User Experience with High Availability: In the extreme conditions such as WAN Link failures, FortiGate SD-WAN delivered the full score of 4.41 and 4.53 for voice and video for best application user experience.  
  3. Industry’s Most Validated NGFW Security Built-In: FortiGate SD-WAN comes with built-in NGFW which has received five consecutive NSS Labs NGFW “Recommendation” ratings. In the latest NSS Labs NGFW group test, FortiGate delivered 99.3% security effectiveness and 100% evasions blocking.

 

SD-WAN Value Map

In a crowded SD-WAN market, enterprises are finding it increasingly difficult to identify the right solution for them. NSS Labs provides a comprehensive and impartial test, in real-world situations, that identifies the key requirements for SD-WAN and the effectiveness of each solution. The SD-WAN capabilities that were assessed by NSS Labs include Zero-Touch provisioning, WAN Performance, Application-Aware Traffic Steering, Dynamic Path Selection with SLA Measurements and High Availability with WAN Impairments. Fortinet delivered best user experience with High Availability in extreme WAN impairment conditions.

Download Now

Fortinet FortiGate 61E Test Report

Take a closer look at how Fortinet excelled again NSS Labs SD-WAN Group Test.  Fortinet showcased a number of advantages including lowest TCO, native NGFW security and quality of experience for unified communications. 

Download the Report

NSS Labs NGIPS 2018 SVM and Report

Comparative Report - Performance

NSS Labs SD-WAN Performance Comparative report provides a detailed comparison of all 9 participating vendors for quality of experience and performance. Fortinet showcased the highest quality of experience for business-critical applications such as VoIP and excellent VPN performance.      

Download the Report

Comparative Report - TCO

NSS Labs SD-WAN TCO Comparative report provides a detailed comparison of all 9 participating vendors for quality of experience and performance. FortiGate SD-WAN has achieved the best price/performance among all 10 vendors with TCO of $5.

Download the Report

Comparative Report - Value Matrix

Fortinet solutions have consistently demonstrated superior performance and feature quality TCO when put to the test. Recent customer traction shows that organizations around the world are increasingly choosing FortiGate SD-WAN to upgrade their WAN infrastructure.  The 2018 NSS Labs SD-WAN test results further prove that Fortinet delivers the highest quality of experience for VoIP,  the best TCO and the right security to go with it, solidifying FortiGate SD-WAN as a compelling balance of quality, security and value. Take a look at the comparative value matrix report and understand how Fortinet emerged as a top choice for Secure SD-WAN. 

Download the Report

SD-WAN

Below are answers to common questions regarding product and related services:

Why is security important for SD-WAN?

SD-WAN allows branches to directly communicate to the internet, providing high application performance.  Traditionally, branches had limited security considering that all traffic was backhauled to the datacenter.  With SD-WAN branches are directly exposed, allowing attackers to target the weakest link.  The change in the malware landscape warrants a strong security solution to protect enterprises from sophisticated threats to avoid financial and reputation damages. 

What is the key differentiator for FortiGate SD-WAN?

The key differentiator for FortiGate SD-WAN is that SD-WAN functionality is integrated with security.  Fortinet is the only SD-WAN vendor to be recommended by NSS labs for the last 5 consecutive years for performance and security effectiveness.   Integrated security reduces complexity and simplifies management and monitoring.  Fortinet security fabric also provides broad and integrated protection across all attack vectors, including endpoints, mail, switches and access points. 

How can we prioritize business-critical applications, and enforce SLA?

FortiGate SD-WAN is application-aware and has broad visibility into more than 3000 applications.  Using application steering, you can ensure that business critical applications such as Office365 and Skype always go through the preferred link.  Granular application-level transaction SLA criteria, such as jitter, packet loss and latency can be specified for each application. In the event of an SLA breach, there is a dynamic failover to the next best link. 

 You can also configure bandwidth management to guarantee or limit the bandwidth given to high and low priority applications respectively.  

Which transport interfaces do you support?

FortiGate SD-WAN is transport agnostic.  This not only includes support for a variety of connectivity protocols (Ethernet, 3G/4G, VPN, etc.), but also allows you to use any two of these connections in active-active mode while load balancing traffic across both circuits simultaneously.

Do I need a separate appliance for routing and security?

FortiGate SD-WAN provides the advantage of reducing the number of specialized devices deployed at the branch by consolidating routing, security and SD-WAN functionality in a single appliance.   It can also work in conjunction with existing devices if necessary. 

How do we monitor and manage SD-WAN appliances?

Both the security and SD-WAN functionality on FortiGate SD-WAN devices can be managed easily with FortiManager.  FortiManager provides a single pane of glass, and allows administrators to monitor SD-WAN from a high-level view and drill down into more details when required.  Please see the FortiManager datasheet for more details. 

How can we enable SD-WAN on FortiGate?

FortiGate SD-WAN is a feature available on FortiGate NGFW.  It is available as part of the base license, and doesn’t include any additional cost.