FortiGate Secure SD-WAN

WAN Edge Transformation with Security-Driven Networking

Gartner 2018 Magic Quadrant for WAN Edge Infrastructure
Available in:
  • Appliance
  • Virtual Machine
  • Cloud

FortiGate Secure SD-WAN Overview

Fortinet NSS Labs Recommended for SD-WAN
As the use of business-critical, cloud-based applications and tools continue to increase, distributed organizations with multiple remote offices are switching from performance-inhibited wide-area networks (WANs) to software-defined WAN (SD-WAN) architectures. SD-WAN offers business application steering, cost savings, and performance for Software-as-a-Service (SaaS) applications, as well as unified communication services. However, SD-WAN has its own shortcomings—especially when it comes to security with direct internet access.

Fortinet FortiGate Secure SD-WAN includes best-of-breed next-generation firewall (NGFW) security, SD-WAN, advanced routing, and WAN optimization capabilities, delivering a security-driven networking WAN edge transformation in a unified offering. Fortinet received second consecutive NSS Labs “Recommended” rating in the SD-WAN Group Test. Fortinet Secure SD-WAN delivered lowest Total Cost of Ownership (TCO) per Mbps among all eight vendors.

Read the eBook to understand how FortiGate Secure SD-WAN delivers fastest application steering and best user experience with simplified management and overlay orchestration. 

 

Secure SD-WAN News

   

Secure SD-WAN Videos

Fortinet Secure SD WAN Solution

Improve user experience and simplify operations at the WAN Edge with an integrated NGFW and SD-WAN in single offering

Watch Now
Transform Your Enterprise Branch with Fortinet Secure SD-WAN
FortiGate FortiOS 6.2 Secure SD-WAN Demo
SD-WAN ASIC Delivers 10x Higher Performance

FortiGate Secure SD-WAN Product Details:

  • Best WAN Edge Price/Performance
  • WAN Path Controller with Remediation
  • Fastest Application Identification and Steering
  • Advance Routing Capabilities and WAN Optimization   

Features

intelligent icon

SD-WAN ASIC delivers fastest application identification and steering from a broad range of 5,000+ applications to enable digital transformation at the WAN Edge 

monitoring icon

Path awareness intelligence and link remediation delivers best application performance by automated fail-over and fail-back mechanism 

platform support icon

Single pane of glass management with zero-touch deployment for the entire WAN edge simplifies deployment of SD-WAN and security

Benefits

icon benefits tools
Reduced complexity and high total cost of ownership by using best of breed SD-WAN and NGFW functionality on a single appliance
high performance icon
Improve cloud application performance by prioritizing business critical applications and enabling branches to directly communicate to the internet
reduce cash icon
Reduce operating expenses by migrating from MPLS and utilizing multi-broadband such as Ethernet, DSL, and LTE

FortiGate Secure SD-WAN Models and Specifications

FortiGate SD-WAN is available in many different form factors with many different models to choose from to meet your needs ranging from entry-level hardware appliances to VM options that be deployed in your branch offices.  FortiManager, that can be used to monitor and manage the FortiGate appliances is also available in different form factors and models.

Compare Products

Hardware appliances

NGFW Throughput
200 Mbps
Threat Protection Throughput
150 Mbps
VPN Throughput
35 Mbps
Max G/W to G/W IPSEC
200
Ports
5x GE RJ45
NGFW Throughput
220 Mbps
Threat Protection Throughput
160 Mbps
VPN Throughput
100 Mbps
Max G/W to G/W IPSEC
200
Ports
7x GE RJ45
NGFW Throughput
250 Mbps
Threat Protection Throughput
200 Mbps
VPN Throughput
2 Gbps
Max G/W to G/W IPSEC Tunnels
200
Ports
10x GE RJ45
NGFW Throughput
360 Mbps
Threat Protection Throughput
250 Mbps
VPN Throughput
2.5 Gbps
Max G/W to G/W IPSEC Tunnels
200
Ports
14x GE RJ45, 2x Shared Port Pairs
NGFW Throughput
360 Mbps
Threat Protection Throughput
250 Mbps
VPN Throughput
4 Gbps
Max G/W to G/W IPSEC Tunnels
2,000
Ports
Multiple GE RJ45, GE SFP Slots | PoE/+ Variants
NGFW Throughput
800 Mbps
Threat Protection Throughput
700 Mbps
VPN Throughput
11.5 Gbps
Max G/W to G/W IPSEC Tunnels
2500
Ports
26 1GE, 4 1GE Shared Media, 2 10GE
NGFW Throughput
1.8 Gbps
Threat Protection Throughput
1.2 Gbps
VPN Throughput
9 Gbps
Max G/W to G/W IPSEC Tunnels
2000
Ports
18x GE RJ45, 4x GE SFP
NGFW Throughput
3.5 Gbps
Threat Protection Throughput
3 Gbps
VPN Throughput
20 Gbps
Max G/W to G/W IPSEC Tunnels
2000
Ports
16x GE RJ45, 16x GE SFP
NGFW Throughput
6Gbps
Threat Protection Throughput
5 Gbps
VPN Throughput
20Gbps
Max G/W to G/W IPSEC Tunnels
2000
Ports
16x GE RJ45, 16x GE SFP
NGFW Throughput
5 Gbps
Threat Protection Throughput
4.7 Gbps
VPN Throughput
20 Gbps
Max G/W to G/W IPSEC Tunnels
2000
Ports
2x 10 GE SFP+, 10x GE RJ45, 8x GE SFP

Virtual machines

NGFW Throughput
850 Mbps
Threat Protection Throughput
700 Mbps
VPN Throughput
1 Gbps
Max G/W to G/W IPSEC Tunnels
2000
Ports
Up to 10
NGFW Throughput
1.5 Gbps
Threat Protection Throughput
1.2 Gbps
VPN Throughput
1.5 Gbps
Max G/W to G/W IPSEC Tunnels
2000
Ports
Up to 10
NGFW Throughput
2.5 Gbps
Threat Protection Throughput
2 Gbps
VPN Throughput
3 Gbps
Max G/W to G/W IPSEC Tunnels
2000
Ports
Up to 10
NGFW Throughput
4.5 Gbps
Threat Protection Throughput
3.5 Gbps
VPN Throughput
5.5 Gbps
Max G/W to G/W IPSEC Tunnels
40,000
Ports
Up to 10
NGFW Throughput
9 Gbps
Threat Protection Throughput
7 Gbps
VPN Throughput
6.5 Gbps
Max G/W to G/W IPSEC Tunnels
40,000
Ports
Up to 10

Public Cloud

Amazon Web Services (AWS) and Microsoft Azure supported for both BYOL (bring your own license) and On-demand (pay-as-you go). Please see the AWS and Azure Marketplace listings for more information:

 

Hardware appliances

Devices/VDOMs (Maximum)
1200
Sustained Log Rates
50
GB/Day
2
Devices/VDOMs (Maximum)
4000
Sustained Log Rates
150
GB/Day
10

Virtual machines

Devices/VDOMs (Maximum)
+1,000
GB/Day of Logs
10
Devices/VDOMs (Maximum)
+5,000
GB/Day of Logs
25
Devices/VDOMs (Maximum)
+10,000
GB/Day of Logs
50
Actual performance may vary depending on the network and system configuration. Performance metrics were observed using a DELL R740 (CPU Intel Xeon Platinum 8168 2.7 GHz, Intel X710 network adapters), running FOS v5.6.3. Tested with VMware vSphere 6.5 Enterprise Plus. SR-IOV is enabled. 1. IPS performance is measured using 1 Mbyte HTTP and Enterprise Traffic Mix. 2. Application Control performance is measured with 64 Kbytes HTTP traffic. 3. NGFW performance is measured with IPS and Application Control enabled, based on Enterprise Traffic Mix. 4. Threat Protection performance is measured with IPS and Application Control and Malware protection enabled, based on Enterprise Traffic Mix.

 

Public Cloud

Amazon Web Services (AWS) and Microsoft Azure supported for both BYOL (bring your own license) and On-demand (pay-as-you go). Please see the AWS and Azure Marketplace listings for more information:

Our Customers Emphasize the Value of FortiGate Secure SD-WAN in Gartner Peer Insights Review

Modern SD-WAN solutions not only need to offer uninterrupted performance, but must also be reinforced with features to secure distributed networks from advanced cyberattacks, especially for those branch offices that also include direct Internet access to online and cloud-based resources. This stark reality is why 72% of executives surveyed in a recent Gartner report stated that securing their SD-WAN deployment was their top concern.

FortiGate Secure SD-WAN has been well received by the industry, earning a “Recommended” rating from NSS labs and positive feedback from users on Gartner Peer Insights. Hear what some of our users had to say about our secure SD-WAN solution below. Download the infographic to get a quick list of the reviews. 

Easy To Deploy And Use

Network Security Administrator, $3B-$10B Energy and Utilities Company

“The FortiGate Firewalls are currently among the best in the Market for their extremely simplified UI, ease of deployment and maintenance.”

Easy Integration With Excellent Hardware Architecture

Infrastructure and Operations, $3B-10B Finance Company

“Integrated easily into our environments. Hardware architecture is a competitive advantage to manage policy processing.”

Simple SD-WAN Solution To Replace Costly MPLS

Network Engineer, Education

“We wanted a solution that was built into a firewall for ease of deployment and cost savings. After evaluating all of the vendors, we ended up going with Fortinet - largely for the SD WAN offering. After doing a proof of concept, we found that using the SD-WAN solution actually resulted in less latency between sites compared to our MPLS. We were able to save at least $10k a month by removing the MPLS, which was a huge return on our investment. Not only was the SD-WAN offering great, but the entire package of Fortinet products paired together greatly improved our overall security posture and gave us more insight into our network.”

Fast Set Up And Scalability For SD-WAN

Senior Information Security Manager, $3B-10B Manufacturing Company

“SD-WAN as it is, is a technology advance for a new era of WAN solutions, in particular Fortinet has a fast set up and scalability with all features inside NGFW.”

Easy Implementation And Help Us To Simplify Our Connections

Sr. Global IT Security, $500M-1B Services Company

“Excellent solution, very flexible and easy to operate, with FortiGate SD-WAN we could remove our MPLS and simplify our operations worldwide.”

 
Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences, and do not represent the views of Gartner or its affiliates.

FortiGate Secure SD-WAN Use Cases

Provisioning new branches and rapidly adopting new technologies can be expensive, difficult, and time consuming. To make matters worse security is often overlooked. The same simplicity, manageability, and security offered in our Secure SD-WAN solution can be carried over into wired and wireless access management. Fortinet’s secure unified access, powered by FortiLink, integrates wired and wireless services into the security infrastructure through FortiOS. Learn more

Download the white paper to understand three additional use cases for transforming branches with Fortinet Secure SD-WAN.  

 

FortiGuard Services for FortiGate Secure SD-WAN

FortiGate SD-WAN employs multiple FortiGuard services.  Application control provides visibility into thousands of  applications, as well as granular sub-applications.  Other security services such as web filtering, sandboxing, antivirus and intrusion prevention protect the branches from the latest advanced threats.

The growth of technologies such as public and private clouds, software-defined wide-area networks (SD-WAN), and DevOps has resulted in increasingly complex IT networks at almost every organization. At the same time, cybersecurity threats have become more sophisticated and fast-moving. The Fortinet 360 Protection Bundle helps companies of all sizes address these key challenges.

 

FortiManager Cloud

FortiManager Cloud

Simplify zero-touch provisioning and management with a rich set of tools to centrally manage any number of devices from a single console with role-based access controls, central configuration management, change management, and best practices compliance.

FortiAnalyzer Cloud

FortiAnalyzer Cloud

FortiAnalyzer Cloud enables customers to identify real-time operational anomalies in your network.

SD-WAN Cloud Assisted Monitoring

SD-WAN Cloud Assisted Monitoring

SD-WAN cloud assisted monitoring helps cloud-based SD-WAN bandwidth and quality monitoring service.

SD-WAN Overlay Controller VPN

SD-WAN Overlay Controller VPN

SD-WAN overlay controller VPN is a cloud-based service that enables simplified overlay orchestration.

FortiConverter Icon

FortiConverter Service

FortiConverter provides an easy way to migrate your legacy firewall configurations and policies to FortiGate-based policies, and adopt more business-outcome-based rules.

Security Rating Service icon

Security Rating Service

Security Audit Update Service is intended to guide customers to design, implement and continually maintain the target Security Fabric security posture suited for their organization. The Security Fabric is fundamentally built on security best practices and by running these audit checks, security teams will be able to identify critical vulnerabilities and configuration weaknesses in their Security Fabric setup, and implement best practice recommendations.

FG Application Control

Application Control

Improve security and meet compliance with easy enforcement of your acceptable use policy through unmatched, real-time visibility into the applications your users are running. With FortiGuard Application Control, you can quickly create policies to allow, deny, or restrict access to applications or entire categories of applications.

FG Web Filtering

Web Filtering

Protects your organization by blocking access to malicious, hacked, or inappropriate websites.

Icon cloudsandbox

FortiSandbox Cloud

FortiSandbox Cloud Service is an advanced threat detection solution that performs dynamic analysis to identify previously unknown malware. Actionable intelligence generated by FortiCloud Sandbox is fed back into preventive controls within your network—disarming the threat.

FG Antivirus

Antivirus

FortiGuard Antivirus protects against the latest viruses, spyware, and other content-level threats. It uses industry-leading advanced detection engines to prevent both new and evolving threats from gaining a foothold inside your network and accessing its invaluable content.

FG Intrusion Prevention

Intrusion Prevention

FortiGuard IPS protects against the latest network intrusions by detecting and blocking threats before they reach network devices.

virus outbreak service icon

Virus Outbreak Protection Service

FortiGuard Virus Outbreak Protection Service (VOS) closes the gap between antivirus updates with FortiCloud Sandbox analysis to detect and stop malware threats discovered between signature updates before they can spread throughout an organization. OS initiates a real-time look-up to our Global Threat Intelligence database.

FortiGuard Services Bundles

360 Protection Bundle

The 360 Protection Bundle simplifies next-generation firewall (NGFW) management with cloud-based, real-time, single pane of glass network management and analytics. This, along with FortiCare Advanced Support included in the bundle, enables organizations of any size to follow the best practices for operations and security recommended by Fortinet—all without adding staff.

The 360 Protection Bundle also includes a complete set of security services from Fortinet, including robust and complete advanced malware protection, a cloud access security broker (CASB), an intrusion prevention system (IPS), and a security rating service. 

  • FortiManager Cloud: Cloud-based central management and orchestration service
  • FortiAnalyzer Cloud: Cloud-based system events management and health monitoring service
  • SD-WAN Cloud Assist Monitoring: Cloud-based SD-WAN bandwidth and quality monitoring service
  • SD-WAN Overlay Controller VPN Service: Cloud-based VPN overlay service and portal
  • FortiConverter Service: Policy migration and optimization service
  • FortiCASB-Cloud: Cloud access security broker for consistent policies and governance across multiple clouds
  • Industrial Security Service: Real-time protection for ICS/SCADA systems
  • Security Rating Service: Evaluation of an organization's security posture against benchmarks and peer ratings
  • AntiSpam
  • Web Filtering
  • Anti-Virus
  • Botnet
  • IP/Domain Reputation
  • FortiCloud Sandbox
  • Virus Outbreak
  • Advanced Malware Protection
  • intrusion Prevention System (IPS)
  • Application Control
  • FortiCare Advanced Support: 24x7x365 priority support from advanced technical service engineers
FortiGate Enterprise Bundle

Our Enterprise (ENT) bundle now includes:

  • CASB - providing visibility, compliance, data security and threat protection for your cloud-based services.
  • Industrial Security Service protection – SCADA (supervisory control and data acquisition) and ICS (industrial control systems). These signatures address attacks against critical infrastructure and manufacturing industries, where we are seeing frequent and sophisticated cyberattacks.
  • Security Rating Service - this service performs checks against your fabric-enabled network and provides scoring and recommendations to your operation teams. The subsequent scorecard can be used to gauge adherence to various internal and external organizational polices, standards, and regulations requirements, including providing a ranking of your firm against industry peers. 

The FortiGuard Enterprise (ENT) Protection bundle is designed to address today’s advanced threat landscape. The Enterprise Bundle consolidates the comprehensive protection needed to protect and defend against all cyberattack channels from the endpoint to the cloud. Including the technologies needed to address today’s challenging OT, compliance, and management concerns. The Enterprise Bundle offers the most comprehensive protection overall. The Enterprise Bundle includes: 

  • NGFW Application Control
  • IPS
  • Antivirus
  • Botnet
  • IP/Domain Reputation
  • Mobile Security
  • Web Filtering
  • Antispam
  • FortiSandbox Cloud
  • Virus Outbreak Protection
  • Content Disarm & Reconstruction 
  • CASB
  • Security Rating 
  • Industrial Security Service
  • FortiCare
FortiGate UTM Bundle

The FortiGuard Unified Protection Bundle (UTM) is our traditional Unified Threat Management security bundle. The Unified Protection Bundle extends threat protection across the entire digital attack surface, providing industry-leading defense against sophisticated attacks. The UTM bundle has you covered for web and email-based attacks. The UTM bundle delivers the best package available for a unified threat protection offering. The UTM Bundle includes: 

  • NGFW Application Control
  • IPS
  • Antivirus
  • Botnet
  • IP/Domain Reputation
  • Mobile Security
  • Web Filtering
  • Antispam
  • FortiSandbox Cloud
  • Virus Outbreak Protection
  • Content Disarm & Reconstruction 
  • FortiCare

The FortiGuard Advantage: 

  • FortiGuard processes over 69 million websites every hour, providing up-to-the-minute reputation and categorization. 
  • Prevent malicious downloads and browser hijacking attacks with top-rated web filtering (VBWeb Verified)
  • Improved email productivity through superior spam prevention validated with 3rd party independent testing (VBSpam + Verified)
FortiGate Advanced Threat Protection Bundle

The FortiGuard Advanced Threat Protection (ATP) bundle provides the foundational security needed to protect and defend against known and unknown cyber threats. The Advanced Threat Protection bundle includes: 

  • NGFW Application Control
  • IPS
  • Antivirus
  • Botnet
  • IP/Domain Reputation
  • Mobile Security
  • FortiSandbox Cloud
  • Virus Outbreak Protection
  • Content Disarm & Reconstruction 
  • FortiCare 24*7
Services Table
Service Advanced Threat Protection
(ATP)
 
Unified Protection
(UTM)
 
Enterprise Protection
(ENT)
 
360 Protection


FortiManager Cloud
     
FortiAnalyzer Cloud
     
SD-WAN Cloud Assist Monitoring
     
SD-WAN One Click VPN Overlay
     
FortiConverter Service
     
Industrial Security Service
   

Security Rating
   

CASB
   

Anti-Spam
 


Web Filtering
 

Advanced Malware Protection




IPS




FortiCare + Application Control




Resources

FortiGate Security SD-WAN Demo

product demo fortigate 80e

FortiGate SD-WAN Demo

Welcome to the FortiGate Secure SD-WAN 6.2 demo site. This demo shows the dynamic WAN path controller, application SLA enforcement, intelligent application steering and traffic shaping capabilities of Fortinet SD-WAN and how it can help your organization achieve more efficient use of your WAN resources while lowering TCO. 

Access the demo

FortiGate FortiOS 6.2 SD-WAN Failover Demo

This video demonstrates how SD-WAN on FortiOS 6.2 can help greatly improve the quality of experience of four popular applications – Dropbox, VoIP, Office 365, and video. Fortinet Secure SD-WAN features a dynamic WAN path controller with a proprietary library of over 5000 applications to help organizations with their digital transformation, WAN OpEx reduction, and branch consolidation efforts.

Watch Now

    

Certifications

Fortinet Secure SD-WAN excels in most challenging enterprise SD-WAN deployment tests receiving a second consecutive "Recommended" rating in NSS Labs for SD-WAN Group Test report; while delivering Lowest Total Cost of Ownership (TCO) per Mbps Among All Eight Vendors.

Key Highlights:

  1. Lowest Total cost of Ownership (TCO):  FortiGate Secure SD-WAN showcased significant operational savings with the lowest TCO per Mbps (VPN Throughput) at $3.5@845Mbps and zero touch provisioning of new branches under six minutes. 
  2. Best User Experience with High Availability: In the extreme conditions such as WAN Link failures, FortiGate SD-WAN delivered the full score of 4.41 and 4.53 for voice and video for best application user experience.  
  3. Industry’s Most Validated NGFW Security Built-In: FortiGate SD-WAN comes with built-in NGFW which has received five consecutive NSS Labs NGFW “Recommendation” ratings. In the latest NSS Labs NGFW group test, FortiGate delivered 99.3% security effectiveness and 100% evasions blocking.

 

SD-WAN Value Map

In a crowded SD-WAN market, enterprises are finding it increasingly difficult to identify the right solution for them. NSS Labs provides a comprehensive and impartial test, in real-world situations, that identifies the key requirements for SD-WAN and the effectiveness of each solution. The SD-WAN capabilities that were assessed by NSS Labs include Zero-Touch provisioning, WAN Performance, Application-Aware Traffic Steering, Dynamic Path Selection with SLA Measurements and High Availability with WAN Impairments. Fortinet delivered best user experience with High Availability in extreme WAN impairment conditions.

Download Now

sd-wan nss lab fortigate 61e

Fortinet FortiGate 61E Test Report

Take a closer look at how Fortinet excelled again NSS Labs SD-WAN Group Test.  Fortinet showcased a number of advantages including lowest TCO, native NGFW security and quality of experience for unified communications. 

Download the Report

NSS Labs SD-WAN 2018 Value Map and Report

diagram sd wan certification 4

Comparative Report - Performance

NSS Labs SD-WAN Performance Comparative report provides a detailed comparison of all 9 participating vendors for quality of experience and performance. Fortinet showcased the highest quality of experience for business-critical applications such as VoIP and excellent VPN performance.      

Download the Report
diagram sd wan certification 5

Comparative Report - TCO

NSS Labs SD-WAN TCO Comparative report provides a detailed comparison of all 9 participating vendors for quality of experience and performance. FortiGate SD-WAN has achieved the best price/performance among all 10 vendors with TCO of $5.

Download the Report
diagram sd wan certification 1

Comparative Report - Value Matrix

Fortinet solutions have consistently demonstrated superior performance and feature quality TCO when put to the test. Recent customer traction shows that organizations around the world are increasingly choosing FortiGate SD-WAN to upgrade their WAN infrastructure.  The 2018 NSS Labs SD-WAN test results further prove that Fortinet delivers the highest quality of experience for VoIP,  the best TCO and the right security to go with it, solidifying FortiGate SD-WAN as a compelling balance of quality, security and value. Take a look at the comparative value matrix report and understand how Fortinet emerged as a top choice for Secure SD-WAN. 

Download the Report