SD-WAN

SD-WAN:應用程式感知、帶整合 NGFW 安全防護的多路徑 WAN 控制器

網路領導者保護 SD WAN 指南
適用於:
  • 設備
  • 虛擬機

FortiGate SD-WAN

Distributed enterprise branches transitioning to a digital business model are having a significant impact on network WAN. The adoption of cloud services and increasingly mobile work force are accelerating advancements in WAN technologies. With enterprises directly accessing the internet, it’s becoming critical to deploy next-generation security strategies along with enabling multi-path WAN to improve application performance.

Fortinet is the only NGFW vendor to provide native SD-WAN along with integrated advanced threat protection.  FortiGate SD-WAN replaces separate WAN routers, WAN optimization, and security devices with a single solution that is application-aware, offers automatic WAN path control and multi-broadband support.  It provides the industry's best VPN performance and a scalable solution that can be deployed across several branches.  

 

SD-WAN News

7/12/2018:  Fortinet Continues to Gain Traction in the SD-WAN Marketplace. By continuing to evolve our firewall-native SD-WAN features based on customer feedback, Fortinet provides secure SD-WAN for three distinct use cases. 

___________________________________________________________________________________________________

5/17/2018: Building an Adaptive and Secure SD-WAN Framework.  With more than 60 SD-WAN vendors, learn how to choose the right SD-WAN solutions for you, and build an adaptive and secure SD-WAN framework. 

___________________________________________________________________________________________________

5/03/2018: Fortinet CEO: We Believe we're Leading the SD-WAN Space. Fortinet CEO, Ken Xie, discusses the benefits of integrating security and network access functions together through SD-WAN. 

 

   

SD-WAN Videos

FortiGate FortiOS 6.0 SD-WAN Demo

Learn more on how the FortiOS 6.0 can provide SD-WAN capabilities on a FortiGate for greater application visibility and application steering to prioritize business application performance.

立即觀看
Alorica chose SD-WAN to power their network today
Transform Your Enterprise Branch with Fortinet Secure SD-WAN
Roll out SD-WAN with Fortinet's Zero Touch Deployment

FortiGate SD-WAN Product Details:

FortiGate SD-WAN transforms branches to increase productivity and application performance without compromising on security.  With the help of application steering, business-critical applications are always given priority.  Granular WAN patch information is collected to automatically fail over to the best available WAN link. A centralized controller with a single pane of glass simplifies management and monitoring, allowing enterprises to quickly provision branches and scale easily.  FortiGate SD-WAN has been adopted worldwide in industries as diverse as finance, retail, manufacturing and customer service. 

Features

intelligent icon

Application aware solution, support a broad range of 3000+ applications as well as granular visibility into sub-applications

monitoring icon

Path awareness intelligence to monitor application-level transactions, and dynamically failover to the best available path

platform support icon

Single-pane-of-glass management simplifies deployment, management and monitoring of SD-WAN devices

Benefits

icon benefits tools
Reduced complexity and high total cost of ownership by using best of breed SD-WAN and NGFW functionality on a single appliance
high performance icon
Improve cloud application performance by prioritizing business critical applications and enabling branches to directly communicate to the internet
reduce cash icon
Reduce operating expenses by migrating from MPLS and utilizing multi-broadband such as Ethernet, DSL, and LTE

FortiGate SD-WAN Models and Specifications

FortiGate SD-WAN is available in many different form factors with many different models to choose from to meet your needs ranging from entry-level hardware appliances to VM options that be deployed in your branch offices.  FortiManager, that can be used to monitor and manage the FortiGate appliances is also available in different form factors and models.

Hardware appliances

NGFW Throughput
250 Mbps
Threat Protection Throughput
200 Mbps
VPN Throughput
2 Gbps
Max G/W to G/W IPSEC Tunnels
200
Ports
10x GE RJ45
NGFW Throughput
360 Mbps
Threat Protection Throughput
250 Mbps
VPN Throughput
2.5 Gbps
Max G/W to G/W IPSEC Tunnels
200
Ports
14x GE RJ45, 2x Shared Port Pairs
NGFW Throughput
360 Mbps
Threat Protection Throughput
250 Mbps
VPN Throughput
4 Gbps
Max G/W to G/W IPSEC Tunnels
2000
Ports
20x GE RJ45, 2x Shared Port Pairs
NGFW Throughput
1.8 Gbps
Threat Protection Throughput
1.2 Gbps
VPN Throughput
9 Gbps
Max G/W to G/W IPSEC Tunnels
2000
Ports
18x GE RJ45, 4x GE SFP
NGFW Throughput
3.5 Gbps
Threat Protection Throughput
3 Gbps
VPN Throughput
20 Gbps
Max G/W to G/W IPSEC Tunnels
2000
Ports
16x GE RJ45, 16x GE SFP
NGFW Throughput
5 Gbps
Threat Protection Throughput
4.7 Gbps
VPN Throughput
20 Gbps
Max G/W to G/W IPSEC Tunnels
2000
Ports
2x 10 GE SFP+, 10x GE RJ45, 8x GE SFP

Virtual machines

NGFW Throughput
850 Mbps
Threat Protection Throughput
700 Mbps
VPN Throughput
1 Gbps
Max G/W to G/W IPSEC Tunnels
2000
Ports
Up to 10
NGFW Throughput
1.5 Gbps
Threat Protection Throughput
1.2 Gbps
VPN Throughput
1.5 Gbps
Max G/W to G/W IPSEC Tunnels
2000
Ports
Up to 10
NGFW Throughput
2.5 Gbps
Threat Protection Throughput
2 Gbps
VPN Throughput
3 Gbps
Max G/W to G/W IPSEC Tunnels
2000
Ports
Up to 10
NGFW Throughput
4.5 Gbps
Threat Protection Throughput
3.5 Gbps
VPN Throughput
5.5 Gbps
Max G/W to G/W IPSEC Tunnels
40,000
Ports
Up to 10
NGFW Throughput
9 Gbps
Threat Protection Throughput
7 Gbps
VPN Throughput
6.5 Gbps
Max G/W to G/W IPSEC Tunnels
40,000
Ports
Up to 10

 

Public Cloud

Amazon Web Services (AWS) and Microsoft Azure supported for both BYOL (bring your own license) and On-demand (pay-as-you go). Please see the AWS and Azure Marketplace listings for more information:

 

Hardware appliances

Devices/VDOMs (Maximum)
1200
Sustained Log Rates
50
GB/Day
2
Devices/VDOMs (Maximum)
4000
Sustained Log Rates
150
GB/Day
10

Virtual machines

Devices/VDOMs (Maximum)
+1,000
GB/Day of Logs
10
Devices/VDOMs (Maximum)
+5,000
GB/Day of Logs
25
Devices/VDOMs (Maximum)
+10,000
GB/Day of Logs
50
Actual performance may vary depending on the network and system configuration. Performance metrics were observed using a DELL R740 (CPU Intel Xeon Platinum 8168 2.7 GHz, Intel X710 network adapters), running FOS v5.6.3. Tested with VMware vSphere 6.5 Enterprise Plus. SR-IOV is enabled. 1. IPS performance is measured using 1 Mbyte HTTP and Enterprise Traffic Mix. 2. Application Control performance is measured with 64 Kbytes HTTP traffic. 3. NGFW performance is measured with IPS and Application Control enabled, based on Enterprise Traffic Mix. 4. Threat Protection performance is measured with IPS and Application Control and Malware protection enabled, based on Enterprise Traffic Mix.

 

Public Cloud

Amazon Web Services (AWS) and Microsoft Azure supported for both BYOL (bring your own license) and On-demand (pay-as-you go). Please see the AWS and Azure Marketplace listings for more information:

FortiGuard Services for FortiGate SD-WAN

FortiGate SD-WAN employs multiple FortiGuard services.  Application control provides visibility into thousands of  applications, as well as granular sub-applications.  Other security services such as web filtering, sandboxing, antivirus and intrusion prevention protect the branches from the latest advanced threats.

View FortiGuard Labs Services and Bundles.

 

FG Application Control

應用程式控制

可對您的客戶正在執行的應用程式獲得無可比擬的即時可視性,並輕鬆實施您可接受的使用原則,進而提高安全性並滿足合規要求。透過 FortiGuard 應用程式控制,您可以快速建立原則來允許、拒絕或限制對應用程式或整個類別的應用程式的存取。

FG Web Filtering

網頁篩選

透過對惡意、被入侵或不當網站的存取封鎖來保護您的組織。

Icon cloudsandbox

FortiSandbox 雲端

FortiSandbox 雲端服務是一個進階威脅偵測解決方案,可執行動態分析以識別先前未知的惡意軟體。FortiSandbox 雲端產生的可執行情報會反饋到網路中的預防控制機制,進而消除威脅。

FG Antivirus

防毒

FortiGuard 防毒可阻斷最新病毒、間諜軟體以及其他內容層面的威脅。它採用行業領先的進階偵測引擎來阻止不斷變化的新威脅在您的網路中獲得據點、存取網路中寶貴的內容。

FG Intrusion Prevention

入侵防護

FortiGuard IPS 透過偵測威脅並在威脅侵入到網路裝置前進行封鎖,以此抵禦最新的網路入侵。

Product Category Thumb SS virus outbreak

Virus Outbreak Protection Service

FortiGuard Virus Outbreak Protection Service (VOS) closes the gap between antivirus updates with FortiCloud Sandbox analysis to detect and stop malware threats discovered between signature updates before they can spread throughout an organization. OS initiates a real-time look-up to our Global Threat Intelligence database.

 

 

FortiGuard Services Bundles

FortiGate Enterprise Bundle

Our Enterprise (ENT) bundle now includes:

  • CASB - providing visibility, compliance, data security and threat protection for your cloud-based services.
  • Industrial Security Service protection – SCADA (supervisory control and data acquisition) and ICS (industrial control systems). These signatures address attacks against critical infrastructure and manufacturing industries, where we are seeing frequent and sophisticated cyberattacks.
  • Security Rating Service - this service performs checks against your fabric-enabled network and provides scoring and recommendations to your operation teams. The subsequent scorecard can be used to gauge adherence to various internal and external organizational polices, standards, and regulations requirements, including providing a ranking of your firm against industry peers. 

The FortiGuard Enterprise (ENT) Protection bundle is designed to address today’s advanced threat landscape. The Enterprise Bundle consolidates the comprehensive protection needed to protect and defend against all cyberattack channels from the endpoint to the cloud. Including the technologies needed to address today’s challenging OT, compliance, and management concerns. The Enterprise Bundle offers the most comprehensive protection overall. The Enterprise Bundle includes: 

  • NGFW Application Control
  • IPS
  • Antivirus
  • Botnet
  • IP/Domain Reputation
  • Mobile Security
  • Web Filtering
  • Antispam
  • FortiSandbox Cloud
  • Virus Outbreak Protection
  • Content Disarm & Reconstruction 
  • CASB
  • Security Rating 
  • Industrial Security Service
  • FortiCare
FortiGate UTM Bundle

The FortiGuard Unified Protection Bundle (UTM) is our traditional Unified Threat Management security bundle. The Unified Protection Bundle extends threat protection across the entire digital attack surface, providing industry-leading defense against sophisticated attacks. The UTM bundle has you covered for web and email-based attacks. The UTM bundle delivers the best package available for a unified threat protection offering. The UTM Bundle includes: 

  • NGFW Application Control
  • IPS
  • Antivirus
  • Botnet
  • IP/Domain Reputation
  • Mobile Security
  • Web Filtering
  • Antispam
  • FortiSandbox Cloud
  • Virus Outbreak Protection
  • Content Disarm & Reconstruction 
  • FortiCare

The FortiGuard Advantage: 

  • FortiGuard processes over 69 million websites every hour, providing up-to-the-minute reputation and categorization. 
  • Prevent malicious downloads and browser hijacking attacks with top-rated web filtering (VBWeb Verified)
  • Improved email productivity through superior spam prevention validated with 3rd party independent testing (VBSpam + Verified)
FortiGate Advanced Threat Protection Bundle

The FortiGuard Advanced Threat Protection (ATP) bundle provides the foundational security needed to protect and defend against known and unknown cyber threats. The Advanced Threat Protection bundle includes: 

  • NGFW Application Control
  • IPS
  • Antivirus
  • Botnet
  • IP/Domain Reputation
  • Mobile Security
  • FortiSandbox Cloud
  • Virus Outbreak Protection
  • Content Disarm & Reconstruction 
  • FortiCare 24*7
Services Table
Service Advanced Threat Protection
(ATP)
 
Unified Protection
(UTM)
 
Enterprise Protection
(ENT)
 
A La Carte Protection


Threat Intelligence Service
     
Industrial Security Service
   

Security Rating
   

CASB
   

Web Filtering
 

Antivirus + Sandboxing




IPS




Antispam
 

 
Internet DB



 
IP Reputation


 
Application Control



 

Product Demo

product demo fortigate 80e

FortiGate SD-WAN Demo

Welcome to the FortiGate Secure SD-WAN 6.0 demo site. This demo shows the dynamic WAN path controller, application SLA enforcement, intelligent application steering and traffic shaping capabilities of Fortinet SD-WAN and how it can help your organization achieve more efficient use of your WAN resources while lowering TCO. 

Access the demo

FortiGate SD-WAN tackles the most difficult challenges of secure SD-WAN deployment and was the only Next-Generation Firewall (NGFW) security vendor to receive a “Recommended” rating in NSS Labs’ first-ever software-defined wide area networking report - delivering Highest VoIP Quality of Experience and Lowest Total Cost of Ownership per Mbps Among All Nine Vendors

Key Highlights:

  1. Highest quality of experience for VoIP: FortiGate SD-WAN showcased robust results for VoIP and video applications of 4.38 out of 4.41 and 4.26 out of 4.53, respectively. 
  2. Lowest total cost of ownership (TCO): FortiGate SD-WAN delivers the lowest TCO per Mbps (VPN throughput) among all participating vendors at a ratio of $5@749 Mbps.
  3. Native NGFW Security: FortiGate SD-WAN with native NGFW security blocked 100 percent of evasions and achieved 99.9 percent security effectiveness.    

 

SD-WAN Value Map

SD-WAN Value Map

In a crowded SD-WAN market, enterprises are finding it increasingly difficult to identify the right solution for them. NSS Labs provides a comprehensive and impartial test, in real-world situations, that identifies the key requirements for SD-WAN and the effectiveness of each solution. The SD-WAN capabilities that were assessed by NSS Labs include Application-Aware Traffic Steering, Dynamic Path Selection with SLA Measurements and other WAN Impairments.  Fortinet is the Only Vendor with Security Capabilities to Receive SD-WAN Recommended Rating.  Take a look at the SVM and compare the following: 

  • Quality of Experience of VoIP
  • Quality of Experience of Video 
  • VPN Performance 
  • Total Cost of Ownership
現在下載

 

 

file

Comparative Report - Value Matrix

Fortinet solutions have consistently demonstrated superior performance and feature quality TCO when put to the test. Recent customer traction shows that organizations around the world are increasingly choosing FortiGate SD-WAN to upgrade their WAN infrastructure.  The 2018 NSS Labs SD-WAN test results further prove that Fortinet delivers the highest quality of experience for VoIP,  the best TCO and the right security to go with it, solidifying FortiGate SD-WAN as a compelling balance of quality, security and value. Take a look at the comparative value matrix report and understand how Fortinet emerged as a top choice for Secure SD-WAN. 

Download the Report

 

 

Fortinet FortiGate 61E Test Report

Fortinet FortiGate 61E Test Report

Take a closer look at how Fortinet excelled in every category assessed by NSS Labs.  Fortinet showcased a number of advantages including the highest quality of experience for VoIP, lowest TCO and native NGFW security.

Download the Report

 

 

Comparative Report -  Performance

Comparative Report - Performance

NSS Labs SD-WAN Performance Comparative report provides a detailed comparison of all 9 participating vendors for quality of experience and performance. Fortinet showcased the highest quality of experience for business-critical applications such as VoIP and excellent VPN performance.      

Download the Report

 

 

file

Comparative Report - TCO

NSS Labs SD-WAN TCO Comparative report provides a detailed comparison of all 9 participating vendors for quality of experience and performance. FortiGate SD-WAN has achieved the best price/performance among all 10 vendors with TCO of $5.

Download the Report

SD-WAN

Below are answers to common questions regarding product and related services:

Why is security important for SD-WAN?

SD-WAN allows branches to directly communicate to the internet, providing high application performance.  Traditionally, branches had limited security considering that all traffic was backhauled to the datacenter.  With SD-WAN branches are directly exposed, allowing attackers to target the weakest link.  The change in the malware landscape warrants a strong security solution to protect enterprises from sophisticated threats to avoid financial and reputation damages. 

What is the key differentiator for FortiGate SD-WAN?

The key differentiator for FortiGate SD-WAN is that SD-WAN functionality is integrated with security.  Fortinet is the only SD-WAN vendor to be recommended by NSS labs for the last 5 consecutive years for performance and security effectiveness.   Integrated security reduces complexity and simplifies management and monitoring.  Fortinet security fabric also provides broad and integrated protection across all attack vectors, including endpoints, mail, switches and access points. 

How can we prioritize business-critical applications, and enforce SLA?

FortiGate SD-WAN is application-aware and has broad visibility into more than 3000 applications.  Using application steering, you can ensure that business critical applications such as Office365 and Skype always go through the preferred link.  Granular application-level transaction SLA criteria, such as jitter, packet loss and latency can be specified for each application. In the event of an SLA breach, there is a dynamic failover to the next best link. 

 You can also configure bandwidth management to guarantee or limit the bandwidth given to high and low priority applications respectively.  

Which transport interfaces do you support?

FortiGate SD-WAN is transport agnostic.  This not only includes support for a variety of connectivity protocols (Ethernet, 3G/4G, VPN, etc.), but also allows you to use any two of these connections in active-active mode while load balancing traffic across both circuits simultaneously.

Do I need a separate appliance for routing and security?

FortiGate SD-WAN provides the advantage of reducing the number of specialized devices deployed at the branch by consolidating routing, security and SD-WAN functionality in a single appliance.   It can also work in conjunction with existing devices if necessary. 

How do we monitor and manage SD-WAN appliances?

Both the security and SD-WAN functionality on FortiGate SD-WAN devices can be managed easily with FortiManager.  FortiManager provides a single pane of glass, and allows administrators to monitor SD-WAN from a high-level view and drill down into more details when required.  Please see the FortiManager datasheet for more details. 

How can we enable SD-WAN on FortiGate?

FortiGate SD-WAN is a feature available on FortiGate NGFW.  It is available as part of the base license, and doesn’t include any additional cost.