SD-WAN

SD-WAN:應用程式感知、帶整合 NGFW 安全防護的多路徑 WAN 控制器

網路領導者保護 SD WAN 指南
適用於:
  • 設備
  • 虛擬機
web product icon sd wan

FortiGate 安全 SD-WAN 軟體定義廣域網路 解決方案

分散式企業分支機構型轉變成數位商業模式對 WAN 網路產生重大影響。雲端服務的使用和越來越多的行動工作者正加速 WAN 技術的進步。許多企業使用直接網際網路存取,部署新一代安全策略以及啟用多路徑 WAN 網路來提高應用程式效能變得格外重要。

Fortinet 是業界唯一一個提供原生 SD-WAN 解決方案以及整合式先進威脅防護的新一代防火牆 (NGFW) 服務供應商。 FortiGate 安全 SD-WAN 解決方案具備應用程式感知能力、提供自動 WAN 路徑控管,並支援多寬頻連線。它取代傳統的分散 WAN 路由器、 WAN 優化和安全裝置,並且具備業界最佳的 VPN 效能,可將安全性擴展到多個分支機構。

   

SD-WAN 影片介紹

FortiGate FortiOS 6.0 SD-WAN Demo

Learn more on how the FortiOS 6.0 can provide SD-WAN capabilities on a FortiGate for greater application visibility and application steering to prioritize business application performance.

立即觀看
Transform Your Enterprise Branch with Fortinet Secure SD-WAN
Roll out SD-WAN with Fortinet's Zero Touch Deployment

FortiGate 安全 SD-WAN 解決方案產品介紹:

FortiGate SD-WAN 在分支機構進行轉型時,在安全無虞的情況下,提高生產力和應用程式效能。 在應用程式轉向功能的幫助下,確保關鍵業務應用程式得到優先處理。透過收集 WAN 修補資訊, FortiGate SD-WAN 將自動進行故障轉移到最佳可用的 WAN 連結。集中式控管的單一虛擬平台簡化了管理和監控功能,使企業分支機構快速佈局、輕鬆擴展。 FortiGate SD-WAN 已被全球金融、零售、製造和客服等行業所採用。

特色

intelligent icon

能夠識別與支援多達 3,000 種以上的應用程式,並為子應用程式提供精密的可視性。

monitoring icon

具備路徑感知智能以監控應用層級的交易,並自動將故障轉移到最佳可用的路徑。

platform support icon

單一虛擬平台管理簡化了 SD-WAN 解決方案的部署、管理和監控功能。

優勢

icon benefits tools
單一平台上的最佳組合 SD-WAN 解決方案和新一代防火牆 (NGFW) 功能,降低部署的複雜性和總擁有成本。
high performance icon
優先處理關鍵業務應用程式,讓分支機構直接存取網際網路,進而改善雲端應用程式效能。
reduce cash icon
透過轉移多協議標籤交換 (MPLS) 技術,並利用多連線寬頻服務如乙太網路 (Ethernet)、數位用戶迴路 (DSL) 和長程演進計畫 (LTE) 技術來降低營運成本。

FortiGate SD-WAN Models and Specifications

FortiGate SD-WAN is available in many different form factors with many different models to choose from to meet your needs ranging from entry-level hardware appliances to VM options that be deployed in your branch offices.  FortiManager, that can be used to monitor and manage the FortiGate appliances is also available in different form factors and models.

Hardware appliances

NGFW Throughput
250 Mbps
Threat Protection Throughput
200 Mbps
VPN Throughput
2 Gbps
Max G/W to G/W IPSEC Tunnels
200
港口
10x GE RJ45
NGFW Throughput
360 Mbps
Threat Protection Throughput
250 Mbps
VPN Throughput
2.5 Gbps
Max G/W to G/W IPSEC Tunnels
200
港口
14x GE RJ45, 2x Shared Port Pairs
NGFW Throughput
360 Mbps
Threat Protection Throughput
250 Mbps
VPN Throughput
4 Gbps
Max G/W to G/W IPSEC Tunnels
2000
港口
20x GE RJ45, 2x Shared Port Pairs
NGFW Throughput
1.8 Gbps
Threat Protection Throughput
1.2 Gbps
VPN Throughput
9 Gbps
Max G/W to G/W IPSEC Tunnels
2000
港口
18x GE RJ45, 4x GE SFP
NGFW Throughput
3.5 Gbps
Threat Protection Throughput
3 Gbps
VPN Throughput
20 Gbps
Max G/W to G/W IPSEC Tunnels
2000
港口
16x GE RJ45, 16x GE SFP
NGFW Throughput
5 Gbps
Threat Protection Throughput
4.7 Gbps
VPN Throughput
20 Gbps
Max G/W to G/W IPSEC Tunnels
2000
港口
2x 10 GE SFP+, 10x GE RJ45, 8x GE SFP

Virtual machines

NGFW Throughput
850 Mbps
Threat Protection Throughput
700 Mbps
VPN Throughput
1 Gbps
Max G/W to G/W IPSEC Tunnels
2000
Ports
Up to 10
NGFW Throughput
1.5 Gbps
Threat Protection Throughput
1.2 Gbps
VPN Throughput
1.5 Gbps
Max G/W to G/W IPSEC Tunnels
2000
港口
Up to 10
NGFW Throughput
2.5 Gbps
Threat Protection Throughput
2 Gbps
VPN Throughput
3 Gbps
Max G/W to G/W IPSEC Tunnels
2000
港口
Up to 10
NGFW Throughput
4.5 Gbps
Threat Protection Throughput
3.5 Gbps
VPN Throughput
5.5 Gbps
Max G/W to G/W IPSEC Tunnels
40,000
港口
Up to 10
NGFW Throughput
9 Gbps
Threat Protection Throughput
7 Gbps
VPN Throughput
6.5 Gbps
Max G/W to G/W IPSEC Tunnels
40,000
港口
Up to 10

 

Public Cloud

Amazon Web Services (AWS) and Microsoft Azure supported for both BYOL (bring your own license) and On-demand (pay-as-you go). Please see the AWS and Azure Marketplace listings for more information:

 

Hardware appliances

Devices/VDOMs (Maximum)
1200
Sustained Log Rates
50
GB/Day
2
Devices/VDOMs (Maximum)
4000
Sustained Log Rates
150
GB/Day
10

Virtual machines

Devices/VDOMs (Maximum)
+1,000
GB/Day of Logs
10
Devices/VDOMs (Maximum)
+5,000
GB/Day of Logs
25
Devices/VDOMs (Maximum)
+10,000
GB/Day of Logs
50
Actual performance may vary depending on the network and system configuration. Performance metrics were observed using a DELL R740 (CPU Intel Xeon Platinum 8168 2.7 GHz, Intel X710 network adapters), running FOS v5.6.3. Tested with VMware vSphere 6.5 Enterprise Plus. SR-IOV is enabled. 1. IPS performance is measured using 1 Mbyte HTTP and Enterprise Traffic Mix. 2. Application Control performance is measured with 64 Kbytes HTTP traffic. 3. NGFW performance is measured with IPS and Application Control enabled, based on Enterprise Traffic Mix. 4. Threat Protection performance is measured with IPS and Application Control and Malware protection enabled, based on Enterprise Traffic Mix.

 

Public Cloud

Amazon Web Services (AWS) and Microsoft Azure supported for both BYOL (bring your own license) and On-demand (pay-as-you go). Please see the AWS and Azure Marketplace listings for more information:

FortiGuard Services for FortiGate SD-WAN

FortiGate SD-WAN employs multiple FortiGuard services.  Application control provides visibility into thousands of  applications, as well as granular sub-applications.  Other security services such as web filtering, sandboxing, antivirus and intrusion prevention protect the branches from the latest advanced threats.

View FortiGuard Labs Services and Bundles.

 

FG Application Control

應用程式控制

可對您的客戶正在執行的應用程式獲得無可比擬的即時可視性,並輕鬆實施您可接受的使用原則,進而提高安全性並滿足合規要求。透過 FortiGuard 應用程式控制,您可以快速建立原則來允許、拒絕或限制對應用程式或整個類別的應用程式的存取。

FG Web Filtering

網頁篩選

透過對惡意、被入侵或不當網站的存取封鎖來保護您的組織。

icon sandbox cloud

FortiSandbox 雲端

FortiSandbox 雲端服務是一個進階威脅偵測解決方案,可執行動態分析以識別先前未知的惡意軟體。FortiSandbox 雲端產生的可執行情報會反饋到網路中的預防控制機制,進而消除威脅。

FG Antivirus

防毒

FortiGuard 防毒可阻斷最新病毒、間諜軟體以及其他內容層面的威脅。它採用行業領先的進階偵測引擎來阻止不斷變化的新威脅在您的網路中獲得據點、存取網路中寶貴的內容。

FG Intrusion Prevention

入侵防護

FortiGuard IPS 透過偵測威脅並在威脅侵入到網路裝置前進行封鎖,以此抵禦最新的網路入侵。

Product Category Thumb SS virus outbreak

Virus Outbreak Protection Service

FortiGuard Virus Outbreak Protection Service (VOS) closes the gap between antivirus updates with FortiCloud Sandbox analysis to detect and stop malware threats discovered between signature updates before they can spread throughout an organization. OS initiates a real-time look-up to our Global Threat Intelligence database.

 

 

FortiGuard Services Bundles

FortiGate Enterprise Bundle

Our Enterprise (ENT) bundle now includes:

  • CASB - providing visibility, compliance, data security and threat protection for your cloud-based services.
  • Industrial Security Service protection – SCADA (supervisory control and data acquisition) and ICS (industrial control systems). These signatures address attacks against critical infrastructure and manufacturing industries, where we are seeing frequent and sophisticated cyberattacks.
  • Security Rating Service - this service performs checks against your fabric-enabled network and provides scoring and recommendations to your operation teams. The subsequent scorecard can be used to gauge adherence to various internal and external organizational polices, standards, and regulations requirements, including providing a ranking of your firm against industry peers. 

The FortiGuard Enterprise (ENT) Protection bundle is designed to address today’s advanced threat landscape. The Enterprise Bundle consolidates the comprehensive protection needed to protect and defend against all cyberattack channels from the endpoint to the cloud. Including the technologies needed to address today’s challenging OT, compliance, and management concerns. The Enterprise Bundle offers the most comprehensive protection overall. The Enterprise Bundle includes: 

  • NGFW Application Control
  • IPS
  • Antivirus
  • Botnet
  • IP/Domain Reputation
  • Mobile Security
  • Web Filtering
  • Antispam
  • FortiSandbox Cloud
  • Virus Outbreak Protection
  • Content Disarm & Reconstruction 
  • CASB
  • Security Rating 
  • Industrial Security Service
  • FortiCare
FortiGate UTM Bundle

The FortiGuard Unified Protection Bundle (UTM) is our traditional Unified Threat Management security bundle. The Unified Protection Bundle extends threat protection across the entire digital attack surface, providing industry-leading defense against sophisticated attacks. The UTM bundle has you covered for web and email-based attacks. The UTM bundle delivers the best package available for a unified threat protection offering. The UTM Bundle includes: 

  • NGFW Application Control
  • IPS
  • Antivirus
  • Botnet
  • IP/Domain Reputation
  • Mobile Security
  • Web Filtering
  • Antispam
  • FortiSandbox Cloud
  • Virus Outbreak Protection
  • Content Disarm & Reconstruction 
  • FortiCare

The FortiGuard Advantage: 

  • FortiGuard processes over 69 million websites every hour, providing up-to-the-minute reputation and categorization. 
  • Prevent malicious downloads and browser hijacking attacks with top-rated web filtering (VBWeb Verified)
  • Improved email productivity through superior spam prevention validated with 3rd party independent testing (VBSpam + Verified)
FortiGate Advanced Threat Protection Bundle

The FortiGuard Advanced Threat Protection (ATP) bundle provides the foundational security needed to protect and defend against known and unknown cyber threats. The Advanced Threat Protection bundle includes: 

  • NGFW Application Control
  • IPS
  • Antivirus
  • Botnet
  • IP/Domain Reputation
  • Mobile Security
  • FortiSandbox Cloud
  • Virus Outbreak Protection
  • Content Disarm & Reconstruction 
  • FortiCare 24*7
Services Table
Service Advanced Threat Protection
(ATP)
 
Unified Protection
(UTM)
 
Enterprise Protection
(ENT)
 
A La Carte Protection


Threat Intelligence Service
     
Industrial Security Service
   

Security Rating
   

CASB
   

Web Filtering
 

Antivirus + Sandboxing




IPS




Antispam
 

 
Internet DB



 
IP Reputation


 
Application Control



 

Product Demo

Welcome to the Fortinet Secure SD-WAN Teleworker demo site. This demo shows the dynamic WAN path controller, application SLA enforcement, intelligent application steering and traffic shaping capabilities of Fortinet SD-WAN and how it can help teleworkers in your organization achieve more efficient use of WAN resources, increased connection reliability, and lower TCO.

   

FortiGate FortiOS 6.2 SD-WAN Failover Demo

This video demonstrates how SD-WAN on FortiOS 6.2 can help greatly improve the quality of experience of four popular applications – Dropbox, VoIP, Office 365, and video. Fortinet Secure SD-WAN features a dynamic WAN path controller with a proprietary library of over 5000 applications to help organizations with their digital transformation, WAN OpEx reduction, and branch consolidation efforts.

立即觀看

    

認證

Fortinet 安全 SD-WAN 解決方案在最具挑戰性的企業 SD-WAN 部署測試中表現優異,在 NSS 實驗室的 SD-WAN 組別測試報告中,連續獲得第二次「推薦」評級。同時,每Mbps 的總擁有成本 (TCO) 也是其他八家供應商中最低的。

核心亮點 :

  1. 最低的總擁有成本 (TCO) : Fortinet 安全SD-WAN 解決方案以每 Mbps (VPN 流通量) 3.5 美元 / 845 Mbps 最低的總擁有成本,為用戶節省可觀的營運成本。六分鐘內即可完成新分支機構的零接觸部署。
  2. 最佳使用者體驗和最高可用性:在 WAN 連線故障這種極端情況下,Fortinet 安全 SD-WAN 解決方案在最佳使用者體驗的語音和影片應用分別獲得了 4.41 分和 4.53 分的高分。  
  3. 內建業界驗證度最高的新一代防火牆 (NGFW) : Fortinet 安全 SD-WAN 解決方案內建的 NGFW 已連獲五次 NSS 實驗室的 NGFW 「推薦」評級。在最新的 NSS 實驗室 NGFW 組別測試中, FortiGate 的整體安全有效性獲得 99.3% 評分,並更實現 100% 的逃逸阻斷。 

 

SD-WAN 價值映射圖

在擁擠不堪的 SD-WAN 市場中,企業越來越難找到正確的解決方案。 NSS 實驗室在實際情況下提供了全面性、公正無私的測試,確認 SD-WAN 的關鍵要求和各種解決方案的有效性。 NSS 實驗室評估的 SD-WAN 功能包括零接觸部署、 WAN 效能、應用程式感知的流量轉向功能、具有服務水準協議(SLA)測量的動態路徑選擇和 WAN 損壞時仍具有高可用性。在 WAN 損壞的極端情況下, Fortinet 提供最佳使用者體驗和高可用性。

立即下載

sd-wan nss lab fortigate 61e

Fortinet FortiGate 61E 測試報告

查看 Fortinet 如何在 NSS 實驗室 SD-WAN 組別測試中再度得到優異成績。 Fortinet 展示了許多優勢,包括最低總擁有成本、原生的 NGFW 安全性和統一的傳播體驗品質。

下載報告

NSS 實驗室 SD-WAN 價值映射圖和報告

diagram sd wan certification 4

效能表現比較報告

NSS 實驗室的 SD-WAN 效能比較報告提供了所有 9 家參與供應商的詳細體驗和性能比較結果。 Fortinet 為關鍵業務應用程式提供卓越的體驗品質,如高品質的 VoIP 體驗以及出色的 VPN 性能。

下載報告
diagram sd wan certification 5

最低總擁有成本比較報告

NSS 實驗室的 SD-WAN 最低總擁有成本比較報告提供了所有 9 家參與供應商的詳細體驗和性能比較結果。 FortiGate 安全 SD-WAN 解決方案在所有 10 家供應商中均獲得了最佳性價比 (TCO 為 5 美元) 。

下載報告
diagram sd wan certification 1

價值矩陣比較報告

經測試, Fortinet 解決方案始終呈現卓越的效能和最低的總擁有成本。最近抓客力顯示,世界各地越來越多企業選擇FortiGate 安全 SD-WAN 解決方案來升級其 WAN 基礎架構。2018 年 NSS 實驗室的 SD-WAN 測試結果進一步證明, Fortinet 高質量的 VoIP 體驗,最低的 TCO 和正確的安全性,使得 FortiGate 安全 SD-WAN 解決方案在品質、安全性和價值之間取得平衡。查看價值矩陣比較報告,了解 Fortinet 如何成為安全 SD-WAN 解決方案的首選。

下載報告

SD-WAN

Below are answers to common questions regarding product and related services:

Why is security important for SD-WAN?

SD-WAN allows branches to directly communicate to the internet, providing high application performance.  Traditionally, branches had limited security considering that all traffic was backhauled to the datacenter.  With SD-WAN branches are directly exposed, allowing attackers to target the weakest link.  The change in the malware landscape warrants a strong security solution to protect enterprises from sophisticated threats to avoid financial and reputation damages. 

What is the key differentiator for FortiGate SD-WAN?

The key differentiator for FortiGate SD-WAN is that SD-WAN functionality is integrated with security.  Fortinet is the only SD-WAN vendor to be recommended by NSS labs for the last 5 consecutive years for performance and security effectiveness.   Integrated security reduces complexity and simplifies management and monitoring.  Fortinet security fabric also provides broad and integrated protection across all attack vectors, including endpoints, mail, switches and access points. 

How can we prioritize business-critical applications, and enforce SLA?

FortiGate SD-WAN is application-aware and has broad visibility into more than 3000 applications.  Using application steering, you can ensure that business critical applications such as Office365 and Skype always go through the preferred link.  Granular application-level transaction SLA criteria, such as jitter, packet loss and latency can be specified for each application. In the event of an SLA breach, there is a dynamic failover to the next best link. 

 You can also configure bandwidth management to guarantee or limit the bandwidth given to high and low priority applications respectively.  

Which transport interfaces do you support?

FortiGate SD-WAN is transport agnostic.  This not only includes support for a variety of connectivity protocols (Ethernet, 3G/4G, VPN, etc.), but also allows you to use any two of these connections in active-active mode while load balancing traffic across both circuits simultaneously.

Do I need a separate appliance for routing and security?

FortiGate SD-WAN provides the advantage of reducing the number of specialized devices deployed at the branch by consolidating routing, security and SD-WAN functionality in a single appliance.   It can also work in conjunction with existing devices if necessary. 

How do we monitor and manage SD-WAN appliances?

Both the security and SD-WAN functionality on FortiGate SD-WAN devices can be managed easily with FortiManager.  FortiManager provides a single pane of glass, and allows administrators to monitor SD-WAN from a high-level view and drill down into more details when required.  Please see the FortiManager datasheet for more details. 

How can we enable SD-WAN on FortiGate?

FortiGate SD-WAN is a feature available on FortiGate NGFW.  It is available as part of the base license, and doesn’t include any additional cost.