One of the most common issues facing organizations looking to deploy an SD-WAN solution is that what looks like a simple enough idea – replacing your static MPLS connection with a more flexible WAN solution – can quickly become a logistical nightmare. That’s because today’s branch offices have complex requirements that legacy routers, and even most SD-WAN solutions have simply not been designed to address.
The primary need is fast and reliable access to critical business applications. Cloud adoption is rampant, and as organizations migrate their data and resources to the cloud, backhauling those latency sensitive or performance hungry applications through a traditional WAN link to the corporate network quickly becomes problematic. It not only adds additional bandwidth loads on network infrastructures, but can reduce the effectiveness of the application and impact things like productivity and the user experience.
Branch Office Requirements are Evolving
Today’s branch offices require multiple links in order to enable direct connectivity to critical resources. While the traditional link to the core network is still important, they also need direct internet access in order to quickly connect to essential applications such as Salesforce, Office365, and unified communications located in the cloud.
Of course, internet connections are notoriously unreliable and unsecure. So an SD-WAN solution needs to provide rich application steering, redundancy, and quality controls at the network level, as well as a full stack of security solutions to secure data and information that used to rely on the security deployed within the core network. In addition, because 80% or more of the traffic moving through this direct internet connection will need to be encrypted, security also needs to provide deep SSL inspection without impacting application performance.
Most SD-WAN Solutions Don’t Measure Up
Because most SD-WAN vendors only provide very basic firewall functionality as a native element of their solution, customers are required to address this issue by adding security after the fact. But they quickly discover that the complexity of building such a solution is more than they bargained for. Security needs to provide a full stack of protection, including firewall, IPS, web filtering, anti-virus and anti-malware, web application firewall, and even sandboxing. And if these solutions aren’t integrated to function as a single unit, managing these tools can require significant overhead.
Second, these security solutions need to be fully compatible with security deployed elsewhere, especially in the cloud. Policies need to traverse multiple ecosystems, enforcement needs to be consistent, and visibility needs to be seamless.
And finally, security and networking need to work as a single system. This needs to work at scale across hundreds of locations, and do so easily with zero-touch deployment capabilities. And because connections are often in constant flux in order to maintain connection service levels, any overlay security system is forced to react to changes, which can introduce gaps in protections. Instead, what’s needed is for security and networking to be fully integrated together, so that when application or connectivity requirements change, both the network and security adapt simultaneously so there is never a need to “catch up.”
And even more importantly, a Security-Driven Network approach means that if an adjustment in connectivity or configurations would result in a compromise in terms of security, the security solution can prevent that adjustment based on policy, rather than leaving an unsecured connection, exposing data and applications to infection or theft.
A Real World Example
Addressing this real-world challenge was a top priority for one of North America’s largest providers of commercial and residential services. They needed to upgrade their WAN solution to more efficiently and securely interconnect their facilities. Their goal was to reduce circuit costs, rationalize their security product inventory, and centralize security management across their distributed organization.
By enhancing data correlation and integration between their various security elements, they also hoped to achieve better visibility, control, and decision making capabilities. However, this lower and more predictable infrastructure cost model also needed to provide a more flexible infrastructure that would be easier to tune in order to meet changing business requirements, without ever compromising security in the process.
Fortinet responded by positioning our Secure SD-WAN and SD-Branch solutions. We were able to demonstrate how, through our Security Fabric framework, all of the various security and networking elements worked together in terms of coordination, correlation, management, configuration, and orchestration. Unlike the traditionally complex SD-WAN story that involved multiple solutions that didn’t really interoperate, Fortinet’s Secure SD-WAN provided the right mix of tightly integrated network and connection functionality, management, and security that the organization was looking for.
Once the Secure SD-WAN solution was under consideration, we were then able to demonstrate how its security and network functionality could also be seamlessly extended deep into each branch network by combining them with switching, wireless access, and network access control functions. Even better, this integrated SD-Branch solution could also be managed remotely through the same interface used to manage the Secure SD-WAN connection.
SD-WAN networking, security, and access control solutions offering from other vendors, including the incumbent solution from Cisco, simply did not work as an integrated system. Separate management, configuration, and orchestration tools would significantly impact the organization’s goals of interoperability and lowering operational overhead. And the Fortinet solution also provided far and away the best price/performance of any solution under consideration.
Fortinet Uniquely Combines Networking and Security into a Single, Integrated SD-WAN Solution
Fortinet’s Secure SD-WAN and SD-Branch solutions combine the entire suite of powerful security tools included in the FortiGate NGFW security appliance – including firewall, IPS, antivirus, web filtering, and sandboxing – with a rich suite of essential connectivity, bandwidth management, and application recognition tools to ensure the reliable delivery of even the most latency-sensitive business applications. It then combines that security with Fortinet’s switching and wireless access points to extend the same security and network management functionality, combined with device and access control, into the branch office network to manage and secure locally deployed enduser and IoT devices.
No other solution in the market provides such a high-performance, deeply integrated, and highly interoperable solution for today’s distributed networks. Simple deployment, unmatched performance, and deep integration between network functionality, connectivity, access control, and a full suite world-class security solutions – all managed and orchestrated through a single pane of glass management system – sets the Fortinet Secure SD-WAN and SD-Branch solutions apart from the rest of the market.
Learn how Fortinet’s Secure SD-WAN Solution uses a security-driven networking approach to improve user experience and simplify operations at the WAN Edge.
