Fortinet Secure SD-WAN Solution - Exclusive Networks USA · Fortinet - Confidential 7 Fortinet’s Key Benefits of Secured SD-WAN Solution MPLS to Direct Internet Access for Cloud

© Copyright Fortinet Inc. All rights reserved.

Fortinet Secure SD-WAN Solution Protecting Distributed Enterprises

2 Fortinet - Confidential

Trends in Distributed Enterprise

Fortinet SD-WAN Solution

Case-Study

Agenda


Trends in Distributed Enterprises – Key Drivers for WAN Transormation

Business Traffic Growing 30% every year

Mobile No control of endpoints

(BYOD)

SSL Traffic Growth 50% of total traffic is

encrypted

Increasing Cyber-Threats

Increasing malwares and botnets per

organizations – Fortinet Thrat Landscape

Report

SaaS Applications On average, companies have

30+ applications running via the

Cloud

IoT 35B devices, mostly

headless attaching

to the network


I hate my WAN : SD-WAN to the Rescue

Traditional WAN Architecture has become suboptimal

Enterprise WANs are mired in complexity and cost

Improve performance for all applications including cloud

Secure connectivity with the ability to integrate networking

By the end of 2019, 30% of enterprises will use SD-WAN technology in all

their branches, up from less than 1 % today - Gartner


Link Path Controller and Health Monitoring

Dynamic SaaS Application Database

IPSec VPN Tunneling

Prioritized Business Applications

(Traffic Shaping)

Centralized Management

Orchestration (Service Chaining)

Zero-touch Deployment

Security Processor-powered Appliance

Hybrid Appliance for vCPE

Virtual Machine

VPN MPLS Broad

band

Transport LTE

DC SaaS Internet IaaS

Security

Destination

Management

Expanding Secure SD-WAN with Latest FOS 5.6 Fortinet Press Release – April 4th

https://www.fortinet.com/corporate/about-us/newsroom/press-releases/2017/new-sd-wan-security-fabric-distributed-enterprises.html







Fortinet’s Key Benefits of Secured SD-WAN Solution

MPLS to Direct Internet Access for Cloud Reduces WAN Cost Spending

Higher SLA for Business App Efficient WAN Path Controller

Better Security Posture Effective Security – Direct Internet Access

Scalable Single Pane of Glass Simplify the deployment and management


Fortinet – SD-WAN Deployment Models

FortiGate

#1 Market share in distributed enterprise

SPU acceleration for high performance

Consolidated networking and security

Expanded SD-WAN as part of FOS 5.6

FortiGate Enterprise Firewall

FortiHypervisor

FortiHypervisor Eco-System

FortiHypervisor

FortiGate SPU with KVM Hypervisor

FortiGate VM for security and SSL

Supports fabric ready SD-WAN partners

3rd Party

VNF

Fortinet

VNF

3rd Party

VNF

FortiGate Enterprise Firewall

SD-WAN Deployment Summary


ENTERPRISE FIREWALL

FortiOS FortiGuard SPU

Enterprise Bundle

Services

FortiManager

FortiAnalyzer FortiGate

Rugged

Cloud

Virtual

Physical

5.6


FortiGate 30 – 90 Series FortiGate 100 – 900 Series

System

on a Chip

Accelerated Entry/Mid-range FortiGate Enable Secure SD-WAN at Branch and Campus

Mid-range FortiGate Optimized for NGFW at the Campus

Content

Processor

Network

Processor

FortiGate 80E Series with High IPsec VPN and SSL Performance FortiGate 100E & 200E Series with High Threat Protection and SSL Performance

Entry-level FortiGate Optimized for Branch Office & SD-WAN

CPU


Support for various Transport types – Flexibility

Support for Industry’s most secure Encryption Algorithms – Security

Industry’s best IPSec Throughput – Powerful

SD-WAN Requirements - Multiple Links and VPN

Distributed Edge/Branch Office

Hybrid Cloud Data Center

HQ/Datacenter

Public Cloud

SaaS


Houses a 3G/4G modem for redundancy

Can be installed for optimal coverage

Connects to FortiGate via Ethernet cable

FortiExtender 3G/4G – Wireless WAN Option


Supports various link path controller algorithms for effective WAN utilization

Dynamic Cloud Application Database for Cloud applications

SDWAN Requirements – Effective WAN Utilization


Public Cloud

SDWAN Virtual Link

HQ/Datacenter

SaaS


Dynamic Routing based on Link quality measurements

Maintain High availability of Business critical applications

Best effort for low priority applications through low cost links

SDWAN Requirements – Link Quality Measurement


Public Cloud

SDWAN Virtual Link

HQ/Datacenter

SaaS

Latency = 25 ms

Jitter = 1 ms

Packet Loss = 0 %

BW = 200 Mbps


Deep Application Visibility for maintaining High SLA for Critical Applications

SSL Inspection for Visibility into Encrypted Applications

Deep Application Visibility for non-encrypted and SSL traffic


Public Cloud

SDWAN Virtual Link

HQ/Datacenter

SaaS

Over 3000 Supported Applications

Supports Mandated SSL Ciphers


DSCP Support for SIP and low latency Applications

Smart Routing and quick failover to provide high SLA

No Call Drop Failover for over 20000 simultaneous SIP Calls

SDWAN Requirements – QoS/Priority for Voice Traffic


SDWAN Virtual Link

HQ/Datacenter

Public Cloud

SaaS


SDWAN Requirements – Priority and Traffic Shaping

TOP

CRITICAL

HIGH

MEDIUM

LOW

Guarantee SLA for Business Critical Apps


Topology Visibility and Link Utilization

NGFW.1 ISFW.1

ISFW.2 Switch.2

Switch.1

Sandbox Analytics

Private Cloud

Public Cloud

New Downstream Device Quarantine

New Devices and Link Utilizations

New Aggregate FortiGate View

AWSFW.1

ACI.1

Internet

Now 5 M 1H 24H 7D

500MB

300MB

50MB

Physical Logical

New Historic Trending


Secured SD-WAN : Proven Security Effectiveness

190 Terabytes of threat

samples

18,000 Intrusion prevention rules

5,800 Application control rules

250M Rated websites in

78 categories

262 Zero-day threats discovered

Total FortiGuard Database

Intrusion

Prevention

Service

Antivirus

Service

Anti-spam

Service

Web

Filtering

Service

IP

Reputation

Service

Web

Security

Service

Database

Security

Service

Application

Control

Service

Vulnerability

Management

Service

Mobile

Security

FortiSandbox

Cloud


Centralized Management for SD-WAN is Critical

Management

SD-WAN Devices

device settings

Unified policies

firmware updates

ad-hoc analytics

security events

co-relation engine

console alerts


FortiManager – Single Pane Of Glass

For more information, check FUSE or the P&S archives

Key Features

1. Enterprise Class Management

2. Full Control of Your Network

3. Integrated VPN GUI

• Clean, modern look & feel

• Similar navigation to FortiGate

• Fewer clicks = faster enforcement

• End to End Fortinet devices supported

• Single pane of glass for extended enterprise

• Consolidated devices = easier to manage

Fo

rtiM

an

ag

er

• VPN Manager Selector

• Coming up : Map based VPN connections


Case Study —Restaurant Chain with 6500 Locations

Driver:

Reduce WAN Costs

SSL Inspection

Reduce Complexity

Environment:

6500+ branches

Internet as WAN

3G/4G for back-up

Solution:

Result:

Consolidation

Significant savings

Secured connectivity

with full SSL inspection

Key take-away: “Replaced Incumbent networking vendor as they couldn’t

meet combination of security and networking functionality for secured SD-

WAN”

FortiGate SD-WAN

FortiHypervisor SD-WAN Eco-System


Fabric-ready APIs

Partner Ecosystem to Extend Control Across Your Infrastructure

Cloud Endpoint

Virtualization/SDN

Management

(FNDN)

Vulnerability

Management

SIEM


FortiHypervisor-90E » Suitable for small branch

» Based on FortiGate-90E

» 1 x 1TB HDD

» 8GB RAM

FortiHypervisor-500D » Based on FortiGate-500D

» SPU accelerated (CP8 / NP6)

» 2 x 2TB HDD

» 16GB RAM

» 10 x GE RJ-45 ports (2 Mgmt ports)

» 8 x GE SFP slots

FHV-500D and FHV-90E

KVM Environment for FGT-VM and Other VNFs (FortiWeb-VM, Third Party VNFs, etc)


FortiHypervisor NFV : Secured SD-WAN Eco-System

FortiGate VNF Security

» IPS

» SSL Inspection

» Web Filtering

» Antimalware

» Sand-boxing

Security Fabric Partner » SD-WAN VNF

» 3rd party business applications

Rapid service delivery

Consolidated services

Reduced Capex

Security Processer based Parallel

Path Processing acceleration


Summary

#1 Market Share for distributed enterprise firewall

9 of Top 10 Fortune retail and commercial banks

Expanding Network capabilities with FOS 5.6

» Integrated SD-WAN Smart Load balancing

» Dynamic SaaS data-base for efficient routing

» New NOC view and VPN Map integration

Growing POC for FortiHypervisor vCPE

Partners with SD-WAN networking vendors for VNF

Documents

Fortinet Secure SD-WAN Solution - Exclusive Networks USA · Fortinet - Confidential 7 Fortinet’s Key Benefits of Secured SD-WAN Solution MPLS to Direct Internet Access for Cloud