© Copyright Fortinet Inc. All rights reserved.

FortiGate Secure SD-WAN Solution Magellan Netzwerke & Fortinet

08 / 2018

2

Warum Fortinet und Magellan?

3

Fortinet SD-WAN Gives Performance of a Lifetime –Recommended by NSS Labs

4

Fortinet SD-WAN Gives Performance of a Lifetime –Recommended by NSS Labs

Highest QoE for VoIP

Best Total Cost of Ownership

Only Security Vendor to be

Recommended

4.38 out of 4.41

$5@749 Mbps

Blocked 100% Evasions

© Copyright Fortinet Inc. All rights reserved.

FortiGate Secure SD-WAN Solution Daniel Marquardt | Systems Engineer

08 / 2018

6

DataCenter

MPLS

Challenges with Today’s WAN SaaS

Applications

Branch

Branch

No App Visibility

MPLS

InternetNo NGFW, likely no or UTM Security

Expensive and Slow

Poor Application SLA

7

DataCenter

Secure SD-WAN Enables Digital Transformation

SaaS Applications

Branch

BranchHybrid WAN Support

MPLS

Internet

Internet

ApplicationVisibility

High ApplicationPerformance

AdvanceSecurity

8

Gartner : Four architectures to secure SD-WAN

90% of the SD-WAN

vendors only offer

stateful firewalls…

Gartner, October 2017

Multiple products:

Agility impact?

Simplification impact?

Management impact?

One product:

Integrated NGFW & SD-WAN

Zero touch provisioning

One management

Multiple products:

Agility impact?

Simplification impact?

Traffic impact?

Management impact?

9

Evolution of Fortinet Secure SD-WAN

5.4 5.6 6.0!

• Application

steering

• Link load

Balancing

• Traffic

Shaping

• Identification of cloud

applications

• Dynamic WAN Path

Controller

• Zero Touch

Provisioning

Pure Play SD-WAN vendors

FortiGate SD-WAN

Se

cu

rity

6.0 New Features• Visibility into 3000+

applications

• Multiple SLA Strategies

• Enhanced Application

monitoring

FortiOS

FortiGate Secure SD-WAN Solution

11

FortiGate – Integrated NGFW with SD-WAN

Application

Aware

Multi-Path

Intelligence

Multi

Broadband

Supported

Simplified

Provisioning

Integrated SD-WAN with NGFW Security

Anti-botnet Intrusion

Prevention

Antivirus

IP

Reputation

SSL Inspection

IPsec VPN

Inspection

Application

Control

Next Generation Security Networking

&URL Filtering

12

SD-WAN Application Awareness – Broad and Deep

BROAD

DE

EP

❑ Posts

❑ Games

❑ Videos

❑ Chat

Gra

nu

lar

Ap

pli

ca

tio

n V

isib

ilit

y

3000+ Applications Supported

13

FortiOS SD-WAN Evolution

5.2 5.4 5.6 6.0

WAN link load balancing ✓ ✓ ✓ ✓

Routing, QoS and WAN Optimization ✓ ✓ ✓ ✓

VPN-Support (Site to Site VPN) ✓ ✓ ✓

Best quality WAN path selection ✓ ✓ ✓

SD-WAN Controller replaces WAN LLB ✓ ✓

FortiManager SD-WAN support ✓ ✓

Application traffic shaping for SD-WAN ✓ ✓

BGP Dynamic Routing for SD-WAN ✓ ✓

Minimum SLA enforcement link steering ✓

Multiple SLAs per SD-WAN rule ✓

Set link preference in SD-WAN rule ✓

Auto failback to primary link ✓

Interface percentage based traffic shaping ✓

Expanded application signatures for steering (~3000 apps) ✓

14

Performance SLA (For high priority applications)

Application-Level

Transaction

Latency < 200ms

Latency < 100ms

AND

Packet Loss < 1%

AND

Jitter < 30ms

MultipleMeasurement Techniques

❑ Ping

❑ HTTP

❑ TCP Echo

❑ UDP Echo

❑ TWAMP

FailoverParameters

Check Interval

Success before restore

Failure before inactive

15

▪ A virtual interface named SD-WAN is automatically created

» All static routes and firewall policies must be configured using this virtual

interface

SD-WAN Virtual Interface

Network > Static Routes

Network > Interfaces

Policy & Objects > IPv4 Policy

5.6 and 6.0

16

▪ In 6.0, the load balancing settings were moved to the SD-WAN

Rules section.

» Double click on the implicit rule to display the options.

load balancing settings in 6.0

6.0

17

FortiOS Secure SD-WANSD-WAN Rules

▪ SD-WAN Rules are applied like firewall rules

(Top down)

▪ Implicit catch all the

bottom decides how to

distribute remainder of undefined traffic:

» Source IP

» Sessions

» Spillover

» Src-Dst

» Volume

18

▪ Source IP (default)» Sessions from the same source IP address use the same interface.

▪ Source-destination IP» Sessions with the same source and destination IP pair use the same interface.

▪ Spillover» Use one interface until threshold is reached; then, use the next interface.

▪ Sessions» The number of sessions distributed is determined by the interface weights.

▪ Volume» Sessions are distributed so that traffic volume is distributed by the interface

weights.

SD-WAN Load Balancing Methods

19

SLA Strategy using Best Quality

No compromise on SLA

High performance of business-critical

applications

Always use the link with the best SLA requirements regardless of link cost

20

SLA Strategy using Minimum Quality

Maintain SLA While Saving on Opex

Consider both SLA and Link Cost

21

Application Aware SD-WAN – FOS 6.0 Example

▪ SD-WAN Rules

» Granular application awareness with

3000+ known applications

» Internet Service Database

▪ Dynamically updated database of known

service IPs and protocols

▪ Layer 4

» Application Control

▪ Dynamically updated database of

applications

▪ Deep inspection

22

SD-WAN Rules

▪ SD-WAN rules are treated as policy-based routes

Monitor > Routing Monitor

23

FortiManager - Single Pane of Glass Management

▪ VPN Visibility and

Management on FMG

▪ NOC Dashboard and simple central monitoring

▪ Zero-Touch deployment with FortiDeploy

24

Centralized Applications SLA – FortiManager 6.0

25

26

Evaluate FortiGate SD-WAN!

Native SD-WAN

Proven NGFW

✓ FortiGate provides PROVEN best of breed SD-WAN features in base

platform

✓ Make your branch application aware with our WAN Path Controller

✓ Consistent application performance with automated fail-over

✓ 90% of SD-WAN vendors do not offer NGFW security

✓ Fortinet is the industry leader in Security Effectiveness and Performance

✓ Simple to manage integrated NGFW And SD-WAN in single offering

SD WAN

NGFW