1

Secure SD WAN18/11/2019

2

• Fortinet

• Security Fabric

• Secure SDWAN as a part of the fabric

• Beyond SDWAN → SDBRANCH

• Use case:

• Use best connections/path for your application

agenda

3

Network Security Leader

Fortinet is among the top 4

public cybersecurity

companies in the world.

Its broad portfolio of solutions

spans Network, Infrastructure,

Cloud, and IoT Security.

$13.1BMkt Cap

~$1.8B - 2018(revenue)

* As of June 30, 2019

415,000+Customers

4.9M+ Appliances Shipments Worldwide

(+30% units WW)

4

70% of F100 Are Fortinet Customers

TelcoFinancials/

Banking

Technology

RetailAerospace/

Defense

10 of 12

Healthcare

12 of 15

Transportation

3 of 5 9 of 11 3 of 5

9 of 104 of 4 11 of 13 3 of 54 of 5

Financials/Ins Food/Bev

Energy

5

Fortinet is Positioned for a Bigger Total Addressable Market

NETWORK SECURITY

CLOUD SECURITYINFRASTRUCTURE SECURITY

IOT & OT SECURITY

$9B

INFORMATION SECURITY

$59B

$18B

$19B

NAC

Mobile

Endpoint

WiFi

Switch

5G

Email

Identity

Source: Fortinet reclassification of data

from recent analyst research. 2022

opportunity shown.

6

History of Leading Network Security Innovation Number of Patents

Number of patents issued as listed by the U.S. Patent and Trademark Office

Based on information on USPTO website on 06/30/2019

598

182

180

175

81

75

0 100 200 300 400 500 600

Fortinet

FireEye

SonicWall

Palo Alto Networks

Sophos

Check Point

• #1 Security Innovator• Competitor data based on patents issued as

listed by the U.S. Patent and Trademark Office

598 U.S. Patents

30 International Patents

628 Global Patents

7

A Leader in Network Security

Gartner Magic Quadrant for Enterprise Network Firewalls, Adam Hills, Jeremy D'Hoinne, Rajpreet Kaur, 4 October 2018

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advice technology users to select only those

vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should

not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to its research, including any warranties of

merchantability or fitness for a particular purpose.

Gartner Peer Insights reviews constitute the subjective opinions of individual end-users based on their own experiences, and do not represent the views of

Gartner or its affiliates.

©GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates, and is used herein with permission. All rights reserved.

Gartner Magic Quadrant for Unified Threat Management (SMB Multifunction Firewalls), Rajpreet Kaur & Claudio Neiva, 20 September 2018

Disclaimer: Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advice technology users to select only

those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner ’s research organization and

should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to its research, including any warranties of

merchantability or fitness for a particular purpose.

©GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates, and is used herein with permission. All rights reserved.

Security FabricFrom point solutions to collaborative network

9

1st Generation Network Security : Connectivity

Networking

ServerPC

Security

Trusted

Firewall

Not

Trusted

Software

<2000Network vs Security

10

Networking Security

2nd Generation Network Security : Content

Devices

>2000

NGFW

Network vs Security

TrustedNot

Trusted

Hardware

11

3rd Generation - Security-Driven Networking

Cloud

WAN Edge

Endpoint

IoTOT

Networking

Exploit

Malware

Insider

Security

SoC 4

Secure SD-WAN

Secure Access

Secure Cloud

Secure 5G

Security-Driven

Networking

5G

Edge

NowNetwork vs Security

12

BroadVisibility of the entire

digital attack surface

IntegratedAI-driven breach prevention

across all devices, networks,

and applications

AutomatedOperations, orchestration

and response

Fortinet Security Fabric

The Need For SDWAN

14

Existing WAN Challenges at the Branch – Gartner Survey

Increasing WAN costs

Poor Application Experience

Complex Management

Low Security Posture

72%58%47%34%

Resource: Gartner Survey Analysis: Address Security and Digital Concerns to Maintain Rapid SD-WAN Growth, Naresh Singh, 12 November 2018

15

• Improve Security - application visibility and control

Need fast ramp to Multi-Cloud and Internet services

• Cost effectively scale bandwidth

Optimize application performance

• Reduce management complexity and operation cost

Faster service delivery and flexibility

Digital Transformation creates challenges for customers

Legacy WAN architecture is not optimal for the cloud enterprise

16

Secure Connectivity to Cloud

Better Cloud Application Performance

Dramatically Simplifies traditional WAN Complexity

Lightweight Replacement of traditional routers

SD-WAN is the New Business Outcome Driven WAN

SD-WAN FUNCTIONALITYSIMPLIFICATION

17

Fortinet Secure SD-WAN Use-Cases

Reduce Cost

Enables MPLS to Broadband

transition while keeping the best

security posture at the edge

Enable Cloud Ready Branch

Improves application and user

experience using Cloud on ramp

Simplified Operations

Reduces complexity by consolidating

point products. Enables single pane of

glass management & Analytics FortiGate

FortiManager

FortiGuard Labs

3X Reduce Hardware Cost

30% Reduce WAN Cost

2X Better User Experience

Enterprise SD-WAN Use Case

Peter Vanhemelryck

19CONFIDENTIAL© Fortinet Inc. All Rights Reserved.

Enterprise SD-WAN Use CasesInternet SaaS – Application Aware + Path Awareness Intelligence

Internet

ISP-B

Internet

ISP-A

Critical Apps

Best path is chosen depending

on latency, jitter & packet loss

Critical Apps

Redirected to a new link in case the

WAN conditions are better than the

threshold

Office

Not Business App

Less priority. QoS

19

20CONFIDENTIAL© Fortinet Inc. All Rights Reserved.

Enterprise SD-WAN Use CasesMPLS backup with local breakout

MPLS

Branch

HQ

MPLS Dependency

Inflexible, expensive, good

QoS

Critical Apps & Secure access

Redundant path through IPSec

VPN

Direct secure access to Internet,

SaaS and IaaS content

NGFW + SSL Inspection

Internet

20

21CONFIDENTIAL© Fortinet Inc. All Rights Reserved.

Enterprise SD-WAN Use CasesMPLS replacement

Branch

HQ

Critical Apps

Best path is chosen depending

on latency, jitter & packet loss

Critical Apps & Secure access

Redundant path through IPSec

VPN

Internet

Internet

Direct secure access to Internet,

SaaS and IaaS content

Load balanced across different

lines so bandwidth is optimized.

21

22CONFIDENTIAL© Fortinet Inc. All Rights Reserved.

Enterprise SD-WAN Use CasesCentralized Internet Management

Retail

Retail

MPLS

Internet

Internet

Internet

Internet

Internet

Central Traffic Management

Route all the traffic through HQ

HQ

Secure access to Internet, SaaS

and IaaS content

NGFW + SSL Inspection – Load

balance if needed.

22

23CONFIDENTIAL© Fortinet Inc. All Rights Reserved.

Enterprise SD-WAN Use CasesRedundant Public Cloud access

Branch

Internet

MPLS

Public Cloud

Internet

Health-Check

Link Fail Detected

Redundant Access

Traffic through HQ

HQ

Dynamic

Routing

23

Fortinet Secure SD-WAN

25CONFIDENTIAL

FOS 6.2 – FortiGate SD-WAN

Visibility into 3000+ applications

Application-level transaction for better

SLA

Dynamic WAN link selection using SLA

strategies

Automated fail-over capabilities

High-level monitoring of SD-WAN devices on a

map

Detailed application monitoring

Application

Aware

Multi-Path

Intelligence

Simplified

Monitoring

Certified

Security

Multi

Broadband

Supported

Transport independent with support for Ethernet, 3G/4G

Aggregate multiple interfaces into single SD-WAN interface

Most Certified Security such as NSS Labs

High Performance powered by Security

Processor technology

26CONFIDENTIAL

FortiGate Next Generation Firewalls with Integrated SD-WAN

+ + + + + + + +

Secure SD-WAN

Scalable and Easy to Deploy

SD-WAN App

Control

Intrusion

Prevention

Antivirus URL

Filtering

Sandboxing SSL InspectionTraffic

Shaping

VPN

Unprecedented Integration and visibility

SD-WAN NGFW

SD-WAN requires direct internet access which demands security at every branch

90% of the SD-WAN vendors only offer stateful firewalls which is not enough

27CONFIDENTIAL

FortiOS Secure SD-WANManagement & Visibility – FortiManager

28CONFIDENTIAL

FortiOS Secure SD-WANManagement & Visibility – Zero Touch Provisioning

CONNECT

Connect Device

CONTACT

Contact made with FortiDeploy

service within FortiCloud

CONFIGURE

Full Device Configuration

from FortiManager

FORTIMANAGER

BRANCH OFFICE

FORTICLOUDFORTIDEPLOY

1

2

3

Fortinet Recommended for SD-WANGartner & NSS Testing

30CONFIDENTIAL

Gartner : Security is the top concern for SD-WAN

72% of Customers reported

that Security is the top concern

during WAN initiatives

58% of Customers looking for

better application performance

47% of Customers looking for

better TCO while selecting SD-

WAN vendors

31CONFIDENTIAL

Gartner’s 2018 Magic Quadrant for WAN Edge Infrastructure

“Fortinet should be shortlisted for all

WAN edge opportunities globally”

“The vendor’s vision and roadmap to

deliver increasing levels of automation

align with Gartner’s view of emerging

customer needs”

Marked as a “Challenger” with Furthest

“Completion of Vision”

32CONFIDENTIAL

Fortinet SD-WAN Receives “Recommendation” from NSS Labs

Highest QoE for VoIP

Best Total Cost of Ownership

Only Security Vendor to be

Recommended

4.38 out of 4.41

$5@749 Mbps

Blocked 100% Evasions

33CONFIDENTIAL

Why Fortinet for SD-WAN

NGFW 2013 2014 2016 2017

Fortinet Recommended Recommended Recommended Recommended

Palo Alto Networks Recommended Caution Neutral Caution

Checkpoint Recommended Recommended Recommended Recommended

Cisco Recommended RecommendedNeutral/

RecommendedRecommended

Juniper NeutralDid not

participateNeutral Caution

Security Processor delivers

industry’s best NGFW security,

which is far superior to segmentation

NSS Labs recommend Fortinet

for SD-WAN and Security.

Rated leading challenger by

Gartner

NGFW Security Independent ValidationNative SD-WAN

FortiGate provides best of breed

integrated SD-WAN and security

capabilities in a single device.

SD-Branch

35CONFIDENTIAL

What is SD-BranchExtension of Secure SD-WAN to a complete SD-Branch solution

SD-Branch

SD-Branch

FortiSwitch

FortiAP

SD-WAN

Secure

SD-WAN

SD-WAN

SD-Branch

36CONFIDENTIAL

Access

Management

WiFi Controller

Firewall

Management

Switching

Multi-vendor Layer Approach = Complexity

Complexity is the Enemy

▪ Multiple point solutions

▪ Multiple platforms

▪ Multiple management consoles

▪ Inconsistent policy and networking

▪ Varying upgrade cycles

▪ Slow and porous threat response

▪ Resources strained to maintain

▪ Prone to configuration complexity

SD-WAN

37CONFIDENTIAL

Access

Management

WiFi Controller

Firewall

Management

Switching

Fortinet’s security fabric = Simplicity

FortiGate Manages it all

▪ FortiLink» Switch ports are an extension of your

NGFW

▪ FortiLink wireless» SSIDs are an extension of your NGFW

▪ No additional licenses

▪ No new UI to learn

▪ Simple deployment

▪ Harmonized configuration

FortiGate

+

SDWAN

+

Switch

+

Access PointsSD-WAN

38CONFIDENTIAL

Secure Unified Access Ethernet

FortiSwitchSecure

Pervasive Security with Fortinet Security

Fabric Integration powered by FortiLink.

Simple

Multiple Simplified Management,

Deployment, and Network Architectures.

Scalable

Stackable up to 300 switches per

FortiGate.

FortiSwitch becomes a logical extension of

the FortiGate when connected via FortiLink

39CONFIDENTIAL

Secure Unified Wireless Access with FortiAP

▪ Secure

» Pervasive security with Fortinet Security Fabric

integration.

▪ Simple

» Plug & Play simplified management with a

single pane of glass for wired, wireless, and

security that requires no additional licenses

▪ Visibility

» See the whole network, and track identity

throughout.

Wireless networks become a logical extension of

the FortiGate when controlled via FortiLink Wireless

FortiAP

40CONFIDENTIAL© Fortinet Inc. All Rights Reserved.

Integration of SD-WAN and LANFortiManager

Switches Access Points

▪ Zero-Touch Deployment

▪ VLAN provisioning

▪ Port Security Policies

▪ Zero-Touch Deployment

▪ SSID Provisioning

▪ Wireless Security

41CONFIDENTIAL

Single Pane of Glass to Manage LAN and WAN Devices at the Branch

Consolidation of Branch Services

CHALLENGES

▪ Multiple management consoles

▪ Complex provisioning to bring up a

new branch

SD- Branch

FortiGate

Secure

SD-WAN

FortiAPFortiSwitch

LAN

WAN

© Copyright Fortinet Inc. All rights reserved.

Demo Time

43CONFIDENTIAL

▪Using Cloud SAAS Apps

▪ Analyze behavior of path selection in function of

» SLA type

» Network health

Goal of demonstration

44CONFIDENTIAL

▪Use best connections for the business applications

▪Network services should always be available

▪Use dedicated link for training platform

▪ All other traffic may not influence business application

Business Needs

45CONFIDENTIAL

Bussiness Applications

Internet

ISP1

ISP2

ISP3

SLA: use best quality

acme.com