Fortinet Secure SD-WAN

This is the third article I write about SD-WAN because I’ve been reading and studying a lot about this kind of networks lately. I had already worked with SD-WAN years ago when I had to configure eight uplinks WANs to send traffic for all of them in a datacenter. It was really easy with this kind of technology. Therefore, I’ve configured lots of SD-WAN since then. However, I’ve had to learn how SD-WAN works in Juniper 128T and Nokia Nuage these days for a new project. This is the main reason I’m also writing about SD-WAN today.

SD-WAN is very interesting when we have lots of WAN uplinks and we want to send different types of traffic for each WAN link. For instance, mail traffic for one link, web traffic for another link and streaming traffic for another one. However, it is also interesting when we have lots of branches or small offices and we need to manage all of them from a centralized platform where we configure and deploy all WAN links easily and quickly. Juniper and Nokia can do it but Fortinet can also do it from the security perspective. In addition to SD-WAN, Fortinet adds NGFW features to the branch.

Secure SD-WAN - All in one SDWAN + Security

SDN architectures are based on the management plane, control plane and data plane where each of them is a component or device. For instance, Nokia Nuage has a real SDN architecture because VSD is the management plane, VSC is the control plane and NSG is the data plane. However, Juniper and Fortinet work like a SDN architecture but they are not a real one because the Conductor is the management plane and the SSR is the control & data planes for Juniper while FortiManager is the management plane and FortiGate is the control & data planes for Fortinet.

Secure SD-WAN architecture components

The provisioning process is really important when there are lots of branches because SD-WAN projects require configuring and deploying each branch remotely and quickly without the need to go there. For example, we can use FortiDeploy along with FortiManager to install FortiGate devices in branch offices quickly. When FortiGate devices are connected to the Internet, we can use FortiDeploy to configure the FortiManager IP address into FortiGate devices, which is from where we are going to manage it centrally. Once we see the branch device from FortiManager, we can deploy the configuration.

Zero Touch Provisioning (ZTP)

Reading and studying about SD-WAN these days, I’ve come across the magic quadrant for WAN Edge Infrastructure where we can see Fortinet and VMware as leaders for SD-WAN. I think Fortinet is a leader because FortiGate adds security features to the branch. With regard to VMware, they are also leaders thanks to the recent VeloCloud acquisition. However, Juniper 128T, who are visionaries, I think the tunnel-less technology is really innovative. Finally, Nokia Nuage is a real SDN solution which works very well and it has already been deployed in many countries.

Fortinet recognized as a leader for WAN Edge Infrastructure

Regards my friends! What SD-WAN solution would you like to deploy?