Fortinet - Optimised network performance with secure SD-WAN

Fortinet Secure SD-WAN (Software-Defined networking in a Wide Area Network), deployed by over 21,000 customers worldwide, has transformed the WAN edge architecture by delivering an optimal user experience while reducing complexity. The continued creation and refinement of a WAN solution to support Fortinet's rapidly growing internal network of data centres, branch offices and later cloud-based services led to the development of a sophisticated, purpose-built SD-WAN solution built on Fortinet's market-leading FortiGate appliances for ultimate security.

This secure SD-WAN solution has been designed to meet Fortinet's stringent network performance requirements and individual application SLAs, such as processing vast amounts of threat telemetry data collected from around the world, as well as business-critical services such as video streaming. It was also designed to provide a full range of security protections for wide area network (WAN) environments without bottlenecks - a critical point overlooked by all other SD-WAN solutions on the market. The internal deployment of this solution had an immediate and long-term impact on Fortinet's business and led to the decision to create a commercial version for Fortinet's many customers facing the same challenges.

What led to Fortinet's adoption of SD-WAN?

Fortinet has experienced tremendous growth in revenue, headcount and acquisitions over the past few years. As a result, Fortinet has been steadily expanding its branch offices around the world. The time and resources required to support this growth have created a demand for rapid integration and simplification of local branch networks, coupled with the need for centralised management, visibility and security at scale.

Operational efficiency through IPSec VPN simplification.

The first step was to simplify the existing point-to-point VPN into a hub-and-spoke VPN model. This reduced complexity by reducing the number of IPSec VPNs required between Fortinet's branch and remote offices and their hub sites and data centres. Moving to a hub-and-spoke model also ensured that each branch and remote site was always connected to one of the five major enterprise sites, benefiting IT teams:

• Visibility of remote sites and access to resources even when there was no local IT staff on site.
• The simplification of setting up and maintaining IPSec VPNs between existing and new sites.
• Reducing deployment time per site from 15 hours to 3 hours, reducing staff hours by 80% per year.
• Teams working across time zones could still manage remote sites, reducing troubleshooting time by 75%.

Consistent connectivity with WAN redundancy and failover.

FortiGate appliances were then enhanced with SD-WAN functionality, including advanced VPN functionality, to accelerate access to applications and ensure stable connectivity. Most of Fortinet's branch offices had more than one Internet connection to support load balancing and failover, and the addition of SD-WAN services added intelligent business policies for applications to achieve:

• Consistent connectivity for critical applications along with redundancy on WAN links.
• Better application performance by choosing the best performing SLA-based WAN decision.
• Failover with an integrated LTE path as a last resort.
• Real-time inspection and policy enforcement for all traffic, directly integrated with SD-WAN functionality for seamless protection and management from a single console.

Improve the user experience with reduced latency.

Applications moving to the cloud and increased traffic demands due to SaaS and cloud-hosted applications can have an immediate impact on the user experience, especially for mission-critical and real-time applications such as voice and video. To achieve better performance, these applications must be correctly identified, prioritised and routed over the highest performing WAN link available. Implementing this secure SD-WAN functionality on their branch and hub sites enabled Fortinet to do this:

• Define business policies per application based on application SLAs with automatic deployment to all sites, reducing staff time by 80%.
• Granular policy definition with the ability to load balance and failover between different ISPs to deliver the best user experience.
• Prioritisation of applications in terms of bandwidth usage and remediation of network conditions such as packet loss using Forward Error Correction (FEC) to ensure consistent application performance from start to finish.

Business impact

Overall, Fortinet saw an immediate business impact from the introduction of Secure SD-WAN into its network infrastructure, with an 80% reduction in the time required to configure each new WAN deployment, a 75% reduction in ongoing WAN edge maintenance time, and potentially thousands of employee hours saved through automated load balancing and policy management for distributed branch networks.

Fortinet's commercially available Secure SD-WAN offers customers the same benefits and more. Designed and maintained by a world-class team of network engineers, Fortinet Secure SD-WAN's functionality and performance meets or exceeds the industry's best standards. This ensures consistent and high-performance connectivity, advanced application control, real-time load balancing and seamless link failover.

The addition of the full suite of FortiGate security solutions, combined with the purpose-built security and network processors, also ensures that all SD-WAN traffic is secured and even encrypted traffic is inspected without impacting even the most bandwidth-intensive business applications. And a fully integrated management interface ensures for the first time that all SD-WAN and security functions can be managed, configured and orchestrated together through a single pane of glass.

By combining SD-WAN functionality with comprehensive security, Fortinet offers enterprises a proven and tested solution. Originally designed to meet the exacting standards of a Fortune 500 organisation with an extensive and global network of multi-cloud infrastructures and services, SaaS applications, data centres, branch offices and hub locations, Fortinet Secure SD-WAN is a proven solution for the enterprise.Fortinet Secure SD-WAN is a solution that enterprises can trust to deliver the most powerful and secure SD-WAN solution available.