Fortinet Secure SD-WAN, deployed by over 21,000 customers globally, has transformed WAN edge architecture by delivering optimal user experience while reducing complexity. The ongoing creation and refinement of a WAN solution designed to support Fortinet’s rapidly expanding internal network of data centers, branch offices, and later, cloud-based services led to the development of a sophisticated, purpose-built SD-WAN solution built on the back of Fortinet’s market-leading FortiGate appliances for ultimate security.
This Secure SD-WAN solution was designed to maintain Fortinet’s high network performance demands and custom application SLAs, such as processing massive amounts of threat telemetry data gathered from around the world, along with business-critical services such as streaming video. And it was also designed to provide a full range of security protections for Wide Area Network (WAN) environments without bottlenecking– a critical issue that all other SD-WAN solutions on the market have overlooked. Internal deployment of this solution has had an immediate and long-term business impact on Fortinet, and led to the decision to create a commercial version for Fortinet’s many customers experiencing the same challenges.
What Led to Fortinet’s Adoption of SD-WAN?
Fortinet has seen a tremendous growth in revenue, workforce, and acquisitions over the past few years. As a result, Fortinet has been in an ongoing process of expanding its branch offices globally. The time and resources required to support this growth created a demand for the rapid integration and simplification of local branch networks, combined with the need for centralized management, visibility, and security at scale.
Operational Efficiency Through IPSec VPN Simplification
The first step was to simplify the existing point-to-point VPN to a Hub-and-Spoke VPN model. This reduced complexity by lowering the number of IPSec VPNs needed between Fortinet’s branch and remote offices and their Hub sites and Datacenters. Moving to a Hub-and-Spoke model also ensured that every Branch office and remote site was always connected to one of the five major corporate sites, providing IT teams with:
- Visibility into remote sites along with access to resources, even in the absence of local IT staff.
- The simplification of establishing and maintaining IPSec VPNs between existing and new sites.
- Reducing the per-site bring-up time from 15 hours to 3 hours, reducing staff hours by 80% per year.
- Teams working across time zones were still able to manage remote sites, reducing troubleshooting time by 75%.
Consistent Connectivity with WAN Redundancy and Failover
SD-WAN functionality, including advanced VPN functionality, was then added to FortiGate appliances to accelerate access to applications and ensure stable connectivity. Most Fortinet branch sites had more than one connection to the internet to support load balancing and failover, and the addition of SD-WAN services added intelligent application business policies to achieve:
- Consistent connectivity for critical applications, along with redundancy on WAN links.
- Better application performance by choosing the best-performing SLA-based WAN decision.
- Failover with a built-in LTE path of last resort capability.
- Real-time inspection and policy enforcement for all traffic, directly integrated with SD-WAN functionality for gapless protection and single console management.
Improve User Experience with Reduced Latency
Applications moving to the cloud and increased traffic demands due to SaaS and cloud-hosted applications can have an immediate effect on user experience, especially for business-critical and real-time applications such as voice and video. To deliver better performance, these applications need to be identified correctly, prioritized, and forwarded on using the highest performing WAN link available. Implementing this Secure SD-WAN functionality on their Branch and Hub sites allowed Fortinet to:
- Define business policies per application based on application SLAs, with auto-provisioning across all sites – reducing staff hours by 80%.
- Granular policy definition with the capability to load balance and failover between different ISPs to deliver the best user experience.
- Prioritize applications for bandwidth consumption and remediate network conditions such as packet loss using forward error correction (FEC) to maintain consistently high application performance end-to-end.
Business Impact
Overall, through the adoption of Secure SD-WAN in its network infrastructure, Fortinet saw an immediate business impact, with an 80% reduction in the time required to configure each new WAN deployment, a 75% reduction in ongoing WAN edge maintenance time, and potentially thousands of staff hours saved due to automated load balancing and policy management for distributed branch office networks.
Fortinet’s commercially available Secure SD-WAN provides these same benefits to customers, and more. Fortinet Secure SD-WAN functionality and performance, developed and maintained by a world-class team of networking engineers, meets or surpasses industry-best standards. This ensures consistent and high-performance connectivity, advanced application steering, real-time load balancing, and seamless connection failover.
The addition of the full suite of FortiGate security solutions, combined with its custom-built security and networking processors, also ensures that all SD-WAN traffic is secured, even encrypted traffic is inspected without impacting even the most bandwidth-hungry business applications. And a fully integrated management interface ensures, for the first time, that all SD-WAN and security functions can be managed, configured, and orchestrated together through a single pane of glass.
By combining SD-WAN functionality with comprehensive security, Fortinet provides organizations with a proven and tested solution. Originally designed to meet the exacting standards of a Fortune 500 organization with an extended and global network of multi-cloud infrastructures and services, SaaS applications, data centers, branch offices, and Hub locations, Fortinet Secure SD-WAN is a solution organizations can trust to provide the most powerful and secure SD-WAN solution available in the market today.
Written By Rajesh Kari
Powered by Fortinet, Delivered by IT Vortex.