Fortinet black logo

SD-Branch Retail Playbook

Home FortiGate / FortiOS 6.4.0 SD-Branch Retail Playbook

SD-WAN Orchestration

6.4.0
6.4.0
Copy Link
Copy Doc ID 2e714811-545f-11eb-b9ad-00505692583a:942638
Download PDF

SD-WAN Orchestration

Building on our sample SD-Branch topology, we now add in a Regional Hub and Multi-Cloud access. Here, we will require redundant connections back to the HQ for processing transactions, and additional link(s) connecting to cloud resources for other SaaS based services or custom applications on the public cloud. The connections may be physical connections or high speed VPN overlays to secure the data.

Transforming each branch into a SD-Branch can become a daunting task when hundreds or even thousands of branches are involved. Managing the connections and interconnecting the VPN overlays increase in complexity as the number of sites grow.

Central management and SD-WAN orchestration is designed to reduce the complexity by automating much of the ground work. Fortinet's SD-WAN Orchestrator and SD-WAN Module are two approaches to orchestrate your SD-WAN deployment with FortiManager.

SD-WAN Orchestrator

The SD-WAN Orchestrator simplifies the SD-WAN deployment. It is ideal for a multi-region enterprise network, where hub and edge devices interconnect to create a complex mesh of underlays and VPN overlays. SD-WAN Orchestrator automates the configuration based on profiles that you define for hub and edge devices, allowing you to scale your SD-WAN deployment with ease.

Once the hub and edge device profiles are defined, you add a FortiGate to the SD-WAN Orchestrator by specifying one of the profiles and the region. The orchestrator is able to create the necessary overlays between the hub and the edge device, and a full mesh overlay between multiple hubs. Finally, policies templates are added based on the profiles you created.

The SD-WAN Orchestrator is a Management Extension Application (MEA) that can be installed on the FortiManager. To learn more, see the SD-WAN Orchestrator Administration Guide.

FortiManager's SD-WAN module

FortiGate's native ADVPN support is a powerful solution for building a scalable VPN overlay network between a hub, or hubs, and many spokes.

Spokes (or SD-Branches) can communicate with other branches through dynamically built tunnels called shortcuts. The FortiManager SD-WAN module and the VPN Manager work together to help scale your FortiGate configurations and manage the important components by grouping together your VPN overlays, objects, policy packets, etc.

The SD-WAN template then takes the shared objects and creates different profiles to perform health checks and dynamically steer your traffic. The deployment method allows very granular control over your SD-WAN profiles and is suited for administrators with deep understanding of the underlying technologies.

Resources

Topic

Description
SD-WAN / ADVPN configuration guide Provides an understanding of the Fortinet Secure SD-WAN configuration.
Previous
Next

SD-WAN Orchestration

Building on our sample SD-Branch topology, we now add in a Regional Hub and Multi-Cloud access. Here, we will require redundant connections back to the HQ for processing transactions, and additional link(s) connecting to cloud resources for other SaaS based services or custom applications on the public cloud. The connections may be physical connections or high speed VPN overlays to secure the data.

Transforming each branch into a SD-Branch can become a daunting task when hundreds or even thousands of branches are involved. Managing the connections and interconnecting the VPN overlays increase in complexity as the number of sites grow.

Central management and SD-WAN orchestration is designed to reduce the complexity by automating much of the ground work. Fortinet's SD-WAN Orchestrator and SD-WAN Module are two approaches to orchestrate your SD-WAN deployment with FortiManager.

SD-WAN Orchestrator

The SD-WAN Orchestrator simplifies the SD-WAN deployment. It is ideal for a multi-region enterprise network, where hub and edge devices interconnect to create a complex mesh of underlays and VPN overlays. SD-WAN Orchestrator automates the configuration based on profiles that you define for hub and edge devices, allowing you to scale your SD-WAN deployment with ease.

Once the hub and edge device profiles are defined, you add a FortiGate to the SD-WAN Orchestrator by specifying one of the profiles and the region. The orchestrator is able to create the necessary overlays between the hub and the edge device, and a full mesh overlay between multiple hubs. Finally, policies templates are added based on the profiles you created.

The SD-WAN Orchestrator is a Management Extension Application (MEA) that can be installed on the FortiManager. To learn more, see the SD-WAN Orchestrator Administration Guide.

FortiManager's SD-WAN module

FortiGate's native ADVPN support is a powerful solution for building a scalable VPN overlay network between a hub, or hubs, and many spokes.

Spokes (or SD-Branches) can communicate with other branches through dynamically built tunnels called shortcuts. The FortiManager SD-WAN module and the VPN Manager work together to help scale your FortiGate configurations and manage the important components by grouping together your VPN overlays, objects, policy packets, etc.

The SD-WAN template then takes the shared objects and creates different profiles to perform health checks and dynamically steer your traffic. The deployment method allows very granular control over your SD-WAN profiles and is suited for administrators with deep understanding of the underlying technologies.

Resources

Topic

Description
SD-WAN / ADVPN configuration guide Provides an understanding of the Fortinet Secure SD-WAN configuration.
Previous
Next