Fortinet black logo

Administration Guide

SD-WAN

SD-WAN

SD-WAN is a software-defined approach to managing Wide-Area Networks (WAN). It allows you to offload internet-bound traffic, meaning that private WAN services remain available for real-time and mission critical applications. This added flexibility improves traffic flow and reduces pressure on the network.

SD-WAN platforms create hybrid networks that integrate broadband and other network services into the corporate WAN while maintaining the performance and security of real-time and sensitive applications.

SD-WAN with Application Aware Routing can measure and monitor the performance of multiple services in a hybrid network. It uses application routing to offer more granular control of where and when an application uses a specific service, allowing better use of the overall network.

Some of the key benefits of SD-WAN include:

  • Reduced cost with transport independence across MPLS, 3G/4G LTE, and others.
  • Improve business application performance thanks to increased availability and agility.
  • Optimized user experience and efficiency with SaaS and public cloud applications.

SD-WAN has 4 objects:

  • SD-WAN zones

    SD-WAN is divided into zones. SD-WAN member interfaces are assigned to zones, and zones are used in policies as source and destination interfaces. You can define multiple zones to group SD-WAN interfaces together, allowing logical groupings for overlay and underlay interfaces. See SD-WAN zones.

  • SD-WAN members

    Also called interfaces, SD-WAN members are the ports and interfaces that are used to run traffic. At least one interface must be configured for SD-WAN to function; up to 255 member interfaces can be configured. See Configuring the SD-WAN interface.

  • Performance SLAs

    Also called health-checks, performance SLAs are used to monitor member interface link quality, and to detect link failures. They can be used to remove routes, and to reroute traffic when an SD-WAN member cannot detect the server. They can also be used in SD-WAN rules to select the preferred member interface for forwarding traffic. See Factory default health checks, Performance SLA - link monitoring, and Performance SLA - SLA targets.

  • SD-WAN rules

    Also called services, SD-WAN rules are used to control path selection. Specific traffic can be dynamically sent to the best link, or use a specific route. There are five modes:

    • auto: Assign interfaces a priority based on quality.
    • manual: Assign interfaces a priority manually.
    • priority: Assign interfaces a priority based on the link-cost-factor quality of the interface.
    • sla: Assign interfaces a priority based on selected SLA settings.
    • load-balance: Distribute traffic among all available links based on the load balance algorithm.

    See Implicit rule, SD-WAN rules - best quality, SD-WAN rules - lowest cost (SLA), and SD-WAN rules - maximize bandwidth (SLA).

SD-WAN

SD-WAN is a software-defined approach to managing Wide-Area Networks (WAN). It allows you to offload internet-bound traffic, meaning that private WAN services remain available for real-time and mission critical applications. This added flexibility improves traffic flow and reduces pressure on the network.

SD-WAN platforms create hybrid networks that integrate broadband and other network services into the corporate WAN while maintaining the performance and security of real-time and sensitive applications.

SD-WAN with Application Aware Routing can measure and monitor the performance of multiple services in a hybrid network. It uses application routing to offer more granular control of where and when an application uses a specific service, allowing better use of the overall network.

Some of the key benefits of SD-WAN include:

  • Reduced cost with transport independence across MPLS, 3G/4G LTE, and others.
  • Improve business application performance thanks to increased availability and agility.
  • Optimized user experience and efficiency with SaaS and public cloud applications.

SD-WAN has 4 objects:

  • SD-WAN zones

    SD-WAN is divided into zones. SD-WAN member interfaces are assigned to zones, and zones are used in policies as source and destination interfaces. You can define multiple zones to group SD-WAN interfaces together, allowing logical groupings for overlay and underlay interfaces. See SD-WAN zones.

  • SD-WAN members

    Also called interfaces, SD-WAN members are the ports and interfaces that are used to run traffic. At least one interface must be configured for SD-WAN to function; up to 255 member interfaces can be configured. See Configuring the SD-WAN interface.

  • Performance SLAs

    Also called health-checks, performance SLAs are used to monitor member interface link quality, and to detect link failures. They can be used to remove routes, and to reroute traffic when an SD-WAN member cannot detect the server. They can also be used in SD-WAN rules to select the preferred member interface for forwarding traffic. See Factory default health checks, Performance SLA - link monitoring, and Performance SLA - SLA targets.

  • SD-WAN rules

    Also called services, SD-WAN rules are used to control path selection. Specific traffic can be dynamically sent to the best link, or use a specific route. There are five modes:

    • auto: Assign interfaces a priority based on quality.
    • manual: Assign interfaces a priority manually.
    • priority: Assign interfaces a priority based on the link-cost-factor quality of the interface.
    • sla: Assign interfaces a priority based on selected SLA settings.
    • load-balance: Distribute traffic among all available links based on the load balance algorithm.

    See Implicit rule, SD-WAN rules - best quality, SD-WAN rules - lowest cost (SLA), and SD-WAN rules - maximize bandwidth (SLA).