Fortinet black logo

SD-WAN Architecture for Enterprise

Home FortiGate / FortiOS 7.0.0 SD-WAN Architecture for Enterprise

SD-branch simplification

7.0.0
7.2.0
7.0.0
Copy Link
Copy Doc ID 7030e0d2-4287-11ec-bdf2-fa163e15d75b:334174
Download PDF

SD-branch simplification

When addressing the SD-branch deployment, one of the primary considerations is to make it easy and fast by taking advantage of zero touch provisioning approaches.

Thanks to the integration of FortiSwitch and FortiAP in FortiManager, the normalization of a configuration can be defined once and then replicated throughout all the branches of a given corporation. This implies that all branches should be similar to maximize their benefits.

The following scenario describes the ideal situation:

  1. Creation of templates per SD-Branch on FortiManager using variables and model devices.
  2. Shipping corresponding gear to remote sites, and having someone with no networking or security background connect the devices.
  3. Remote devices power up, and automatically trigger a call-home procedure to reach the FortiManager.
  4. Once discovered by FortiManager, the devices get provisioned according to their preconfigured setup. That is the end of the deployment.

If standardization for SD-Branches is not possible, FortiManager also supports per-device configuration for FortiSwitch, which provides the capability to manage each FortiSwitch independently, as if directly configured from a FortiGate. It can also define specific SSID Groups to be distributed on some sites and not on others.

All the benefits described above are also present on FortiManager. All elements can be deployed through its single-pane-of-glass console, and connected devices can be displayed in its Security Fabric views.

Previous
Next

SD-branch simplification

When addressing the SD-branch deployment, one of the primary considerations is to make it easy and fast by taking advantage of zero touch provisioning approaches.

Thanks to the integration of FortiSwitch and FortiAP in FortiManager, the normalization of a configuration can be defined once and then replicated throughout all the branches of a given corporation. This implies that all branches should be similar to maximize their benefits.

The following scenario describes the ideal situation:

  1. Creation of templates per SD-Branch on FortiManager using variables and model devices.
  2. Shipping corresponding gear to remote sites, and having someone with no networking or security background connect the devices.
  3. Remote devices power up, and automatically trigger a call-home procedure to reach the FortiManager.
  4. Once discovered by FortiManager, the devices get provisioned according to their preconfigured setup. That is the end of the deployment.

If standardization for SD-Branches is not possible, FortiManager also supports per-device configuration for FortiSwitch, which provides the capability to manage each FortiSwitch independently, as if directly configured from a FortiGate. It can also define specific SSID Groups to be distributed on some sites and not on others.

All the benefits described above are also present on FortiManager. All elements can be deployed through its single-pane-of-glass console, and connected devices can be displayed in its Security Fabric views.

Previous
Next