Fortinet black logo

SD-WAN Architecture for Enterprise

Home FortiGate / FortiOS 7.0.0 SD-WAN Architecture for Enterprise

Reducing risk with Secure SD-WAN

7.0.0
7.2.0
7.0.0
Copy Link
Copy Doc ID 7030e0d2-4287-11ec-bdf2-fa163e15d75b:940
Download PDF

Reducing risk with Secure SD-WAN

Secure SD-WAN adds the advanced security capabilities of a next-generation firewall (NGFW) to the networking solution. It's no accident that the icon in the modernized SD-WAN branch edge solution that represents the SD-WAN device at the branch edge looks like a firewall. This is because introducing DIA at the branch also establishes direct connectivity to a volatile threat landscape. Such connectivity did not exist in the legacy architecture, which routed all traffic through a centralized security stack. The DIA necessitates that the centralized security stack give way to a more distributed security architecture.

In a multi-cloud environment with many SaaS solutions, it is especially important that the secure SD-WAN solution be able to distinguish between applications to leverage the full functionality of the solution. In addition to distinguishing applications and controlling a multi-path environment, a secure SD-WAN solution provides dynamic application steering (packets or sessions) to traverse available paths to the corporate WAN or the multi-cloud environment. To aid application steering, it provides active path metrics. In conjunction with customer-defined SLAs, the SD-WAN policy engine determines which paths are viable transports for each application, choosing the best path or balancing traffic between multiple viable paths.

For a diagram of the modernized SD-WAN branch edge solution, see Introduction.

For a diagram of the modernized SD-WAN branch edge solution, see the Introduction in SD-WAN Architecture for Enterprise.

Previous
Next

Reducing risk with Secure SD-WAN

Secure SD-WAN adds the advanced security capabilities of a next-generation firewall (NGFW) to the networking solution. It's no accident that the icon in the modernized SD-WAN branch edge solution that represents the SD-WAN device at the branch edge looks like a firewall. This is because introducing DIA at the branch also establishes direct connectivity to a volatile threat landscape. Such connectivity did not exist in the legacy architecture, which routed all traffic through a centralized security stack. The DIA necessitates that the centralized security stack give way to a more distributed security architecture.

In a multi-cloud environment with many SaaS solutions, it is especially important that the secure SD-WAN solution be able to distinguish between applications to leverage the full functionality of the solution. In addition to distinguishing applications and controlling a multi-path environment, a secure SD-WAN solution provides dynamic application steering (packets or sessions) to traverse available paths to the corporate WAN or the multi-cloud environment. To aid application steering, it provides active path metrics. In conjunction with customer-defined SLAs, the SD-WAN policy engine determines which paths are viable transports for each application, choosing the best path or balancing traffic between multiple viable paths.

For a diagram of the modernized SD-WAN branch edge solution, see Introduction.

For a diagram of the modernized SD-WAN branch edge solution, see the Introduction in SD-WAN Architecture for Enterprise.

Previous
Next