Fortinet black logo

SD-WAN Architecture for Enterprise

Home FortiGate / FortiOS 7.2.0 SD-WAN Architecture for Enterprise
7.2.0
7.2.0
7.0.0

Application identification

Application identification

Application flow definition and detection is the cornerstone of any SD-WAN solution. Policies for traffic engineering depend on precise and evolving definitions of application traffic and traffic flows.

Fortinet’s FortiGuard maintains a database of more than 5,000 application definitions. Fortinet’s applications detection capabilities are derived from mature data modeling created and maintained by FortiGuard Labs. The application control feature uses protocol decoders with signatures that analyze network traffic to detect application traffic, even if the traffic uses non-standard ports and protocols. The signatures are crafted by researchers across the globe to include applications that may be unique to platforms, regions, and/or languages, offering specific application activity identification, such as a Facebook posting or Dropbox file synchronization. The database is kept current through scheduled or manual downloads. FortiGate also provides the ability to define custom application flows where needed.

SD-WAN service rules support matching destination traffic for firewall addresses, internet service (ISDB), and applications. (Users can select individual applications, custom groups of applications, or FortiGuard.) FortiGate can identify over 5000 applications with over 20 distinct application categories as the traffic selects the best path to a particular destination, which is essential in SD-WAN deployments. The option to apply SD-WAN rules to entire application categories, such as Social Media or Business, allows businesses to use categories instead of individual applications, minimizing complexity and improving QoE for users. For more information about application categories, see the FortiOS Administration Guide.

Previous
Next

Application identification

Application flow definition and detection is the cornerstone of any SD-WAN solution. Policies for traffic engineering depend on precise and evolving definitions of application traffic and traffic flows.

Fortinet’s FortiGuard maintains a database of more than 5,000 application definitions. Fortinet’s applications detection capabilities are derived from mature data modeling created and maintained by FortiGuard Labs. The application control feature uses protocol decoders with signatures that analyze network traffic to detect application traffic, even if the traffic uses non-standard ports and protocols. The signatures are crafted by researchers across the globe to include applications that may be unique to platforms, regions, and/or languages, offering specific application activity identification, such as a Facebook posting or Dropbox file synchronization. The database is kept current through scheduled or manual downloads. FortiGate also provides the ability to define custom application flows where needed.

SD-WAN service rules support matching destination traffic for firewall addresses, internet service (ISDB), and applications. (Users can select individual applications, custom groups of applications, or FortiGuard.) FortiGate can identify over 5000 applications with over 20 distinct application categories as the traffic selects the best path to a particular destination, which is essential in SD-WAN deployments. The option to apply SD-WAN rules to entire application categories, such as Social Media or Business, allows businesses to use categories instead of individual applications, minimizing complexity and improving QoE for users. For more information about application categories, see the FortiOS Administration Guide.

Previous
Next