Fortinet black logo

SD-WAN / SD-Branch Architecture for MSSPs

Home FortiGate / FortiOS 7.2.0 SD-WAN / SD-Branch Architecture for MSSPs
7.2.0
7.2.0
7.0.0
6.4.0

Secure SD-Branch

Secure SD-Branch

It is no coincidence that we are describing the Secure SD-Branch after describing the management plane of our SD-WAN Solution in the previous sections. Indeed, our Secure SD-Branch can be seen as an evolution of a given SD-WAN site, without influencing the rest of the solution components.

For any given SD-WAN site, its serving SD-WAN node (which is a fully-functional FortiGate device, as you will recall) becomes the local Controller of all the SD-Branch components deployed on that site. All these components run in a managed mode, with their configuration fully controlled by the FortiGate device, their ports seen as its logical interfaces, and their monitoring done through the same FortiGate device as well. Consequently, the entire management plane (including FortiManager and FortiAnalyzer) communicates, as before, solely with the FortiGate devices, which are then provisioning and monitoring their local SD-Branch components.

This is how an SD-WAN site can easily become an SD-Branch site, interconnected with other sites by the same overlay network and managed by the same management plane described in the previous sections.

Previous
Next

Secure SD-Branch

It is no coincidence that we are describing the Secure SD-Branch after describing the management plane of our SD-WAN Solution in the previous sections. Indeed, our Secure SD-Branch can be seen as an evolution of a given SD-WAN site, without influencing the rest of the solution components.

For any given SD-WAN site, its serving SD-WAN node (which is a fully-functional FortiGate device, as you will recall) becomes the local Controller of all the SD-Branch components deployed on that site. All these components run in a managed mode, with their configuration fully controlled by the FortiGate device, their ports seen as its logical interfaces, and their monitoring done through the same FortiGate device as well. Consequently, the entire management plane (including FortiManager and FortiAnalyzer) communicates, as before, solely with the FortiGate devices, which are then provisioning and monitoring their local SD-Branch components.

This is how an SD-WAN site can easily become an SD-Branch site, interconnected with other sites by the same overlay network and managed by the same management plane described in the previous sections.

Previous
Next