Fortinet black logo

SD-WAN / SD-Branch Architecture for MSSPs

Home FortiGate / FortiOS 7.2.0 SD-WAN / SD-Branch Architecture for MSSPs
7.2.0
7.2.0
7.0.0
6.4.0

Spokes as Edge CPEs

Spokes as Edge CPEs

There is no doubt where to deploy the Spokes in our solution. As we have explained in the Secure SD-WAN/SD-Branch Solution chapter, the Spokes are fully functional FortiGate devices, and they are always deployed at the perimeter of each SD-WAN site. Therefore, they will be shipped to the Customer premises, becoming the Edge CPEs of the Managed Service.

Note

This is why we often use the term "Edge" instead of a "Spoke", when talking in the MSSP context.

A choice of an Edge CPE model depends on the size of each particular site and its requirements:

  • How many users will it serve?

  • How many WAN links are required and of what type (SFP, copper)?

  • Does the site host clients, servers, or both?

  • What kind of security inspection is required for the traffic entering and leaving this site?

Most Customers will require a mix of different FortiGate models to satisfy the needs of all types of sites.

In case of an SD-Branch site, similar considerations will be applied to the SD-Branch components: FortiSwitches, FortiAPs, and FortiExtenders. All the components will be shipped to the Customer premises, deployed in the managed mode, and controlled by the local Edge CPE.

Previous
Next

Spokes as Edge CPEs

There is no doubt where to deploy the Spokes in our solution. As we have explained in the Secure SD-WAN/SD-Branch Solution chapter, the Spokes are fully functional FortiGate devices, and they are always deployed at the perimeter of each SD-WAN site. Therefore, they will be shipped to the Customer premises, becoming the Edge CPEs of the Managed Service.

Note

This is why we often use the term "Edge" instead of a "Spoke", when talking in the MSSP context.

A choice of an Edge CPE model depends on the size of each particular site and its requirements:

  • How many users will it serve?

  • How many WAN links are required and of what type (SFP, copper)?

  • Does the site host clients, servers, or both?

  • What kind of security inspection is required for the traffic entering and leaving this site?

Most Customers will require a mix of different FortiGate models to satisfy the needs of all types of sites.

In case of an SD-Branch site, similar considerations will be applied to the SD-Branch components: FortiSwitches, FortiAPs, and FortiExtenders. All the components will be shipped to the Customer premises, deployed in the managed mode, and controlled by the local Edge CPE.

Previous
Next