fortinet secure sd-wan architecture components€¦ · fortinet secure sd-wan architecture...
TRANSCRIPT
3
Fortinet Secure SD-WAN Architecture Components
FortiGate Next Generation Firewall Capabilities
Application Awareness
FortiGuardLabs
FortiSandbox Security Rating ServiceMPLS
Switched Ethernet Broadband
FortiExtender
FortiDeploy
FortiManagerFortiGate
FortiAuthenticator
FortiSSOFortiGate
FortiManager
FortiAnalyzer
FortiSIEM
CIO• Enable Digital Transformation• Application Resilience & Recovery• Integrated Security Infrastructure• Edge Device Consolidation• CapEx & OpEx Reduction
CISO• Attack Surface Visibility• Reduced Complexity• Increased Response Time• Compliance Posture Visibility• D&R Automation• Security Framework Alignment
SecurityProcessor
IPSContent Filter
Anti-Botnet App Control
Reputation AntivirusSSL Inspection
VLAN
Router IPSNGFWSD-WAN
4
Data
Cen
ter
Priv
ate
Clou
dM
ulti-
Clou
d
Inte
rnal
Serv
ers
VMs
Exte
rnal
Se
rvic
es
• WAN Path Controller• Application Awareness• Zero Touch Deployment• Device Consolidation• Improved WAN Link Performance• Dynamic Application Distribution
• Next Generation Firewall (NGFW)• Multi-Transport Support• Centralized Management• Single-Pane-of-Glass Monitoring• Identity-Based Policy• Service Level Agreements (WAN Metrics)• Traffic Shaping & Policing
3 M
bps
25 Mbps
100 Mbps
500
Mbp
s Branch OfficeNGFW
SD-WANMembers
Broadband
IPSec Tunnel
MPLS
LAN
Digital Transformation for Enterprise Branch
MPLS
Internet
SIEM & Analytics
Provisioning Server
Threat Intelligence
Monitoring & Management
5
Data
Cen
ter
• WAN Path Controller• Application Awareness• Zero Touch Deployment• Device Consolidation• Improved WAN Link
Performance• Dynamic Application
Distribution• Identity-Based Policy• Traffic Shaping
& Policing
• Next Generation Firewall (NGFW)
• Multi-Transport Support
• Centralized Management
• Single-Pane-of-Glass Monitoring
• Service Level Agreements (WAN Metrics)
Inte
rnal
Serv
ers
VMs
Exte
rnal
Se
rvic
es
1 G
bps
10 Mbps
10 Mbps
50 M
bps
50 Mbps
SD-WANMembers
SD-WANMembers
Reduce WAN OpEx with Direct Internet AccessBroadband
IPSec Tunnel
MPLS
LAN
Priv
ate
Clou
dM
ulti-
Clou
d
10 Mbps
100 Mbps
Branch Office
SD-WANMembers
Internet
NGFW
NGFW
MPLS
SIEM & Analytics
Provisioning Server
Threat Intelligence
Monitoring & Management
NGFW
6
• WAN Path Controller• Application Awareness• Zero Touch Deployment• Device Consolidation• Improved WAN Link Performance• Dynamic Application Distribution• Next Generation Firewall (NGFW)• Multi-Transport Support• Centralized Management• Single-Pane-of-Glass Monitoring• Identity-Based Policy• Service Level Agreements (WAN Metrics)• Traffic Shaping & Policing
Broadband
IPSec Tunnel
LANRedundant Broadband Enterprise BranchTwo Internet Service Providers Direct Internet Access
Data
Cen
ter
Inte
rnal
Serv
ers
Exte
rnal
Se
rvic
es
ISP1
ISP2
2x 200 Mbps
2x 50 Mbps
SD-WANMembers
ISP1 – Internet
VMs
Branch OfficeNGFW
Priv
ate
Clou
dM
ulti-
Clou
d
SIEM & Analytics
Provisioning Server
Threat Intelligence
Monitoring & Management
ISP2 – Internet
7
Inte
rnal
Serv
ers
Exte
rnal
Se
rvic
es
Data
Cen
ter
• WAN Path Controller• Application Awareness• Zero Touch Deployment• Device Consolidation
• Centralized Management• Single-Pane-of-Glass Monitoring• Identity-Based Policy• Service Level Agreements (WAN Metrics)• Traffic Shaping & Policing
FortiGate
Simplify with Secure SD-Branch
5 Mbps
25 Mbps
10 M
bps
50 Mbps
100 Mbps
1 G
bps
SD-Branch
SD-BranchFortiGate
Secure SD-WAN
FortiAP
FortiAP
FortiSwitch
FortiSwitch
FortiGateSecure SD-WAN
Broadband
IPSec Tunnel
MPLS
LAN
Internet
MPLS
• Next Generation Firewall (NGFW)• Improved WAN Link Performance• Dynamic Application Distribution• Multi-Transport Support
VMs
Priv
ate
Clou
dM
ulti-
Clou
d
SIEM & Analytics
Provisioning Server
Threat Intelligence
Monitoring & Management
8
• WAN Path Controller• Application Awareness• Zero Touch Deployment• Device Consolidation• Improved WAN Link
Performance• Dynamic Application
Distribution
• Next Generation Firewall• Multi-Transport Support• Centralized Management• Single-Pane-of-Glass
Monitoring• Identity-Based Policy• Service Level
Agreements (WAN Metrics)
• Traffic Shaping & Policing
ISP1 (20 Mbps)
Branch Office
100 MbpsISP1 (Broadband) ISP2 (LTE)
ISP2 (LTE)
SD-WANMembers
Redundant Connectivity Enterprise BranchBroadband with LTE Direct Internet Access
InternetNGFW
Data
Cen
ter
Inte
rnal
Serv
ers
VMs
Exte
rnal
Se
rvic
es
Priv
ate
Clou
dM
ulti-
Clou
d
SIEM & Analytics
Provisioning Server
Threat Intelligence
Monitoring & Management
Broadband
IPSec Tunnel
LAN
IPsec