With more than twenty years in network security, Fortinet makes secure network appliances available for almost every need. The portfolio started with next-generation firewalls and now spans many different Software-Defined Branch (SD-Branch) products, including switches and access points. Fortinet entered the SD-WAN space a few years ago, adding the coveted feature to FortiOS, the single OS platform used on Fortinet products. Fortinet’s implementation has evolved quickly in the past few years. So much so that Fortinet is now earning top marks with globally recognized market analyst firms and is demonstrating leadership in the space. Why the buzz? What really sets Fortinet Secure SD-WAN apart?
When software-defined wide area networking or SD-WAN first came about, many “pure-play” solutions focused only on the networking aspects of wide-area networks. Applications migrating to the public cloud required new connection paradigms to replace aging models of static closed networks like MPLS. SD-WAN fits these needs perfectly, which explains the interest and rapid adoption of it. When it came to ways to secure and monitor this network traffic, that’s where things get a little trickier. Fortinet built their SD-WAN platform from the ground up with security in mind and was one of the first to do so. Many of the initial pure-play vendors are playing catch-up by bolstering their offerings with security now as threats like ransomware and other zero-day attacks become more common. Security has to be at the heart of the WAN and Fortinet had the foresight to see this from the start.
The days of implicitly trusting users to connect over the WAN or VPN to reach the private resources they need access to are over. New zero-trust security models are required to give users access to only the things they need to complete their work and only the resources they are authorized to by classifications like user, device, or group. One such feature that Fortinet has introduced recently to accommodate this need is Zero Trust Network Access (ZTNA) Access Proxy. This feature verifies the user and device identity, then the trust context, before granting access to a protected application resource. This, combined with the other next-generation firewall features of the FortiGate platform, creates comprehensive security models for WAN, remote user access, cloud access, and more.
Speaking of Cloud…
One of the key functions of SD-WAN is application performance optimization over the network by utilizing modern “WAN Remediation” functions. Becoming table stakes for the best SD-WAN solutions, these are features like forward error correction (FEC), jitter buffering, application steering, TCP optimization, and bandwidth load balancing. When these powerful functions are used in conjunction with one another, they can do incredible things like correct for packet loss, realize all of the available bandwidth across multiple links, and make real-time applications like voice and video hitless even with a link failure. Typically, one needs to “bookend” this overlay functionality meaning from the edge, a matching pair endpoint is required on the other side of where the remediation and load balancing needs to happen. Fortinet has deployment models which stand up “cloud on-ramp” virtual appliance instances in popular public cloud services like Amazon Web Services, Azure, and Google Compute Platform to create this bookended solution. This creates powerful secure SD-WAN capabilities for site-to-cloud connectivity and cloud-to-cloud connectivity across the WAN.
What about Secure Access Service Edge (SASE)?
There is no hotter topic in enterprise connectivity than SASE. Fortunately, Fortinet has a story here as well. FortiSASE Secure Internet Access (SIA) is a new cloud-based security product offering brought to enable working from anywhere. This brings to bear cloud-based secure web gateway (SWG), firewall-as-a-service (FWaaS), and zero-trust network access (ZTNA) capabilities for all remote users, not just branches with SD-WAN.
Bringing it All Together
With a clear vision of what a truly secure SD-WAN looks like from the beginning, Fortinet is putting the pieces together to make good on that vision. It’s not any one component that stands out, it’s the sum of the parts which differentiates and demonstrates the true value of the solution Fortinet has put together. The modularity stands out as well, as you can compose a custom solution that works for your organization with discrete components. Fortinet is certainly building a strong portfolio in the WAN that could help them be a dominant player here for years to come.