SD-WAN components
SD-WAN can be broken down into three layers:
Management and orchestration
Control, data plane, and security
Network access
The control, data plane, and security layer can only be deployed on a FortiGate. The other two layers can help to scale and enhance the solution. For large deployments, FortiManager and FortiAnalyzer provide the management and orchestration capabilities FortiSwitch and FortiAP provide the components to deploy an SD-Branch.
| Layer | Functions | Devices | |
| Management and orchestration | Unified management | FortiManager | FortiAnalyzer |
| Control, data plane, and security | Consolidation of underlays and overlays into SD-WAN zones | FortiGate | |
| Network access | Wired and wireless network segmentation | FortiSwitch | FortiAP |
SD-WAN is a software-defined approach to managing Wide-Area Networks (WAN). It consolidates the physical transport connections, or underlays, and monitors and load-balances traffic across the links. VPN overlay networks can be built on top of the underlays to control traffic across different sites.
Health checks and SD-WAN rules define the expected performance and business priorities, allowing the FortiGate to automatically and intelligently route traffic based on the application, internet service, or health of a particular connection.
WAN security and intelligence can be extended into the LAN by incorporating wired and wireless networks under the same domain. FortiSwitch and FortiAP devices integrate seamlessly with the FortiGate to form the foundation of an SD-Branch.
Some of the key benefits of SD-WAN include:
Reduced cost with transport independence across MPLS, 4G/5G LTE, and others.
Reduced complexity with a single vendor and single-pane-of-glass management.
Improve business application performance thanks to increased availability and agility.
Optimized user experience and efficiency with SaaS and public cloud applications.
SD-WAN Components:
The Fortinet Secure SD-WAN solution is comprised of multiple components. Overall, the components that make up the Fortinet Secure SD-WAN solution are: FortiGate, FortiManager, FortiAnalyzer, and FortiDeploy. FortiGate runs FortiOS, the core of the Secure SD-WAN solution. FortiManager drives Orchestration and Management. FortiAnalyzer and FortiDeploy help the whole solution come together, delivering a solution that is unmatched by other vendors. The control, data plane, and security layer can only be deployed on a FortiGate. The other two layers can help to scale and enhance the solution. For large deployments, FortiManager and FortiAnalyzer provide the management and orchestration capabilities FortiSwitch and FortiAP provide the components to deploy an SD-Branch. SD-WAN is broken down into three layers:
1. Management and Orchestration
2 Control, Data Plane, and Security
3. Network Access
Management and Orchestration:
FortiManager provides centralized management and orchestration of Secure SD-WAN branch edge devices. An organization’s FortiManager may reside on-premises, in a private cloud, or in public cloud environments. Regardless of location, FortiManager maintains connectivity to each FortiGate device, monitors performance SLAs, and presents a single pane-of-glass view into global connectivity. It also provides templates for security policy configuration, SD-WAN policy configuration, and performance SLA definition. Secure SD-WAN administrators only need FortiManager to control their entire deployment. With flexibility to support APIs and Security Fabric Connectors, FortiManager seamlessly integrates into the greater workflow within any organization.
FortiManager:
FortiManager is a key component for deploying SD-WAN across a large network. Centralized (single-pane-of glass) management through FortiManager can help you to more easily manage SD-WAN deployment across many devices, and reduce the cost of operation. FortiManager offers all the necessary tools to manage and orchestrate Fortinet Secure SD-WAN solutions. You can quickly deploy thousands of edge locations, trigger changes to entire groups of devices, and consistently define security and SD-WAN policies throughout your environment. FortiManager reduces administration & workload costs with smart features, such as device discovery, device group creation by administration domain, audit & management of complex SD-WAN architecture. Centralized policy and device management, Secure SD-WAN provisioning and monitoring and Single console management.
FortiAnalyzer:
FortiAnalyzer aggregates log data from one or more Fortinet devices, including FortiGate devices that participate in SD-WAN. FortiAnalyzer acts as a centralized log repository and provides a single channel for accessing your complete SD-WAN network data, so you don’t need to access multiple SD-WAN devices several times a day. FortiAnalyzer for advanced analytics and automation. FortiAnalyzer allows administrators or business owners to generate automatic SD-WAN reports targeted to executive management.
Control Plan:
The control plane is the part of a network that controls how data is forwarded. The role of the Control Plane is to inform the routers how to send their traffic. Control Plan traffic is the traffic which is from the device to the device. Control plane traffic is traffic that is originated by, or destined to the router itself. Traffic that network devices send between each other for automatic network discovery. Protocols and traffic that network devices use on their own without direct interaction.
Data Plane:
Data Plan traffic from the user to the user. Data plane traffic that is just passing through to get to other destinations. Traffic that is being forwarded through network also called transit traffic. The data plane is the actual forwarding process.
Security:
Security involves defining policies for access control and applying the appropriate protection using the FortiGate's NGFW features. FortiGate is a fully functioning, market-leading Next Generation Firewall, meaning security is at the heart of the SD-WAN Solution. All the security features available in the FortiGate can be leveraged when SD-WAN is implemented.
FortiGate:
With its underlying FortiOS firmware, FortiGate is the product at the foundation of Fortinet’s Secure SD-WAN solution. The ability to build the most efficient overlay network in the SD-WAN architecture. FortiGate is a fully functioning, market-leading Next-Generation Firewall, meaning security is at the heart of the SD-WAN solution. All the security features available in FortiGate can be leveraged when SD-WAN is implemented.
Network Access:
Extends the security to the access layer through the FortiSwitch and FortiAP, which form the LAN edge. FortiSwitch and FortiAP consolidate branch services through the convergence of security and network access with FortiLink. FortiSwitch and FortiAP integrate with FortiGate to extend SD-WAN benefits into the network access layer. This enables network and security administrators to create and enforce the same network security policies across the enterprise, including out to the network branch.
FortiAP:
Fortinet’s wireless LAN equipment leverages Security-Driven Networking to provide secure wireless access for the enterprise LAN edge. Perfect for deployments from the campus to the SD-Branch, FortiAPs are Fortinet Security Fabric enabled, providing the broad visibility, automated protection, and integrated threat intelligence required to protect organizations’ valuable assets and data worldwide. And that includes REST API support for most of the features used. FortiAP to provide Wi-Fi access to users. FortiAP is the hardware used to aggregate the wireless connections on the LAN edge, providing different access modes, radio configuration capabilities, and all the current cutting-edge Wi-Fi enhancements depending on the model.
FortiSwitch:
FortiSwitch can be adopted as a natural extension of SD-WAN to provide security on the wired LAN edge. FortiSwitch is an essential cornerstone to the software-defined branch (SD-branch) that completes the SD-WAN architecture by enabling security into the access through FortiLink, consolidating all the connectivity in the branches, and enabling the management and power of the FortiAPs. FortiSwitch to provide security on the wired LAN edge. FortiSwitch is the hardware used to aggregate the wired and wireless connections on the LAN edge, providing different layouts of physical ethernet or modular (SFP) ports and Power-over-Ethernet (PoE) capabilities, depending on the models.
