[PDF] Fortinet Secure SD-WAN Data Sheet

View - Download Fortinet Secure SD-WAN Data Sheet

Previous PDF

Next PDF

with a distributed infrastructure of remote offices and an expanding remote workforce need to adapt. The most effective solution is to switch from static, performance-inhibited wide-area networks (WANs) to software-defined WAN (SD-WAN) architectures. Traditional WANs may utilize SLA-backed private multiprotocol label switching (MPLS) or leased line links to an organizations' main fdata centers for all application and security needs. But that comes at a premium price for connectivity. While a legacy hub-and-spoke architecture

may provide centralized protection, it increases latency and slows down network performance to distributed cloud services for application accefss and compute. The result is operational

complexity and limited visibility associfated with multiple point products. This scenario adds significant managemfent overhead and difficultifes, especially when trying to troubleshoot and resolve issues. Fortinet's Secure Networking strategy tightly integrates an organization's network infrastructure and security architecture, enabling networks to transform at scale without compromising security. This next-generation approach provides consistent security enforcement across flexible perimeters by combining a next-generation firewall with advanced SD-WAN networking capabilitiesf. This combination pfaves the way to Fortinet Single-Vendor SASE approach empowering organizations to consistently apply enterprise grade security and superior user experience across all edges converging networking and security across a unified operating system and agent. FortiSASE extends FortiGuard security services across Thin Edge, Secure Edge, and remote users enabling sefcure access to users both on and off the network. Furthermore, infrastructure networks are simplified by extending SD-WAN into wired and wireless access points of branch offices. accelerated SD-WAN identified with real-time

SSL inspection

enhanced user experience

SaaS adoption

NOC/SOC managementf and

analytics for end-to-end visibility andf control vendor SASE

Leader for both SD-WAN

and Network Firewalls identification, advanced WAN remediation, and acceflerated cloud on-ramp for optimized network and applicationf performance. Furthermore, a Secure Private Access via FortiSASE to secure access to private applications for remote users. Secure Edge (FortiGate SD-WAN) and thin edge (FortiExtender Wireless WAN) to transition to Fortinet Single-Vendor SASE solutionf to secure all applications, users, and data anywhere. security, and SD-Branch at fscale. unified solution to preserve the security and availability of the network. In addition, cloud- delivered security (SASE) fcan also be leveraged by the branches and remote users. extending secure access and high-pferformance connectivifty to users regardless of their geographic locationfs. FortiSASE delivers a full set of neftworking and security capabilities including secure web gateway (SWG), universal zero-trust network access (ZTNA), next- generation dual-modef cloud access securfity broker (CASB), Firewall-as-a-Service (FWaaS), and secure SD-WAN integration. With a unified solutionf, you can: efpfFoxrrp complemented by an ASIC-acceleratfed platform to deliver the most comprehensive SD-WAN solution. appliances, with the industry's only ASIC accelerfation using the SOC4 SPU or vSPU. ZTNA application gafteway on a unified platfform that allows customers to eliminate multiple point products at the WAN edge remediation, and priofritization ensure the best user experience for business-critical, SaaS, and UCaaS applicatifons

FortiGuardFortiCare

OrchestrationIntegrationAutomation

App Gateway

ASICVirtualFortiOSServices

Centralized

Management

Secure

ASIC

Acceleration

SP5 network and user experience. Continuefd innovation and enhancemefnt enable: threats while providing visibility acfross entire attack surface automation

DsrseShnnr

quickly to business demands wfith end-to-end visibility. With a single pane of glass management that offers deployment at scale, cusftomers can: extenders from a single consolef offices, datacenters, and cloud

Ansible/Terraform, and fabric connectors

(DEM) and AIOps today's sophisticated threats: content, application, pefople, and devices analyzing that data with advanced AI, and then automatically distributing the resulting intelligence back for enforcement and protection efpfFoxrrp knuNrWobWtA

xtrbWdgS-Sgk.Tsv5000+ application sfignatures, first packet Identification, dfeep packet inspection, custfom application

signatures, SSL decryption, TLS1.3 with mandated ciphers, and deepf inspection

SD-WAN

(Application aware traffic control)

Granular applicatiofn policies, applicatfion SLA based path selection, dynamicf bandwidth measurement

of SD-WAN paths, active/active and active/standby forwarding, overlay support for encrypted transport,

Application sessionf-based steering, probe-based SLA measurements

Advanced SD-WAN

(WAN remediation) Forward Error Correction (FEC) for packet loss compensatiofn, packet duplication for best real-time

application performance, Active Directory integration for user based SD-WAN steering policies, pefr packet

link aggregation with packet distribution acrfoss aggregate members

SD-WAN deployment Flexible deployment - hub-to-spoke (partial mesh), spoke-to-spoke (full mesh), multi-fWAN transport

support

SASESecure remote users/branches to private applications (Secfure Private Access) by establishing IPSefc

tunnels from SASE PoP to multiple SD-WAN Hubs

Traffic shaping basedf on bandwidth limits per application afnd WAN link, rate limits per application afnd

WAN link, prioritize application traffifc per WAN link, mark/remark DSCP bits for influencing trafffic QoS on

egress devices, application fsteering based on ToS marking

Advanced Routing (IPv4/IPv6)fStatic routing, Internal Gateway (iBGP, OSPF v2/v3 , RIP fv2), External Gateway(eBGP), VRF, route

redistribution, route leaking, BGP confederation, router reflectors, summarization fand route-aggregation,

route asymmetry

VPN/OverlaySite-to-site ADVPN - dynamic VPN tfunnels, policy-based fVPN, IKEv1, IKEv2, DPD, PFS, ESP and ESP-

HMAC support, symmetric cipherf support (IKE/ESP): AES-1f28 and AES-256 modes: CBC, CNTfR, XCBC,

GCM, Pre-shared and PKI authentication with RSA certificates, Diffie-Hellman key exchange (Group 1, 2,

5, 14 through 21 and 27 through 32), MD5, and SHA-based HMAC

MulticastMulticast forwarding, PIM spare (rfc 4601), dense mode f(rfc 3973), PIM rendezvous point

Advanced NetworkingDHCP v4/v6, DNS, NAT - source, destination, static NAT, destination NAT, PAT, NAPT, Full IPv4/v6 support

Next Generation Firewall with FortiGuard threat intelligence - SSL insfpection, applicatiofn control, Intrusion

prevention, antivirus,f web filtering, DLP, and advanced threat protection. Segmentatiofn - micro, macro,

single task VDOM, mfulti VDOM, ZTNA appflication gateway

Cloud-delivered SecurityUniversal zero-trust network access (ZTNA), fnext-generation dual-mofde cloud access secufrity broker

(CASB), Firewall-as-a-Service (FWaaS), secure SD-WAN integration, and hollisftic visibility (appfs, threats,

sessions, policies)f

Provisioning

FortiManager - zero touch provisioning, centralifzed configuration, chfange management, dafshboard,

application policiefs, QoS, security poflicies, application fspecific SLA, active probe configuration, RfBAC,

multi-tenant.

Fabric Overlay Orchestrator capability - is fbuilt directly into FortiOS allowing automatic connectivitfy

between devices without FortiManager.

Cloud OrchestrationFortiManager Cloud through FortiCloud, Single Signf-on portal to manage Fortinet NGFW and SD-WAN,

Cloud-based network management to streamline FortiGate provisioning and managfement, extensive automation-enabled manafgement of Fortinet devices

Enhanced AnalyticsBandwidth consumption, SLA metrics - jitter, packet loss, and latency, real-time monitoring, filter based

on time slot, WAN link SLA reports, per-application sessiofn usage, threat information - malware signature,

malware domain or URL, inffected host, threat level, malware category, indicator of compromise

Cloud On-rampCloud integration - AWS, Azure, Alibaba, Oracle, Gofogle. AWS - transit, direct and VPC connectfivity,

transit gateways, Azure - Virtual WAN connectivity, Oracle - OCI connfectivity FortiGate dual device HA - primary and backup, FortiManager HA, bypass interface, interface redundancy, redundant power supplies

IntegrationRESTful API/Ansible ffor configuration, zfero touch provisioning, reporting, and third-party integration

Virtual environmentsVMware ESXi v5.5 / v6.0 / v6.5/ v6.7, VMware NSX-T v2.3 Microsoft Hyper-V Server 2008 R2 / 2012 f/ 2012 R2 / 2016 Citrix Xen XenServer v5.6 sp2, v6.0, v6.2 and later

Open source Xen v3.4.3, v4.1 and later

KVM qemu 0.12.1 & libvirt 0.10.2 and later for Red Hat Enterprise Linux / CefntOS 6.4 and later / Ubuntu

16.04 LTS (generic kernel) ,KVM qemu 2.3.1 for SuSE Linux Enterprise Server 12 SP1 LTSS

Nutanix AHV (AOS 5.10, Prisim Central 5.10)

Cisco Cloud Services Platform 2100

Built-in VariantsPOE, LTE, WiFi, ADSL/VDSLf

DsrseShnnr

g'sBBSMD(s BV dxx aD 'Dk c'SMD(s BVLMsvaPVg'LBsM)DSLMsvaPVas'Ecg soohWfANnuGIxCIx5Ix0Ix+IIxOIIx

EunNS/EvS(prtzlpozb

6.5 Gbps6.1 Gbps6.5 Gbps11.5 Gbps13 Gbps

O

700 Mbps800 Mbps900 Mbps1 Gbps3 Gbps

Q

1.8 Gbps1.8 Gbps1.8 Gbps2.2 Gbps13 Gbps

630 Mbps700 Mbps715 Mbps1 Gbps4 Gbps

ahtzeS'fAflnFnAbS4SsfAfhwbWNu

Abnr,fNnu10 x GE RJ4510 x GE RJ458 x GE RJ45

2 x Shared Port Pairs

18 x GE RJ45

8 x GE SFP

2 × 10 GE SFP+

4 x Shared Port Pairs

18 x GE RJ45

8 x GE SFP

4 × 10 GE SFP+

WiFi, StorageStorageWiFi, Bypass, POE,

Storage

StorageStorage

DesktopDesktop1RU1RU

Single AC PSSingle AC PSSingle AC PS, dual

inputs

Dual AC PSDual AC PS

1 The IPsec VPN pefrformance test uses AES256-SHfA256

2 SSL Inspection pferformance values use an average of HTTPS sessfions of different cipher suites

3 IPS, Application fControl, NGFW, and Threat Protection are measured with logging enabled

DsrseShnnr

xtrbW)fbnS

FWF-60F-A-BDL-950-DDFWF-80F-2R-A-BDL-

950-DD

950-DD

950-DD

FWF-81F-2R-A-BDL-

950-DD

950-DD

FC-10-W081F-950-02-DD

x)(SahtzeS'fAflnFnAbS

4SsAfhwbWNuS1RfunK

'tAWbtrWAlSgnriWNnuS

1RfunK

soohWfANnuGIIxCIIx+IIIx+0IIxOOIIDOCIIx

EunNS/EvS(prtzlpozb

55 Gbps55 Gbps55 Gbps98 Gbps55 Gbps

50,000100,000100,000100,000100,000

O

10.5 Gbps13 Gbps15 Gbps11 Gbps25 Gbps

Q

S: Eg3S

fil-SP((EgX

9 Gbps10 Gbps12 Gbps17 Gbps20 Gbps

ahtzeS'fAflnFnAbS4SsfAfhwbWNu +II)DS(gxEO0

DsrseShnnr

soohWfANnuQIIIxQQIIDQGIIDQUIIxQ5IIx

EunNS/EvS(prtzlpozb

98 Gbps140 Gbps165 Gbps160 Gbps

200,000200,000200,000200,000

O

17 Gbps25 Gbps63 Gbps75 Gbps

Q

S: Eg3S

fil-SP((EgX

21 Gbps30 Gbps63 Gbps55 Gbps

GII)DS(gxE.kk

LzWhbmWASgbtrfln

1 The IPsec VPN pefrformance test uses AES256-SHfA256

2 SSL Inspection pferformance values use an average of HTTPS sessfions of different cipher suites

3 IPS, Application fControl, NGFW, and Threat Protection are measured with logging enabled

soohWfANnuQ6CIDQ60IDGOIIxGGIIxG0IIx

EunNS/EvS(prtzlpozb

400 Gbps210 Gbps310 Gbps800 Gbps

200,000200,000200,000200,000

O

20 Gbps45 Gbps75 Gbps75 Gbps

Q

S: Eg3S

fil-SP((EgX

26 Gbps50 Gbps86 Gbps63 Gbps

GII)DS(gxE.kk

LzWhbmWASgbtrfln

1 The IPsec VPN pefrformance test uses AES256-SHfA256

2 SSL Inspection pferformance values use an average of HTTPS sessfions of different cipher suites

3 IPS, Application fControl, NGFW, and Threat Protection are measured with logging enabled

DsrseShnnr

LcvkBDg

xtrbW)fbnS LfunFG-600F-BDL- 950-DDFG-1000F-BDL-950-DDFG-1800F-BDL-950-DDFG-2200E-BDL-950-DDFG-2600F-BDL-950-DD kaSEt)nrS/frWfAb

950-DD

FG-2600F-DC-BDL-

950-DD

950-DD

FG-2601F-DC-BDL-

950-DD

02-DD

FC-10-F26HF-950-

02-DD kaSEt)nrFC-10-FD26F-950-02-DD

FC-10-FD261-950-02-DD

x)(SahtzeS'fAflnFnAbS4fS sAfhwbWNuS1RfunK 'tAWbtrWAlSgnriWNnuS1RfunK 02-DD

FC-10-F26HF-288-

02-DD

PwonrgNfhnLIC-FG26F-HYPSC

PcLSLcvkBDg

xtrbW)fbnS kaSEt)nrS/frWfAb kaSEt)nr x)(SahtzeS'fAflnFnAbS4fS sAfhwbWNuS1RfunK 'tAWbtrWAlSgnriWNnuS1RfunK

PwonrgNfhnLIC-FG35F-HYPSC

FCR-EUPGFCR-EUPGFCR-EUPGFCR-EUPG

DsrseShnnr

LcvkBDg

xtrbW)fbnS

FG-4401F-BDL-950-DDFG-4801F-BDL-950-DD

FG-4401F-DC-BDL-950-DD

FC-10-F441F-950-02-DDFG-4801F-BDL-950-DD

FC-10-D441F-950-02-DD

x)(SahtzeS'fAflnFnAbS4fS sAfhwbWNuS1RfunK gkTsv.cAenrhfwS 'tAWbtrWAlSgnriWNnuS1RfunK

PwonrgNfhnLIC-FG44F-HYPSCLIC-FG48F-HYPSC

FCR-EUPGFCR-EUPGFCR-EUPGFCR-EUPG

x)./' sFf8tASsTg'WNrtut,bSs8zrndrfNhnSda SVSdEa)ttlhnS)aEshWRfRfSshWahtze x)./' / # / # / # / #

EMdxDgg dvsBSgDM/ aDgSEsa:s)Dg

The QuickStart SD-WAN service is a consultinfg services that provides assistance for the deployment of a pre-defined FortiGate SD-WAN configuration infto a customer's environment

DsrseShnnr

Pfre)frngzRuNrWobWtA

OII)GII)+IIIxQIII)Q5II)ahtze/'

hWNnAun

100,00010,000100,000

1501,000400010,000Add-On

12,0001,200

:'DsXSnAfRhne xtrbWafrnSErnFWzFSatAbrfNb NoNo gzRuNrWobWtA /'SLzAehnV gzRuNrWobWtA xdM( 'svs)DMSLcvkBDg soohWfANnuOII)GII)+IIIxQIII)Q5II)

MnohfNnFnAbSkWuySg:cfSP-D4TCSP-DAM37G4T

S/' gzRuNrWobWtASLzAehnfu 01-DD

FC2-10-FMGVS-448-

01-DD FC3-10-FMGVS-448-01-DDAll in one subscription bundle including FortiManager VM S-series, FortiCare Premium Contract, and FortiCare Best Practice services.

Fully stackable.

EnronbzfhSBWNnAunFMG-VM-100-UGFMG-VM-1000-UGFMG-VM-5000-UGPerpetual license. Purchase FortiCare Premium Contract and

FortiCare Best Practices services separately. Only the number of managed devices is stackable. f +ISkniWNnu+IISkniWNnu+IIISkniWNnu

'zhbWmkniWNnSgzRuNrWobWtAFC2-10-MVCLD-227-01-DDFC3-10-MVCLD-227-01-DDFortiManager Cloud Central Management & Orchestration Service

including 24×7 FortiCare support. Fully Stackable. sFf8tASsTg'WNrtut,bSs8zrn)ttlhnS)aEdrfNhnSda SVSdEa x')./' gdBc( dvSLcvkBDg:cSB aDvgDgkSTsvSg('SLcvkBD lookup time, HTTPS fresponse time, and RfTT against custom and OOTB applications acrfoss all SD WAN connections to measure application reachability and performance.

10-PackFC1-10-MNCLD-672-01-12

25-PackFC2-10-MNCLD-672-01-12

500-PackFC3-10-MNCLD-672-01-12

2000-PackFC4-10-MNCLD-672-01-12

10,000-PackFC5-10-MNCLD-672-01-12

DsrseShnnr

with SASE, to multi-data center and custom apps deployments: following courses are recommended: click here. deployment. Speak with a Fortinet specialist for assistance selecting the right devices for your environment. Below are the most common selefction criteria and some commonly selected Hub devices, based on deplofyment sizes (for reference purposes only).

LrfANpSgnhnNbWtA

IPsec Tunnels, Device)

PcLSgnhnNbWtA

Power, Intra-site)

1rn,nrnANnStAhwKS

(1100E-1800F) (2200E-2600F) (3000F-3600E) (3960E-4400F)

DsrseShnnr

security subscriptifon services as necessary and utilizing a FfortiManager for central managemefnt. support. orchestrator. There is no additional cfost or sizing consfiderations for an orchestrator. To centrally manage fand monitor your SD-WAN devices, we recommend purchasing the FortiManager based on total number of devices that will be managed. f

private or public clouds. Pflease see the FortiGate-VM Support Matrix for a comprehensive list of supported

hypervisors and public clfoud marketplaces: FortiGate VM datasheets click here. and Hub models based fon common deployment use cases.

designated "WAN" ports but you may also utilize any of the available LAN or DMZ ports as a WAN interface.

to support several hundred tunnels on even the smallest box but varies based on many factors.

Agents integrate with SD-WAN to monitor all available WAN underlay links. There is no licensing lfimits on

the number of WAN underlay links to be monitored. Example: 10-Pack infcludes 10 FortiGates, 25-Pack includesf 25 FortiGates Malware Protection enabled, Enterprise Mix trafficf. Botnet DB, Mobile Maflware, Outbreak Prevention, Web & Video Filtering, Cloud sandbox, Secure DNS filtering, AntiSpam Serfvice, and 24×7 support. For more information, please vifsit: FortiGuard Security Services datasheet clifck here.

Maximum Values Table click here.

FortiDeploy (FDP-SINGLE-US) with your purchase order. FortiDeploy will link the serial numbers ifn your

order to your FortiCloud account. A FortiManager IP address can be assigned to your devices automatically

so they retrieve their configuration fautomatically from the FortiManager of your choice.

DsrseShnnr

firewall platform. You can easily optimfize the protection capabilities of your FortiGate with one of these FortiGuard Bundles. issue resolution. This advanced support offering provides access to a dedicated support team. Single-touch ticket handling by the expert technical team streamlines resolution. This option also provides Extended End-of-Engineering-Suppofrt (EoE's) of 18 months for added flexibility and access to the new FortiCare Elite Portal. This intuitive portal provides a single unified view of device and security hfealth. respect for human rights and ethical business pracftices, making possible a digital world you can always trust. You represent and warrant tfo Fortinet that you will not use Fortinet's products and services to engage in, or support in any way, violations or abusfes of human rights, including those involving illegal censofrship, surveillance, detention, or excessive use of force. Users of Fortinet products are required to comply with the Fortinet EULA and report any suspected violations of the EULA via the procedures outlined in the Fortinet Whistleblower Policy. B) efpfFoxrrp z hcAFtSiwmSs z hcAFtSi mts z cmNgcAFtSiwxmtg z

bFNgiSiFNdckmrcmTTsbScostTFtkmNbsctsdx,Sdac)FSeiNncestsiNctsotsdsNSdcmNrcviNgiNncbFkkiSksNScvrcAFtSiNsShcmNgcAFtSiNsScgidb,mikdcm,,c)mttmNSisdhc)esSestcsyotsddcFtciko,isghcsybsoScSFcSescsySsNScAFtSiNsScsNSstdcmcviNgiNnc)tiSSsNcbFNStmbShcdinNsgcvrcAFtSiNsSLdcwsNstm,c FxNds,hc)iSecmcoxtbemdstc

)))aTFtSiNsSabFk

SSD-WAN-DAT-R18-20230509

quotesdbs_dbs21.pdfusesText_27

[PDF] fortigate fg 50e datasheet

[PDF] fortigate fg 60e manual

[PDF] fortigate fg 60f datasheet

[PDF] fortigate fg2000e

[PDF] fortigate fg200d eol

[PDF] fortigate firewall 100e datasheet

[PDF] fortigate firmware compatibility matrix

[PDF] fortigate firmware download

[PDF] fortigate generate csr san

[PDF] fortigate i student guide

[PDF] fortigate i student guide online v6

[PDF] fortigate import certificate duplicated for ca/local/remote cert

[PDF] fortigate import certificate for deep inspection

[PDF] fortigate import certificate ldaps

[PDF] fortigate import certificate pem