Professional Documents
Culture Documents
Authen - Advance Route
Authen - Advance Route
Hieu
ROUTING
ROUTING
FEATURES
31
NETWORKING
POLICY ROUTE
32
NETWORKING
POLICY ROUTE
33
NETWORKING
SD-WAN
SD-WAN requires direct internet access which requires better security at every branch
90% of the SD-WAN vendors only offer stateful firewalls which is not enough
Secure SD-WAN
NGFW
SD-WAN
+ + + + + + + +
SD-WAN Traffic VPN App Intrusion Antivirus URL Sandboxing SSL Inspection
Shaping Control Prevention Filtering
34
NETWORKING
6.
SD-WAN
0
MULTI-PATH
INTELLIGENCE
35
NETWORKING
6.
60.
SD-WAN
0B
2
Path Selection Strategy Best Quality Min. Quality (SLA)
Administrators who prefer simplistic path Administrators who desire granular threshold
Recommended Use Case
selection, relying on preferred quality criteria configurations per applications
36
NETWORKING
6.
SD-WAN
0
APPLICATION
AWARENESS
37
NETWORKING
6.
SD-WAN
0
TRAFFIC
SHAPING
38
NETWORKING
SD-WAN
WAN OPTIMIZATION
Supports various network
topologies such as inline and
WAN
Peers
out-of-path design
Utilize Protocol Optimization &
Authentication group byte Caching
Supports multi-peers
Can be used in both transparent
or NAT/Route Mode, virtualized
per VDOM
39
NETWORKING
SD-WAN
INTERNET
WEB CACHING
Reducing bandwidth usage with fewer request and response across WAN
Reducing server load as it has to serve fewer requests
Perceived latency since data is obtained from local unit
FortiGate Models with single disk will have to toggle disk from Local Log to WAN Optimization.
40
NETWORKING
6.
EXPLICIT PROXY
0
WEB/FTP
PROXY
41
NETWORKING
6.
HIGH AVAILABILITY
0
Signatures
FortiGate Clustering FortiGate Session Virtual Router
Protocol (FGCP) Life Support Redundancy
Protocol (FGSP) Protocol (VRRP)
• Enhanced reliability via • For supporting asymmetric • RFC standard based,
device failover, link traffic and support allow 3rd party device
failover and remote link scenarios with load- integration
failover balancers and routers • Resource intensive,
• Increased performance distributing sessions performance and latency
via active-active HA load across multiple appliances impact
balancing • does not have a heartbeat
• uses a virtual MAC/single mechanism to detect unit
IP address per network failure, each FG operates
segment by itself with config and
session sync
42
NETWORKING
6.
HIGH AVAILABILITY
0
FORTIGATE-01 FORTIGATE-02
Cluster 1
Virtual
VDOM 1 VDOM 1
VDOM 2 VDOM 2
Cluster 2
Virtual
VDOM 3 VDOM 3
VIRTUAL CLUSTER
Similar concept to loadsharing 2 Virtual clusters can be created with as many VDOMs
available assigned to them
Can operate in A-A or A-P mode
Inter-VDOM links must be entirely within one virtual
Available when VDOMs are enabled cluster.
43
NETWORKING
HIGH AVAILABILITY
HA FAILOVER
Device & Link Failover
Failover can be triggered when the
master/primary units fails or links
connecting it
Remote Link Failover
Uses ping servers on the primary unit
to test connectivity with IP addresses
of network devices that is not directly
connected
May be multiple interfaces and/or
multiple IPs on a monitored interface
44