Professional Documents
Culture Documents
Secure SD-WAN Report-2021-12-03-1710 - 111
Secure SD-WAN Report-2021-12-03-1710 - 111
Secure SD-WAN Report-2021-12-03-1710 - 111
SD-WAN Utilization 9
Device - FG-ALMIRANTE_BARROSO 9
Traffic Utilization by SD-WAN Rule 9
Traffic Distribution Over SD-WAN Member 9
Traffic Utilization by SD-WAN Members Over Time 10
Sent(bps) 10
Received(bps) 10
SD-WAN Applications 11
Traffic Distribution Over Application 11
SD-WAN Top Applications by Traffic Volume and Session 11
Device - FG-ALMIRANTE_BARROSO 11
SD-WAN Device Traffic Distribution by Interface and Application 12
SD-WAN Users 12
SD-WAN Top Source by Traffic Volume 13
SD-WAN Top Source by Application and Traffic Volume 13
Appendix A 15
Dispositivos (1) 15
Secure SD-WAN Report (by ADM_Fortinet) - FortiAnalyzer Nome do Host: FMG-MPPA page 1 of 15
Introduction Secure SD-WAN
As the use of business-critical, cloud-based applications and tools continue to increase, distributed organizations
with multiple remote offices are switching from performance inhibited WANs to SD-WAN architectures. SD-WAN
offers business application steering, cost savings, and performance for Software-as-a-Service (SaaS) applications, as
well as unified communication services. However, SD-WAN has its own shortcomings—especially when it comes to
security with direct internet access.
While the highlights are listed below, a more detailed information of each device follows.
100.00% 224.07 MB
SD-WAN Availability SD-WAN Bandwidth
Application usage should have a strong influence on your network architecture. Understanding which types of
applications are used and specifically business application performance can improve user experience and
productivity. Following chart illustrates a breakout of applications specific to your network as ranked by traffic
volume. These applications can be prioritized by leveraging SD-WAN application steering strategies and Service
Level Agreements (SLAs) in order to engineer their optimal path to the Internet.
Secure SD-WAN Report (by ADM_Fortinet) - FortiAnalyzer Nome do Host: FMG-MPPA page 2 of 15
Secure SD-WAN Report (by ADM_Fortinet) - FortiAnalyzer Nome do Host: FMG-MPPA page 3 of 15
SD-WAN Performance
Multi-path technology can automatically fail over to the best available link when the primary WAN path degrades.
This automation is built into the FortiGate, which reduces complexity for end-users while improving their experience
and productivity.
-2 6 -2 7 -2 8 -2 9 -3 0 -0 1 -0 2
11 11 11 11 11 12 12
SD-WAN
VPNINT
VPNIRP
VPNTRP
wan2
30
20
10
0
0
0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
00
12
00
12
00
12
00
12
00
12
00
12
00
12
6
2
-2
-2
-2
-2
-2
-2
-2
-2
-3
-3
-0
-0
-0
-0
11
11
11
11
11
11
11
11
11
11
12
12
12
12
Secure SD-WAN Report (by ADM_Fortinet) - FortiAnalyzer Nome do Host: FMG-MPPA page 4 of 15
11 11 11
-2 -2 -2
6 6 6
00 00 00
:0 :0 :0
20%
40%
60%
80%
0.05%
0.15%
0.25%
0%
0%
0.1%
0.2%
0.3%
0
1
0 0 0
100%
11 11 11
Link Uptime
-2 -2 -2
6 6 6
12 12 12
:0 :0 :0
0 0 0
11 11 11
-2 -2 -2
7 7 7
00 00 00
:0 :0 :0
0 0 0
11 11 11
-2 -2 -2
7 7 7
12 12 12
:0 :0 :0
0 0 0
FG-ALMIRANTE_BARROSO:VPNIRP
FG-ALMIRANTE_BARROSO:VPNINT
11 11 11
-2 -2 -2
8 8 8
00 00 00
:0 :0 :0
0 0 0
11 11 11
-2 -2 -2
8 8 8
12 12 12
:0 :0 :0
0 0 0
Jitter After SD-WAN Implementation (ms)
11 11 11
-2 -2 Packet Loss After SD-WAN Implementation -2
9 9 9
00 00 00
:0 :0 :0
0 0 0
11 11 11
-2 -2 -2
9 9 9
12 12 12
:0 :0 :0
0 0 0
11 11 11
-3 -3 -3
0 0 0
page 5 of 15
100%
80%
60%
40%
20%
0%
0
0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
00
12
00
12
00
12
00
12
00
12
00
12
00
12
6
2
-2
-2
-2
-2
-2
-2
-2
-2
-3
-3
-0
-0
-0
-0
11
11
11
11
11
11
11
11
11
11
12
12
12
12
FG-ALMIRANTE_BARROSO:VPNTRP
100%
80%
60%
40%
20%
0%
0
0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
00
12
00
12
00
12
00
12
00
12
00
12
00
12
6
2
-2
-2
-2
-2
-2
-2
-2
-2
-3
-3
-0
-0
-0
-0
11
11
11
11
11
11
11
11
11
11
12
12
12
12
FG-ALMIRANTE_BARROSO:wan2
100%
80%
60%
40%
20%
0%
0
0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
00
12
00
12
00
12
00
12
00
12
00
12
00
12
6
2
-2
-2
-2
-2
-2
-2
-2
-2
-3
-3
-0
-0
-0
-0
11
11
11
11
11
11
11
11
11
11
12
12
12
12
Link quality plays an important role in link selection for SD-WAN, the link quality status of SD-WAN members should
be monitored and any prolonged issues with packet loss, latency, and jitter have to be investigated to ensure that
your network doesn't experience degraded performance or an outage. SD WAN uses pre-defined SLA strategies to
route traffic through the SD-WAN interfaces that meet the latency, jitter, and packet loss criteria configured in the
SLA targets associated with the SD-WAN rules. SD-WAN constantly monitors network traffic metrics, such as latency,
packet loss and jitter. Based on the measured data, the SD-WAN is able to respond proactively to real-time network
conditions, selecting the optimal path for traffic.
Secure SD-WAN Report (by ADM_Fortinet) - FortiAnalyzer Nome do Host: FMG-MPPA page 6 of 15
Latency Latency Latency Jitter Jitter Jitter Packet Loss Packet Loss Packet Loss
# Device Name WAN Link
(min.) (avg.) (max.) (min.) (avg.) (max.) (min.) (avg.) (max.)
1 FG-ALMIRANTE_BARR VPNINT 25.26 25.90 237.66 0.23 6.59 94.39 0.00% 0.17% 10.00%
OSO
2 FG-ALMIRANTE_BARR VPNIRP 28.92 28.22 238.72 0.28 6.53 93.86 0.00% 0.31% 10.00%
OSO
3 FG-ALMIRANTE_BARR VPNTRP 0.96 33.10 97.89 0.00 0.33 25.28 0.00% 0.04% 3.00%
OSO
4 FG-ALMIRANTE_BARR wan2 82.88 75.20 283.91 0.25 6.88 95.76 0.00% 0.44% 20.00%
OSO
Device - FG-ALMIRANTE_BARROSO
Latency by WAN Link Over Time (ms)
150 VPNINT
120 VPNIRP
VPNTRP
90
wan2
60
30
0
0
0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
00
12
00
12
00
12
00
12
00
12
00
12
00
12
6
2
-2
-2
-2
-2
-2
-2
-2
-2
-3
-3
-0
-0
-0
-0
11
11
11
11
11
11
11
11
11
11
12
12
12
12
Jitter by WAN Link Over Time (ms)
40 VPNINT
VPNIRP
30
VPNTRP
20 wan2
10
0
0
0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
00
12
00
12
00
12
00
12
00
12
00
12
00
12
6
2
-2
-2
-2
-2
-2
-2
-2
-2
-3
-3
-0
-0
-0
-0
11
11
11
11
11
11
11
11
11
11
12
12
12
12
VPNINT
4%
VPNIRP
3% VPNTRP
wan2
2%
1%
0%
0
0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
00
12
00
12
00
12
00
12
00
12
00
12
00
12
6
2
-2
-2
-2
-2
-2
-2
-2
-2
-3
-3
-0
-0
-0
-0
11
11
11
11
11
11
11
11
11
11
12
12
12
12
Secure SD-WAN Report (by ADM_Fortinet) - FortiAnalyzer Nome do Host: FMG-MPPA page 7 of 15
Service Level Agreements (SLAs)
Performance link monitoring measures the health of links that are connected to SD-WAN member interfaces by
sending probing signals through each link to a server and measuring the link quality based on latency, jitter, and
packet loss. If a link is broken, the routes on that link are removed, and traffic is routed through other links. When
the link is working again, the routes are re-enabled. This prevents traffic being sent to a broken link and lost.
Device - FG-ALMIRANTE_BARROSO
SLA Rules Link Percentage Within Latency Threshold
# SLA Rules Links Latency Within Threshold
1 MPPA_SEDE VPNTRP 100.00%
VPNINT 98.88%
VPNIRP 98.80%
2 Default_Gmail VPNTRP 100.00%
wan2 99.70%
Default_Gmail
100 MPPA_SEDE
80
60
40
20
0
0
0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
00
12
00
12
00
12
00
12
00
12
00
12
00
12
6
2
-2
-2
-2
-2
-2
-2
-2
-2
-3
-3
-0
-0
-0
-0
11
11
11
11
11
11
11
11
11
11
12
12
12
12
Secure SD-WAN Report (by ADM_Fortinet) - FortiAnalyzer Nome do Host: FMG-MPPA page 8 of 15
Jitter by SLA Rule Over Time (ms)
Default_Gmail
25
MPPA_SEDE
20
15
10
0
0
0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
00
12
00
12
00
12
00
12
00
12
00
12
00
12
6
2
-2
-2
-2
-2
-2
-2
-2
-2
-3
-3
-0
-0
-0
-0
11
11
11
11
11
11
11
11
11
11
12
12
12
12
Packet Loss by SLA Rule Over Time
Default_Gmail
MPPA_SEDE
2%
1%
0%
0
0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
00
12
00
12
00
12
00
12
00
12
00
12
00
12
6
2
-2
-2
-2
-2
-2
-2
-2
-2
-3
-3
-0
-0
-0
-0
11
11
11
11
11
11
11
11
11
11
12
12
12
12
SD-WAN Utilization
FortiGate can be set to recognize applications by business criticality. Business-critical applications, general
productivity applications, and social media can be given different routing priorities. Unique policies can be applied
at a deeper level for sub-applications. This broad application-level visibility into traffic patterns and utilization offers
a better position to allocate WAN resources according to business needs. Fortinet Secure SD-WAN identifies and
classifies applications—even encrypted cloud application traffic—from the very first packet. In addition to individual
applications, understanding overall utilization can help with capacity planning, circuit selection, and streamlining
network traffic over time. This awareness can also help reduce operational costs associated with backhauling traffic
over more expensive WAN links (such as MPLS).
Device - FG-ALMIRANTE_BARROSO
Traffic Utilization by SD-WAN Rule Traffic Distribution Over SD-WAN Member
Secure SD-WAN Report (by ADM_Fortinet) - FortiAnalyzer Nome do Host: FMG-MPPA page 9 of 15
11 11 11
-2 -2 -2
6 6 6
00 00 00
:0 :0 :0
1000KB
1500KB
2M
4M
6M
120KB
150KB
500KB
0
30KB
60KB
90KB
0
0
0 0 0
Sent(bps)
11 11
-2 -2 11
6 6 -2 VPNTRP
12 12 6
:0 :0 12
0 0
Received(bps)
:0
11 11 0
-2 -2
7 7 11
00 00 -2
:0 :0 7
0 0 00
11 11 :0
-2 -2 0
7 7 11
12 12
:0 :0 -2
0 0 7
11 11 12
-2 -2 :0
8 8 0
00 00 11
:0 :0 -2
0 0 8
11 11 00
-2 -2 :0
8 8 0
12 12
:0 :0 11
0 0 -2
11
-2
11
-2 8
12
9 9 :0
00 00 0
:0 :0
0 0 11
11 11 -2
-2 -2 9
9 9 00
12 12 :0
:0 :0 0
0 0
11 11 11
-3 -3 -2
0 0 9
Traffic Utilization by SD-WAN Members Over Time
00 00 12
:0 :0 :0
0 0 0
11 11
-3 -3 11
0 0 -3
12 12 0
VPNIRP
VPNIRP
VPNINT
VPNINT
VPNTRP
VPNTRP
page 10 of 15
SD-WAN Applications
Traffic Distribution Over Application
224MB
8.94% WhatsApp (20.03 MB)
8.34% Google.Services (18.70 MB)
7.02% YouTube (15.73 MB)
19.16% Others (42.93 MB)
Device - FG-ALMIRANTE_BARROSO
Secure SD-WAN Report (by ADM_Fortinet) - FortiAnalyzer Nome do Host: FMG-MPPA page 11 of 15
SD-WAN Device Traffic Distribution by Interface and Application
SD-WAN Users
By looking at source traffic, we can determine the originating source of any particular traffic. Certain botnets,
command and control functions, and even remote access can be session heavy and indicative of targeted attacks or
persistent threats. Following charts representative of source traffic activity that may need further investigation.
Secure SD-WAN Report (by ADM_Fortinet) - FortiAnalyzer Nome do Host: FMG-MPPA page 12 of 15
SD-WAN Top Source by Traffic Volume
User (or IP)
83MB
2
14
53MB
0.
.4
16
6
10
2.
17
32MB
0.
.4
16
0
11
2.
17
29MB
0.
.4
16
7
11
2.
17
13MB
0.
.4
16
02
2.
.1
17
8MB
40
8.
0
16
.2
2.
40
3293KB
19
8.
16
03
2.
.1
19
668KB
40
8.
46
16
.1
2.
661KB
40
19
8.
42
16
.1
2.
522KB
40
19
8.
1
16
10
2.
53KB
0.
19
.4
16
1
0.
2.
.4
17
8KB
16
2.
1
17
.2
40
Bandwidth
2.
19
Secure SD-WAN Report (by ADM_Fortinet) - FortiAnalyzer Nome do Host: FMG-MPPA page 13 of 15
# User (or IP) Application Bandwidth % do Subtotal
6 192.168.40.20 SMB.v2 4.09 MB 52.37%
LDAP 1.96 MB 25.12%
SSL 567.13 KB 7.10%
Others 1.20 MB 15.42%
Subtotal 7.80 MB 3.48%
7 192.168.40.103 HTTPS.BROWSER 1.23 MB 38.10%
HTTP.BROWSER 577.55 KB 17.54%
udp/1252 576.71 KB 17.51%
Others 884.10 KB 26.85%
Subtotal 3.22 MB 1.44%
8 192.168.40.146 udp/1252 270.55 KB 40.47%
udp/1251 268.47 KB 40.16%
udp/1250 113.47 KB 16.98%
Others 15.96 KB 2.39%
Subtotal 668.46 KB 0.29%
9 192.168.40.142 udp/1251 293.16 KB 44.36%
udp/1252 276.97 KB 41.91%
udp/1250 82.48 KB 12.48%
Others 8.30 KB 1.26%
Subtotal 660.92 KB 0.29%
10 172.16.40.101 HTTPS.BROWSER 150.79 KB 28.86%
SSL 97.28 KB 18.62%
Google.Services 63.63 KB 12.18%
Others 210.75 KB 40.34%
Subtotal 522.45 KB 0.23%
Others 60.61 KB 0.03%
Total 224.07 MB 100.00%
Secure SD-WAN Report (by ADM_Fortinet) - FortiAnalyzer Nome do Host: FMG-MPPA page 14 of 15
Appendix A
Dispositivos (1)
FG-ALMIRANTE_BARROSO
Secure SD-WAN Report (by ADM_Fortinet) - FortiAnalyzer Nome do Host: FMG-MPPA page 15 of 15