SD-Branch

LAN Edge Wired and Wireless

Marice Marrero
Presales Engineer
Welcome to the Fortinet SD-Branch Fast Track
This training session comprises two sections

Section One: Introduction to SD-Branch

1. Business drivers & Market evolution
2. Customer profile
3. Fortinet’s SD-Branch Vision
4. Solution components
5. Industry Validation
Partner Focused Enablement
1. Success Example
2. Opportunity Discovery and Development
3. Competition

Section Two: Lab, covers the configuration of LAN Edge with FortiLink.
*Note: Lab does not cover SD-WAN or FortiNAC configuration due to time constraints.

© Fortinet Inc. All Rights Reserved. 2

Market Overview
So what is SD-Branch?

Branch Network
Vendor 1 Vendor 2 Vendor 3 Vendor 4 Vendor 5

Clients / IoT Wireless Ethernet Switch Firewall Router SD-WAN

LAN Secure
Edge SD WAN

NAC

© Fortinet Inc. All Rights Reserved. 4

Customer Profile
Distributed Enterprise / Branch Office

Retail K-12 Education Banking

Hospitality Healthcare

Restaurant Government
© Fortinet Inc. All Rights Reserved. 5
Enabling the edges of your
network
Fortinet’s Secure SD-Branch Vision
A secure, agile, integrated approach to branch networking

Fortinet sees three key components to branch networking:

1. Security
2. Simplicity
3. Total cost of ownership

The Fortinet Secure SD-Branch is unmatched in delivering all three

• We are one of the only vendors recognized in all three SD-Branch
related Gartner Magic Quadrants

© Fortinet Inc. All Rights Reserved. 7

Digital Transformation Business Initiatives
Expansion at the WAN and LAN edge

Enablethe
Enable Cloud
CloudOn-Ramp
On-Ramp Simplify Operations Address IoT

95% of companies using

Skills Shortage 31 billion devices 2020
SD-WAN within 2 years
© Fortinet Inc. All Rights Reserved. 8
Challenge: New WAN and Access edge paradigm
Each user and device now represents an edge

Security Complexity Cost

Multiple Vendors, Consoles

Solutions "Bolted On" Licensing and Support
and OS
© Fortinet Inc. All Rights Reserved. 9
 Fabric Management
Center

Fortinet NOC SOC

Security
Fabric Adaptive Cloud
Security
Broad
visibility and protection of the entire
digital attack surface to better Zero Trust
Access
manage risk
FORTIOS
Integrated
solution that reduces management
complexity and shares threat
intelligence

Automated Security-Driven
Open
Ecosystem
self-healing networks with AI-driven Networking
FortiGuard Threat
security for fast and efficient Intelligence

operations

© Fortinet Inc. All Rights Reserved. 02012021 10

 Security-driven Networking Vision
Convergence of networking and security across all edges and users
Networking Security
Accelerated

Accelerated
convergence of

SECURITY
NETWORKING

Appliance (ASIC)
Networking and
Security

Cloud Flexible,
Goal: toanywhere
support theand
anytime
dynamic security
secure access
needs of organizations

1
Fortinet View
Cloud delivered
Scalable
© Fortinet Inc. All Rights Reserved. © Fortinet Inc. All Rights Reserved. 11
11
SD-Branch WAN Edge

FortiGate Appliances FortiExtender

▪ Up to Two LTE radios

▪ 17+ models
▪ CAT 12 speeds (600 Mbps) per radio
▪ Next Generation Firewall ▪ Dual SIM support per radio
▪ WLAN Controller ▪ Ethernet WAN port
▪ Switch Controller ▪ Multiple LAN ports
▪ Routing
© Fortinet Inc. All Rights Reserved. 12
SD-Branch LAN Edge

Access Points Switches

▪ 20+ models ▪ 40+ models

▪ 802.11ac & Wi-Fi 6 ▪ Edge Switches
▪ Internal or external antenna ▪ Data Center /ToR Switches
▪ FortiLink integration to FGT ▪ FortiLink integration to FGT
▪ Indoor/Outdoor/Wall jack ▪ L2/L3 & Advanced Services
© Fortinet Inc. All Rights Reserved. 13
Fortinet Secure LAN Edge Through FortiLink
Security-driven Networking
FortiGate
Integrated Security
• Direct control, configuration, and management of
FortiAPs and FortiSwitch through FortiOS
• Extends (NGFW) features and inspection to wired and
FortiLink
wireless network FortiSwitch
• A significant step beyond the centralized management

Simplicity
• Agile deployment and management
• Flexible architecture, scales as needs change
FortiLink
Lower Cost of Ownership FortiAP
• Access Management included with FortiOS.
• No licenses required

© Fortinet Inc. All Rights Reserved. 14

WAN Edge
FortiGate

SD-WAN FortiGate

• Fastest application steering available

• Most accurate application identification
available, even with encrypted traffic
Next Gen Firewall
• NSS Labs verified industry leading security
• Deep inspection of SSL/TLS encrypted traffic
Router
• Hardware accelerated routing for high
performance

© Fortinet Inc. All Rights Reserved. 16

Secure SD-WAN

FortiGate

APPLICATION MULTI-PATH SIMPLIFIED

WAN RESILIENCY SEGMENTATION
AWARE INTELLIGENCE MONITORING

• Visibility into 5000+ • Application Steering • WAN Path • High-level • Multi-Tenancy with
Applications Based on Expanded Remediation (FEC) Monitoring of Patented VDOM
• High Application SLAs • Tunnel Bandwidth SD-WAN Devices • User Level
• Automated Fail-Over Aggregation on a Map Segmentation for
Identification
Capabilities (Per Packet • Expanded Historical Applications
Accuracy Steering) SLA Analytics

© Fortinet Inc. All Rights Reserved. 17

LAN Edge Deeper Dive
FortiSwitch

© Fortinet Inc. All Rights Reserved. 19

 FortiSwitch Access Switch Family-update
Entry Mid Range Premium Aggregation
100 Series 200 Series 400 Series 500 Series

▪ Entry Level Switch
▪ 8 to 48 gigabit Ethernet
ports, POE Capable
▪ Desktop to wiring closet.
▪ (2-4) GE or 10GE
Ethernet SFP SFP+
uplink ports
Small Business
▪ Mid level Switch ▪ Enterprise Switch
▪ 24 to 48 GE ports POE+ ▪ 24 to 48 gigabit Ethernet
Capable ports POE+ Capable
▪ Typical wiring closet switch ▪ Multi-Gig and UPoE options
▪ (4) Gigabit Ethernet SFP ▪ Larger wiring closet or high
uplink ports throughput requirements.
▪ Up to (4) 10 Gigabit
Ethernet SFP uplinks
▪ Aggregation Switch
▪ 24 to 48 gigabit Ethernet
ports POE+ Capable
▪ Up to (4) 10 Gigabit
Ethernet (2) 40 Gigabit
Ethernet SFP uplinks

Secure SD-Branch

Campus Networks
© Fortinet Inc. All Rights Reserved. 20
FortiSwitch Data Center Switch Family
1000 Series 3000 Series

▪ Top of Rack and Data Center Applications
▪ 24 or 48 10 Gigabit Ethernet SFP slots
▪ Up to four QSFP28 100 GbE Uplinks or
Six 40 GbE QSFP+
▪ Dual hot swappable power supplies
▪ Top of Rack and Data Center Applications
▪ 3000 series offers 32 x 100 Gigabit
Ethernet capable QSFP28 slots
▪ Dual hot swappable power supplies

Small Business Data Center

Campus Top of Rack Aggregation

© Fortinet Inc. All Rights Reserved. 21

FortiSwitch Rugged Switch Family

112D-POE 124D Switch

▪ 8x GE RJ45, 4x GE SFP slots ▪ 16x GE RJ45, 4x GE SFP slots
▪ 8x GE Ports are PoE/PoE+ ▪ 8 shared media interfaces
capable. (GE RJ45 / GE SFP slots)

Rugged Access Switch

Passive cooling, No fans or moving parts
Redundant power inputs
Built to IP30 standards
© Fortinet Inc. All Rights Reserved. 22
FortiAP

© Fortinet Inc. All Rights Reserved. 23

FortiAP Portfolio
FAP Series FAP-U Series

▪ Internal Antenna or external antennas

▪ Internal Antenna or external antennas
▪ 2x2 or 4x4 Spatial Stream
▪ 2x2 or 4x4 Spatial Stream
▪ Indoor or Outdoor form factor
▪ Indoor, Outdoor, or Wall jack form factor
▪ 3-radio for 24/7 monitoring
▪ 3-radio for 24/7 monitoring
▪ BLE built in
▪ BLE built in
▪ Dual 5GHz
Campus, SD-Branch, and Teleworker Applications
© Fortinet Inc. All Rights Reserved. 24
 FortiAP Naming Structure

FAP-U433F-A
Family Indication Number of Radios Wi-Fi Standard
<blank> - Standard Indicates the number E – 802.11ac
AP of Wi-Fi radios built F – Wi-Fi 6
U – Premium AP, dual into the AP Regulatory
Form Factor
5GHz capable Please refer to the
1 – Indoor, Internal
Spatial Streams antenna price list for a
Indicates the number 2 – Outdoor, External complete listing
of spatial streams antenna
supported on the AP 3 – Indoor, External
antenna
4 – Outdoor, Internal
antenna
© Fortinet Inc. All Rights Reserved. 25
J – Wallplate AP
NAC
FOS Native NAC

Secure
• Automatically discovers devices and applies policy
FortiGate
• Flexible triggers and actions
• Rules point to policy (and policy can point to
additional policy) FortiLink
FortiSwitch
Simple
• Defaults are ready to go
• Can simplify network deployment
• User Devices and FortiGuard IOT identification*
Scalable FortiAP
• Quickly enable NAC on port(s) or entire network
• EMS Tags with dynamic addresses
• Actions can be port or device specific

© Fortinet Inc. All Rights Reserved. 27

FortiNAC
Advanced Functions

Security NOC/SOC Centralized

FortiNAC
• Continuous risk assessment, anomaly detection and FortiGate
automated responses

Simplicity – FortiGate as a sensor

FortiLink
• No need for additional onsite hardware FortiSwitch
• Management Centralized at the NOC/SOC

Lower Cost of Ownership

• Simple license structure based on the total number of
endpoints
FortiAP

© Fortinet Inc. All Rights Reserved. 28

SD-Branch Extended
Extended Secure SD-Branch
Further enabling branches

LAN Edge
Zero Trust
Access
• Protecting the access edge LAN Edge

MPLS
FortiNAC WAN Edge
User
NGFW
• Protecting the device edge FortiClient

FortiClient Contractor
Wireless Switch
FortiFone Broadband
• Protecting the managed device edge Guest
Cellular
FortiCamera FortiCamera
4G
5G
• Enhancing physical security
FortiFone / FortiVoice
• Enabling communication

© Fortinet Inc. All Rights Reserved. 30

Deployment and Scalability
SD Branch Management Options
Fabric Management Center
FortiGate Interface
(FortiManager,FortiAnalyzer)

▪ Ideal for small or single site deployments ▪ Management at scale

▪ Supports SD-WAN configuration and ▪ Supports SD-WAN configuration and
management. management
▪ Manage security, network access and WAN from ▪ Supports zero touch deployment
a single interface ▪ Manage SD-WAN, security, and access from one
interface
© Fortinet Inc. All Rights Reserved. 32
Zero Touch Secure SD-Branch Deployment
• Ship equipment directly to site
• No costly onsite expertise necessary 1. Connect FortiGate to
3
• Time to deploy minimized internet
2. FortiGate sends out
2 discovery to FortiDeploy
3. FortiDeploy pre-populated
FortiManager
with serial Id of FortiGate,
1 NOC/SOC forwards to assigned
n
er FortiManager
Int et

4. FortiManager pushes
4 configuration to FortiGate
FortiSwitch and FortiAP.

SD
BRANCH

© Fortinet Inc. All Rights Reserved. 33

Industry Validation
Recognized As a Leader in the 2021 Gartner® Magic Quadrant™ for Network Firewalls
and WAN Edge Infrastructure and as a Visionary in the 2021 Gartner® Magic Quadrant™
for Enterprise Wired and Wireless LAN Infrastructure
2021 Gartner® Magic Quadrant™ for 2021 Gartner ® Magic Quadrant™ for 2021 Gartner® Magic Quadrant™ for
Network Firewalls WAN Edge Infrastructure Enterprise Wired and Wireless LAN Infrastructure

Gartner, Magic Quadrant for WAN Edge Infrastructure, By Jonathan Forest, Naresh Singh, Andrew Lerner, Evan Zeng, 20 September 2021
Gartner, Magic Quadrant for Network Firewalls, By Rajpreet Kaur, Jeremy D'Hoinne, Nat Smith, Adam Hils, 1 November 2021
Gartner, Magic Quadrant for Enterprise Wired and Wireless LAN Infrastructure, Bill Menezes, Christian Canales, Tim Zimmerman, Mike Toussaint, 16 November 2021.

“Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner
research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this
research, including any warranties of merchantability or fitness for a particular purpose. Gartner and Magic Quadrant are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is
used herein with permission. All rights reserved.
© Fortinet Inc. All Rights Reserved. 35
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Fortinet.
Fortinet Leads Gartner Critical Capability Report of
WAN Edge SD-Branch
These graphics were published by Gartner,
Inc. as part of a larger research document
and should be evaluated in the context of the
entire document. The Gartner documents are
available upon request from our website:
https://www.fortinet.com/solutions/gartner-ma
gic-quadrants.html.

© Fortinet Inc. All Rights Reserved. 36

 Fortinet FortiAP and FortiSwitch
Wired and Wireless Networking

Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences, and do not represent the views of Gartner or its
affiliates.
© Fortinet Inc. All Rights Reserved. 37
Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences, and do not represent the views of Gartner or its
affiliates.

© Fortinet Inc. All Rights Reserved. 38

Recap
Business Value of Moving to Fortinet SD-Branch

Convergence of Consolidate Functions, IT Footprint,

Network and OS, and Configurations, Address IoT
Security

Simplified Enhance business agility with a single OS

Operations and user interface in FortiGate FOS

Less Equipment and Fewer licenses

TCO Benefits Less time learning multiple interfaces

© Fortinet Inc. All Rights Reserved. 40

Delivering on Fortinet’s Vision for Secure
SD-Branch

Integrated Security
• No other vendor offers tighter security integration.
o FortiSwitch and FortiAP integrated into FortiGate as
extensions of the NGFW through FortiLink
o FortiNAC Discovery, visibility, security and anomaly detection
for IoT
Low Complexity
• Single pane of glass to manage security, network access
and Secure SD-WAN.
o Simplify troubleshooting
o Increased agility in deployment and expansion
• Licensing simple to understand and implement
Lower Total Cost of Ownership
• No licensing fees on the FortiGate

© Fortinet Inc. All Rights Reserved. 41

Lab Exercise:
Part 1: FortiSwitch FortiLink Lab
Part 2: FortiAP FortiLink Lab
Lab Topology

FortiSwitch Lab Main Gate

• The FortiSwitches, APs, and the client

are physical devices
POD-1

• The Lab environment is composed of

sixteen pods. POD-2

POD-3

• Each pod has a FortiGate, a

FortiSwitch, a FortiAP, and client.
POD-14
• Each Student will be assigned a
Student number which will correspond POD-15

to a POD.
POD-16

© Fortinet Inc. All Rights Reserved. 44

 Lab Topology
The credentials to access the lab environments are different that those used to
log into CloudShare.
Use the assigned Student<x> Credentials to connect
to the lab environment via FortiClient

Your Student credentials will direct

you to your assigned lab
environment (POD) based on your
student number.

FortiFIED app on the Jumpbox

Desktop is your lab guide.
FortiClient

© Fortinet Inc. All Rights Reserved. 45

Part 1:
FortiSwitch FortiLink Lab Course

This is a short technical lab designed to walk you through the steps
necessary to configure FortiLink between the FortiGate and
FortiSwitch enabling the Fortinet Security Fabric in the Ethernet
access layer.

© Fortinet Inc. All Rights Reserved. 46

Part 2:
FortiAP FortiLink Lab Course

This is a short technical lab designed to walk you through the steps necessary to
configure a variety of common wireless network types on FortiAPs using the FortiLink
wireless protocol running across CAPWAP.

© Fortinet Inc. All Rights Reserved. 47