Professional Documents
Culture Documents
Fortinet - Channel - 40mins - SD-WAN - Oct17 (Autosaved)
Fortinet - Channel - 40mins - SD-WAN - Oct17 (Autosaved)
This document and information and ideas herein may not be disclosed, copied, reproduced or
distributed to anyone outside Fortinet, Inc. without prior written consent of Fortinet, Inc.
This information is pre-release and forward looking and therefore is subject to change
without notice.
Please note that this Product Roadmap is neither intended to bind Fortinet to any particular course
of product marketing and development nor to constitute a part of the license agreement or any
contractual agreement with Fortinet or its subsidiaries or affiliates.
2
Agenda
1 SD-WAN Features
NGFW or UTM
Router
Internet
Internet
MPLS SaaS
MPLS Data
VPN
Center IaaS
Data
Center
Fortinet - Confidential 5
I hate my WAN : SD-WAN to the Rescue
By the end of 2019, 30% of enterprises will use SD-WAN technology in all
their branches, up from less than 1 % today - Gartner
Fortinet - Confidential 6
Distributed Enterprise SD-WAN Vision
Business Critial Traffic eg..
Voice/Video take the best
delay, jitter, and/or loss path
Fortinet - Confidential 7
Fortinet’s Key Benefits of Secured SD-WAN Solution
MPLS to Direct Internet Access for Cloud Reduces WAN Cost Spending
Fortinet - Confidential 8
WAN traffic without SD-WAN implemented
MPLS
FGT
Fortinet - Confidential 9
Increasing the bandwidth with SD-WAN
MPLS 2
MAN Ethernet
MPLS @ @2
3G/LTE
Available Bandwidth
MultiLink
Fortinet - Confidential 10
Redundancy of the links
MPLS @ @2
3G/LTE
MultiLink
Fortinet - Confidential 11
Smart Load Balancing of the Applications
L = 25 ms L = 28 ms L = 100 ms
J = 0 ms J = 0 ms J = 20 ms
PL = 0 % PL = 0 % PL = 5 %
MPLS @ @2
Sensibility to:
Latency & Packet Loss
Smart LB
Fortinet - Confidential 12
Smart Load Balancing of the Applications L = 100 ms
L = 25 ms L = 28 ms J = 20 ms
J = 0 ms J = 0 ms PL = 5 %
PL = 0 % PL = 0 % BW = 18 Mbps
BW = 2 Mbps BW = 8 Mbps
MPLS @ @2
Smart LB
Fortinet - Confidential 13
Smart Load Balancing of the Applications L = 100 ms
L = 25 ms L = 28 ms J = 20 ms
J = 0 ms J = 0 ms PL = 5 %
PL = 0 % PL = 0 % BW = 18 Mbps
BW = 2 Mbps BW = 8 Mbps
MPLS @ @2
Smart LB
Fortinet - Confidential 14
Smart Load Balancing of the Applications
Fortinet - Confidential 15
Inbound / Outbound QOS
MPLS @
I/O QoS
Fortinet - Confidential 16
SD-WAN
Implementing
SD-WAN
Fortinet - Confidential 18
Default route
Fortinet - Confidential 19
Firewall Policy
Fortinet - Confidential 20
Status Check
Fortinet - Confidential 21
Configuration of SD-WAN rules
Fortinet - Confidential 22
Internet Service Database
Fortinet - Confidential 23
SD-WAN
Implementing
SD-WAN
Bandwidth
Control
CONFIDENTIAL Fortinet - Confidential 24
Bandwidth Control implementation – Shaping-policy
TS shaping policy identifies the traffic that is to be matched and assigns
config firewall shaping-policy
Class-id edit 1
set comment "Facetime"
set service "ALL"
Traffic identification can be done manually, with App set application 24426
Control Engine or with Internet Service DB set dstintf "virtual-wan-link"
set class-id 3
set class-id-reverse 3
set srcaddr "all"
set dstaddr "all"
next
edit 2
set comment "Facetime"
set service "ALL"
set application 24426
set dstintf "port1"
Class-id available for configuration 2-31 set class-id 3
set class-id-reverse 3
set srcaddr "all"
set dstaddr "all"
next
Fortinet - Confidential 25
Bandwidth Control implementation – Shaping-profile
Bandwidth assignment for each Class-id is done in shaping-profiles
edit "SD_WAN_DEMO"
set comment "SD_WAN_DEMO"
set default-class 5
config classes
edit 2
set class-id 2
5 transmit priorities queues are available set priority top
set guaranteed-bandwidth 30
set maximum-bandwidth 100
next
edit 3
set class-id 3
set priority critical
Maximum and guaranteed bandwidth are defined set guaranteed-bandwidth 20
as percentage (%) of in/outbandwidth of the interface. set maximum-bandwidth 100
next
If not used guaranteed bandwidth is shared among edit 4
other classes set class-id 4
set priority medium
set guaranteed-bandwidth 10
set maximum-bandwidth 100
next
edit 5
set class-id 5
set priority low
set guaranteed-bandwidth 5
set maximum-bandwidth 100
Fortinet - Confidential 26
Bandwidth Control - Priority queues
TOP
CRITICAL
HIGH
MEDIUM
LOW
Fortinet - Confidential 27
Bandwidth Control implementation – Interface configuration
The last step is to assign the shaping-profile to an interface. Shaping can
occur on both ingress and egress traffic.
config system interface
edit "port11"
set vdom "Branch1"
set ip 10.10.10.1 255.255.255.252
set allowaccess ping https ssh snmp http fgfm
set type physical
set inbandwidth 5000
set outbandwidth 5000
set egress-shaping-profile "SD_WAN_DEMO"
set ingress-shaping-profile "SD_WAN_DEMO"
set description "MPLS"
set alias "MPLS"
set snmp-index 13
next
end
Fortinet - Confidential 28
What is available with Fortinet’s SD-WAN?
5.4 GA / 5.6 GA Valeo top3 Critical/Good to
have
SD-WAN BGP support No Yes Critical
Fortinet - Confidential 29