FortiGate Secure SD-

WAN
Solution
 Agenda
• Definition
• Features
• Benefits
• Application Aware SD-WAN
• Dynamic WAN path
• Control Application
• Performance using SLA
• Simplified SLA using Quality
 SD-WAN
• SD-WAN is a software-defined approach to managing Wide-Area Networks which improves traffic flow and reduces
pressure on the network.

• SD-WAN with Application Aware Routing can measure and monitor the performance of multiple services in a hybrid
network

• The SD-WAN Edge is a physical or virtual network function that is placed at an organization's branch/regional/central
office site, data center, and in public or private cloud platforms

• SD-WAN has 3 objects

o SD-WAN interface
o Performance-SLA
o SD-WAN rule
 Features
• Resilience

• Quality of service

• Security

• Application optimization

• Deployment options

• Automatic path selection

 Benefits
• Reduced cost with transport independence across MPLS, 3G/4G LTE, and others.

• Improve business application performance by increasing the availability and agility.

• Optimized user experience and efficiency with SaaS and public cloud applications

• The ability to do dynamic path selection, for load sharing and resiliency purposes

• The ability to support VPNs, and third party services such as WAN optimization controllers, firewalls and web
gateways
 Application Aware SD-WAN

Granular application awareness

with 3000+ known applications

Internet Service Database

▪ Dynamically updated database

of known service IPs and

protocols
▪ Layer 4

Application Control
▪ Dynamically updated database
of applications
▪ Deep inspection
Dynamic WAN path controller and measurement
Control Application Performance using SLA
 Performance SLA

Application-Level • Latency
Transaction • Packet Loss
• Jitter

• Ping
Multiple Measurement • Http
Techniques • TCP Echo
• UDP Echo
• TWAMP

• Check Interval
Failover Parameters • Failure before inactive
• Success before restore
Simplified SLA using Quality
 Configuration
Removing existing configuration references to interfaces
• Before you can configure FortiGate interfaces as SD-WAN members, you must remove or redirect existing
configuration references to those interfaces in routes and security policies

• After remove the routes and security policies, traffic can't reach the WAN ports through the FortiGate

• After configure SD-WAN, we can reconfigure the routes and policies to reference the SD-WAN interface

1. Go to Network > Static Routes and delete any routes that use WAN1 or WAN2.

2. Go to Policy & Objects > IPv4 Policy and delete any policies that use WAN1 or WAN2
 Configuration cont.….

Configuring SD-WAN:

Status: Enable
Interface: wan2
Interface: wan1
 Configuration cont.….

SD-WAN Rules
Select the Volume
Wan1: 50
Wan2: 50

Source IP: Select this option to balance traffic equally between the SD-WAN members according to a hash
algorithm based on the source IP addresses.

Session: Select this option to balance traffic equally between the SD-WAN members by the session numbers ratio
among its members. Use weight 50 for each of the 2 members.

Source-Destination IP: Select this option to balance traffic equally between the SD-WAN members according to a
hash algorithm based on the source and destination IP addresses.

Volume: Select this option to balance traffic equally between the SD-WAN members according to the bandwidth
ratio among its members.
 Configuration cont.….

Static Route
Interface: SD-WAN
Distance: 10
 Configuration cont.….

Performance SLA
Name: SLA perform
Protocol: ping
Server: 8.8.8.8 and 4.2.2.2
Participants: wan1 and wan2
SLA Targets: Enable
 Configuration cont.….
Creating the Policy for
SDWAN
Questionnaires
Thank You