Objectives

• Understanding WANEdge Trends and Challenges

• Fortinet Secure SD-WAN
• Secure SD-WAN use cases
• Fortinet SD-WAN Validation
• Customer Success Stories
• Configuring Secure SD-WAN

Fast Track Workshops © Fortinet Inc. All Rights Reserved. 2

 Understanding WAN Edge
Trends & Challenges

Fast Track Workshops

Challenges Driving SD-WAN Transformation

69%
Digital Acceleration
52%
Work from Anywhere
67%
Ransomware Target

Inconsistent User X Explosion in Unsecure Decrease in Business

Network Edges Uptime & Productivity

© Fortinet Inc. All Rights Reserved. 4

 What is Wide-Area-Network(WAN) ?
HQ/Datacenter

LAN
• Extends computer networks over large distances to
Hub
connect remote branch offices to Datacenters

• Runs on Hub-and-Spoke architecture

WAN

Challenges

Router
• Runs on legacy routing platforms resulting in
complex management and lengthy deployment
LAN LAN LAN
Spoke • Lacks delivering superior user experience

Branch Office 1 Branch Office 2 Branch Office 3

• Lacks application visibility
© Fortinet Inc. All Rights Reserved. 5
What is MPLS ?

Data Center
Multi-Cloud/SaaS
• Multiprotocol Label Switching(MPLS) is a routing
Internet-Access
technique to connect legacy Wide Area Networks

• MPLS circuits are typically leased from service

providers by customers

MPLS

Challenges

• High cost to build and operate

• Setup time can take months
• Poor cloud application experience as all traffic
is backhauled to data center then redirected to
Branch
cloud apps

© Fortinet Inc. All Rights Reserved. 6

What is Software Defined-WAN (SD-WAN)?

Data Center SaaS Multi-Cloud • Lightweight replacement of Legacy

Routers

Direct-Internet-Access • Enhance Cloud Application Performance

Broadband
4G/LTE

• Simplify Operations with centralized

management

Branch
• Enable consistent security for Direct
Internet Access at Branch

© Fortinet Inc. All Rights Reserved. 7

What is SASE (Secure Access Service Edge)?
Cloud-delivered network and security convergence solution for work-from-anywhere

Networking Cloud-delivered Security

Secure Service Edge (SSE)

FWaaS/SWG
—
SASE SD-WAN ZTNA
—
CASB

FortiSASE
Fortinet Secure SD-WAN

© Fortinet Inc. All Rights Reserved. 8

Expand SD-WAN to SASE to Enable Secure Private Access
Cloud-delivered SD-WAN and Security

SaaS Public Cloud Data Center

Secure Private Access

Augment to existing SD-WAN

Global Secure Private Access
FortiSASE SD- WAN
PoPs

Anywhere secure access to

Cloud-delivered Security corporate applications
and SD-WAN

Consistent network and security

experience for remote users

Remote Users On-premises Users

© Fortinet Inc. All Rights Reserved. 9
Business Value of Moving to SD-WAN

Improve User Direct secure internet access for

01 Experience business applications instead
backhauling to HQ

Instant ROI More bandwidth for users, consolidate

02 Benefits
networking and security point products

Simplified Enhance business agility with end-to-end

03 Operations visibility and automation

Fast Track Workshops © Fortinet Inc. All Rights Reserved. 10

 Fortinet Secure SD-WAN

Fast Track Workshops

Converged Networking and Security

FortiOS Everywhere

Convergence
Benefits
Enterprise Cybersecurity
Networking Services
Lacks awareness Software delivers • Reduced complexity
across the network network awareness eliminating multiple products
Secure
Switch WiFi Networking Application Content • Efficient operations with single
Network Firewall console and reduced staffing
Secure SD-WAN

5G Router
SASE
Location Identity
• End-to-end digital experience
ZTNA
measurement possible
NAC
Secure AP
Secure Switch
• Cost savings from product
and vendor reduction

© Fortinet Inc. All Rights Reserved. 12

Forrester®
has determined
the following
three-year impact of
Fortinet Secure SD-WAN:
Retail Manufacturing Financial Healthcare
Services

Asia HQ, North America

ROI Payback Location Europe North America
global HQ, global

300% 8 Months Revenue $13 billion $17 billion $18 billion $1.7 billion

Reduction in the number Increase in productivity of

of network disruptions security and network teams Employees 16,000 133,000 86,000 3,500

65% 50% SITES 8,500 1,000 2,500 750

https://www.fortinet.com/solutions/forrester-tei-sd-wan © Fortinet Inc. All and

Rights Reserved. 13
© Fortinet Inc. All Rights Reserved. Proprietary Confidential.
High-performing Portfolio powered by SD-WAN ASIC

01 Oct 2019
FGT 60F 03 July 2020
FGT 80F 05 May 2022
FGT 70F, FGT 600F, 07
Integrating SD-WAN Multiple form factors including FGT 3700F
into Industry’s best Bypass interfaces Integrated AI-powered
selling NGFW FortiGuard

Apr 2019 Feb 2020 Oct 2020 2023

FGT 100F FGT 40F FGT 200F FGT 90G, FGT 120G
Industry’s first Flexible Deployment Ideal for large Global FortiGate SASE appliance –
SD-WAN ASIC
02 options for SMB
04 deployments
06
accelerated networking and
security functions

Built-in LTE Built-in Wireless Built-in POE Built-in Bypass

Fast Track Workshops © Fortinet Inc. All Rights Reserved. 14

 Secure SD-WAN Use cases

Fast Track Workshops

Evolution of SD-WAN from Point Product to the Platform

Secure SD-Branch ZTNA AIOps

SD-WAN SD-WAN and SASE

Was all about Adding security Build out SD-Branch ZTNA and SASE Advanced AIOps
network services with LAN integration integration & DEM services
transformation
replacing routers Build out WAN Multi-cloud and
with 5G cloud on-ramp

© Fortinet Inc. All Rights Reserved. 16

One Solution For All Use-cases

Enhance Hybrid, Multi-cloud

Transform WAN and Security
Connectivity

Optimize Hybrid
Workforce Experience
with Universal SASE

Simplify Secure SD-Branch Scalable, High Performing WAN

Fast Track Workshops © Fortinet Inc. All Rights Reserved. 17

Enabling Application Resilient Networks,
No Matter of Location
Enhance user experience and business productivity

• Secure Local Internet Breakout

• 5,000+ App Identification and SaaS
One management for custom apps
1,000s of sites • First packet steering including
encrypted traffic

1
App
4 3 2 1 P Lost packets
43 21 P Broadband 4 3 2 1 are recovered
2 1
App App

Performing Speed
Dynamic QoS WAN remediation
parameters adjusted
Test [FEC & Packet Dup] Public Cloud
Branch Office Secure
SD-WAN
Multiple steering options

Manual
Best Quality 2
App

Lowest Cost
Maximize Bandwidth
On-premises Data Center

Intelligent Steering Reliable Accuracy Continuous Learning Self-healing

Traffic Agnostic Including encrypted traffic Broadest support 5k+ apps Realtime Optimization

© Fortinet Inc. All Rights Reserved. 18

Secure Private Access
Seamless SD-WAN Integration
In te rn e t

Apps
FGT DCs/Cloud
Secure Private Access

IPSec connectivity to SD-WAN

Hubs from FortiSASE PoPs FortiSASE
S e c u re P riv a te
Access
Intelligent Steering from FortiSASE
PoP to SD-WAN Hubs or Internet SD-WAN

Apps
FGT
Seamless integration with SD-WAN HQs/Branches
Architecture

Superior User Experience

Everywhere

Remote
User © Fortinet Inc. All Rights Reserved. 19
FortiOS Innovative Network Operating System

Policy Engine Automation Engine Logging & Reporting Monitoring & HA Orchestration API Connectors

WAN Interface
Controller
4G/5G

Security
Identity
LAN & Device Controllers

WiFi
App Security SSL
Authentication AV IPS Botnet URL IoT OT IPAM
Control Rating Inspection
Token DSL
SAML Content Processor Accelerated
Switch

Networking

WAN Path
Controller
Network
Security

Endpoint
Firewall Segmentation VPN SSL VPN DDoS CAPWAP Switching
Routing CGNAT Proxy
(VXLAN)
SD-WAN
NAC Network Processor Accelerated Network Processor Accelerated

Abstraction layer

Branch Campus Data Center Embedded Virtual Machine Cloud Native

Fast Track Workshops © Fortinet Inc. All Rights Reserved. 20

Efficient Operations with Granular Visibility
SD-WAN Summary Monitor for Holistic Network Visibility

Analytics and Reporting

• Aggregate view and charts for
visibility across all SD-WAN devices
[health overview, throughput, SLA
issues]
• Network Performance [latency, jitter,
packet loss]
• Application Session Analytics [top
apps, bandwidth]
• Automation for troubleshooting
• NOC and SOC dashboard

Fast Track Workshops © Fortinet Inc. All Rights Reserved. 21

 Fortinet SD-WAN Validation

Fast Track Workshops

Recognized as a Leader by Gartner® MQ, CC
and Peer Insights
Gartner Leader: SD-WAN Ranked #1 Four Years in a Row!
Three Years in a Row

On-Premises
Security-
Sensitive WAN

WAN for Small

Branches

“Leader” Four Years in a Row Gartner® Critical Capabilities: Voice of the Customer (SD-WAN)
(2023, 2022, 2021, 2020) #1 in two categories for three 96% of Reviewers Willing to Recommend
consecutive years

Gartner, Magic Quadrant for SD-WAN, Jonathan Forrest, Naresh Singh, Andrew Lerner, Karen Brown, 27 September 2023. GARTNER is a registered trademarks and service mark, and MAGIC QUADRANT is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. This graphic was published by Gartner, Inc. as part of a larger
research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Fortinet. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s
research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

© Fortinet Inc. All Rights Reserved. 23

Recommended By CyberRatings.org

Tested For:
• Management
• Routing & Access Control
• Maximum Capacity
• Stability & Reliability

“The Fortinet SD-WAN handled all use cases with ease and proved to
be highly reliable and capable and should be on everyone’s short list.”
https://www.fortinet.com/solutions/cyberratings-sd-wan

© Fortinet Inc. All Rights Reserved. 24

 Customer Success

Fast Track Workshops

 “These tools enable us to provide centralized
management from a single pane of glass,
detailed reporting, workflow automation, and
trends analysis. This enables the in-house team
to get a complete picture of their security
SUCCESS STORY posture at a glance, at any time.”
Retailer Improves Security With SD-WAN and – Jason Klein

Simplifies Operations at 740 Stores CTO, Leeward Business Advisors

Nationwide
Details
Client: Batteries Plus Bulbs
Business Impact
 Fill visibility of the entire security architecture from a single
Fortinet Partner: Leeward
pane of glass Business Advisors
Industry: Retail
 Flexibility to bolster specific security elements in the future Location: Hartland, Wisconsin,
with integrated solutions
USA
 Assured network performance at 740 stores due to Secure Solution
SD-WAN solution Fortinet Secure SD-WAN, FortiAP,
FortiManager VM, FortiAnalyzer
 Scalability to meet future security needs
 Solution was cost neutral compared with prior solution while
delivering vastly better performance and security
Batteries Plus Bulbs
740 stores across the US

COMPELLING EVENT
• Rapid expansion in both physical stores and e-commerce
site
• In-house IT team couldn’t manage cybersecurity on top of its
daily tasks
• Legacy MSSP needed to update their approach to security

CUSTOMER NEEDS
• Hands-on MSSP
• Visibility of network
• Easy integration
• Central management of SOC and NOC environment

FORTINET SOLUTION
• FortiGate Next Generation Firewall
• Deployed in each store
• Backed with AI-enable threat intelligence
• Fortinet Secure SD-WAN
• Safe use of public internet to scale network traffic

https://www.fortinet.com/customers/batteries-plus-bulbs
© Fortinet Inc. All Rights Reserved. 27
 “Both solutions in our final shortlist had the
required functionality, but Fortinet demonstrated
superior performance and manageability, which
we knew would be critical to maintaining service
levels as the business grew.”
SUCCESS STORY – Eduard Bîsceanu
Premier Romanian Bank Achieves 50% Director, Information Security and
Reduction in Application Response Times Administration, CEC Bank

With FortiGate Secure SD-WAN

Business Impact Details

 8x increase in available bandwidth Client: CEC Bank
Industry: Financial Services
 50% reduction in application response times
Location: Romania
 Greatly reduced operational complexity
 Increased profitability through launch of new services and Solution
efficiency gains FortiGate Secure SD-WAN, FortiGate
Network Firewall, Fabric Management
Center NOC, Fabric Management Center
SOC
CEC Bank
Almost 1,000 branches in Romania

COMPELLING EVENT
• Ambitious digital innovation projects
• Adoption of cloud and hybrid services
• Slow and unreliable support from the multiprotocol label
switching (MPLS)
• Realization that flexible and automated management are
needed to accommodate for rapid growth

CUSTOMER NEEDS
• Improving speed and reliability of network
• New cloud and hybrid services
• Real-time, automated response to threats
• Centralized visibility and control

FORTINET SOLUTION
• Fortinet Secure SD-WAN
• Solution combines the important aspects of
networking, security, and communication services
• FortiGate Next Generation Firewall
• Inspects and identifies traffic types, and carries out the
appropriate protocol

https://www.fortinet.com/customers/cec-bank
© Fortinet Inc. All Rights Reserved. 29
 “Fortinet provides me with a high-level view
of what is going on at the property level from
a security, infrastructure, network, and
bandwidth perspective. Using FortiManager
and FortiAnalyzer I am able to utilize all my
SUCCESS STORY toolset and bring everything together
IHG Hotels & Resorts Boosts IT Efficiency centrally.”
- Malvin Eanes, Hotel Security Compliance
Close to 60% with Fortinet Secure SD-WAN Director
IHG Hotels & Resorts

Business Impact
 15-month deployment, thanks to centralized management Details
Client: IHG Hotels & Resorts
 Forecast cost reductions by 25%
Industry: Hospitality
 Forecast team efficiency boost of 60% HQ Location: U.K.
 Forecast end-user satisfaction uplift of 30%
 Reduce round-trip latency 30% out of the box
Solution
 Improved security posture Fortinet Secure SD-WAN, FortiGate Next-
Generation Firewall, FortiManager,
 Better able to meet cloud and mobile application requirements FortiAnalyzer

© Fortinet Inc. All Rights Reserved. 30

IGH Hotels & Resorts
Operates 6,000+ Hotels Globally
COMPELLING EVENT
• Extended Stay’s Pose a Security Risk
• Legacy Multivendor Network was Difficult to Manage
• Each Hotel is Similar to a Data Center
• Outdated Infrastructure

CUSTOMER NEEDS
• SD-WAN solution
• Increase Bandwidth
• Reduce Costs
• Increase Visibility to all Technology Ecosystems

FORTINET SOLUTION
• Fortinet Secure SD-WAN
• Deployed in 4,000 Hotels
• 25% Cost Reduction
• 30% Drop in Round-Trip Latency
• 50% Increase in User Satisfaction
• FortiManager and FortiAnalyzer
• 15 Month Deployment
• Granular View and Detailed Reporting
• Increase Efficiency by 60% for Network and Security
teams
https://www.fortinet.com/customers/ihg-hotels © Fortinet Inc. All Rights Reserved. 31
 ROI CALCULATOR CUSTOMER WINS CTAP ASSESMENT

SD-WAN Tools and Resources

Fortinet SD-WAN 60+ Global Customer
Real-World ROI Study 400+ customers
Case studies
completed SD-WAN
Assessment

Fast Track Workshops

 CTAP Assesment for SD-WAN
Demonstrate immediate value with a Secure SD-WAN
Assessment Report in 4 simple steps:

1. Initiate a new SD-WAN assessment in the CTAP

portal.

2. Deploy Secure SD-WAN unobtrusively in

customer’s network to monitor traffic patterns

3. Generate Executive Summary Report, charts, and

recommendations

4. Discuss findings with customer. Establish yourself

as a trusted advisor & accelerate sales cycles

https://www.fortinet.com/offers/secure-sd-wan-assessment

© Fortinet Inc. All Rights Reserved. 33

 Configuring Secure SD-WAN

Fast Track Workshops

Configuring Secure SD-WAN
• Basic steps
• Setup the VPNs
• VPN Manager > IPsec VPN
• Configure shared resources
• Addresses & Address groups
• Normalized Interfaces
• Meta Data Variables
• Create templates
• Interface Members
• SLA
• Rules
• Assign templates to devices

Fast Track Workshops © Fortinet Inc. All Rights Reserved. 35

SD-WAN Overlay Templates

• Automate and Simplify

• Single or Dual HUB deployments

• Wizard creates SD-WAN related

templates
• Zero Touch Provisioning

Fast Track Workshops © Fortinet Inc. All Rights Reserved. 36

Performance SLA—Link Health Monitor
• FortiManager link health
monitor options:

• DNS, HTTP, PING, TCP echo,

UDP echo, TWAMP, TCP
Connect, and FTP

Fast Track Workshops © Fortinet Inc. All Rights Reserved. 37

SD-WAN Rules
• Rules can match traffic based on:
• Source IP address, destination IP
address, or port number
• Internet services database (ISDB)
address object
• Users or user groups
• Type of service (ToS)

• Use rules to route traffic through the

member interfaces that best fit your
needs

• Rules can be created for specific

Internet Services or Applications
Fast Track Workshops © Fortinet Inc. All Rights Reserved. 38
SD-WAN Rules—Manual

• Introduced in FortiOS 6.2

• Use a manual rule to pin one or more applications to a specific
SD-WAN member interface

Fast Track Workshops © Fortinet Inc. All Rights Reserved. 39

SD-WAN Rules—Best Quality

Custom-Profile-1
Link quality = (a*latency)+(b*jitter)+(c*packet loss)+(d/bandwidth)

Fast Track Workshops © Fortinet Inc. All Rights Reserved. 40

SD-WAN Rules—Lowest Cost (SLA)

• All of the traffic that matches the rule will be directed to a single
interface
• Uses the cost value of the SD-WAN member interface

Fast Track Workshops © Fortinet Inc. All Rights Reserved. 41

SD-WAN Rules—Maximize Bandwidth (SLA)

• Introduced in FortiOS 6.2

• Load balances multiple sessions across participating SD-WAN
members that meet the SLA

Fast Track Workshops © Fortinet Inc. All Rights Reserved. 42

Conclusions:

• Customers want WAN with local internet breakout

• SD-WAN enables local internet breakout but this means added security
risks
• Most SD-WAN vendors do not have robust NGFW security
• Many SD-WAN vendors recommend multiple devices for SD-WAN and
security
• Multiple devices add to the complexity and cost

• What customers need is Secure SD-WAN

• A single device handles both the security and the SD-WAN needs

Fast Track Workshops © Fortinet Inc. All Rights Reserved. 43

Key Takeaway

• FortiGate changes the conversation from SD-WAN to Secure SD-

WAN
• Best of breed integrated SD-WAN networking and security capabilities in a
single device reduces TCO

• FortiGate is SD-WAN ready:

• Purpose-built security processor (ASIC) for high reliability
• Enhanced application aware WAN path controller for QoS
• Security Fabric ready for easy visibility and control
• FortiManager enables single pane management across thousands of
enterprise branches
• 360 Protection is the most comprehensive protection bundle
Fast Track Workshops © Fortinet Inc. All Rights Reserved. 44
 Continuing Education

Fast Track Workshops

Fortinet Training Institute
Certification Program Education Outreach Program
840,000+ Certifications • Work with global leaders to drive change
• Focused on veterans, women and other underrepresented populations​
• Partnerships extend to industry, academia, government and non-profits
• Removes barriers to training and education with > $40M in free training

Veterans Program
• Partner with military focused non-profits to help over 2500
veterans and military family members
• Connect graduates with Fortinet employer ecosystem
• Brings untapped candidates into the cyber-workforce

Security Academy Program

• Range from K-12 to higher education and research institutions +439 +94
• Institutions integrate NSE Certification Program content into curriculum Institutions Countries and
• Provides free exam vouchers to promote certifications Territories

Authorized Training Centers

Supporting language and culture in training
in 134 countries and territories Awards

https://www.fortinet.com/nse-training/training-program-update
Fast Track Workshops © Fortinet Inc. All Rights Reserved. 46
Fortinet Provides Instructor-Led Training
• A full range of instructor-led, product-based training courses, leading to certification,
based on lectures and labs
• Offers a range of cybersecurity training:
• Advanced training for security professionals
• Technical training for IT professionals
• Awareness training for teleworkers

• Go to https://training.fortinet.com to find out more

Fast Track Workshops © Fortinet Inc. All Rights Reserved. 47

Fortinet Fast Track Training Qualifies for (ISC)2
Credits
• Earn 1 credit for every hour of Fast Track training, up to 8 hours per day, towards
maintaining your CISSP certification.
• Log into your (ISC)2 CPE Portal to claim your credits:
• Approximately 24 hours after you complete the workshop, you can download the course completion
certificate at https://training.fortinet.com
• Course Name: Constructing a Secure SD-WAN Architecture
• Number of training hours: 4 hours
• (ISC)2 CISSP Domain 4: Communication and Network Security
• Provide the date you completed the training

Fast Track Workshops © Fortinet Inc. All Rights Reserved. 48

 Lab Exercise: SD-WAN

Fast Track Workshops

Lab—Network Diagram

Fast Track Workshops © Fortinet Inc. All Rights Reserved. 50

Lab—Network Diagram

Fast Track Workshops © Fortinet Inc. All Rights Reserved. 51

Signing in to FortiFIED
• When you sign in, enter your name and select the scoring mode you’d like to use:
points, percent, or none

Fast Track Workshops © Fortinet Inc. All Rights Reserved. 52

FortiFIED Buttons
• Continue
• Click this when you have completed an exercise and answered any questions
• For some use cases, clicking Continue will trigger a new configuration to be pushed to one or more
devices in the lab network

• Hint
• Click this to receive a hint to help solve a question
• The next hint is shown automatically if you get click Continue but your answer is incorrect

Fast Track Workshops © Fortinet Inc. All Rights Reserved. 53