Recently, as I prepared for the Fortinet Network Security Expert 5 certification, I spent a lot of time learning the detailed intricacies of using the FortiManager network orchestration tool to deploy large-scale SD-WAN networks. FortiManager is designed to make deploying hundreds and even thousands of sites easy and simple.
SD-WAN is designed to route traffic based on target Service Level Agreements that you designate for each type of traffic. For example, you may want Office 365 traffic to go over your broadband connection directly to the internet, yet if performance drops on your broadband, you want to route over your cellular backup. Yet maybe your Point of Sale traffic should go over your satellite connection to your data center, with cellular as a backup. FortiManager allows you to build these routes and set SLA targets for each type of traffic, and deploy these policies at scale to hundreds or even thousands of locations.
What is new in FortiManager 6.4
The video below explains some of the new features that makes it much easier to deploy and manage these SLA targets and your various SD-WAN links on a global scale. Rather than build each individual SD-WAN connection, you can create profiles for a hub and spoke arraignment. Simply assign a location as a hub or a spoke, and the proper template will be pushed to that location.
IP address assignment
Another cool feature is that you can now create global IP pools and FortiManager will assign the proper IP addresses to each region, location, and devices. There is no need to keep detailed spreadsheets of IP assignments, or to assign IP pools per device. You don’t even need to know the IP address of the equipment before you deploy it.
Service Level Agreements (SLA’s)
SLA’s are used to determine how traffic is routed over the various SD-WAN links. FortiManager allows the network administrator to identify SLA targets for measurement. For example, you may want your Microsoft Office 365 environment to be one SLA, your VoIP provider to be another SLA, and your Point of Sale environment to be a third SLA. FortiManager allows you to set up SLA targets for each environment.
New in FortiManager 6.4 is the ability to set up SLA targets per region. In other words, you may have one SLA for Europe and another SLA for North America. Or maybe you want your AWS environment as an SLA target, and on the east coast you want to target the us-east-1 zone in Virginia, while the west coast you target the us-west-1 zone in Northern California.
Summary
FortiManager allows an organization to manage security at scale. Companies such as Waste Management use FortiManager to provision and deploy thousands of devices to hundreds or even thousands of sites, and gives these organizations the much-wanted “single pane of glass” view into their network, regardless of the size of that network. They no longer have to use scripting or logging into multiple devices to manage security. And with FortiManager’s API, organizations can easily use tools such as Chef and Ansible to automate their Fortinet security environment.
Best of all, Fortinet SD-WAN is built into every single Fortunate firewall, from the smallest home/office system to the largest enterprise firewall. Nothing to add, no additional license to pay and renew. You can use FortiManager to deploy SD-WAN easily and quickly across your entire enterprise.
Leave a Reply