SD-WAN Components:

The Fortinet Secure SD-WAN solution is comprised of multiple components. Overall, the
components that make up the Fortinet Secure SD-WAN solution are: FortiGate, FortiManager,
FortiAnalyzer, and FortiDeploy. FortiGate runs FortiOS, the core of the Secure SD-WAN solution.
FortiManager drives Orchestration and Management. FortiAnalyzer and FortiDeploy help the
whole solution come together, delivering a solution that is unmatched by other vendors.
The control, data plane, and security layer can only be deployed on a FortiGate. The other two
layers can help to scale and enhance the solution. For large deployments, FortiManager and
FortiAnalyzer provide the management and orchestration capabilities FortiSwitch and FortiAP
provide the components to deploy an SD-Branch. SD-WAN is broken down into three layers:
o Management and Orchestration
o Control, Data Plane, and Security
o Network Access

Layer Functions Devices

Management and Unified management FortiManager FortiAnalyzer
Orchestration Template based solution
Zero touch provisioning
Logging, monitoring, and analysis
Automated orchestration using REST
API
Control plan, Consolidation of underlays and overlays FortiGate
Data Plane, into SD-WAN zones
and Security Underlay and Overlay
Scalable VPN solutions using ADVPN
Overlay
Static and dynamic routing definition
Routing
NGFW firewalling
Security
SD-WAN health-checks and monitoring
SD-WAN
Application-aware steering and
intelligence
SD-WAN
Network Access Wired & wireless network FortiSwitch FortiAP
segmentation
Built-in Network Access Control

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717

Management and Orchestration:
FortiManager provides centralized management and orchestration of Secure SD-WAN branch
edge devices. An organization’s FortiManager may reside on-premises, in a private cloud, or in
public cloud environments. Regardless of location, FortiManager maintains connectivity to each
FortiGate device, monitors performance SLAs, and presents a single pane-of-glass view into
global connectivity. It also provides templates for security policy configuration, SD-WAN policy
configuration, and performance SLA definition. Secure SD-WAN administrators only need
FortiManager to control their entire deployment. With flexibility to support APIs and Security
Fabric Connectors, FortiManager seamlessly integrates into the greater workflow within any
organization.

FortiManager:
FortiManager is a key component for deploying SD-WAN across a large network. Centralized
(single-pane-of glass) management through FortiManager can help you to more easily manage
SD-WAN deployment across many devices, and reduce the cost of operation. FortiManager
offers all the necessary tools to manage and orchestrate Fortinet Secure SD-WAN solutions. You
can quickly deploy thousands of edge locations, trigger changes to entire groups of devices, and
consistently define security and SD-WAN policies throughout your environment. FortiManager
reduces administration & workload costs with smart features, such as device discovery, device
group creation by administration domain, audit & management of complex SD-WAN
architecture. Centralized policy and device management, Secure SD-WAN provisioning and
monitoring and Single console management.

FortiAnalyzer:
FortiAnalyzer aggregates log data from one or more Fortinet devices, including FortiGate
devices that participate in SD-WAN. FortiAnalyzer acts as a centralized log repository and
provides a single channel for accessing your complete SD-WAN network data, so you don’t need
to access multiple SD-WAN devices several times a day. FortiAnalyzer for advanced analytics
and automation. FortiAnalyzer allows administrators or business owners to generate automatic
SD-WAN reports targeted to executive management.

Control Plan:
The control plane is the part of a network that controls how data is forwarded. The role of the
Control Plane is to inform the routers how to send their traffic. Control Plan traffic is the traffic
which is from the device to the device. Control plane traffic is traffic that is originated by, or
destined to the router itself. Traffic that network devices send between each other for
automatic network discovery. Protocols and traffic that network devices use on their own
without direct interaction.

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717

Data Plane:
Data Plan traffic from the user to the user. Data plane traffic that is just passing through to get
to other destinations. Traffic that is being forwarded through network also called transit traffic.
The data plane is the actual forwarding process.

Security:
Security involves defining policies for access control and applying the appropriate protection
using the FortiGate's NGFW features. FortiGate is a fully functioning, market-leading Next-
Generation Firewall, meaning security is at the heart of the SD-WAN Solution. All the security
features available in the FortiGate can be leveraged when SD-WAN is implemented.

FortiGate:
With its underlying FortiOS firmware, FortiGate is the product at the foundation of Fortinet’s
Secure SD-WAN solution. The ability to build the most efficient overlay network in the SD-WAN
architecture. FortiGate is a fully functioning, market-leading Next-Generation Firewall, meaning
security is at the heart of the SD-WAN solution. All the security features available in FortiGate
can be leveraged when SD-WAN is implemented.

Network Access:
Extends the security to the access layer through the FortiSwitch and FortiAP, which form the
LAN edge. FortiSwitch and FortiAP consolidate branch services through the convergence of
security and network access with FortiLink. FortiSwitch and FortiAP integrate with FortiGate to
extend SD-WAN benefits into the network access layer. This enables network and security
administrators to create and enforce the same network security policies across the enterprise,
including out to the network branch.

FortiAP:
Fortinet’s wireless LAN equipment leverages Security-Driven Networking to provide secure
wireless access for the enterprise LAN edge. Perfect for deployments from the campus to the
SD-Branch, FortiAPs are Fortinet Security Fabric enabled, providing the broad visibility,
automated protection, and integrated threat intelligence required to protect organizations’
valuable assets and data worldwide. And that includes REST API support for most of the
features used. FortiAP to provide Wi-Fi access to users. FortiAP is the hardware used to
aggregate the wireless connections on the LAN edge, providing different access modes, radio
configuration capabilities, and all the current cutting-edge Wi-Fi enhancements depending on
the model.

3 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717

FortiSwitch:
FortiSwitch can be adopted as a natural extension of SD-WAN to provide security on the wired
LAN edge. FortiSwitch is an essential cornerstone to the software-defined branch (SD-branch)
that completes the SD-WAN architecture by enabling security into the access through FortiLink,
consolidating all the connectivity in the branches, and enabling the management and power of
the FortiAPs. FortiSwitch to provide security on the wired LAN edge. FortiSwitch is the hardware
used to aggregate the wired and wireless connections on the LAN edge, providing different
layouts of physical ethernet or modular (SFP) ports and Power-over-Ethernet (PoE) capabilities,
depending on the models.

4 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717