Fortinet SD WAN & SASE Cybersecurity Solutions

Fortinet SD WAN and SASE Solution: Comparisons, Review, Benefits, Use Cases, Pros & Cons

Author: Netify Research Team

If you have questions about Fortinet and how their capability is aligned to your needs, email the Netify research team. UK: uk@netify.co.uk North America: northamerica@netify.com

(Please use the UK email for ROW - Rest of the World - questions or inquiries)

Netify Review

Fortinet is a good option for large global enterprises due to their SD WAN and SASE offerings which can connect and secure branch offices globally. However, they can also cater to businesses with small IT and security teams, as Fortinet offers XDR, SOC, SIEM and NOC services that reduce the workload by offloading work to their own security experts for analysis and remediation. Their portfolio offers a wide range of network security, cloud security, security operations, zero trust access, networking and communications and security-as-a-service products. These all integrate seamlessly to offer a broad spectrum and comprehensive solution powered by FortiOS and based on Fortinet Security Fabric.

However, some customer reviews have suggested that Fortinet’s service can be difficult to configure on a small and detailed scale due to the vendor’s massive platform. Small businesses may prefer to choose a smaller vendor which may be better able to cater for granular configuration changes.

About Fortinet

Fortinet was founded in 2000 and is currently headquartered in Sunnyvale, California, United States. The company was named a Leader in the 2021 Gartner Magic Quadrant for WAN Edge Infrastructure and named in the 2022 Gartner® Magic Quadrant™ for SD-WAN as a Leader for the third consecutive year. The Fortinet threat intelligence group, FortiGuard Labs, has predicted that the cyber threat landscape beyond 2022 may see the convergence of advanced persistent threat methods with cybercrime. These could include Cybercrime-as-a-Service (CaaS), more effective attacks by threat actors following Reconnaissance-as-a-Service (RaaS), more prevalent Wiper Malware due to broader availability, increased difficulties tracing money laundering due to automation, and online worlds such as the Metaverse or virtual cities giving rise to new attack surfaces for cybercriminals to target.

What are Fortinet's Solutions?

• FortiDDoS: Fortinet’s Direct Denial of Service (DDoS) Protection Services offering, which is capable of monitoring hundreds of thousands of parameters at once, whilst providing defense against all types of DDoS attack, such as layer 7 application, SSL/HTTPS and bulk volumetric. Further, protection for DNS services using Fortinet’s specialized tools is available with minimal false positive detections due to continuous threat evaluation. FortiDDoS uses a 100% security processor (SPU)-based layer 3, 4 and 7 DDoS protection with application-aware traffic management, whilst behavior-based DDoS protection means that signature files are no longer needed. FortiDDoS is available on FortiDDoS 400B, 800B, 1200B, 1500E and 2000E appliances. 
• FortiADC Application Delivery Controllers: An advanced application delivery controller designed to enhance the performance, security and scalability of client’s applications, hosted on-premises and in the cloud. It does this by integrating application delivery with the Fortinet Security Fabric, to provide load balancing, web security and application acceleration, as well as Web Application Firewall (WAF) (see, What FWaaS (Firewall as a Service) solution is supported by Fortinet?), SSLi, user authentication, IPS, Geo-IP, IP-reputation, DDoS application, web filtering, and link load balancing - all available under one license. Enterprise-class Layer 4-7 ADC is also included, which offers a physical and virtual ADC and reverse proxy. This allows for advanced functions such as server and application health monitoring, intelligent traffic management and acceleration, caching/compression, SSL acceleration and offloading, TCP multiplexing, Link Load Balancing, WAN Optimization and automation-enabled API. The solution also includes FortiGSLB Cloud, which is a Domain Name System (DNS)-based service which keeps applications running when the local area experiences network downtime or traffic spikes. FortiADC can be deployed as a virtual or hardware appliance, or is available on-demand via Azure, Oracle Cloud, AWS and Google Cloud marketplaces. 
• FortiMail: A fabric-enabled secure email gateway that protects against email-borne threats - such as theft of credentials, funds or sensitive data. The solution is powered by threat intelligence from FortiGuard Labs, and is integrated into the Fortinet Security Fabric, to protect users from zero-day threats, Business Email Compromise (BEC) attacks, impersonation, spam, malware and phishing. The solution allows clients to automate intensive and repetitive workflows (including response) which reduces the workload for security operations teams. The solution can be deployed in the cloud, on-premises and in a hybrid use case, and clients have a choice of operating models which include Microsoft 365 and API support. 
• FortiSandbox: Fortinet’s sandbox solution is designed to protect against malware and zero-day attacks. The solution integrates with existing security structure to provide automated threat response, with built-in machine learning and multiple deployment options for Operational Technology (OT) or Information Technology (IT). The solution features: machine learning to augment dynamic and static malware analysis and code analysis, zero-day detection which is extended to NGFW, web application firewall, endpoint protection and secure email gateway platform, protection for IT and OT environments and a built-in MITRE ATT&CK matrix.
• FortiOS: Fortinet’s operating system which provides the foundation for the Fortinet Security Fabric. This allows Fortinet to provide security for endpoints, hybrid networks and cloud environments. The most recent is FortiOS 7.0, which includes SASE, ZTNA, SD WAN, FortiGuard Video Filtering Security Capability, Network Firewall, LAN Edge - 5G, Adaptive Cloud Security and a Fabric Management Center. 
• Fortinet Security Fabric: A cybersecurity platform powered by FortiOS, which covers the digital attack surface and enables self-healing security and networking. This protects data, applications and devices. The fabric leverages a broad portfolio for policy enforcement and coordinated threat detection, with converged networking and security across endpoints, user's clouds and Edges. It offers clients complete visibility because it is integrated with operations, security and performance across locations, technologies and deployments. The fabric tightens the security of all form factors (virtual machines, hardware appliances, X-as-a-Service, cloud-delivered). Also included in the Fabric are Fabric-ready Partner products. The security Fabric features: security-driven networking, Zero Trust Access (ZTA), adaptive cloud, the Fortinet Fabric Management Center, featuring a Security Operations Center (SOC) and Network Operations Center (NOC), FortiGuard Security Services and an Open Ecosystem. 
• FortiEDR: FortiEDR is Fortinet’s Endpoint Detection and Response (EDR) solution, delivering real-time visibility, protection, analysis and remediation to protect endpoints. This reduces the attack surface, detects and removes threats in real time, preventing malware and automating remediation procedures using customizable playbooks. FortiEDR is available as part of the Fortinet Professional Services platform. Security experts from Fortinet will analyze a client’s existing security posture. With this information, a customized security implementation plan will be created. This includes advice on: architecture and planning, deployment and installation, environment tuning, prevention mode migration, project management and training. Also included is the FortiEDR Best Practice Service, where security experts will offer guidance for clients as they deploy the product. The advice covers prerequisite and preparation, architecture and planning, deployment and optimization and closeout and basic training. 
• Web Application Security Solutions: A bundle product offering from Fortinet, that is designed to protect attack surfaces such as email and mission-critical web applications. The bundle includes FortiCASB (see, What CASB (Cloud Access Security Broker) solution is supported by Fortinet?), FortiWeb for Web Application Firewalls (WAF) (see, What FWaaS (Firewall as a Service) solution is supported by Fortinet?), FortiMail (see above), and FortiADC application delivery (see above). The solution helps clients to comply with regulations for public-facing applications, whilst offering security to protect them. Includes Web Application Security and Web API Security. 
• SIEM: Fortinet provide FortiSIEM as a Security Information and Event Management Solution, leveraging their Security Operations Center (SOC). 
• SOAR: FortiSOAR is Fortinet’s Security Orchestration Automation and Response service. The service includes Unified Incident Response Management, Alert Triage Automation, SOC Optimization and SOC Cross-Collaboration.
• FortiAIOps: Fortinet's artificial intelligence with machine learning solution now supports Fortinet SD-WAN. This enhancement allows users to track metrics such as interfaces, system resources, ISP bandwidth and dynamic computation of SLA baselines to ensure the best performance. The latest release of FortiAIOps now supports FortiExtender 5G/LTE gateways and enhances Fortinet's existing Wired/Wireless LAN AIOps capabilities.

What is the Fortinet SD WAN Solution?

Fortinet Secure SD WAN:

Fortinet’s SD WAN solution provides a single OS, unified WAN Edge with natively integrated security to deliver robust and efficient network protection without compromising the user experience. Fortinet’s offering includes features such as: cloud on-ramp, granular analytics, self-healing, NOC/SOC management and analytics, real-time SSL inspection and application specific Integrated circuit (ASIC) acceleration. The four key components of Fortinet’s Secure SD WAN are: FortiGate, Fabric Management Center, FortiOS and FortiGuard Security Services. 

• FortiGate: Available as physical and virtual appliances, FortiGate provides ASIC acceleration using vSPU or SOC4 SPU. FortiGate reduces the number of products on the WAN edge, reducing complexity and costs through the use of a unified platform. UCaaS, SaaS and business critical applications benefit from an improved user experience as a result of ASIC acceleration of steering, prioritization, SD WAN overlay tunnels, application identification and remediation. 
• Fabric Management Center: Offers single console management of over 100,000 devices including: access points, firewalls, extenders/LTE devices and switches. The Fabric Management Center also provides role-based access control, ADOMS for domain management and separation, automation utilizing Ansible, REST API and cloud connectors as well as network and application level SD WAN monitoring and provisioning across data centers, branch offices and cloud. 
• FortiOS: A unified operating system used to help secure the network by providing Dynamic Cloud connectivity and security, real-time application optimization and Advanced Next-Gen Firewall. FortiOS features Forward Packet Correction (FEC), granular application policies, SSL decryption and can be deployed as either a full mesh or partial-mesh topology. 
• FortiGuard Security Services: This feature offers advanced SD WAN security such as cloud scale data processing for real time insights and protection for people, content, devices and application through real time detection and prevention of both known and unknown threats. 

What is the Fortinet SASE security solution?

FortiSASE is Fortinet’s cloud-delivered and multi-tenant SASE offering, which leverages the ability to be deployed from the cloud, but is also available as an extension of the Fortinet Security Fabric, enabling the SASE solution to be deployed as part of FortiOS, a common operating system that connects all of Fortinet’s security solutions. The solution includes:

• Sandboxing: Cloud-delivered sandboxing to detect security threats before they make an attack on the network. 
• Data Loss Prevention (DLP): DLP stops end users from transferring key information outside the network, to ensure that network and data remain secure. 
• Domain Name System (DNS): Fortinet DNS automatically identifies and prevents malicious domains from entering the core network in real-time. 
• Intrusion Prevention System (IPS): Fortinet IPS is designed to monitor a client’s network to identify malicious activity - especially near areas known to be vulnerable. 
• Secure Web Gateway (SWG): SWG offers protection from internal and external risks, with agent-less traffic redirection and explicit proxy which enables secure web access (see, What SWG (Secure Web Gateway) solution is supported by Fortinet?). 
• Firewall as a Service (FWaaS): Leverages the FortiGate Next Generation Firewall (NGFW), offering advanced threat detection and SSL inspection deployed from the cloud via FortiSASE. The solution analyzes both in-bound and out-bound traffic to maintain secure connections for distributed users (see, What FWaaS (Firewall as a Service) solution is supported by Fortinet?).
• Zero Trust Network Access (ZTNA) and Virtual Private Network (VPN): FortiSASE allows users to integrate with pre-existing VPN solutions. This enables clients to extend ZTNA to secure remote users (see, What ZTNA (Zero Trust Network Access) solution is supported by Fortinet?).
• Fortinet Security-Driven Networking: A strategy designed to integrate a client’s security architecture and network infrastructure, in order to create scalability that does not compromise security. 

What ZTNA (Zero Trust Network Access) solution is supported by Fortinet?

Fortinet ZTNA controls access to applications, verifying users and devices before they access an application - confirming that they meet a business’ policy. The solution is enabled on any device (including virtual machines, hardware, in the cloud and in the FortiSASE service) that runs FortiOS 7.0 or later. It leverages the FortiClient ZTNA agent, and integrates with FortiGate Next generation Firewall (NGFW) (see, What FWaaS (Firewall as a Service) solution is supported by Fortinet?). 

What CASB (Cloud Access Security Broker) solution is supported by Fortinet?

FortiCASB is Fortinet’s Cloud Access Security Broker (CASB) offering, which creates visibility and control for SaaS applications. It is presented as a subscription service, and offers data security, visibility, threat protection and compliance for cloud-based services. The includes: 

What SWG (Secure Web Gateway) solution is supported by Fortinet?

FortiProxy is Fortinet’s Secure Web Gateway (SWG) solution, which is designed to protect against Advanced Web Content Caching and Internet-borne threats. The solution uses malware protection, DNS filtering, web filtering, URL filtering, advanced threat defense, Data Loss Prevention (DLP), Intrusion Prevention System (IPS), advanced threat protection and antivirus to protect end-users. The high-performance proxy can be deployed as a physical or virtual appliance on-site and can cater for organizations of all sizes. 

What FWaaS (Firewall as a Service) solution is supported by Fortinet?

FortiGate Next Generation Firewall (NGFW): 

FortiGate Next Generation Firewall (NGFW) offers clients end-to-end security and real-time defense leveraging FortiGuard Services, Secure Sockets Layer (SSL) inspection which includes TLS 1.3, Intrusion Prevention System (IPS), web filtering, DNS security services, ultra-scalability and a centralized management console to build large-scale operations. Further, clients have the ability to share actionable threat intelligence across the whole attack surface, creating an end-to-end security posture. FortiClient can be added to bring security to hybrid workforces using ZTNA (see, What ZTNA (Zero Trust Network Access) solution is supported by Fortinet?). FortiGate NGFW has a number of use cases: 

Uses FortiGate Rugged NGFWs to deliver enterprise level security for Operational Technology (OT) environments, with full threat protection and network visibility. Further, Fortigate-VM is a virtual firewall available for multi-cloud, service provider and hybrid cloud environments, offering scalable VPN and cloud-native security. 

FortiWeb Web Application Firewall (WAF): 

Fortinet also offer FortiWeb, which is their Web Application Firewall (WAF) offering. The solution is designed to protect business-critical web applications. FortiWeb does this by blocking known and zero-day threats to applications whilst avoiding accidentally blocking legitimate users. It also requires less management overhead than legacy applications, and can protect APIs which enable B2B communication and supports mobile applications, whilst blocking malicious bot activity without compromising legitimate bots required for business needs (search engines, health and performance monitoring tools). It also has the capability to defend against the OWASP Top-10 and DDoS attacks, whilst integrating with FortiGate firewalls and FortiSandbox for increased protection, uses ML to protect against zero-day attack and reduce false positives, with protected WAF throughputs and secure traffic encryption/decryption, visual reporting tools for analysis of attack types and false positive mitigation tools to minimize the everyday management of execution lists and policies, ensuring only unwanted traffic is blocked. The solution is also part of the Web Application Security Solutions product bundle (for more information see here). 

FortiWeb can be deployed as a virtual machine, hardware appliance or as a container which is deployable in cloud environments, data centers or in Fortinet’s cloud-native SaaS solution FortiWeb Cloud WAF as a Service. This is designed to protect web applications that are public hosted from attacks such as zero-days and OWASP Top-10. The solution does not need hardware or software, but is instead delivered via WAF gateways hosted in Azure, Google Cloud and AWS regions where the application sits. Performance and regulatory concerns are addressed using scrubbing traffic in region, and the built-in setup wizard with predefined policies allows for quick and simple deployment. The solution also leverages the FortiGuard Labs which offers sandboxing, IP reputation and signatures. 

What MDR (Managed Detection and Response) solution is supported by Fortinet?

Fortinet’s FortiResponder MDR Service is available as part of FortiEDR advanced endpoint security platform (see, Fortinet products and services: FortiEDR). The service includes constant threat monitoring, incident handling leveraging security analysts and alert triage. The security experts from Fortinet analyze all alerts and provide remediation advice for IT administrators and incident responders, enhancing SOC expertise. 

After MDR, clients can deploy FortiResponder Forensics and Incident Response Service which is designed to help clients to analyze, respond, contain and remedy security incidents. This service is also available to clients who do not implement FortiEDR. 

What NDR (Network Detection and Response) solution is supported by Fortinet?

Fortinet do not offer an NDR solution, however they do have XDR (see below), MDR (see above) and EDR (see, Fortinet products and services: FortiEDR) solutions. 

What XDR (Extended Detection and Response) solution is supported by Fortinet?

FortiXDR, is Fortinet’s XDR offering, part of the Security Operations Center (SOC) platform. The solution is cloud-native, with cross-product detection and response whilst integrating with Fortinet Security Fabrics for visibility and control. FortiXDR is good for businesses with a small security team. 

FortiXDR includes: 

• Cross Product Incident Identification: Fortinet is able to develop analytics that match cyberattacks as they evolve. Correlated telemetry is collected across the Security Fabric and both are applied to identify any potential cybersecurity incidents. 
• AI-Powered Investigation: Neural network-based decision engines are trained to replicate the investigation and classification of potential incidents that an SOC analyst would do, with the help of microservices. 
• Automatable Response: Fortinet’s remediation framework can enable organizations to predefine steps that should be taken based on elements such as classification and individual/group.

How does Fortinet deliver cloud security?

Fortinet offer clients security for public cloud infrastructures and workloads such as Azure, AWS, Google Cloud, Alibaba Cloud and Oracle Cloud, via the Fortinet Security Fabric. Cloud security assesses a client’s customer components (for example operating systems, data and applications, encryption, access and identity management, network traffic and APIs) to augment the public cloud provider’s security features.There are several product offerings:

• FortiCASB-SaaS: Designed to monitor all SaaS application activity and the configuration of multiple SaaS services using Fortinet’s SaaS application API. This offers clients detailed visibility on the usage of SaaS applications, allows them to implement uniform application control and security policies whilst supporting compliance with security regulations and protecting sensitive data. 
• Multi-Cloud Security: Clients can deploy any chosen application in the cloud, as Fortinet provides protection across the whole digital attack surface in public clouds and on-premises. The solution can integrate with major cloud providers to offer automated management, with visibility and policy management. 
• Web Application Security: Fortinet offer clients several web application security solutions, such as FortiWeb-VM, which is a web application firewall that can be deployed on any major cloud platform to secure API’s and front-end web applications. FortiCloud Sandbox Service identifies malware using dynamic analysis, and FortiGate-VMs integrate with FortiWeb to provide visibility and enforce security policies centrally. This provides clients with automated management, multi-layer advanced application protection and security for public and private cloud applications.
• Security for Hybrid Cloud: Leverages the FortiGate Next Generation Firewall (NGFW) to protect hybrid cloud environments, using connections via a high-speed VPN tunnel. Clients can deploy FortiGate-VM in the public cloud, which will communicate with FortiGate NGFW using any form factor that is provisioned in the data center.

How does Fortinet support remote users?

Fortinet offer cloud-delivered threat protection to secure remote users, via FortiSASE Secure Internet Access (FortiSASE SIA). This offers clients constant threat protection, security functions and unified networking to replace legacy VPN technologies, leveraging the Fortinet Operating System (FortiOS) for support. Remote users can be managed and secured with the same security policy protection as in-office workers, on or off-net using the FortiClient Agent. The solution extends Fortinet’s enterprise security and networking to the cloud Edge, allowing clients to enforce firewall and security policies at scale, independent of a user’s location. 

The solution includes: 

• Intrusion Prevention System (IPS)
• Data Loss Prevention (DLP)
• Secure Web Gateway (SWG): see, What SWG (Secure Web Gateway) solution is supported by Fortinet?
• Zero Trust Network Access (ZTNA): see, What ZTNA (Zero Trust Network Access) solution is supported by Fortinet?
• Firewall as a Service (FWaaS): see, What FWaaS (Firewall as a Service) solution is supported by Fortinet?
• Domain Name System (DNS)
• Sandboxing: see, Fortinet products and services: FortiSandbox

What is the Fortinet managed, co-managed and DIY services solution?

Fortinet leverage their SOC to offer clients a range of Security as a Service (SaaS) solutions offering analysis and remediation services from Fortinet security experts. The SOC platform includes XDR and MDR solutions. Other managed services also include Cloud Security Services, WAF as a Service and Secure SD WAN.

What Reporting and Management is available via the Fortinet Portal?

The Fortinet FortiPortal is a self-service, end-user portal that can be physically deployed or alternatively used as a virtual machine. The SD WAN monitoring dashboard can display information regarding packet loss, jitter, interface, performance loss, sessions, latency and bandwidth from across all SD WAN enabled devices. FortiPortal reduces the need for on-site infrastructure by providing integrations with FortiAnalyzer, FortiAP, FortiGate and FortiManager. The FortiPortal can be utilized by both customers and service providers, providing access to log views, reports, dashboards and monitoring to ensure that end users can see and understand the impact of security policies. The service offers traffic analysis, log retention, reporting and configuration management through a single, centralized console.

What is the Fortinet SLA?

Following Fortinet’s acquisition of SASE and Cloud provider OPAQ on 20th July 2020, their Zero Trust Network Access solution was embedded into the Fortinet SASE solution. Due to this service integration and the lack of a Fortinet specific Service Level Agreement the OPAQ SLA is listed below: