SERVICE BRIEF

FortiCare Services for SD-WAN

Confidently Deploy Your SD-WAN Solution and
Develop Zero-touch Provisioning
Benefits
Organizations require fast, scalable, and flexible connectivity among different
nnAddress specific business
network environments. Fortinet Secure SD-WAN solutions have become increasingly
popular for enterprises looking to leverage the corporate wide-area network (WAN) needs with comprehensive
as well as multi-cloud connectivity to deliver high-speed application performance at design and planning
branch sites. Proper deployment of SD-WAN solutions is vital to simplify operations nnReduce risk through extensive
and preserve the end-user experience. testing and validation

Fortinet offers FortiCare Services for Fortinet Secure SD-WAN solutions to nnAccelerate branch site rollout
design and validate the proposed solution rollout as well as provide accelerated with zero-touch deployment
deployment of hub and branch sites. SD-WAN experts help reduce risk by applying nnEnable operations and DevOps
best practices and lessons learned through real-world experience. teams through side-by-side
Engagements for SD-WAN solutions can include some or all of the following knowledge transfer
customized to address business needs:

Design Workshops Formal Documentation Testing and Validation

Bring customer vision into a viable
solution design through collaborative
sessions revealing how best to
deploy and configure the solution.
Solidify designs, test plans, and
procedures with documentation
including High Level Design (HLD),
Low Level Design (LLD), Functional
Test Plan, Day to Day Process
Run Sheets, and Deployment MOPs.
Reduce risk and guide a
successful implementation with
build testing of key Fortinet
deployment elements in dedicated
environments (virtual, customer lab,
or production infrastructure).

Deployment Low-touch Provisioning Product and API Knowledge Transfer

Confidently deploy core
infrastructure such as Hubs sites,
SD-WAN gateways, and management
platform. Branch site piloting with
cutover assistance and
post-migration support.
Zero/minimal touch rollout
methodology applied to your
solution with documented
procedures required to
provision sites.
Team enablement with over-the-
shoulder knowledge sharing on
the implemented solutions and
DevOps training on Fortinet APIs for
integration with third-party systems.

1
SERVICE BRIEF | FortiCare Services for SD-WAN

Customer Story #1: Global Industrial Manufacturer

A large, dispersed manufacturing organization with a diverse topology of sites

Pre-SD-WAN deployment Deployed Fortinet Secure SD-WAN solution

2 x legacy DC hubs where all connectivity converges 2 x regions

~2,000 sites 4 x new DC hub sites, 2 x per region

Multitude of MPLS providers and legacy third-party hub and spoke

2 x SD-WAN overlays, internet and MPLS
VPN solution for inter-site traffic

Internet breakout though static tunnel from DCs Dynamic full mesh VPN overlays through ADVPN

Little east-west security UTM on east-west traffic

Dynamic SD-WAN controlled routing using either branches’ local

No central management
internet connection or routed back through the hub

No central reporting or log collection FortiManager and FortiAnalyzer in the cloud

FortiCare Services Provided

This customer’s previous deployment of third-party technologies had very little east-west security and no central management,
central reporting, or log collection. Fortinet experts met with the customer for several workshops to detail the requirements and
design of the SD-WAN deployment. Extensive testing of the proposed design was performed in the Fortinet Labs environment.
The team provided detailed “formal” documentation including a solutions design, functional test plan, zero-touch provisioning
method of procedure, and a design presentation prior to deployment. During the deployment phase, the Fortinet consultants
assisted in the deployment of four hubs and management platforms followed by six pilot branch sites with dedicated post-
migration support. The engagement was performed side by side with the customer team to provide thorough knowledge
transfer throughout the process.

The result was a successful migration from an existing MPLS underlay to a new hub data center that is centrally managed
through FortiManager in the cloud. All logs are now sent through a FortiAnalyzer in the cloud and have implemented UTM on
east-west traffic.

Customer Story #2: Intergovernmental Organization

Government organization with many branches situated in locations with poor WAN connectivity and a requirement
to pop up/pop down sites frequently

Pre-SD-WAN deployment Deployed Fortinet Secure SD-WAN solution

1 DC hub 2 redundant DC hub sites

~400 sites 4 SD-WAN overlays

Legacy third-party dual VPN overlay solution Multiple WAN access links for branches: 3 x internet, 1 x vSAT

Branches with only 2 WAN connections, in Active/Passive mode A fully dynamic BGP routed overlay

A static overlay routing Security with UTM (IPS, web filtering, application
control, and DNS filtering)
A manual failover between links with no SLA monitoring
Traffic shaping for QoS
Lack of traffic shaping, causing frequent link saturation

Manual provisioning and deployment of new sites Centrally managed solution with FortiManager

2
SERVICE BRIEF | FortiCare Services for SD-WAN

FortiCare Services Provided

The customer struggled with manual provisioning and deployment of new sites. Failover between links had to be manually
initiated and frequent link saturation was caused by the lack of traffic shaping. Additionally, they had no SLA monitoring.
Workshops were held between the customer and Fortinet consultants to detail the requirements and design of the SD-WAN
deployment to address these issues. Extensive testing of the proposed design was performed in the Fortinet Labs environment.
The team provided detailed documentation, including a solutions design, functional test plan, and a zero-touch provisioning
method of procedure prior to deployment. The deployment phase included the deployment of two hubs and management
platforms followed by three pilot branch sites with dedicated post-migration support. Fortinet experts worked with the customer
to create a process for zero-touch provisioning deployment for additional branch sites. The engagement was performed side by
side with the customer team to provide thorough knowledge transfer throughout the process.

The security side was a key element of this secure SD-WAN deployment. Fortinet consultants performed a thorough analysis
of the existing security rules present on legacy firewalls, and created new implementation guidelines to provide a broad and
consistent security posture throughout the various branches.

The result was a centrally managed, global SD-WAN implementation allowing the customer to address their need to spin up and
turn down sites quickly and frequently. A highly streamlined zero-touch provisioning process was developed to accommodate
the rapid changes in site deployment topology.

www.fortinet.com

Copyright © 2021 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product
or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other
conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser
that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any
such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise
revise this publication without notice, and the most current version of the publication shall be applicable.

April 14, 2021 11:56 AM

D:\Fortinet\Work\2021\0414\sb-forticare-services-sd-wan

948965-0-0-EN