FortiGate SD-WAN — Three Tiers.
Every FortiGate is an SD-WAN appliance. Choose by branch size — all run the same FortiOS, all managed through FortiManager.
Compact desktop Secure SD-WAN for small branches. 5Gbps firewall, 800Mbps NGFW, SD-WAN built-in, no extra licence. WiFi variant available.
- ✓5G firewall / 800Mbps NGFW
- ✓Fanless desktop — completely silent
- ✓SD-WAN + ZTNA built into FortiOS
- ✓FortiWiFi 40F variant with AP
- ✓Zero Touch Provisioning
- ✓FortiManager compatible
1U rack Secure SD-WAN for medium branches and hub sites. 39Gbps firewall (NP7 ASIC), 5.3Gbps IPS, dedicated WAN + 10GE LAN.
- ✓39G firewall — NP7 ASIC hardware
- ✓5.3G IPS threat protection
- ✓3G SSL inspection throughput
- ✓Dedicated WAN + 10GE SFP+ uplinks
- ✓Regional hub SD-WAN capable
- ✓ADVPN spoke-to-spoke tunnels
Centralised SD-WAN orchestration. Zero Touch Provisioning, mass policy deployment, SD-WAN Orchestrator, FortiAnalyzer analytics integration.
- ✓SD-WAN Orchestrator built in
- ✓Zero Touch Provisioning (ZTP)
- ✓Mass policy — hundreds of sites
- ✓VM (AWS/Azure/VMware) or hardware
- ✓Change control & approval workflows
- ✓FortiAnalyzer analytics integration
From Branch to Cloud in Six Steps
How Fortinet Secure SD-WAN connects, secures, and optimises every branch — with a single appliance and a single management plane.
Install FortiGate at Branch
Deploy a FortiGate appliance at each branch location. Connect primary and secondary WAN links (fibre, broadband, MPLS, 4G) to the FortiGate WAN ports. LAN ports connect to the branch switch fabric. No additional SD-WAN hardware or appliances are needed.
FortiGate supports Zero Touch Provisioning — pre-register the device serial number in FortiManager before shipping. The device self-configures from FortiManager templates on first boot without any on-site engineer configuration.
Define SD-WAN Policies
In FortiOS (or centrally via FortiManager), configure SD-WAN performance SLAs for each WAN link and define application steering rules. Specify latency, jitter, and packet loss thresholds that trigger automatic path switching for each application class.
Fortinet includes 5,000+ built-in application signatures in FortiOS for SD-WAN steering. Microsoft 365, Salesforce, video conferencing, and VoIP traffic are automatically identified and steered to the optimal WAN path without manual packet inspection rule creation.
Apply NGFW + Security Policy
Enable FortiGuard AI-powered security services: IPS, web filtering, application control, anti-malware, and DNS security. All traffic — WAN-routed, cloud-bound, and local — passes through the integrated security stack in the same FortiGate appliance without additional hardware at the branch.
The FortiGate Security Processing Unit (SPU) handles both SD-WAN path selection and security inspection in hardware — maintaining full throughput under simultaneous SD-WAN and NGFW operation without CPU-based performance degradation.
Monitor SLA Performance
FortiOS continuously measures WAN link performance against defined SLA targets. When a link degrades (high latency, packet loss), traffic automatically shifts to the next best available path within milliseconds. Performance history and SLA compliance reports are available in FortiAnalyzer.
Active SLA probes generate synthetic traffic to measure real-time link quality — not just administrative UP/DOWN status. This distinguishes between a physically connected but degraded link and a healthy link, enabling far more accurate path selection than routing protocol metrics alone.
Enforce Universal ZTNA
Universal ZTNA in FortiOS grants application access based on continuous verification of user identity and device posture — not just network location. Branch users get per-application access control without a separate ZTNA gateway appliance.
Universal ZTNA extends the same policy to remote users as well — whether a user is sitting in a branch office or working from home, they access the same applications with the same posture-verified, least-privilege access policy enforced by FortiGate.
Centralise via FortiManager
FortiManager provides SD-WAN Orchestrator — define application steering policies, SLA targets, and WAN link configurations centrally and deploy to all branches simultaneously. Single dashboard, consistent policy, and automated Zero Touch Provisioning for new branch rollouts.
FortiAnalyzer paired with FortiManager provides granular SD-WAN analytics: application usage trends, WAN link utilisation, SLA compliance over time, and security event correlation across the entire WAN fabric — from one management interface.
FortiGate 40F — Compact. Secure. Always-On SD-WAN.
The FortiGate 40F puts enterprise-grade Secure SD-WAN into a fanless desktop appliance that sits on a branch desk or mounts in a small cabinet. 5 Gbps firewall, 800 Mbps NGFW threat protection, and SD-WAN built into FortiOS — with no separate SD-WAN licence required.
Security-First SD-WAN
SD-WAN Without Extra Licences
SD-WAN is native in FortiOS — every FortiGate ships with it enabled. No separate SD-WAN licence, no overlay appliance, no integration complexity. The same FortiOS policy engine controls SD-WAN steering, firewall, IPS, and ZTNA.
Security + SD-WAN in One Box
Competitor SD-WAN solutions route traffic through a dedicated SD-WAN appliance with no security inspection at the branch. FortiGate performs NGFW, IPS, SSL inspection, and SD-WAN steering in a single appliance using hardware ASIC — closing the security gap.
Gartner WAN Edge MQ Leader
Fortinet is a recognised Gartner Magic Quadrant Leader for WAN Edge Infrastructure — validated for vision and execution in the enterprise SD-WAN market by the world's most authoritative analyst firm.
ASIC-Accelerated Performance
Fortinet's Security Processing Unit (SPU) — available in FortiGate models including the 120G (NP7) — provides hardware-accelerated firewall and IPsec processing that software-only SD-WAN platforms cannot match at equivalent cost.
FortiManager at Any Scale
From 5 to 5,000 branches, FortiManager provides consistent centralised SD-WAN orchestration: Zero Touch Provisioning, policy lifecycle management, SD-WAN Orchestrator, and FortiAnalyzer analytics — without per-device licencing for management.
Universal ZTNA Included
Universal ZTNA is integrated into FortiOS at no extra cost — applying consistent identity and device-posture-based application access control for branch office users and remote workers from the same FortiGate policy engine.
Secure Your WAN. Simplify Your Branch.
Servnet is an authorised Fortinet UK reseller. FortiGate SD-WAN appliances, FortiManager licences, FortiGuard subscriptions, and FortiAnalyzer — all from one place.
Compare Fortinet SD-WAN with other vendors
Servnet is vendor-neutral. Explore alternative and complementary platforms in the same category.