The following snippet summarizes the general SD-WAN architecture and deployment method for MSSPs. To view the complete guide, go to SD-WAN Deployments for MSSPs.
Executive Summary
This document will guide you through a deployment of the Fortinet Secure SD-WAN Solution that consists of fully functional FortiGate (FGT) devices deployed on every site and centrally managed by FortiManager (FMG) and FortiAnalyzer (FAZ).
Our aim is to present an approach with the following important characteristics:
- Generic: suitable for a wide variety of topologies with a mix of different site types
- Flexible: allows (but not requires!) every detail to be customized
- Reusable: provides a high degree of similarity (and re-usability) between different projects
- Automation-friendly: suitable for fully automated provisioning using REST API
- IaC-friendly: includes plain-text project descriptions in a declarative (also considered implementation-agnostic) language, which is both human and machine-readable, and allows for easy review, traceability, version control, and more
This approach is recommended for Managed Service Providers, who are the main target audience for this document. However, this approach may benefit any type of customer looking for the characteristics mentioned above.
Deployment scenario
The following diagram illustrates the SD-WAN project that is being deployed:
The project is comprised of two regions:
- West Region is served by two Hubs.
- East Region is served by a single Hub.
The Edge sites offer two levels of connectivity, which are referred to as profiles:
- Silver profile means two WAN links: one Internet connection (ISP1) and one MPLS.
- Gold profile means three WAN links: two Internet connections (ISP1, ISP2) and one MPLS.
Deployment Overview
The following diagram describes the workflow for templating, staging and deploying the SD-WAN solution:
For more information, go to SD-WAN Deployments for MSSPs.