AWS Cloud WAN provides a central dashboard for making connections between your branch offices, data centers, and Amazon Virtual Private Clouds (Amazon VPCs)—building a global network with only a few clicks. You use network policies to automate network management and security tasks in one location. Cloud WAN generates a complete view of your on-premises and AWS networks to help you monitor network health, security, and performance.
Fortinet SDWAN (software-defined wide-area network) solution enables enterprises to transform and secure all WAN edges. Leveraging the Security-driven Networking approach that uses one operating system and one centralized management console, enterprises realize superior user experience, enhanced security posture effectiveness with converged networking and security, and achieve operational continuity and efficiency. Fortinet FortiGate delivers fast, scalable, and flexible Secure SD-WAN for cloud-first, security-sensitive, and global enterprises. Our Security-Driven Networking approach consolidates SD-WAN, next-generation firewall (NGFW), and advanced routing.
Zero Trust Network Access（ZTNA）
ZTNA is a capability within Zero Trust Access (ZTA) that controls access to applications. It extends the principles of ZTA to verify users and devices before every application session. ZTNA confirms that they meet the organization’s policy to access that application. Our unique approach, delivering Universal ZTNA as part of our FortiGate makes it uniquely flexible, covering users when they are remote or in the office.
In the previous example, we use the integration of AWS Cloud-WAN and Fortinet SD-WAN to achieve cloud-network convergence of enterprise services, so that enterprise employees can quickly access internal applications deployed on AWS in any branch office.
In this example, many employees are working remotely due to COVID-19 and need anytime, anywhere access to business systems in Frankfurt, and the security department wants to meet demand while protecting business systems with a Zero Trust architecture that only allows users and compliance to use zero trust Policy devices access business system applications.
1、Deploy FortiClient EMS and configuration Zero Trust rules
Login to FortiCloud and enable FortiClient EMS Cloud in the Services menu
Configure Zero Trust policy rules through FortiClient EMS Cloud, and according to the business requirements of this example, we add a configuration of a Zero Trust tag [Business_ZTNA_Trust]. Detailed description of the reference documentation: Zero Trust Tagging Rules
2、Configure FortiGate for Fortinet-VPCand enableZTNA
Configure FortiClient EMS in Fabric Connectors to connect to the FortiClient EMS Cloud
Configure Zero Trust to protect Frankfurt's business system applications with ZTNA Server
Configure Zero Trust access rules in ZTNA Rules to allow only users and devices with both [Employee] and [Business_ZTNA_Trust] two ZTNA Tags to access the protected Frankfurt's business system applications.
3、Install FortiClient on the user device and connect to FortiClient EMS to obtain the Zero Trust policy identity
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.