1. leader badge
    Some of the valuable features are the firewall, IPS, web filter, and gateway capabilities. Additionally, it is easy to use and flexible.Overall, the pricing of the solution is very good. The product offers good value.
  2. The most valuable features are zero-disk provisioning and link load balancing on an application basis. The solution is great at aggregating the traffic and then sending it in one direction.
  3. Find out what your peers are saying about Fortinet, Cisco, VMware and others in SD-WAN. Updated: April 2021.
    475,129 professionals have used our research since 2012.
  4. It is fairly similar to other solutions. It has the capability for testing link connectivity, which is its unique feature from a control perspective.Some of the best features are the SD-WAN platform for VMware and the NSX network virtualization.
  5. I like the Firewall and the IPS.The VPN is great.
  6. The division of Control Plane and Data Plane is most valuable. It can be deployed anywhere, and you can control it and configure it from anywhere. This is one of the good features of this solution.
  7. It's a pretty straightforward solution.The WAN aggregation feature is the most valuable.
  8. report
    Use our free recommendation engine to learn which SD-WAN solutions are best for your needs.
    475,129 professionals have used our research since 2012.
  9. The best feature is the backup capability, where all of the users' computers are tied into a central data repository.The most valuable feature is its reliability.
  10. Its stability and SD-WAN features are the most valuable.Good identity fire walling, malware protection and application control features.

Advice From The Community

Read answers to top SD-WAN questions. 475,129 professionals have gotten help from our community of experts.
Ken Kao
If your company is using a SD-WAN solution, which brand is your choice? Why?
author avatarSevan Chandra

Nubewell Networks has full fledged feature set. 

author avatarreviewer1275930 (IT Executive Leader / Innovator at a tech consulting company with 11-50 employees)

I have done PoC with AT&T, VMware, Dell and SilverPeak -- I selected SilverPeak (which is now owned by HPE).

author avatarLipaz Hessel
Real User

We are working with Silver Peak, Fortinet (FortiGate and FortiAnalayzer) and also tried few other vendors.

We think and knows, that’s Silver-Peak is the only End to End SD-WAN solution along with VMWare in the market.

FortiGate is a FW with SD-WAN features.

author avatarChona Pantastico

Versa. Best of breed. Better security offering and now offers SASE as well.

author avatarMohsinoddi Mohammed

We are using fortigate with fortimanager and fortianalyzer. its a secure SDWAN solution and we are very satisfied with the solution.

What are some of the most common SD-WAN security vulnerabilities? How can I plan for these potential security issues? 
author avatarreviewer1392588 (Chief Technology Officer at a wholesaler/distributor with 201-500 employees)
Real User

The Citrix-SD wan comes wish a full firewall, that is very capable.  You just need to make sure that you harden the rules.  I would follow an approach of blocking everything, then open only what you need.   One point to note, there is a difference in applying a block or a drop rule.  A block still takes some processing, the drop just ignores these packets.  This makes a big difference when facing DDOS attacked.   Use drop rather than block, or DDOS will still take your services down.   NOTE.  This is a quick response, not a tech note. Check all changes carefully before implementing. 

author avatarStephen Collinson

Restricting this response to security only. Keep focused on your desired outcome. SDWAN protects by communication encryption. Is this all you want to protect? What about your data at rest, what about the human risk, what about Active Directory, what about passwords? Security is an entire posture. Also consider that once inside the SDWAN an intruder moves with inpunity unless the chosen SDWAN inspects TLS (Still commonly called SSL inspection) Ensure your SDWAN choice includes strong security with the ability to integrate with other security applications. Then also remember a good SDWAN will improve the performace of the underlaying circuits, but not change the nature of the circuit. A contended broadband, will still be a contended broadband, Lastly if multiple vendor applications are used ,a single user interface will save your limited time.

author avatarChingiz Abdukarimov

Adding NGFW functions into the pure play SD-WAN solution is much more difficult than adding SD-WAN feature to NGFW. So when you go away from backhauling all branch traffic to HQ (moving towards direct cloud access and enabling edge computing) you need to be sure that the local traffic is secured enough, and this traffic is inspected for intrusion attempts and malware downloads. Cloud is not secure by default. That's why you need to plan security controls locally with the ability to manage and monitor them in HQ. I would prefer to use a single appliance at branch which can do security inspection and SD-WAN both at high level.

author avatarPaul Friend

It depends which SD-WAN vendor you are considering. Pure play SD-WAN generally lack enterprise grade security features and their architectures require a firewall - which means more complexity and cost. A number of firewall vendors have Secure SD-WAN appliances that incorporate NGFW and SDWAN functionality in one appliance. Pure play vendors are well known for overselling their security capabilities and leaving customers vulnerable.

A risk with SD-WAN devices is that you move away from hub and spoke networking to meshed, which means that there is a potential for the compromise of one device to give attackers visibility into the traffic flow from across the network. Its more efficient, manageable and cost effective to have a Secure SD-WAN device from a security vendor.

author avatarLipaz Hessel
Real User

SD-WAN comes with firewall inside the device, the issue with that Firewalls is lack of features like SSL-VPN. It is recommended to recheck management access because this device is connected directly through Internet, and make sure it is always up to date.

Remember this is the direct link from internet/branches with default security once installed, again make sure to configure it correctly

author avatarEvert Ruiten

This depends on the supplier. Most of the well known cloud suppliers know how to do security. Best to be aware of the human factor. Things like accounts take over. To prevent account takeovers a two factor identification would help a lot.

author avatarRicardoGranados (Ingram Micro Inc.)

The SD-WAN does not have any vulnerability, since that feature can be natively integrated with a security platform, such as an SD-WAN gateway that uses security as a virtual network function (Velocloud + Palo Alto Networks , Citrix + Palo Alto Networks), or a native security platform with a plug-in SD-WAN (Palo Alto Networks, Fortinet). The main advantage of the second option is that you only have to use an orchestration console.

author avatarRaul Granadillo

The Fortinet secure SD Wan solution is included in the firmware, no additional license required and you can implement all NGFW functions, making it secure. Additionally, it has one the highest throughput and LCO. You can steer traffic in multiple ways in your links implementing SLA levels for each type of traffic. Very happy with the solutions.

See more SD-WAN questions »
Find out what your peers are saying about Fortinet, Cisco, VMware and others in SD-WAN. Updated: April 2021.
475,129 professionals have used our research since 2012.