SD-WAN Forum

Ken Kao
Product Manager at a comms service provider with 201-500 employees
Aug 13 2020
If your company is using a SD-WAN solution, which brand is your choice? Why?
Lipaz HesselWe are working with Silver Peak, Fortinet (FortiGate and FortiAnalayzer) and also tried few other vendors. We think and knows, that’s Silver-Peak is the only End to End SD-WAN solution along with VMWare in the market. FortiGate is a FW with SD-WAN features.
reviewer1275930I have done PoC with AT&T, VMware, Dell and SilverPeak -- I selected SilverPeak (which is now owned by HPE).
Sevan ChandraNubewell Networks has full fledged feature set. 
Rony_Sklar
IT Central Station
Aug 12 2020
What are some of the most common SD-WAN security vulnerabilities? How can I plan for these potential security issues? 
Lipaz HesselSD-WAN comes with firewall inside the device, the issue with that Firewalls is lack of features like SSL-VPN. It is recommended to recheck management access because this device is connected directly through Internet, and make sure it is always up to date. Remember this is the direct link from internet/branches with default security once installed, again make sure to configure it correctly
Paul FriendIt depends which SD-WAN vendor you are considering. Pure play SD-WAN generally lack enterprise grade security features and their architectures require a firewall - which means more complexity and cost. A number of firewall vendors have Secure SD-WAN appliances that incorporate NGFW and SDWAN functionality in one appliance. Pure play vendors are well known for overselling their security capabilities and leaving customers vulnerable. A risk with SD-WAN devices is that you move away from hub and spoke networking to meshed, which means that there is a potential for the compromise of one device to give attackers visibility into the traffic flow from across the network. Its more efficient, manageable and cost effective to have a Secure SD-WAN device from a security vendor.
Chingiz AbdukarimovAdding NGFW functions into the pure play SD-WAN solution is much more difficult than adding SD-WAN feature to NGFW. So when you go away from backhauling all branch traffic to HQ (moving towards direct cloud access and enabling edge computing) you need to be sure that the local traffic is secured enough, and this traffic is inspected for intrusion attempts and malware downloads. Cloud is not secure by default. That's why you need to plan security controls locally with the ability to manage and monitor them in HQ. I would prefer to use a single appliance at branch which can do security inspection and SD-WAN both at high level.