Not all SD-WANs are equal 

Having been a trusted ICT partner to businesses in every industry for nearly 23 years, Network Platforms has spent a considerable amount of time evaluating the different solutions from various vendors, to gain a complete understanding of the market, and what will work best in individual clients’ environments.

One technology that stood out for us was SD-WAN solutions, as most of offerings available on the market today do not offer next-generation firewall features (NGFW), but rather employ stateful firewalls with limited features. Similarly, leading NGFW vendors that have introduced SD-WAN features need to improve their solutions considerably if they hope to match SD-WAN vendors.

Behind the scenes

As background, a stateful firewall is one that monitors the total state of all active network connections. In this way, stateful firewalls are continually analysing the full context of traffic and data packets, looking for entry into a network instead of discrete traffic and data packets in isolation. Conversely, a NGFW can be described as a network security device which capabilities beyond those that a traditional stateful firewall can offer. Rather than the stateful scrutiny of the ingress and egress of network traffic, a NGFW includes better features, such as application awareness and control, integrated intrusion prevention, and threat intelligence delivered by the cloud.

Taking these points into account, we began focusing on ways to avoid adding additional points of failure into our networks as well as those of our customers, by having both NGFW and SD-WAN infrastructure. A combined solution makes infinitely more sense, in terms of costs, as well as potential failures in the network. Perhaps most compellingly, it avoids introducing further complexities into the network.

We have identified a limited number of  SD-WAN vendors that tick the box when it comes to having integrated NGFW. Unfortunately, the NGFW vendors or traditionally established firewall vendors we evaluated, fell short in the SD-WAN department. 

Unacceptable failure

For example, SLA criteria to monitor latency, jitter and suchlike on an NGFW can be configured. However, should a link not meet the SLA and fail over from its primary Internet connection to a secondary internet connection, the user will experience a packet drop. While this may not be an issue for certain customers and their environments from a  business requirement perspective, should the customer be running real-time applications  (RTA) like VoIP or a video conference at the time, a brief disruption to the service will be experienced, which results in the voice conversation being briefly broken up or buffering on the video conference.

For those whose primary business is contact centres, this is understandably unacceptable, and is a prime example of where SD-WAN vendors offer a seamless failover with no disruption to voice and video conferencing.  

In addition, we aimed to identify a SD-WAN vendor that offers a multi-tenancy solution, because the economies of scale achieved would be a major advantage to our customers. We would be able to offer a managed solution to multiple customers if we implemented a high availability (HA) SD-WAN solution is our various data centre environments, and clients would be able to connect to the closest geographical data centre for the most optimised path. Where this cost would normally be covered by a single customer, it would now be shared, resulting in cost savings all around.

Another benefit of SD-WAN solutions, is that they can be implemented on customers’ existing connectivity and are not reliant on the customer having an internet service with our organisation. SD-Wan also allows customers run cheaper broadband business solutions should they choose to do so. The bottom line, is that all businesses need to run optimally from a cost perspective regardless of the economic challenges they all face, and premium business fibre solutions can be replaced with broadband fibre solution which are more cost effective.

 Due to the increased consumption and reliance on Internet connectivity, we recommend a secondary internet connection which could be a broadband wireless, a second broadband fibre connection with an alternate provider, or  5G/LTE depending on the organisation’s specific bandwidth requirements, as well as what is available at the different geographic office locations, be they a remote branch, office, or at home.

Not created equal

However, in many cases, organisations may have already  invested in certain  traditional NGFW vendors , and the IT teams may prove reluctant to choose SD WAN vendors with built-in NGFW capability. One alternative is to select an SD WAN vendor that integrates with an existing NGFW solution via Application Performance Interface (API) access, resulting in control of security and WAN via a single management console.

It is also important to remember that security requirements grow increasingly complex when the enterprise is globally and locally dispersed. There are only a handful of vendors, including Checkpoint, Fortinet and a couple of others, who have the requisite knowledge, experience and resources to deal with large-scale global enterprise security entities whose needs cannot be met by less experienced vendors.

The new buzz word

Another excellent solution that meets the challenge of securing networks, is Secure Access Service Edge or SASE. Much like SD-WAN this is another networking technology specifically designed to connect geographically separate endpoints to data and application resources. SASE combines Virtual Private Network (VPN) and SD-WAN capabilities with cloud-native security features, including such as secure Web gateways, zero-trust network access, cloud access security brokers, and firewalls.

Network Platforms has more than two decades of industry experience, and can do a thorough evaluation of all your needs, to find the solution that fits your unique requirements. We ensure that we setup and implement the best replication solution to ensure your organisation is not interrupted in the event of a failure.

In addition, for those who are still dipping a toe in the water, and would like to experience first hand how our SD-WAN solution can assist their business, we offer a free trial and implement the solutions into the existing network.

Finally, more simple network environments can benefit from choosing an SD-WAN vendor that offers SASE in one device. Deployment, orchestration and ongoing management is made more simple via a consolidated approach, which ultimately takes the pressure and onus off the IT team, and results in more time for pressing activities, and lower costs.

One of our experts is ready to help you