FortiWAN Key Concepts and Product Features

Key Concepts and Product Features

WAN load balancing (WLB)

General speaking, load balancing are mechanisms (methods) for managing (distributing) workload across available resources, such as servers, computers, network links, CPU or disk storage. The FortiWAN’s WAN load balancing aims to distribute (route) WAN traffic across multiple network links. The major purposes are optimizing bandwidth usage, maximizing transmission throughput and avoiding overload of any single network link. When we talk about WAN load balancing, it always implies automatic traffic distribution across multiple network links. Different from general routing, WAN load balancing involves algorithms, calculations and monitoring to dynamically determine the availability of network links for network traffic distribution.

Installation

FortiWAN is an edge device that typically connects an internal local area network (LAN) with an external wide area network (WAN) or the Internet. The physical network ports on FortiWAN are divided into WAN ports, LAN ports and DMZ (Demilitarized Zone) ports, which are used to connect to the WAN or the Internet, subnets in LAN, and subnets in DMZ respectively. Please refer to FortiWAN QuickStart Guides for the ports mapping for various models.

Bidirectional load balancing

Network date transmission passing through FortiWAN is bidirectional that are inbound and outbound. Network data transmission contains session establish and packet transmission. An inbound session refers to the session which is established from elsewhere (external) to the FortiWAN (internal), while an outbound session refers to the session which is established from the FortiWAN (internal) to elsewhere (external). For example, a request from the internal network to a HTTP server on the Internet means the first asking packet is outgoing to the external server, which is an outbound session established. Inversely, a request from the external area to a HTTP server behind FortiWAN means the first asking packet is incoming to the internal server, which is an inbound session established. No matter which direction a session is established in, packets transmission might be bidirectional (depends on the transmission protocol employed). FortiWAN is capable of balancing not only outbound but also inbound sessions and packets across multiple network links.

Auto Routing (Outbound Load Balancing)

FortiWAN distributes traffic across as many as 50 WAN links, under control of load balancing algorithms. FortiWAN’s many advanced load balancing algorithms let you easily fine-tune how traffic is distributed across the available links. Each deployment can be fully customized with the most flexible assignment of application traffic in the industry.

 

Multihoming (Inbound Load Balancing)

Many enterprises host servers for email, and other public access services. FortiWAN load balances incoming requests and responses across multiple WAN Links to improve user response and network reliability. Load balancing algorithms assure the enterprise that priority services are maintained and given appropriate upstream bandwidth.

Fall-back or Fail-over

FortiWAN detects local access link failures and end-to-end failures in the network and can either fall-back to remaining WAN links or fail-over to redundant WAN links, if needed. Fall-back and Fail-over behavior is under complete control of the administrator, with flexible rule definitions to meet any situation likely to occur. Links and routes are automatically recovered when performance returns to acceptable levels. Notifications will be sent automatically to administrators when link or route problems occur.

Virtual Private Services (Tunnel Routing)

FortiWAN offers the most powerful and flexible multi-link VPN functionality in the industry. Inter-site Tunnels can be created from fractional, full, multiple and fractions of multiple WAN links. Applications requiring large singlesession bandwidth such as VPN load balancing, video conferencing or WAN Optimization can use multiple links to build the bandwidth needed. Multi-session traffic can share an appropriately-sized Tunnel. Tunnels have the same functionality as single links, supporting Load Balancing, Fall-back, Failover and Health Detection within and between Tunnels. Dynamic IP addresses and NAT pass through are supported for the VPL services deployments.

Virtual Servers (Server Load Balancing and High Availability)

FortiWAN supports simple server load balancing and server health detection for multiple servers offering the same application. When service requests are distributed between servers, the servers that are slow or have failed are avoided and/or recovered automatically. Performance parameters are controlled by the administrator.

Optimum Routing

FortiWAN continuously monitors the public Internet to select the shortest and fastest route for mission-critical applications. Non-critical traffic can be routed away from the best links when prioritized traffic is present on the links or traffic can be assigned permanently to different groups of WAN links.

Traffic Shaping (Bandwidth Management)

FortiWAN optimizes, guarantees performance or increase usable bandwidth for specified traffic by traffic classification and rate limiting.

Firewall and Security

FortiWAN provides the stateful firewall, access control list and connection limit to protect FortiWAN unit, internal network and services from malicious attacks.

 

Scope

This document describes how to set up your FortiWAN appliance. For first-time system deployment, the suggested processes are:

Installation

  • Register your FortiWAN appliance before you start the installation. Please refer to the topic: [Register your FortiWAN] for further information. l Planning the network topology to introduce FortiWAN to current network. It requires a clear picture of your WAN link types the ISP provides and how to use the available public IP addresses of a WAN link. The topic [Planning the Network Topology] provides the sub-topics that are necessary concepts for planning your network topology.
  • Topic [Web UI Overview] and its sub-topics provide the instructions to connect and log into the Web management interface. System time and account/password resetting might be performed for FortiWAN while the first-time login, please refer to topics [Setting the System Time & Date] and [Administrator] for further information.
  • For implementation of the network topology you planned, topic [Configuring Network Interface (Network Setting)] and its sub-topics give the necessary information about the configurations of network deployments on Web UI. FortiWAN’s diagnostic tools is helpful for trouble shooting when configuring network, please refer to topic [Diagnostic Tools] .

Functions

  • After installing FortiWAN into your network, the next step is to configure the major features, load balancing and failover, on FortiWAN. Topic [Load Balancing & Fault Tolerance] and its sub-topics contain the information about performing FortiWAN’s load balancing and failover mechanisms for incoming and outgoing traffic, virtual servers and single-session services.
  • Topic [Optional Services] gives the information about configurations of FortiWAN’s optional services, such as Bandwidth Management, Firewall, Connection Limit, NAT, SNMP, Cache Redirect, and etc.

Monitoring

  • After FortiWAN works a while, related traffic logs, statistics and report analysis might be required for monitor or trouble shooting purposes. Topics [Logs], [Statistics] and [Reports] provide the information how to use those logs, statistics and reports to improve management policies on FortiWAN.

The following topics are covered elsewhere:

  • Appliance installation—Refer to the quick start guide for your appliance model. l Virtual appliance installation—Refer to the FortiWAN-VM Install Guide.
This entry was posted in Administration Guides, FortiWAN and tagged on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.