The following post is by Fortinet. We thank Fortinet for being a sponsor.
Mobile LTE and 5G connections are often used in SD-WAN deployments. SD-WAN appliances typically include one or more SIM slots so that a mobile connection can be used in an active-active pair with a second wired or wireless link, or as a failover option if primary links go down.
The challenge with using LTE and 5G is that location matters. Physical obstructions such as concrete and steel, or a noisy RF environment, can mean the difference between a robust or weak signal. If that LTE or 5G signal is carrying WAN traffic at. for example, a store, bank branch, or hospital, a spotty connection can mean bad customer service, lost business, poor patient care, or other unwanted outcomes.
But organizations may not have much choice in where to place the SD-WAN appliance with its SIM cards. Typically the appliance ends up wherever the wired WAN links terminate, often in a back room or closet, whether or not it’s the best place to get signal for that high-end mobile circuit. Other times, organizations use SD-WAN and Wireless WAN Gateways from different vendors, which can increase complexity and cost.
Dual SIM Vs. Dual Modem
Fortinet addresses this problem with its wireless WAN gateway products known as FortiExtender, a line of hardware devices that supports multiple LTE or 5G connections. This isn’t just a siloed product, but a device that integrates multiple LTE and 5G WAN links into Fortinet Secure SD-WAN and the Fortinet Security Fabric. The FortiExtender can be placed in the best physical location to get a mobile signal, and then tied back into an SD-WAN appliance via an Ethernet cable that also powers the device.
The upshot is organizations can maximize the signal strength of their mobile links while still getting the benefits of SD-WAN: multiple active paths, fast failover, application- and policy-based traffic handling, application and performance visibility, and security controls.
FortiExtenders come in two basic options: dual SIM models, and a new device with dual modems.
The dual SIM option includes two SIM card slots so you can provision connections from two different mobile providers. Note that the dual SIM devices operate in a fast-failover mode; that is, the mobile connections are configured as active/passive. If your active connection goes down, the device will fail over to the second mobile link.
That failover time typically takes minutes. How many depends on several factors, including mobile carrier SLAs, but customers can expect anywhere from one to ten minutes.
While the mobile connections on a dual-SIM FortiExtender operate in active/passive mode, you can still use the active mobile link as part of a multi-transport SD-WAN deployment. For instance, a retail site might deploy a FortiExtender for the mobile links, as well as a wired link connected to the SD-WAN device. Customers can run traffic simultaneously over both the wired link and the active mobile link.
Meanwhile, the dual modem FortiExtender supports an active/active configuration for mobile connections. It has two onboard radios and can take up four SIM cards, allowing customers to run two active mobile links simultaneously. This model is appropriate for environments that lack good wired connections, or for ad hoc deployments, and for use cases that don’t tolerate connectivity loss (think healthcare, finance, or critical municipal infrastructure such as electrical substations or water treatment plants).
Integrating Mobile Connectivity Into Fortinet’s Security Fabric
Fortinet focuses its products around what it calls the Fortinet Security Fabric, an integrated set of solutions that work together to help organizations manage risk in the network, on endpoints, and to do things like improve detection and response. This type of approach is sometimes referred to as a “mesh architecture” or “security platform.” FortiExtender is just one of dozens of security and networking products, and over 450 third-party technology partners, that integrate and interoperate as part of Fortinet’s Security Fabric.
The FortiExtender devices can be configured and managed in a couple of ways:
- Via Fortinet’s FortiManager network management platform
- Via a cloud-based portal specifically for FortiExtenders
Whichever method you choose, administrators can set application and performance policies and track key metrics including total mobile bandwidth consumption, bandwidth consumption by application, and network performance.
Given that mobile coverage can be costly, customers can use these metrics to manage how much bandwidth each link should consume, and to anticipate overages.
For existing FortiGate customers, FortiExtender slots neatly into Fortinet’s security fabric. This fabric integrates network and security operations and management to help customers streamline operations, reduce risk, and get enhanced visibility into key security and network performance metrics.
FortiExtender can also work with third-party SD-WAN appliances. You can plug the Ethernet cable from the FortiExtender into the appliance and use the mobile link as part of your SD-WAN transport. You don’t get the benefit of integrated management and operations with a third-party SD-WAN, but you can still maximize the value of your mobile links.
Get more information on FortiExtender here.