The way we work has fundamentally shifted, with hybrid and remote models becoming a widespread reality. This evolution brings tremendous benefits but also presents significant challenges for IT and security teams tasked with ensuring seamless access to applications and protecting sensitive data outside the traditional corporate perimeter.
Traditionally, network deployments often routed all internet traffic back to a central site through a perimeter firewall. While this provided security, backhauling traffic, especially for cloud and SaaS applications, often resulted in increased packet latency, drops, and jitter, leading to a poor user experience. This approach was also challenged by high costs, bandwidth utilization, and complex management of disparate security tools. The need for secure access and optimized performance for a distributed workforce in this increasingly interconnected environment is paramount.
Recognizing this significant shift, a modern approach is required that balances robust security with a superior user experience. This is where the convergence of firewall and SD-WAN capabilities comes to the forefront, simplifying branch deployments and enabling secure, elastic connectivity.
The Power of Convergence: What It Brings
Integrating firewall and SD-WAN functions into a single platform, such as the Cisco Secure Firewall, addresses many of the challenges posed by traditional architectures. This converged approach allows organizations to establish a strong security baseline at the branch while simplifying deployment and management. This is not just a matter of convenience; it’s a strategic move aligned with industry frameworks like Gartner’s Secure Access Service Edge (SASE) model. While SD-WAN is considered part of the broader SASE framework, the security components, known as Secure Service Edge (SSE) – encompassing Secure Web Gateways (SWG), Cloud Access Security Brokers (CASB), and Zero Trust Network Access (ZTNA) – constitute more than half of the SASE framework. Bringing firewall (often incorporating SWG/ZTNA functions) and SD-WAN together directly supports this unified vision.
A converged platform allows organizations to deploy core security functions alongside intelligent networking capabilities, improving both security and user experience. The Figure 2 illustrates Cisco’s approach to a converged security and SD-WAN solution, delivered as an all-in-one device and centrally managed through the Orchestrator.
Key capabilities supported by modern secure firewall platforms with integrated SD-WAN include:
Simplified and Automated Deployment: Automating the setup of network topologies, such as branch-to-hub connections, through guided workflows or templates significantly reduces complexity and time compared to manual configurations. This is particularly important for scaling branch rollouts. Flexible virtual tunnel interfaces facilitate scalable and on-demand VPNs.
Automating the setup of network topologies, such as branch-to-hub connections, through guided workflows or templates significantly reduces complexity and time compared to manual configurations. This is particularly important for scaling branch rollouts. Flexible virtual tunnel interfaces facilitate scalable and on-demand VPNs. Optimized Connectivity via Direct Internet Access (DIA): Optimized Connectivity via Direct Internet Access (DIA) allows organizations to streamline their network traffic by enabling branches to route internet-bound traffic directly, eliminating the need for backhauling. This approach is critical for efficient access to cloud applications such as Microsoft 365 and Salesforce. Leveraging intelligent routing based on policies, known as Policy-Based Routing (PBR), the device can identify specific applications, such as Webex or YouTube, and channel them through the optimum internet connection available. For the mission-critical applications, the system continuously monitors the quality of various
internet links in real-time, evaluating factors like jitter, packet loss, and delay. This enables automatic traffic switching to the link that currently offers the best performance.
... continue reading