The Industry's First SD-WAN for OT (Operational Technology)

By Peter posted Dec 02, 2020 02:39 AM


SD-WAN has taken the WAN Edge market by storm over the past few years. Businesses and organizations are rapidly choosing SD-WAN in favor of traditional routers due to the added resiliency, traffic engineering possibilities and cost savings it brings. On the other hand, OT networks thus far have not benefited from SD-WAN due to the lack of vendor support for ruggedized edge devices. That changes now as we are proud to announce the FortiGate Rugged FGR-60F/60F-3G4G – the industry’s first OT Secure SD-WAN line of WAN edge devices. The FGR-60F and 60F-3G4G feature all the industry leading security and SD-WAN capabilities our customers have grown accustomed to in a form factor that can withstand harsh industrial environments. 

Before we go any further, let us take a step back and see how we got here. Traditionally, OT and IT were completely separate networks. OT networks were more or less “air-gapped” from their IT counterparts. However, the lines between the two networks have been rapidly blurring due to OT networks undergoing digital transformation. Organizations have realized that by leveraging, Big data, ML/AI, IoT and cloud among other things, their operational efficiency can go way up. Now, with great power come great responsibilities. This convergence between cyber and physical control systems not only bring in great benefits but also new challenges. Exposure to the IT network as well as the Internet greatly increases the attack surface. OT networks not only have the same or even more stringent security requirements as IT networks, they also have extremely high uptime requirements. Thus, proper security measures, network segmentation and fine-grained control of application traffic flows now become essential.


Fortinet Secure SD-WAN unlike most other SD-WAN solutions allow both physical WAN and VLAN interfaces to participate as SD-WAN members. This when combined with FortiGuard Lab’s Industrial Application Database (featuring over 1500 industrial applications used in OT environments), provides SD-WAN dynamic path selection, application visibility and network resiliency between nodes within the OT network. As an example, this can allow administrators to put sensor traffic on a VLAN interface and surveillance traffic destined for the cloud on a WAN link while using LTE as a backup. Another example would be to provide application aware failover in an offshore installation. With Fortinet Secure SD-WAN, administrators can limit the traffic on high cost satellite connections to only critical applications in the event the high-bandwidth, low cost connection is not available. The traffic engineering possibilities are endless. Remediation features such as FEC or packet duplication can be enabled to strengthen the integrity of the traffic. Further, cross OT-IT communications can also be controlled and secured with Fortinet Secure SD-WAN; enhancing the overall security of both networks. With Fortinet, SD-WAN can finally be leveraged in common OT use cases and bring transformative results. OT networks are often tied to critical infrastructure. As such, protecting the network is of utmost importance. Fortinet Secure SD-WAN for OT protects both network security and network availability and today, OT networks can now truly step into the digital age.