深信服SD-WAN产品介绍

Simplifying SD-WAN Operations with Single-Pane ManagementExecutive SummarySoftware-defined wide area networking (SD-WAN) is rapidly replacingtraditional WAN for remote office and branch deployments. While SD-WANoffers performance benefits that support new digital innovations, many SD-WANsolutions lack consolidated networking and security features. In response, manynetwork leaders have had to add a complex assortment of tools and solutions tomanage and protect their SD-WAN deployments. Instead, they need a simplifiedapproach to contain costs, improve efficiency, and reduce risks. Fortinet SecureSD-WAN addresses each of these requirements, combining next-generationfirewalls (NGFWs) with integrated solutions for management and analytics tocentralize and simplify SD-WAN operations.Supporting Innovation While Securing Growing BusinessesDistributed enterprises are adopting digital innovations—such as Software-as-a-Service (SaaS) applications and real-time applications such as voice and video—toincrease productivity, improve communications, and foster rapid business growth.However, traditional WAN architectures at many branch and remote office locationsstruggle to support the traffic demands of these new technologies. This has ledto increasing adoption of SD-WAN architectures that utilize more affordable directinternet connections. The SD-WAN market is expected to grow to over $30 billion in2030, from $3.5 billion in 2022, with a CAGR of 31.2% from 2022 to 2030.1But while SD-WAN improves networking bandwidth, it can also increase theorganization’s risk exposure. According to Gartner survey analysis, “Customerscontinue to strive for better WAN performance and visibility, but security now topstheir priorities when it comes to the challenges with their WAN.2In many organizations, the need for SD-WAN security has led network engineeringand operations leaders to incorporate many different tools and point products toaddress individual functions, threat exposures, or compliance requirements. But thisapproach leads to infrastructure complexity, which increases manageability burdenswhile creating new defensive gaps at the network edge.Fortinet Simplifies and Secures SD-WAN DeploymentsConsolidating networking and security tools requires a secure SD-WAN solution thateliminates the complexity of disaggregated branch infrastructures. This not onlyreduces the organization’s attack surface while enabling digital innovation initiatives,but it also simplifies operations for networking teams. SOLUTION BRIEFFortinet enables the convergence of networking and security to simplify network operations, ensuring a secure and optimized user experience across all network edges with the hybrid mesh firewall (HMF). Hybrid mesh firewall is a new concept bringing all firewall deployments together in an integrated mesh to manage, monitor, and secure all firewall deployments. It unifies network management and security policies for all firewall deployments, whether on-premises for branch, campus, and data centerdeployments or virtual firewalls for cloud and cloud-native environments. It also uses artificial intelligence and machine learning to provide advanced threat protection. FortiManager is the foundation of HMF, offering unified, centralized management of all FortiGate deployments.Fortinet Secure SD-WAN can leverage a single-pane-of-glass console with an SD-WAN orchestrator offered as part ofFortiManager and provide enhanced analytics and improved reporting with FortiAnalyzer. This allows organizations tosignificantly simplify centralized deployment, enable automation to save time, and offer business-centric policies.Figure 1: SD-WAN use case featuring network operations center solutions Zero-touch deploymentOrganizations implementing Fortinet Secure SD-WAN can leverage FortiManager to accelerate deployment, reducing the time from days to minutes. FortiManager zero-touch deployment capabilities enable FortiGate devices to be plugged in at a branch location and then automatically configured by FortiManager at the main office via a broadband connection, thereby avoiding the time and cost of truck rolls. Fortinet’s approach can also leverage an existing SD-WAN configuration as a template to accelerate the deployment of new branches and remote sites at scale.Centralized management for distributed organizationsCentralized management through the FortiManager of all distributed networks across the organization helps network leaders drastically reduce the opportunities for configuration errors that lead to cyber-risk exposures and network outages.Secure SD-WAN orchestrator is part of the FortiManager. This allows customers to significantly simplify centralized deployment, enable automation to save time, and offer business-centric policies. Fortinet management tools can support much larger deployments than competing solutions—up to 100,000 FortiGate devices. Features such as SD-WAN and NGFW templating, enterprise-grade configuration management, and role-based access controls help network engineering and operations leaders quickly mitigate human errors.SD-WAN reporting and analyticsEnhanced analytics for WAN link availability, performance service-level agreements (SLAs) and application traffic in runtime, and historical stats allow the infrastructure team to troubleshoot and quickly resolve network issues. FortiManager, integrated with FortiAnalyzer, offers advanced telemetry for application visibility and network performance to achieve faster resolution and reduce the number of IT support tickets. On-demand SD-WAN reports provide further insight into the threat landscape, trust level, and asset access, which are mandated for compliance.Network Operations Center Solutions FortiManager with SD-WAN Orchestrator and FortiAnalyzerBranch Branch Branch Third-Party ToolsSD-WAN Orchestrator FortiManager FortiAnalyzerFortiGate FortiGate FortiGateCompliance reportingOrganizations need reports and tools for customization to help prove compliance to their auditors. However, compliance management has traditionally been a costly, labor-intensive process for networking teams—often requiring multiple full-time staff and months of work to aggregate and normalize data from multiple point security products.Fortinet accelerates compliance reporting by simplifying security infrastructure and eliminating the need for many manual processes. FortiManager and FortiAnalyzer include customizable regulatory templates as well as canned reports for standards such as Payment Card Industry Data Security Standard (PCI DSS), Security Activity Report (SAR), Center for Internet Security (CIS), and National Institute of Standards and Technology (NIST). They also provide audit logging and role-based access control (RBAC) to ensure that employees can only access the information they need to perform their jobs.As an extension of FortiManager and FortiAnalyzer capabilities, the FortiGuard Security Rating Service runs audit checks to help security and networking teams identify critical vulnerabilities and configuration weaknesses in their Security Fabric setup and implement best-practice recommendations. As part of the service, network leaders can compare their organization’s security posture score against those of other industry peers.5Integration and automationTo be effective, security must integrate seamlessly across every part of the distributed organization—every branch and remote office location. Network engineering and operations leaders need full visibility across the entire attack surface from a single location. They then need automated responses to reduce the time window from detection to remediation and alleviate the burdens of manual tasks from their staff.FortiManager and FortiAnalyzer help decrease threat remediation time from months to minutes by coordinating policy-based automated response actions across the Fortinet Security Fabric, an integrated security architecture that unlocks security workflows and threat intelligence automation. A detected incident alert sent with contextual awareness data from one branch location allows a network administrator to quickly determine a course of action to protect the entire enterprise against a potential coordinated attack. Certain events can also trigger automatic changes to device configurations to instantly close the loop on attack mitigation.FortiAnalyzer and FortiManager also automate many required SD-WAN tasks to help network leaders reduce the burden on their staff resources. Both products integrate with third-party tools, such as security information and event management (SIEM), IT service management (ITSM), and DevOps (for example, Ansible, Terraform), to preserve existing workflows and previous investments in other security and networking tools.Delivering Value, Simplicity, and SecurityFortiManager and FortiAnalyzer deliver enterprise-class security and branch networking capabilities with industry-leading benefits: Increases ROI: Fortinet’s integrated approach to secure SD-WAN improves return on investment (ROI) by consolidating the number of networking and security tools required via capital expenditure (CapEx) while also reducing operating expenses (OpEx) through simplified management and workflow automation. The move to public broadband means expensive multiprotocol label switching (MPLS) connections can be replaced with more cost-effective options. Here, Fortinet Secure SD-WAN delivers 300% ROI over three years, eight months payback, a 65% reduction in the number of network disruptions, and a 50% increase in the productivity of security and network teams.6Improves efficiency: Simultaneously, Fortinet institutes a simplified infrastructure for SD-WAN that reduces operational complexity both at the branch and across the entire distributed organization. Fortinet Secure SD-WAN can be administered through a single, intuitive management console. With FortiManager, FortiGate devices are true plug-and-play. Centralized policies and device information can be configured with FortiManager, and the FortiGate devices are automatically updatedto the latest policy configuration. The flexibility of single-pane-of-glass management includes scalable remote security and network control via the cloud for all branches and locations.Contains risks: Fortinet’s tracking and reporting features help organizations ensure compliance with privacy laws, security standards, and industry regulations while reducing risks associated with fines and legal costs in the event of a breach. FortiAnalyzer tracks real-time threat activity, facilitates risk assessment, detects potential issues, and helps mitigate problems. Its close integration with Fortinet Secure SD-WAN allows it to monitor firewall policies and help automate compliance audits across distributed business infrastructures.The average total cost of a data breach ($4.35 million) in 2022, a 2.6% increase from last year.7Fortinet Realizes Secure SD-WANThere are many use cases for secure SD-WAN, and Fortinet’s unique approach enables them in the most effective way for all types of SD-WAN projects. Simplifying SD-WAN operations is core to successful implementation and expansion in supportof digital innovation initiatives. Fortinet Secure SD-WAN with FortiManager and FortiAnalyzer offers best-of-breed SD-WAN management and analytics capabilities that help network leaders reduce operational costs and risks at the network edge.1“SD-WAN Market,” Prescient & Strategic Intelligence, Dec. 2022.2“Fortinet Named a 2023 Gartner® Peer Insights™ Customers’ Choice for SD-WAN for the Fourth Year in a Row,” Fortinet, March 23, 2023.3“2022 Gartner® Magic Quadrant™ for SD-WAN,” Gartner, September 2022.4 Meiran Galis, “Security Compliance: Hurdle or Critical Growth Strategy,” Forbes, June 13, 2023.5“FortiGuard Security Rating Service,” Fortinet, accessed July 20, 2023.6“The Total Economic Impact™ Of Fortinet Secure SD-WAN,” Forrester, Dec. 2022.7“Cost of a Data Breach Report 2022,” Ponemon Institute and IBM, July 2022. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.Copyright © 2023 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.。

虚拟网络技术：SD-WAN、SDN、NFV等技术的特点、功能和应用场景对比分析虚拟网络技术在网络架构和管理方面发生了革命性的变化，使得网络更加灵活和可管理。

本文将对SD-WAN、SDN和NFV等技术进行特点、功能和应用场景的对比分析，以便读者更好地了解这些技术的优势和用途。

一、SD-WAN技术SD-WAN（软件定义的广域网）是一种网络技术，通过软件定义的方式来管理和控制广域网，以提高网络性能、降低成本和简化管理。

SD-WAN的特点和功能如下：特点：1.灵活性和可管理性：SD-WAN采用软件定义的方式，可以灵活地配置和管理网络，提供更加灵活的网络部署和管理。

2.智能路由：SD-WAN可以根据网络流量和应用需求动态调整路由，提高网络性能和响应速度。

3.多连接支持：SD-WAN可以支持多种广域网连接方式，如MPLS、互联网和LTE等，提供更加稳定和可靠的网络连接。

4.安全性：SD-WAN可以提供更加灵活的安全策略，实现安全的网络连接和数据传输。

功能：1.负载均衡：SD-WAN可以根据网络流量动态调整数据传输路径，实现负载均衡，提高网络性能和带宽利用率。

2.应用优化：SD-WAN可以识别和优化不同应用的网络传输，提高应用性能和用户体验。

3.网络监控：SD-WAN可以实时监控网络性能和流量，提供实时的网络状态和性能数据，方便网络管理和优化。

4.管理简化：SD-WAN可以通过集中化的管理平台对网络进行统一管理和配置，简化了网络管理的复杂性。

应用场景：1.分支机构连接：SD-WAN可以用于连接多个分支机构，提供快速、可靠和安全的连接。

2.云服务接入：SD-WAN可以用于连接企业内部网络和云服务提供商，实现灵活的云服务接入。

3.性能优化：SD-WAN可以用于优化网络性能，提高网络响应速度和带宽利用率。

二、SDN技术SDN（软件定义网络）是一种网络技术，通过将网络数据平面和控制平面分离，实现网络的灵活性和可编程性。

Fortinet Secure SD-WAN Architecture ComponentsFortiGate Next Generation Firewall CapabilitiesApplication AwarenessFortiGuard LabsFortiSandbox Security Rating ServiceMPLSSwitched EthernetBroadbandFortiExtenderFortiDeployFortiManagerFortiGateFortiAuthenticatorFortiSSOFortiGateFortiManagerFortiAnalyzerFortiSIEMCIO•Enable Digital Transformation•Application Resilience & Recovery •Integrated Security Infrastructure •Edge Device Consolidation •CapEx & OpEx ReductionCISO•Attack Surface Visibility •Reduced Complexity•Increased Response Time •Compliance Posture Visibility •D&R Automation•Security Framework AlignmentSecurity ProcessorIPS Content FilterAnti-BotnetApp ControlReputation AntivirusSSL InspectionVLANRouter IPSNGFW SD-WAND a t a C e n t e rP r i v a t e C l o u dM u l t i -C l o u dI n t e r n a l S e r v e r sVMsE x t e r n a l S e r v i c e s•WAN Path Controller •Application Awareness •Zero Touch Deployment •Device Consolidation•Improved WAN Link Performance •Dynamic Application Distribution•Next Generation Firewall (NGFW)•Multi-Transport Support •Centralized Management•Single-Pane-of-Glass Monitoring •Identity-Based Policy•Service Level Agreements (WAN Metrics)•Traffic Shaping & Policing3 M b p s25 Mbps100 Mbps500 M b p sBranch OfficeNGFWSD-WAN MembersBroadbandIPSec Tunnel MPLSLANDigital Transformation for Enterprise BranchMPLSInternetSIEM &Analytics Provisioning Server Threat Intelligence Monitoring & ManagementD a t a C e n t e r•WAN Path Controller •Application Awareness •Zero Touch Deployment •Device Consolidation •Improved WAN Link Performance•Dynamic Application Distribution•Identity-Based Policy •Traffic Shaping & Policing•Next Generation Firewall (NGFW)•Multi-Transport Support •Centralized Management•Single-Pane-of-Glass Monitoring •Service Level Agreements (WAN Metrics)I n t e r n a l S e r v e r sVMsE x t e r n a l S e r v i c e s1 G b p s10 Mbps10 Mbps50 M b p s50 MbpsSD-WAN MembersSD-WAN MembersReduce WAN OpEx with Direct Internet AccessBroadbandIPSec Tunnel MPLSLANP r i v a t e C l o u dM u l t i -C l o u d10 Mbps100 MbpsBranch OfficeSD-WAN MembersInternetNGFWNGFWMPLSSIEM &Analytics Provisioning Server Threat Intelligence Monitoring & ManagementNGFW•WAN Path Controller •Application Awareness •Zero Touch Deployment •Device Consolidation•Improved WAN Link Performance •Dynamic Application Distribution •Next Generation Firewall (NGFW)•Multi-Transport Support •Centralized Management•Single-Pane-of-Glass Monitoring •Identity-Based Policy•Service Level Agreements (WAN Metrics)•Traffic Shaping & PolicingBroadbandIPSec Tunnel LANRedundant Broadband Enterprise BranchTwo Internet Service Providers Direct Internet AccessD a t a C e n t e rI n t e r n a l S e r v e r s E x t e r n a l S e r v i c e sISP1ISP22x 200 Mbps2x 50 MbpsSD-WAN MembersISP1 –InternetVMsBranch OfficeNGFWP r i v a t e C l o u dM u l t i -C l o u dSIEM &AnalyticsProvisioning Server Threat IntelligenceMonitoring & ManagementISP2 –InternetI n t e r n a l S e r v e r sE x t e r n a l S e r v i c e sD a t a C e n t e r•WAN Path Controller •Application Awareness •Zero Touch Deployment •Device Consolidation •Centralized Management•Single-Pane-of-Glass Monitoring •Identity-Based Policy•Service Level Agreements (WAN Metrics)•Traffic Shaping & PolicingFortiGateSimplify with Secure SD-Branch5 Mbps25 Mbps10 M b p s50 Mbps100 Mbps1 G b p sSD-BranchSD-BranchFortiGate Secure SD-WANFortiAPFortiAPFortiSwitchFortiSwitchFortiGate Secure SD-WANBroadbandIPSec Tunnel MPLSLANInternetMPLS•Next Generation Firewall (NGFW)•Improved WAN Link Performance •Dynamic Application Distribution •Multi-Transport SupportP r i v a t e C l o u dM u l t i -C l o u d SIEM &Analytics Provisioning Server Threat Intelligence Monitoring & Management•WAN Path Controller •Application Awareness •Zero Touch Deployment •Device Consolidation •Improved WAN Link Performance•Dynamic Application Distribution•Next Generation Firewall •Multi-Transport Support •Centralized Management •Single-Pane-of-Glass Monitoring•Identity-Based Policy •Service LevelAgreements (WAN Metrics)•Traffic Shaping & PolicingISP1 (20 Mbps)Branch Office100 Mbps ISP1 (Broadband)ISP2 (LTE)ISP2 (LTE)SD-WAN MembersRedundant Connectivity Enterprise BranchBroadband with LTE Direct Internet AccessInternetNGFWD a t a C e n t e rI n t e r n a l S e r v e r sVMsE x t e r n a l S e r v i c e sP r i v a t e C l o u dM u l t i -C l o u dSIEM &Analytics Provisioning Server Threat Intelligence Monitoring & ManagementBroadbandIPSec Tunnel LANIPsec。

Firewall IPS NGFW Threat Protection Interfaces 950 Mbps 300 Mbps 200 Mbps 150 MbpsMultiple GE RJ45Refer to specification table for detailsfanless desktop form factor for enterprise branch offices and mid-sized businesses. Protect against cyber threats with industry-leading secure SD-WAN in a simple, affordable and easy to deploy solution.Security§Identifies thousands of applications inside network traffic for deep inspection and granular policy enforcement§Protects against malware, exploits, and malicious websites in both encrypted and non-encrypted traffic§Prevent and detect against known and unknown attacks using continuous threat intelligence from AI powered FortiGuard Labs security services Performance§Delivers industry’s best threat protection performance and ultra-low latency using purpose-built security processor (SPU) technology§Provides industry-leading performance and protection for SSL encrypted traffic Certification§Independently tested and validated best security effectiveness and performance§Received unparalleled third-party certifications from NSS Labs, ICSA, Virus Bulletin and AV ComparativesNetworking§Best of Breed SD-WAN capabilities to enable application steering using WAN path control for high quality of experience §Delivers extensive routing, switching, wireless controller, high-performance, and scalable IPsec VPN capabilities Management§Includes Management Console that’s effective, simple to use, and provides comprehensive network automation & visibility. §Provides Zero Touch Integration with Security Fabric’s Single Pane of Glass Management§Predefined compliance checklist analyzes the deployment and highlights best practices to improve overall security posture Security Fabric§Enables Fortinet and Fabric-ready partners’ products to provide broader visibility, integrated end-to-end detection, threatintelligence sharing and automated remediation§Automatically builds Network Topology visualizations which discover IoT devices and provide complete visibility into Fortinet and Fabric-ready partner productsDATA SHEET | FortiGate® 30E-3G4GDeploymentU nified Threat Management(UTM)§Integrated wired and wireless networking to simplify IT§Purpose-built hardware for industry best performance with easyadministration through cloud management§Provides consolidated security and networking for smallbusinesses and consistently provides top-rated threat protection§Proactively blocks newly discovered sophisticated attacks inreal-time with advanced threat protectionS ecureSD-WAN§Secure direct Internet access for Cloud Applications forimproved latency and reduce WAN cost spending§High-performance and cost-effective threat protectioncapabilities§WAN Path Controller and Link Health Monitoring for betterapplication performance and quality of experience§Security Processer powered industry’s best IPsec VPN and SSLInspection performance§Simplified Management and Zero Touch deploymentFortiGate 30E-3G4G deployment in Small Office(UTM)FortiGate 30E-3G4G deployment in Enterprise Branch(Secure SD-WAN)Secure AccessSwitchDATA SHEET | FortiGate ® 30E-3G4G3HardwareInterfaces1. USB Port2. Console Port3. 1x GE RJ45 WAN PortFortiGate 30E-3G4GInstall in Minutes with FortiExplorerThe FortiExplorer wizard enables easy setup and configuration coupled with easy-to-follow instructions. FortiExplorer runs on popular iOS devices. Using FortiExplorer is as simple as starting the application and connecting to the appropriate USB port on the FortiGate. By using FortiExplorer, you can be up and running and protected in minutes.3G/4G WAN ExtensionsThe FortiGate 30E-3G4G includes built-in 3G/4G modem that allows additional WAN connectivity or a redundant link for maximum reliability.Compact and Reliable Form FactorDesigned for small environments, you can simply place the FortiGate 30E-3G4G on a desktop. It is small, lightweight yet highly reliable with superior MTBF (Mean Time Between Failure), minimizing the chance of a network disruption.4. 4x GE RJ45 Switch Ports5. Internal 3G4G ModemFortiOSControl all security and networking capabilities across the entireFortiGate platform with one intuitive operating system. Reducecomplexity, costs, and response time with a truly consolidatednext-generation security platform.§ A truly consolidated platform with a single OS and pane-of-glassfor all security and networking services across all FortiGateplatforms.§Industry-leading protection: NSS Labs Recommended, VB100,AV Comparatives, and ICSA validated security and performance.Ability to leverage latest technologies such as deception-basedsecurity.§Control thousands of applications, block the latest exploits, andfilter web traffic based on millions of real-time URL ratings inaddition to true TLS 1.3 support.§Prevent, detect, and mitigate advanced attacks automaticallyin minutes with integrated AI-driven breach prevention andadvanced threat protection.§Fulfil your networking needs with extensive routing, switching,and SD-WAN capabilities along with intent-based segmentation.§Utilize SPU hardware acceleration to boost security capabilityperformance.dynamically expand and adapt as more and more workloads and dataare added. Security seamlessly follows and protects data, users, andapplications as they move between IoT, devices, and cloud environmentsthroughout the network. All this is ties together under a single pane ofglass management for significantly thereby delivering leading securitycapabilities across your entire environment while also significantly reducingcomplexity.FortiGates are the foundation of Security Fabric, expanding securityvia visibility and control by tightly integrating with other Fortinet securityproducts and Fabric-Ready Partner solutions.ServicesFortiGuard™Security ServicesFortiGuard Labs offers real-time intelligence on the threatlandscape, delivering comprehensive security updates acrossFortiCare™Support ServicesOur FortiCare customer support team provides global technicalsupport for all Fortinet products. With support staff in the Americas,DATA SHEET | FortiGate ® 30E-3G4G5SpecificationsNote: All performance values are “up to” and vary depending on system configuration. 1. IPsec VPN performance test uses AES256-SHA256.2. IPS (Enterprise Mix), Application Control, NGFW and Threat Protection are measured with Logging enabled.3. SSL Inspection performance test uses TLS v1.2 with AES128-SHA256.4. NGFW performance is measured with Firewall, IPS and Application Control enabled.5. Threat Protection performance is measured with Firewall, IPS, Application Control and MalwareProtection enabled.Firewall Latency (64 byte UDP packets)130 μs Firewall Throughput (Packets Per Second)180 Kpps Concurrent Sessions (TCP)900,000New Sessions/Second (TCP)15,000Firewall Policies5,000IPsec VPN Throughput (512 byte) 175 Mbps Gateway-to-Gateway IPsec VPN Tunnels 200Client-to-Gateway IPsec VPN Tunnels 250SSL-VPN Throughput35 Mbps Concurrent SSL-VPN Users(Recommended Maximum, Tunnel Mode)100SSL Inspection Throughput (IPS, HTTP) 3160 Mbps Application Control Throughput (HTTP 64K) 2400 Mbps CAPWAP Throughput (HTTP 64K)850 Mbps Virtual Domains (Default / Maximum) 5 / 5Maximum Number of FortiSwitches Supported 8Maximum Number of FortiAPs (Total / Tunnel Mode)2 / 1Maximum Number of FortiTokens500Maximum Number of Registered FortiClients 200High Availability ConfigurationsActive/Active, Active/Passive, ClusteringFG-30E-3G4G-GBLRegional CompatibilityAll RegionsModem Model Sierra Wireless EM7565LTE B1, B2, B3, B4, B5, B7, B8, B9, B12, B13, B18, B19, B20, B26, B28, B29, B30, B32, B41, B42, B43, B46, B48, B66UMTS/HSPA+B1, B2, B3, B4, B5, B6, B8, B9, B19WCDMA–CDMA 1xRTT/EV-DO Rev A –GSM/GPRS/EDGE –Module Certifications CE, FCC, GCF, IC, JRF/JPA, NCC, PTCRBDiversity Yes MIMO Yes GNSS BiasYesDATA SHEET | FortiGate ® 30E-3G4GCopyright © 2019 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common lawtrademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.FST -PROD-DS-GT30E2FGFWF-30E-3G4G-DAT -R13-201904Order InformationBundlesFortiGuard BundleFortiGuard Labs delivers a number of security intelligence services to augment the FortiGate firewall platform. You can easily optimize the protection capabilities of your FortiGate with one of these FortiGuard Bundles.Bundles 360 Protection Enterprise Protection UTM Threat Protection FortiCareASE 124x724x724x7FortiGuard App Control Service ••••FortiGuard IPS Service••••FortiGuard Advanced Malware Protection (AMP) — Antivirus, Mobile Malware, Botnet, CDR, Virus Outbreak Protection and FortiSandbox Cloud Service ••••FortiGuard Web Filtering Service •••FortiGuard Antispam Service •••FortiGuard Security Rating Service ••FortiGuard Industrial Service ••FortiCASB SaaS-only Service ••FortiConverter Service•SD-WAN Cloud Assisted Monitoring 2•SD-WAN Overlay Controller VPN Service 2• FortiAnalyzer Cloud2•FortiManager Cloud2•1. 24x7 plus Advanced Services Ticket Handling2. Available when running FortiOS 6.2ProductSKUDescriptionFortiGate 30E-3G4G-GBLFG-30E-3G4G-GBL5x GE RJ45 ports (including 1x WAN port, 4x Switch ports) with Embedded 3G/4G/LTE wireless WAN module (Global LTE – EM7565), 2 external SMA WWAN antennas included.。

深信服SD-WAN 产品使用手册目录前言 (11)手册内容 (11)本书约定 (12)技术支持 (13)致谢 (13)第1 章SDWAN 的安装 (15)1.1. 环境要求 (15)1.2. 电源 (15)1.3.产品形态 (15)1.3.1.SD-WAN-MIG 一体化网关 (16)1.3.2.SD-WAN-WOC (16)1.3.3.SDWAN 虚拟网元 (16)1.3.4.管控平台X-Central (17)1.3.5.硬件性能参数 (18)1.4.配置与管理 (19)1.5.设备接线方式 (19)1.6.设备开机方式 (20)第2 章SDWAN 组网方式 (21)2.1.hub-spoken 组网 (21)2.2.full mesh 组网 (21)2.3.partial mesh 组网 (22)第3 章SDWAN 的部署 (24)3.1.网关模式部署 (24)3.2.网桥模式部署 (24)3.3.网桥VPN 模式部署 (25)3.4.网桥多线路模式部署 (26)3.5.双网桥模式部署 (27)3.6.单臂模式的部署 (28)3.7.双单臂模式部署 (30)第4 章SD-WAN 易部署和应用选路 (32)4.1.分支邮件易部署 (32)4.2.AutoVPN (33)4.3.SD-WAN 应用选路 (34)4.3.1.指定线路 (34)4.3.2.高质量选路选路 (34)4.3.3.按剩余带宽负载 (35)4.3.4.带宽叠加 (35)4.3.5.线路质量探测原理与淘汰机制 (36)第5 章SDWAN 终端设备 (38)5.1.ssh 登录 (38)5.2.登录WebUI 配置界面 (38)5.3. 状态 (39)5.3.1.广域网优化状态 (39)5.3.2.流量监控 (42)5.3.3.DHCP 状态 (48)5.3.4.设备运行状态 (48)5.3.5.EoIP 状态 (48)5.4.路由设置 (49)5.4.1.系统设置 (50)5.4.2.部署设置 (54)5.4.3.路由设置 (85)5.4.4.用户管理 (93)5.4.5.网络对象 (97)5.4.6.DHCPv4 设置 (105)5.4.7.DHCPv6 设置 (108)5.4.8.Syslog & SNMP (109)5.4.9.SC 设置 (113)5.5.SD-WAN VPN (114)5.5.1.SDWAN 选路 (114)5.5.2. 服务端 (115)5.5.3. 客户端 (134)5.5.4. 多线路 (137)5.5.5.第三方认证 (140)5.5.6.高级设置 (144)5.6.SD-WAN VPN (153)5.6.1.第一阶段 (153)5.6.2.第二阶段 (156)5.6.3.安全选项 (159)5.6.4.EoIP 设置 (160)5.7.流量管理 (164)5.7.1.对象设置 (164)5.7.2.策略设置 (177)5.7.3.流控设置 (186)5.7.4.策略故障排除 (206)5.7.5.高级设置 (207)5.8.应用识别 (210)5.8.1.识别是管理的基础 (210)5.8.2.应用库说明 (211)5.9.NAT 设置 (212)5.9.1.代理上网网段 (212)5.9.2.端口映射 (214)5.10.安全防护能力 (216)5.10.1.端对端传输加密 (216)5.10.2.过滤规则 (217)5.10.3.防DoS 攻击 (219)5.10.4.ARP 欺骗防护 (221)5.10.5.涉及产品 (222)5.10.6.僵木蠕一次清理，保障终端安全 (223)5.10.7.已知威胁 (223)5.10.8.未知威胁 (224)5.11.高可用冗余保护 (225)5.11.1.双机部署方式 (226)5.11.2.双机维护 (227)5.13. 维护 (229)5.13.1. 日志 (230)5.13.2. 序列号 (231)5.13.3. 自动升级 (232)5.13.4. 备份/恢复 (233)5.13.5. 关机 (236)5.13.6.页面控制台 (236)5.13.7.远程技术支持 (238)第6 章方案整体设计 (240)6.1. 总部端 (240) (241) (241) (241)6.2. 数据中心互联 (241)6.3. 分支端 (242)6.4.大中型分支 (243)6.5.跨国分支 (244)6.6.智能应用选路 (245)第7 章广域网优化（SD-WAN 接入网元） (251)7.1.分钟级上线 (251)7.2.AUTO VPN (252)7.3.广域网数据传输优化 (253)7.4.广域网传输安全加固 (262)7.5.广域网立体安全防护 (263)7.6.应用及流量可视化，打造一张可管理的广域网 (267)7.7.应用识别功能 (267)对象设置 (270)策略设置 (283)流控设置 (292)7.7.1.HTP 高速传输协议解决高延迟高丢包 (312)7.7.2.改进型TCP 实现快速TCP 传输 (314)7.8.冗余数据削减技术，提高带宽吞吐 (314)7.8.1.基于码流特征的数据优化 (314)7.8.2.高效的数据流压缩算法 (316)7.8.3.全局IP 流量压缩，降低TCP 和UDP 流量占用 (316)7.9.应用加速，提升核心业务系统访问速度，提升工作效率 (317)7.9.1.传输协议优化 (317)7.9.2.应用协议优化 (318)7.9.3.CIFS 协议优化技术 (318)7.9.4.HTTP 和FTP 协议优化技术 (319)7.9.5.Exchange MAPI 协议优化技术 (320)7.9.6.RDP 与Citrix ICA 协议优化技术 (320)7.9.7.OracleTNS 协议优化技术 (320)7.9.8.常见应用系统加速效果 (321)7.10.广域网流量管理，实现流量整形和基于应用的带宽保障 (322)7.10.1.基于应用和内容的流量管理技术 (322)7.10.2.带宽通道实现智能带宽保证 (322)7.10.3.虚拟线路技术有效保障视频会议带宽，提升访问体验 (323)7.11.视频会议优化，零距离协同办公 (323)7.11.1.智能带宽保障 (323)7.11.2.丢包补偿（UDP 代理+FEC 前向校验） (324)7.11.3.业务数据压缩 (325)7.12.SD-WAN 广域网优化其他亮点技术 (326)7.12.1.移动客户端的广域网优化 (326)7.12.2.多线路复用 (327)7.12.3.HTTP 和FTP 文件预取功能 (327)7.12.4.数据中心智能报表，帮助用户智慧决策 (328)7.12.5.策略路由 (329)7.13.SD-WAN 广域网优化能为您解决的问题 (329)7.14.服务配置说明 (331)7.14.1.应用设置 (332)7.14.2.流缓存设置 (339)7.14.3.视频优化设置 (339)7.14.4. 服务端 (340)7.14.5. 客户端 (346)7.14.6.数字证书 (352)7.14.7.高级设置 (359)7.14.8.LDAP 服务器 (362)7.14.9.高级设置 (364)第8 章灰白盒化交付 (369)8.1.产品介绍 (369)8.2.集中可视可控运营管理 (371)第9 章虚拟化SD-WAN (377)9.1.性能部署要求 (377)9.1.1.场景描述 (377)9.1.2.性能相关要求 (377)9.1.3.检测性能参数 (377)9.1.4.场景拓扑 (378)9.2.前期准备 (378)9.3.部署操作 (378)9.3.1. 云部署 (378)9.3.2.WOC 基础配置 (398)9.3.3.VPN 配置 (402)9.3.4.配置引流策略 (405)9.3.5.验证VPN 业务 (405)9.4.业务配置 (406)9.4.1.加速配置 (406)9.4.2.流量管理 (406)9.4.3.SDWAN 智能选路 (406)9.5. FAQ (407)第10 章SDWAN 管控平台使用说明 (408)10.1.平台性能参数 (408)10.2.首页地图 (408)10.3.智能监控 (410)10.3.1.智能告警 (410)10.3.2.设备配置管理 (411)10.4.Restful API (412)10.4.1.协议规范说明 (412)10.4.2.用户管理接口格式 (413)10.4.3.设备管理接口格式 (414)10.4.4.虚拟网元管理网络编排接口格式 (414)10.4.5.设备功能调用接口格式 (415)10.4.6.平台管理接口格式 (415)10.4.7.数据分析输出接口格式 (415)第11 章数据中心的使用 (417)11.1. 首页 (417)11.2.流量分析 (418)11.2.1.流量排名 (418)11.2.2.带宽分布 (421)11.3.带宽优化 (423)11.4. 报表 (425)11.5. 日志 (430)11.5.1.管理日志 (430)11.5.2.防火墙日志 (431)11.6.系统设置 (433)11.6.1.数据库清理 (433)11.6.3. 子网 (435)第12 章案例集 (438)12.1.双单臂模式部署配置案例 (438)12.2.VLAN 环境下的单网桥部署配置案例 (439)12.3.网桥VPN 部署配置案例 (442)12.4.网桥多线路部署配置案例 (443)12.5.WCCP 的应用场景及配置案例 (445)12.6.MAC 跟踪的应用场景及配置案例 (447)12.7.加速本地子网和静态路由的配置案例 (450)12.8.网关VPN 模式EoIP 部署案例 (452)12.9.添加加速用户的案例 (460)12.10.Sangfor VPN 的配置案例 (462)12.10.1.隧道内NAT 案例 (462)12.10.2.移动PDLAN 用户接入WOC 设备的案例 (466)12.10.3.VPN 内网权限的设置案例 (472)12.10.4.VPN 多线路配置案例 (476)12.10.5.移动用户使用LDAP 认证接入案例 (481)12.10.6.VPN 多子网配置案例 (484)12.10.7.通过隧道间路由实现分支间互访的案例 (487)12.10.8.通过目的路由用户上网的配置案例 (489)12.11.和CISCO PIX 标准IPSEC VPN 互连的案例 (492)12.12.WOC 加速互连的案例 (500)12.12.1.为分支WOC 设备创建用户并关联策略的案例 (500)12.12.2.加速HTTP 或HTTPS 访问的Oracle EBS 案例 (501)12.12.3.加速访问Citrix 服务器的案例 (504)12.12.4.加速访问RDP 服务器的案例 (507)12.12.5.跟总部建立加速连接的配置案例 (510)12.12.6.加速Outlook Anywhere 访问Exchange 服务器的案例 (511)12.12.7.使用透明传输模式的案例 (516)12.12.8.使用反向加速建立双向加速连接的案例 (517)12.12.9.对FTP 服务器的预取案例 (524)12.12.10.通过排除规则对指定网段进行加速的案例 (525)12.13.UDP 优化配置案例 (527)12.14.委派的配置案例 (532)12.15.策略路由配置案例 (540)12.16.综合案例 (546)12.16.1.客户环境与需求 (546)12.16.2.配置思路 (546)12.16.3.总部WOC 设备配置步骤 (547)12.16.4.分支WOC 设备配置步骤 (553)附录A：SANGFOR 设备升级系统的使用 (556)附录B：通过USB 口恢复默认配置 (559)功能1：使用U 盘查看网口配置 (559)功能2：使用U 盘恢复控制台密码 (559)注意事项 (560)前言手册内容第1 部分SANGFOR SDWAN 产品介绍和安装。

sd-wan 标准SD-WAN是一种先进的网络架构，它基于第四代网络技术，可以为企业提供具有高可用性、灵活性、安全性和可扩展性的优质网络服务。

SD-WAN技术主要依赖于网络虚拟化、安全隔离、智能负载平衡和智能优化等功能来实现企业WAN网络的优化、安全加固和成本降低等目标。

为使不同厂商在SD-WAN网络构建中实现更好的协同和互通，需要指定相应的SD-WAN标准以保证广泛的可用性和稳定性。

下文将阐述SD-WAN标准的相关信息。

一、SD-WAN标准的概念SD-WAN标准是指一组规范或共识，可以保证不同厂商在SD-WAN网络构建、运维和管理各方面的协调、一致性和互通性。

SD-WAN标准的制定需要考虑以下方面：1.硬件与软件互通性：不同厂商的硬件设备和网络软件要能够相互连接和互通，以确保整个SD-WAN网络的稳定性和高可用性。

2.网络安全：SD-WAN业务数据的传输需要保证安全性和防护性，以避免数据被黑客和非法访问。

3.集中管理和控制：SD-WAN网络的运维和管理需要能够集中控制和管理，以提高管理效率和减少配置冲突。

4.设备互联和互操作性：SD-WAN标准需要确保不同设备之间的互联和互操作性，在更换设备或升级时不会影响整个SD-WAN网络。

随着SD-WAN技术的成熟和应用，很多国际和本土的SD-WAN标准已经开始制定和发布。

例如：1. MEF：是全球成立最久的SD-WAN标准制定机构之一，它提供了一系列用于云服务接入的SD-WAN技术规范和框架。

2.ONUG：是由全球IT大厂商组成的SD-WAN标准化组织，它的标准旨在提高SD-WAN网络的可用性和性能。

C：是由中国电信、中国移动和中国联通等公司组成的SD-WAN标准化联盟，主要致力于推动SD-WAN标准在中国的广泛推广和应用。

4.IETF：是互联网工程任务组，它致力于开发和制定互联网标准，包括SD-WAN协议标准。

目前，SD-WAN标准制定的进展还比较缓慢，主要是由于SD-WAN技术涉及的方方面面比较复杂，需要多方协调和共同努力才能够制订出比较成熟的标准。

深信服SD-WAN 产品使用手册目录前言 (11)手册内容 (11)本书约定 (12)技术支持 (13)致谢 (13)第1 章SDWAN 的安装 (15)1.1. 环境要求 (15)1.2. 电源 (15)1.3.产品形态 (15)1.3.1.SD-WAN-MIG 一体化网关 (16)1.3.2.SD-WAN-WOC (16)1.3.3.SDWAN 虚拟网元 (16)1.3.4.管控平台X-Central (17)1.3.5.硬件性能参数 (18)1.4.配置与管理 (19)1.5.设备接线方式 (19)1.6.设备开机方式 (20)第2 章SDWAN 组网方式 (21)2.1.hub-spoken 组网 (21)2.2.full mesh 组网 (21)2.3.partial mesh 组网 (22)第3 章SDWAN 的部署 (24)3.1.网关模式部署 (24)3.2.网桥模式部署 (24)3.3.网桥VPN 模式部署 (25)3.4.网桥多线路模式部署 (26)3.5.双网桥模式部署 (27)3.6.单臂模式的部署 (28)3.7.双单臂模式部署 (30)第4 章SD-WAN 易部署和应用选路 (32)4.1.分支邮件易部署 (32)4.2.AutoVPN (33)4.3.SD-WAN 应用选路 (34)4.3.1.指定线路 (34)4.3.2.高质量选路选路 (34)4.3.3.按剩余带宽负载 (35)4.3.4.带宽叠加 (35)4.3.5.线路质量探测原理与淘汰机制 (36)第5 章SDWAN 终端设备 (38)5.1.ssh 登录 (38)5.2.登录WebUI 配置界面 (38)5.3. 状态 (39)5.3.1.广域网优化状态 (39)5.3.2.流量监控 (42)5.3.3.DHCP 状态 (48)5.3.4.设备运行状态 (48)5.3.5.EoIP 状态 (48)5.4.路由设置 (49)5.4.1.系统设置 (50)5.4.2.部署设置 (54)5.4.3.路由设置 (85)5.4.4.用户管理 (93)5.4.5.网络对象 (97)5.4.6.DHCPv4 设置 (105)5.4.7.DHCPv6 设置 (108)5.4.8.Syslog & SNMP (109)5.4.9.SC 设置 (113)5.5.SD-WAN VPN (114)5.5.1.SDWAN 选路 (114)5.5.2. 服务端 (115)5.5.3. 客户端 (134)5.5.4. 多线路 (137)5.5.5.第三方认证 (140)5.5.6.高级设置 (144)5.6.SD-WAN VPN (153)5.6.1.第一阶段 (153)5.6.2.第二阶段 (156)5.6.3.安全选项 (159)5.6.4.EoIP 设置 (160)5.7.流量管理 (164)5.7.1.对象设置 (164)5.7.2.策略设置 (177)5.7.3.流控设置 (186)5.7.4.策略故障排除 (206)5.7.5.高级设置 (207)5.8.应用识别 (210)5.8.1.识别是管理的基础 (210)5.8.2.应用库说明 (211)5.9.NAT 设置 (212)5.9.1.代理上网网段 (212)5.9.2.端口映射 (214)5.10.安全防护能力 (216)5.10.1.端对端传输加密 (216)5.10.2.过滤规则 (217)5.10.3.防DoS 攻击 (219)5.10.4.ARP 欺骗防护 (221)5.10.5.涉及产品 (222)5.10.6.僵木蠕一次清理，保障终端安全 (223)5.10.7.已知威胁 (223)5.10.8.未知威胁 (224)5.11.高可用冗余保护 (225)5.11.1.双机部署方式 (226)5.11.2.双机维护 (227)5.13. 维护 (229)5.13.1. 日志 (230)5.13.2. 序列号 (231)5.13.3. 自动升级 (232)5.13.4. 备份/恢复 (233)5.13.5. 关机 (236)5.13.6.页面控制台 (236)5.13.7.远程技术支持 (238)第6 章方案整体设计 (240)6.1. 总部端 (240) (241) (241) (241)6.2. 数据中心互联 (241)6.3. 分支端 (242)6.4.大中型分支 (243)6.5.跨国分支 (244)6.6.智能应用选路 (245)第7 章广域网优化（SD-WAN 接入网元） (251)7.1.分钟级上线 (251)7.2.AUTO VPN (252)7.3.广域网数据传输优化 (253)7.4.广域网传输安全加固 (262)7.5.广域网立体安全防护 (263)7.6.应用及流量可视化，打造一张可管理的广域网 (267)7.7.应用识别功能 (267)对象设置 (270)策略设置 (283)流控设置 (292)7.7.1.HTP 高速传输协议解决高延迟高丢包 (312)7.7.2.改进型TCP 实现快速TCP 传输 (314)7.8.冗余数据削减技术，提高带宽吞吐 (314)7.8.1.基于码流特征的数据优化 (314)7.8.2.高效的数据流压缩算法 (316)7.8.3.全局IP 流量压缩，降低TCP 和UDP 流量占用 (316)7.9.应用加速，提升核心业务系统访问速度，提升工作效率 (317)7.9.1.传输协议优化 (317)7.9.2.应用协议优化 (318)7.9.3.CIFS 协议优化技术 (318)7.9.4.HTTP 和FTP 协议优化技术 (319)7.9.5.Exchange MAPI 协议优化技术 (320)7.9.6.RDP 与Citrix ICA 协议优化技术 (320)7.9.7.OracleTNS 协议优化技术 (320)7.9.8.常见应用系统加速效果 (321)7.10.广域网流量管理，实现流量整形和基于应用的带宽保障 (322)7.10.1.基于应用和内容的流量管理技术 (322)7.10.2.带宽通道实现智能带宽保证 (322)7.10.3.虚拟线路技术有效保障视频会议带宽，提升访问体验 (323)7.11.视频会议优化，零距离协同办公 (323)7.11.1.智能带宽保障 (323)7.11.2.丢包补偿（UDP 代理+FEC 前向校验） (324)7.11.3.业务数据压缩 (325)7.12.SD-WAN 广域网优化其他亮点技术 (326)7.12.1.移动客户端的广域网优化 (326)7.12.2.多线路复用 (327)7.12.3.HTTP 和FTP 文件预取功能 (327)7.12.4.数据中心智能报表，帮助用户智慧决策 (328)7.12.5.策略路由 (329)7.13.SD-WAN 广域网优化能为您解决的问题 (329)7.14.服务配置说明 (331)7.14.1.应用设置 (332)7.14.2.流缓存设置 (339)7.14.3.视频优化设置 (339)7.14.4. 服务端 (340)7.14.5. 客户端 (346)7.14.6.数字证书 (352)7.14.7.高级设置 (359)7.14.8.LDAP 服务器 (362)7.14.9.高级设置 (364)第8 章灰白盒化交付 (369)8.1.产品介绍 (369)8.2.集中可视可控运营管理 (371)第9 章虚拟化SD-WAN (377)9.1.性能部署要求 (377)9.1.1.场景描述 (377)9.1.2.性能相关要求 (377)9.1.3.检测性能参数 (377)9.1.4.场景拓扑 (378)9.2.前期准备 (378)9.3.部署操作 (378)9.3.1. 云部署 (378)9.3.2.WOC 基础配置 (398)9.3.3.VPN 配置 (402)9.3.4.配置引流策略 (405)9.3.5.验证VPN 业务 (405)9.4.业务配置 (406)9.4.1.加速配置 (406)9.4.2.流量管理 (406)9.4.3.SDWAN 智能选路 (406)9.5. FAQ (407)第10 章SDWAN 管控平台使用说明 (408)10.1.平台性能参数 (408)10.2.首页地图 (408)10.3.智能监控 (410)10.3.1.智能告警 (410)10.3.2.设备配置管理 (411)10.4.Restful API (412)10.4.1.协议规范说明 (412)10.4.2.用户管理接口格式 (413)10.4.3.设备管理接口格式 (414)10.4.4.虚拟网元管理网络编排接口格式 (414)10.4.5.设备功能调用接口格式 (415)10.4.6.平台管理接口格式 (415)10.4.7.数据分析输出接口格式 (415)第11 章数据中心的使用 (417)11.1. 首页 (417)11.2.流量分析 (418)11.2.1.流量排名 (418)11.2.2.带宽分布 (421)11.3.带宽优化 (423)11.4. 报表 (425)11.5. 日志 (430)11.5.1.管理日志 (430)11.5.2.防火墙日志 (431)11.6.系统设置 (433)11.6.1.数据库清理 (433)11.6.3. 子网 (435)第12 章案例集 (438)12.1.双单臂模式部署配置案例 (438)12.2.VLAN 环境下的单网桥部署配置案例 (439)12.3.网桥VPN 部署配置案例 (442)12.4.网桥多线路部署配置案例 (443)12.5.WCCP 的应用场景及配置案例 (445)12.6.MAC 跟踪的应用场景及配置案例 (447)12.7.加速本地子网和静态路由的配置案例 (450)12.8.网关VPN 模式EoIP 部署案例 (452)12.9.添加加速用户的案例 (460)12.10.Sangfor VPN 的配置案例 (462)12.10.1.隧道内NAT 案例 (462)12.10.2.移动PDLAN 用户接入WOC 设备的案例 (466)12.10.3.VPN 内网权限的设置案例 (472)12.10.4.VPN 多线路配置案例 (476)12.10.5.移动用户使用LDAP 认证接入案例 (481)12.10.6.VPN 多子网配置案例 (484)12.10.7.通过隧道间路由实现分支间互访的案例 (487)12.10.8.通过目的路由用户上网的配置案例 (489)12.11.和CISCO PIX 标准IPSEC VPN 互连的案例 (492)12.12.WOC 加速互连的案例 (500)12.12.1.为分支WOC 设备创建用户并关联策略的案例 (500)12.12.2.加速HTTP 或HTTPS 访问的Oracle EBS 案例 (501)12.12.3.加速访问Citrix 服务器的案例 (504)12.12.4.加速访问RDP 服务器的案例 (507)12.12.5.跟总部建立加速连接的配置案例 (510)12.12.6.加速Outlook Anywhere 访问Exchange 服务器的案例 (511)12.12.7.使用透明传输模式的案例 (516)12.12.8.使用反向加速建立双向加速连接的案例 (517)12.12.9.对FTP 服务器的预取案例 (524)12.12.10.通过排除规则对指定网段进行加速的案例 (525)12.13.UDP 优化配置案例 (527)12.14.委派的配置案例 (532)12.15.策略路由配置案例 (540)12.16.综合案例 (546)12.16.1.客户环境与需求 (546)12.16.2.配置思路 (546)12.16.3.总部WOC 设备配置步骤 (547)12.16.4.分支WOC 设备配置步骤 (553)附录A：SANGFOR 设备升级系统的使用 (556)附录B：通过USB 口恢复默认配置 (559)功能1：使用U 盘查看网口配置 (559)功能2：使用U 盘恢复控制台密码 (559)注意事项 (560)前言手册内容第1 部分SANGFOR SDWAN 产品介绍和安装。