What is Secure SD-WAN and How Can It Save Me Money?

No matter your type of organization — large or small, public or private — cutting expenses is always a key initiative. After all, reducing your OpEx looks good on the books and enables the company to invest in other meaningful initiatives.

One cost every organization faces is internet connectivity. Access to the internet is essential for communications, website hosting, sharing files, serving up apps and a host of other activities. But it can be expensive, especially if your organization has multiple offices, branches or stores.

Today’s broadband users, whether employees or customers, define their experience by performance rather than availability. We don’t just expect to have access to apps and videos, we demand that they perform in real time. Any delay is met with complaints and a call for more bandwidth, which increases expenses.

How to Securely Connect, Network Remote Locations

When you have a distributed network with branch or remote locations, they need to be securely connected with each other and the corporate headquarters. This can be done using several techniques. One common method is multiprotocol label switching (MPLS). Using MPLS, organizations can create a private wide-area network (WAN) to securely send data between locations via the shortest path available without going through the public internet.

“Integrated security features with SD-WAN are table stakes for most enterprises adopting the technology.”

Mike Fratto

MPLS supports multiple connection types, including T1 and frame relay. The problem? These connections have to support an increasing number of connected devices and bandwidth-intensive applications that demand higher speeds, which means they’re expensive. That’s why many distributed organizations are moving to SD-WAN (software-defined wide-area network).

“For SD-WAN to be a viable alternative to private WANs, enterprises need to ensure they have the same level of inspection and enforcement at the branch and remote sites as they have at the data center,” said Mike Fratto, analyst at 451, in SonicWall’s official launch announcement. “Integrated security features with SD-WAN are table stakes for most enterprises adopting the technology.”

Reduce Costs with Secure SD-WAN

To help organizations reduce their costs while still receiving secure and consistent performance for business-critical applications, SonicWall offers Secure SD-WAN. A feature of SonicOS 6.5.3, the operating system for SonicWall TZ and NSa firewalls, Secure SD-WAN technology enables distributed organizations to build, operate and manage secure, high-performance networks using readily-available, low-cost public internet services, such as DSL, cable and 3G/4G.

An alternative to more expensive WAN connection technologies, including MPLS, Secure SD-WAN enables virtually any organization — retailers, banks, manufacturers and others — to connect sites spread over great distances for the purpose of sharing data, applications and services. Features such as intelligent failover and load balancing help ensure consistent performance and availability of critical business and SaaS applications.

And, unlike solutions from pure-play SD-WAN providers, Secure SD-WAN doesn’t require you to purchase additional hardware or licenses.

Secure SD-WAN: Safe, Fast & Reliable

Reducing expenses is always a priority for every organization. What else is? Here are some other key issues Secure SD-WAN helps distributed enterprises solve:

  1. Protect your network from cyber criminals. Both encrypted and unencrypted traffic run through a SonicWall next-generation firewall to be scanned for threats, such as malware and ransomware, ensuring maximum threat detection and prevention. If you have a separate SD-WAN-only solution, you’ll need to make sure you also have a way to protect data from modern cyberattacks, such as encrypted threats and ransomware.
  2. Achieve consistent, optimized application performance. Realize faster, more consistent performance for SaaS and business-critical applications, such as VoIP, video and unified communications, through capabilities such as deterministic application performance, which steers the apps over less-congested links to overcome jitter, latency, packet loss and other unfavorable network conditions.
  3. Enhance agility. Using SonicWall Zero-Touch Deployment, bringing up new sites is greatly simplified. Provisioning hardware remotely removes the need to have onsite IT personnel perform the task. In addition, IT administrators can manage the entire network, including devices at SD-WAN-enabled branch/remote locations, through a single pane of glass using Capture Security Center, SonicWall’s cloud-based management and analytics platform.

Learn more about how SonicWall can help your distributed enterprise reduce costs and complexity while enhancing security by switching from expensive MPLS to Secure SD-WAN.

Scott Grebe on Twitter
Scott Grebe
Senior Product Marketing Manager | SonicWall
Scott Grebe has over 20 years of product marketing and product management experience working for high tech companies including SonicWall, Apple Computer and SGI. In his current role, Mr. Grebe is a senior product marketing manager for security products at SonicWall. Mr. Grebe holds an M.S. in Communications (television/radio/film) from the S.I. Newhouse School of Public Communications at Syracuse University.
6 replies
  1. Adam Gilman
    Adam Gilman says:

    Sounds great on the surface. Is there a good technical explanation of why SD-WAN is so great? It just sounds like a buzz word for using a site-to-site VPN. I guess I’d like to know why we should swap out our Site-to-Site VPN for SD-WAN.

    • Darren Card
      Darren Card says:

      From what I understand it will not have much “cost savings” if you are using site to site VPN, as that message is aimed at companies who use a lot of MPLS with heavy ISP service charges.

      But it could potentially be easier to centrally administer than managing multiple site to site connections.
      Also it will be easier to leverage redundant ISP connections allowing for load balancing and auto failover through multiple gateway IP’s at each site without needing hardware routing and load balancing solutions in front of the firewall.
      Potentially some WAN Acceleration is available with the cloud SD-WAN.
      It will allow for an easier to manage security layer for any Cloud resources connected to your multiple offices.
      Allow each site to connect directly to Cloud or Data Center services without needing to route through head office reducing head office bandwidth usage.

      So though there is less financial benefit if you are not using MPLS, it may ease network administration while offering better WAN routing options.

      Glad SonicWALL has been able to add this to their portfolio for sure.

    • Scott Grebe
      Scott Grebe says:

      Adam and Alex,

      Great questions. You don’t need to replace site-to-site VPN. SD-WAN requires more than one site-to-site VPN tunnel. It is an overlay technology on top of existing site-to-site connections.

      SD-WAN introduces additional capabilities that help deliver more consistent application performance through load balancing and intelligently moving applications between multiple paths when unfavorable network conditions — such as latency, jitter and packet loss — arise. This provides a superior overall user experience compared to single site-to-site VPN connectivity. SD-WAN can also be used for SaaS applications in the cloud. Hope this adds some clarity around SD-WAN capabilities.

  2. Barry Cosme
    Barry Cosme says:

    Scott – Using the SD-WAN features of SonicWall is it possible to aggregate multiple (perhaps low cost) ISPs into a single highly reliable internet service that automatically switches to the best ISP for specific traffic (like VOIP or data) based upon packet loss, jitter, lag or outages?

    • Scott Grebe
      Scott Grebe says:


      Yes, SD-WAN technology does enable you to combine multiple low-cost public internet links from more than one ISP. When poor conditions happen like the ones you mentioned, connections are automatically moved over to the best available path, regardless of the ISP.

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply