深信服SD-WAN产品介绍

Simplifying SD-WAN Operations with Single-Pane ManagementExecutive SummarySoftware-defined wide area networking (SD-WAN) is rapidly replacingtraditional WAN for remote office and branch deployments. While SD-WANoffers performance benefits that support new digital innovations, many SD-WANsolutions lack consolidated networking and security features. In response, manynetwork leaders have had to add a complex assortment of tools and solutions tomanage and protect their SD-WAN deployments. Instead, they need a simplifiedapproach to contain costs, improve efficiency, and reduce risks. Fortinet SecureSD-WAN addresses each of these requirements, combining next-generationfirewalls (NGFWs) with integrated solutions for management and analytics tocentralize and simplify SD-WAN operations.Supporting Innovation While Securing Growing BusinessesDistributed enterprises are adopting digital innovations—such as Software-as-a-Service (SaaS) applications and real-time applications such as voice and video—toincrease productivity, improve communications, and foster rapid business growth.However, traditional WAN architectures at many branch and remote office locationsstruggle to support the traffic demands of these new technologies. This has ledto increasing adoption of SD-WAN architectures that utilize more affordable directinternet connections. The SD-WAN market is expected to grow to over $30 billion in2030, from $3.5 billion in 2022, with a CAGR of 31.2% from 2022 to 2030.1But while SD-WAN improves networking bandwidth, it can also increase theorganization’s risk exposure. According to Gartner survey analysis, “Customerscontinue to strive for better WAN performance and visibility, but security now topstheir priorities when it comes to the challenges with their WAN.2In many organizations, the need for SD-WAN security has led network engineeringand operations leaders to incorporate many different tools and point products toaddress individual functions, threat exposures, or compliance requirements. But thisapproach leads to infrastructure complexity, which increases manageability burdenswhile creating new defensive gaps at the network edge.Fortinet Simplifies and Secures SD-WAN DeploymentsConsolidating networking and security tools requires a secure SD-WAN solution thateliminates the complexity of disaggregated branch infrastructures. This not onlyreduces the organization’s attack surface while enabling digital innovation initiatives,but it also simplifies operations for networking teams. SOLUTION BRIEFFortinet enables the convergence of networking and security to simplify network operations, ensuring a secure and optimized user experience across all network edges with the hybrid mesh firewall (HMF). Hybrid mesh firewall is a new concept bringing all firewall deployments together in an integrated mesh to manage, monitor, and secure all firewall deployments. It unifies network management and security policies for all firewall deployments, whether on-premises for branch, campus, and data centerdeployments or virtual firewalls for cloud and cloud-native environments. It also uses artificial intelligence and machine learning to provide advanced threat protection. FortiManager is the foundation of HMF, offering unified, centralized management of all FortiGate deployments.Fortinet Secure SD-WAN can leverage a single-pane-of-glass console with an SD-WAN orchestrator offered as part ofFortiManager and provide enhanced analytics and improved reporting with FortiAnalyzer. This allows organizations tosignificantly simplify centralized deployment, enable automation to save time, and offer business-centric policies.Figure 1: SD-WAN use case featuring network operations center solutions Zero-touch deploymentOrganizations implementing Fortinet Secure SD-WAN can leverage FortiManager to accelerate deployment, reducing the time from days to minutes. FortiManager zero-touch deployment capabilities enable FortiGate devices to be plugged in at a branch location and then automatically configured by FortiManager at the main office via a broadband connection, thereby avoiding the time and cost of truck rolls. Fortinet’s approach can also leverage an existing SD-WAN configuration as a template to accelerate the deployment of new branches and remote sites at scale.Centralized management for distributed organizationsCentralized management through the FortiManager of all distributed networks across the organization helps network leaders drastically reduce the opportunities for configuration errors that lead to cyber-risk exposures and network outages.Secure SD-WAN orchestrator is part of the FortiManager. This allows customers to significantly simplify centralized deployment, enable automation to save time, and offer business-centric policies. Fortinet management tools can support much larger deployments than competing solutions—up to 100,000 FortiGate devices. Features such as SD-WAN and NGFW templating, enterprise-grade configuration management, and role-based access controls help network engineering and operations leaders quickly mitigate human errors.SD-WAN reporting and analyticsEnhanced analytics for WAN link availability, performance service-level agreements (SLAs) and application traffic in runtime, and historical stats allow the infrastructure team to troubleshoot and quickly resolve network issues. FortiManager, integrated with FortiAnalyzer, offers advanced telemetry for application visibility and network performance to achieve faster resolution and reduce the number of IT support tickets. On-demand SD-WAN reports provide further insight into the threat landscape, trust level, and asset access, which are mandated for compliance.Network Operations Center Solutions FortiManager with SD-WAN Orchestrator and FortiAnalyzerBranch Branch Branch Third-Party ToolsSD-WAN Orchestrator FortiManager FortiAnalyzerFortiGate FortiGate FortiGateCompliance reportingOrganizations need reports and tools for customization to help prove compliance to their auditors. However, compliance management has traditionally been a costly, labor-intensive process for networking teams—often requiring multiple full-time staff and months of work to aggregate and normalize data from multiple point security products.Fortinet accelerates compliance reporting by simplifying security infrastructure and eliminating the need for many manual processes. FortiManager and FortiAnalyzer include customizable regulatory templates as well as canned reports for standards such as Payment Card Industry Data Security Standard (PCI DSS), Security Activity Report (SAR), Center for Internet Security (CIS), and National Institute of Standards and Technology (NIST). They also provide audit logging and role-based access control (RBAC) to ensure that employees can only access the information they need to perform their jobs.As an extension of FortiManager and FortiAnalyzer capabilities, the FortiGuard Security Rating Service runs audit checks to help security and networking teams identify critical vulnerabilities and configuration weaknesses in their Security Fabric setup and implement best-practice recommendations. As part of the service, network leaders can compare their organization’s security posture score against those of other industry peers.5Integration and automationTo be effective, security must integrate seamlessly across every part of the distributed organization—every branch and remote office location. Network engineering and operations leaders need full visibility across the entire attack surface from a single location. They then need automated responses to reduce the time window from detection to remediation and alleviate the burdens of manual tasks from their staff.FortiManager and FortiAnalyzer help decrease threat remediation time from months to minutes by coordinating policy-based automated response actions across the Fortinet Security Fabric, an integrated security architecture that unlocks security workflows and threat intelligence automation. A detected incident alert sent with contextual awareness data from one branch location allows a network administrator to quickly determine a course of action to protect the entire enterprise against a potential coordinated attack. Certain events can also trigger automatic changes to device configurations to instantly close the loop on attack mitigation.FortiAnalyzer and FortiManager also automate many required SD-WAN tasks to help network leaders reduce the burden on their staff resources. Both products integrate with third-party tools, such as security information and event management (SIEM), IT service management (ITSM), and DevOps (for example, Ansible, Terraform), to preserve existing workflows and previous investments in other security and networking tools.Delivering Value, Simplicity, and SecurityFortiManager and FortiAnalyzer deliver enterprise-class security and branch networking capabilities with industry-leading benefits: Increases ROI: Fortinet’s integrated approach to secure SD-WAN improves return on investment (ROI) by consolidating the number of networking and security tools required via capital expenditure (CapEx) while also reducing operating expenses (OpEx) through simplified management and workflow automation. The move to public broadband means expensive multiprotocol label switching (MPLS) connections can be replaced with more cost-effective options. Here, Fortinet Secure SD-WAN delivers 300% ROI over three years, eight months payback, a 65% reduction in the number of network disruptions, and a 50% increase in the productivity of security and network teams.6Improves efficiency: Simultaneously, Fortinet institutes a simplified infrastructure for SD-WAN that reduces operational complexity both at the branch and across the entire distributed organization. Fortinet Secure SD-WAN can be administered through a single, intuitive management console. With FortiManager, FortiGate devices are true plug-and-play. Centralized policies and device information can be configured with FortiManager, and the FortiGate devices are automatically updatedto the latest policy configuration. The flexibility of single-pane-of-glass management includes scalable remote security and network control via the cloud for all branches and locations.Contains risks: Fortinet’s tracking and reporting features help organizations ensure compliance with privacy laws, security standards, and industry regulations while reducing risks associated with fines and legal costs in the event of a breach. FortiAnalyzer tracks real-time threat activity, facilitates risk assessment, detects potential issues, and helps mitigate problems. Its close integration with Fortinet Secure SD-WAN allows it to monitor firewall policies and help automate compliance audits across distributed business infrastructures.The average total cost of a data breach ($4.35 million) in 2022, a 2.6% increase from last year.7Fortinet Realizes Secure SD-WANThere are many use cases for secure SD-WAN, and Fortinet’s unique approach enables them in the most effective way for all types of SD-WAN projects. Simplifying SD-WAN operations is core to successful implementation and expansion in supportof digital innovation initiatives. Fortinet Secure SD-WAN with FortiManager and FortiAnalyzer offers best-of-breed SD-WAN management and analytics capabilities that help network leaders reduce operational costs and risks at the network edge.1“SD-WAN Market,” Prescient & Strategic Intelligence, Dec. 2022.2“Fortinet Named a 2023 Gartner® Peer Insights™ Customers’ Choice for SD-WAN for the Fourth Year in a Row,” Fortinet, March 23, 2023.3“2022 Gartner® Magic Quadrant™ for SD-WAN,” Gartner, September 2022.4 Meiran Galis, “Security Compliance: Hurdle or Critical Growth Strategy,” Forbes, June 13, 2023.5“FortiGuard Security Rating Service,” Fortinet, accessed July 20, 2023.6“The Total Economic Impact™ Of Fortinet Secure SD-WAN,” Forrester, Dec. 2022.7“Cost of a Data Breach Report 2022,” Ponemon Institute and IBM, July 2022. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.Copyright © 2023 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.。

虚拟网络技术：SD-WAN、SDN、NFV等技术的特点、功能和应用场景对比分析虚拟网络技术在网络架构和管理方面发生了革命性的变化，使得网络更加灵活和可管理。

本文将对SD-WAN、SDN和NFV等技术进行特点、功能和应用场景的对比分析，以便读者更好地了解这些技术的优势和用途。

一、SD-WAN技术SD-WAN（软件定义的广域网）是一种网络技术，通过软件定义的方式来管理和控制广域网，以提高网络性能、降低成本和简化管理。

SD-WAN的特点和功能如下：特点：1.灵活性和可管理性：SD-WAN采用软件定义的方式，可以灵活地配置和管理网络，提供更加灵活的网络部署和管理。

2.智能路由：SD-WAN可以根据网络流量和应用需求动态调整路由，提高网络性能和响应速度。

3.多连接支持：SD-WAN可以支持多种广域网连接方式，如MPLS、互联网和LTE等，提供更加稳定和可靠的网络连接。

4.安全性：SD-WAN可以提供更加灵活的安全策略，实现安全的网络连接和数据传输。

功能：1.负载均衡：SD-WAN可以根据网络流量动态调整数据传输路径，实现负载均衡，提高网络性能和带宽利用率。

2.应用优化：SD-WAN可以识别和优化不同应用的网络传输，提高应用性能和用户体验。

3.网络监控：SD-WAN可以实时监控网络性能和流量，提供实时的网络状态和性能数据，方便网络管理和优化。

4.管理简化：SD-WAN可以通过集中化的管理平台对网络进行统一管理和配置，简化了网络管理的复杂性。

应用场景：1.分支机构连接：SD-WAN可以用于连接多个分支机构，提供快速、可靠和安全的连接。

2.云服务接入：SD-WAN可以用于连接企业内部网络和云服务提供商，实现灵活的云服务接入。

3.性能优化：SD-WAN可以用于优化网络性能，提高网络响应速度和带宽利用率。

二、SDN技术SDN（软件定义网络）是一种网络技术，通过将网络数据平面和控制平面分离，实现网络的灵活性和可编程性。

Fortinet Secure SD-WAN Architecture ComponentsFortiGate Next Generation Firewall CapabilitiesApplication AwarenessFortiGuard LabsFortiSandbox Security Rating ServiceMPLSSwitched EthernetBroadbandFortiExtenderFortiDeployFortiManagerFortiGateFortiAuthenticatorFortiSSOFortiGateFortiManagerFortiAnalyzerFortiSIEMCIO•Enable Digital Transformation•Application Resilience & Recovery •Integrated Security Infrastructure •Edge Device Consolidation •CapEx & OpEx ReductionCISO•Attack Surface Visibility •Reduced Complexity•Increased Response Time •Compliance Posture Visibility •D&R Automation•Security Framework AlignmentSecurity ProcessorIPS Content FilterAnti-BotnetApp ControlReputation AntivirusSSL InspectionVLANRouter IPSNGFW SD-WAND a t a C e n t e rP r i v a t e C l o u dM u l t i -C l o u dI n t e r n a l S e r v e r sVMsE x t e r n a l S e r v i c e s•WAN Path Controller •Application Awareness •Zero Touch Deployment •Device Consolidation•Improved WAN Link Performance •Dynamic Application Distribution•Next Generation Firewall (NGFW)•Multi-Transport Support •Centralized Management•Single-Pane-of-Glass Monitoring •Identity-Based Policy•Service Level Agreements (WAN Metrics)•Traffic Shaping & Policing3 M b p s25 Mbps100 Mbps500 M b p sBranch OfficeNGFWSD-WAN MembersBroadbandIPSec Tunnel MPLSLANDigital Transformation for Enterprise BranchMPLSInternetSIEM &Analytics Provisioning Server Threat Intelligence Monitoring & ManagementD a t a C e n t e r•WAN Path Controller •Application Awareness •Zero Touch Deployment •Device Consolidation •Improved WAN Link Performance•Dynamic Application Distribution•Identity-Based Policy •Traffic Shaping & Policing•Next Generation Firewall (NGFW)•Multi-Transport Support •Centralized Management•Single-Pane-of-Glass Monitoring •Service Level Agreements (WAN Metrics)I n t e r n a l S e r v e r sVMsE x t e r n a l S e r v i c e s1 G b p s10 Mbps10 Mbps50 M b p s50 MbpsSD-WAN MembersSD-WAN MembersReduce WAN OpEx with Direct Internet AccessBroadbandIPSec Tunnel MPLSLANP r i v a t e C l o u dM u l t i -C l o u d10 Mbps100 MbpsBranch OfficeSD-WAN MembersInternetNGFWNGFWMPLSSIEM &Analytics Provisioning Server Threat Intelligence Monitoring & ManagementNGFW•WAN Path Controller •Application Awareness •Zero Touch Deployment •Device Consolidation•Improved WAN Link Performance •Dynamic Application Distribution •Next Generation Firewall (NGFW)•Multi-Transport Support •Centralized Management•Single-Pane-of-Glass Monitoring •Identity-Based Policy•Service Level Agreements (WAN Metrics)•Traffic Shaping & PolicingBroadbandIPSec Tunnel LANRedundant Broadband Enterprise BranchTwo Internet Service Providers Direct Internet AccessD a t a C e n t e rI n t e r n a l S e r v e r s E x t e r n a l S e r v i c e sISP1ISP22x 200 Mbps2x 50 MbpsSD-WAN MembersISP1 –InternetVMsBranch OfficeNGFWP r i v a t e C l o u dM u l t i -C l o u dSIEM &AnalyticsProvisioning Server Threat IntelligenceMonitoring & ManagementISP2 –InternetI n t e r n a l S e r v e r sE x t e r n a l S e r v i c e sD a t a C e n t e r•WAN Path Controller •Application Awareness •Zero Touch Deployment •Device Consolidation •Centralized Management•Single-Pane-of-Glass Monitoring •Identity-Based Policy•Service Level Agreements (WAN Metrics)•Traffic Shaping & PolicingFortiGateSimplify with Secure SD-Branch5 Mbps25 Mbps10 M b p s50 Mbps100 Mbps1 G b p sSD-BranchSD-BranchFortiGate Secure SD-WANFortiAPFortiAPFortiSwitchFortiSwitchFortiGate Secure SD-WANBroadbandIPSec Tunnel MPLSLANInternetMPLS•Next Generation Firewall (NGFW)•Improved WAN Link Performance •Dynamic Application Distribution •Multi-Transport SupportP r i v a t e C l o u dM u l t i -C l o u d SIEM &Analytics Provisioning Server Threat Intelligence Monitoring & Management•WAN Path Controller •Application Awareness •Zero Touch Deployment •Device Consolidation •Improved WAN Link Performance•Dynamic Application Distribution•Next Generation Firewall •Multi-Transport Support •Centralized Management •Single-Pane-of-Glass Monitoring•Identity-Based Policy •Service LevelAgreements (WAN Metrics)•Traffic Shaping & PolicingISP1 (20 Mbps)Branch Office100 Mbps ISP1 (Broadband)ISP2 (LTE)ISP2 (LTE)SD-WAN MembersRedundant Connectivity Enterprise BranchBroadband with LTE Direct Internet AccessInternetNGFWD a t a C e n t e rI n t e r n a l S e r v e r sVMsE x t e r n a l S e r v i c e sP r i v a t e C l o u dM u l t i -C l o u dSIEM &Analytics Provisioning Server Threat Intelligence Monitoring & ManagementBroadbandIPSec Tunnel LANIPsec。

Firewall IPS NGFW Threat Protection Interfaces 950 Mbps 300 Mbps 200 Mbps 150 MbpsMultiple GE RJ45Refer to specification table for detailsfanless desktop form factor for enterprise branch offices and mid-sized businesses. Protect against cyber threats with industry-leading secure SD-WAN in a simple, affordable and easy to deploy solution.Security§Identifies thousands of applications inside network traffic for deep inspection and granular policy enforcement§Protects against malware, exploits, and malicious websites in both encrypted and non-encrypted traffic§Prevent and detect against known and unknown attacks using continuous threat intelligence from AI powered FortiGuard Labs security services Performance§Delivers industry’s best threat protection performance and ultra-low latency using purpose-built security processor (SPU) technology§Provides industry-leading performance and protection for SSL encrypted traffic Certification§Independently tested and validated best security effectiveness and performance§Received unparalleled third-party certifications from NSS Labs, ICSA, Virus Bulletin and AV ComparativesNetworking§Best of Breed SD-WAN capabilities to enable application steering using WAN path control for high quality of experience §Delivers extensive routing, switching, wireless controller, high-performance, and scalable IPsec VPN capabilities Management§Includes Management Console that’s effective, simple to use, and provides comprehensive network automation & visibility. §Provides Zero Touch Integration with Security Fabric’s Single Pane of Glass Management§Predefined compliance checklist analyzes the deployment and highlights best practices to improve overall security posture Security Fabric§Enables Fortinet and Fabric-ready partners’ products to provide broader visibility, integrated end-to-end detection, threatintelligence sharing and automated remediation§Automatically builds Network Topology visualizations which discover IoT devices and provide complete visibility into Fortinet and Fabric-ready partner productsDATA SHEET | FortiGate® 30E-3G4GDeploymentU nified Threat Management(UTM)§Integrated wired and wireless networking to simplify IT§Purpose-built hardware for industry best performance with easyadministration through cloud management§Provides consolidated security and networking for smallbusinesses and consistently provides top-rated threat protection§Proactively blocks newly discovered sophisticated attacks inreal-time with advanced threat protectionS ecureSD-WAN§Secure direct Internet access for Cloud Applications forimproved latency and reduce WAN cost spending§High-performance and cost-effective threat protectioncapabilities§WAN Path Controller and Link Health Monitoring for betterapplication performance and quality of experience§Security Processer powered industry’s best IPsec VPN and SSLInspection performance§Simplified Management and Zero Touch deploymentFortiGate 30E-3G4G deployment in Small Office(UTM)FortiGate 30E-3G4G deployment in Enterprise Branch(Secure SD-WAN)Secure AccessSwitchDATA SHEET | FortiGate ® 30E-3G4G3HardwareInterfaces1. USB Port2. Console Port3. 1x GE RJ45 WAN PortFortiGate 30E-3G4GInstall in Minutes with FortiExplorerThe FortiExplorer wizard enables easy setup and configuration coupled with easy-to-follow instructions. FortiExplorer runs on popular iOS devices. Using FortiExplorer is as simple as starting the application and connecting to the appropriate USB port on the FortiGate. By using FortiExplorer, you can be up and running and protected in minutes.3G/4G WAN ExtensionsThe FortiGate 30E-3G4G includes built-in 3G/4G modem that allows additional WAN connectivity or a redundant link for maximum reliability.Compact and Reliable Form FactorDesigned for small environments, you can simply place the FortiGate 30E-3G4G on a desktop. It is small, lightweight yet highly reliable with superior MTBF (Mean Time Between Failure), minimizing the chance of a network disruption.4. 4x GE RJ45 Switch Ports5. Internal 3G4G ModemFortiOSControl all security and networking capabilities across the entireFortiGate platform with one intuitive operating system. Reducecomplexity, costs, and response time with a truly consolidatednext-generation security platform.§ A truly consolidated platform with a single OS and pane-of-glassfor all security and networking services across all FortiGateplatforms.§Industry-leading protection: NSS Labs Recommended, VB100,AV Comparatives, and ICSA validated security and performance.Ability to leverage latest technologies such as deception-basedsecurity.§Control thousands of applications, block the latest exploits, andfilter web traffic based on millions of real-time URL ratings inaddition to true TLS 1.3 support.§Prevent, detect, and mitigate advanced attacks automaticallyin minutes with integrated AI-driven breach prevention andadvanced threat protection.§Fulfil your networking needs with extensive routing, switching,and SD-WAN capabilities along with intent-based segmentation.§Utilize SPU hardware acceleration to boost security capabilityperformance.dynamically expand and adapt as more and more workloads and dataare added. Security seamlessly follows and protects data, users, andapplications as they move between IoT, devices, and cloud environmentsthroughout the network. All this is ties together under a single pane ofglass management for significantly thereby delivering leading securitycapabilities across your entire environment while also significantly reducingcomplexity.FortiGates are the foundation of Security Fabric, expanding securityvia visibility and control by tightly integrating with other Fortinet securityproducts and Fabric-Ready Partner solutions.ServicesFortiGuard™Security ServicesFortiGuard Labs offers real-time intelligence on the threatlandscape, delivering comprehensive security updates acrossFortiCare™Support ServicesOur FortiCare customer support team provides global technicalsupport for all Fortinet products. With support staff in the Americas,DATA SHEET | FortiGate ® 30E-3G4G5SpecificationsNote: All performance values are “up to” and vary depending on system configuration. 1. IPsec VPN performance test uses AES256-SHA256.2. IPS (Enterprise Mix), Application Control, NGFW and Threat Protection are measured with Logging enabled.3. SSL Inspection performance test uses TLS v1.2 with AES128-SHA256.4. NGFW performance is measured with Firewall, IPS and Application Control enabled.5. Threat Protection performance is measured with Firewall, IPS, Application Control and MalwareProtection enabled.Firewall Latency (64 byte UDP packets)130 μs Firewall Throughput (Packets Per Second)180 Kpps Concurrent Sessions (TCP)900,000New Sessions/Second (TCP)15,000Firewall Policies5,000IPsec VPN Throughput (512 byte) 175 Mbps Gateway-to-Gateway IPsec VPN Tunnels 200Client-to-Gateway IPsec VPN Tunnels 250SSL-VPN Throughput35 Mbps Concurrent SSL-VPN Users(Recommended Maximum, Tunnel Mode)100SSL Inspection Throughput (IPS, HTTP) 3160 Mbps Application Control Throughput (HTTP 64K) 2400 Mbps CAPWAP Throughput (HTTP 64K)850 Mbps Virtual Domains (Default / Maximum) 5 / 5Maximum Number of FortiSwitches Supported 8Maximum Number of FortiAPs (Total / Tunnel Mode)2 / 1Maximum Number of FortiTokens500Maximum Number of Registered FortiClients 200High Availability ConfigurationsActive/Active, Active/Passive, ClusteringFG-30E-3G4G-GBLRegional CompatibilityAll RegionsModem Model Sierra Wireless EM7565LTE B1, B2, B3, B4, B5, B7, B8, B9, B12, B13, B18, B19, B20, B26, B28, B29, B30, B32, B41, B42, B43, B46, B48, B66UMTS/HSPA+B1, B2, B3, B4, B5, B6, B8, B9, B19WCDMA–CDMA 1xRTT/EV-DO Rev A –GSM/GPRS/EDGE –Module Certifications CE, FCC, GCF, IC, JRF/JPA, NCC, PTCRBDiversity Yes MIMO Yes GNSS BiasYesDATA SHEET | FortiGate ® 30E-3G4GCopyright © 2019 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common lawtrademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.FST -PROD-DS-GT30E2FGFWF-30E-3G4G-DAT -R13-201904Order InformationBundlesFortiGuard BundleFortiGuard Labs delivers a number of security intelligence services to augment the FortiGate firewall platform. You can easily optimize the protection capabilities of your FortiGate with one of these FortiGuard Bundles.Bundles 360 Protection Enterprise Protection UTM Threat Protection FortiCareASE 124x724x724x7FortiGuard App Control Service ••••FortiGuard IPS Service••••FortiGuard Advanced Malware Protection (AMP) — Antivirus, Mobile Malware, Botnet, CDR, Virus Outbreak Protection and FortiSandbox Cloud Service ••••FortiGuard Web Filtering Service •••FortiGuard Antispam Service •••FortiGuard Security Rating Service ••FortiGuard Industrial Service ••FortiCASB SaaS-only Service ••FortiConverter Service•SD-WAN Cloud Assisted Monitoring 2•SD-WAN Overlay Controller VPN Service 2• FortiAnalyzer Cloud2•FortiManager Cloud2•1. 24x7 plus Advanced Services Ticket Handling2. Available when running FortiOS 6.2ProductSKUDescriptionFortiGate 30E-3G4G-GBLFG-30E-3G4G-GBL5x GE RJ45 ports (including 1x WAN port, 4x Switch ports) with Embedded 3G/4G/LTE wireless WAN module (Global LTE – EM7565), 2 external SMA WWAN antennas included.。

深信服SD-WAN 产品使用手册目录前言 (11)手册内容 (11)本书约定 (12)技术支持 (13)致谢 (13)第1 章SDWAN 的安装 (15)1.1. 环境要求 (15)1.2. 电源 (15)1.3.产品形态 (15)1.3.1.SD-WAN-MIG 一体化网关 (16)1.3.2.SD-WAN-WOC (16)1.3.3.SDWAN 虚拟网元 (16)1.3.4.管控平台X-Central (17)1.3.5.硬件性能参数 (18)1.4.配置与管理 (19)1.5.设备接线方式 (19)1.6.设备开机方式 (20)第2 章SDWAN 组网方式 (21)2.1.hub-spoken 组网 (21)2.2.full mesh 组网 (21)2.3.partial mesh 组网 (22)第3 章SDWAN 的部署 (24)3.1.网关模式部署 (24)3.2.网桥模式部署 (24)3.3.网桥VPN 模式部署 (25)3.4.网桥多线路模式部署 (26)3.5.双网桥模式部署 (27)3.6.单臂模式的部署 (28)3.7.双单臂模式部署 (30)第4 章SD-WAN 易部署和应用选路 (32)4.1.分支邮件易部署 (32)4.2.AutoVPN (33)4.3.SD-WAN 应用选路 (34)4.3.1.指定线路 (34)4.3.2.高质量选路选路 (34)4.3.3.按剩余带宽负载 (35)4.3.4.带宽叠加 (35)4.3.5.线路质量探测原理与淘汰机制 (36)第5 章SDWAN 终端设备 (38)5.1.ssh 登录 (38)5.2.登录WebUI 配置界面 (38)5.3. 状态 (39)5.3.1.广域网优化状态 (39)5.3.2.流量监控 (42)5.3.3.DHCP 状态 (48)5.3.4.设备运行状态 (48)5.3.5.EoIP 状态 (48)5.4.路由设置 (49)5.4.1.系统设置 (50)5.4.2.部署设置 (54)5.4.3.路由设置 (85)5.4.4.用户管理 (93)5.4.5.网络对象 (97)5.4.6.DHCPv4 设置 (105)5.4.7.DHCPv6 设置 (108)5.4.8.Syslog & SNMP (109)5.4.9.SC 设置 (113)5.5.SD-WAN VPN (114)5.5.1.SDWAN 选路 (114)5.5.2. 服务端 (115)5.5.3. 客户端 (134)5.5.4. 多线路 (137)5.5.5.第三方认证 (140)5.5.6.高级设置 (144)5.6.SD-WAN VPN (153)5.6.1.第一阶段 (153)5.6.2.第二阶段 (156)5.6.3.安全选项 (159)5.6.4.EoIP 设置 (160)5.7.流量管理 (164)5.7.1.对象设置 (164)5.7.2.策略设置 (177)5.7.3.流控设置 (186)5.7.4.策略故障排除 (206)5.7.5.高级设置 (207)5.8.应用识别 (210)5.8.1.识别是管理的基础 (210)5.8.2.应用库说明 (211)5.9.NAT 设置 (212)5.9.1.代理上网网段 (212)5.9.2.端口映射 (214)5.10.安全防护能力 (216)5.10.1.端对端传输加密 (216)5.10.2.过滤规则 (217)5.10.3.防DoS 攻击 (219)5.10.4.ARP 欺骗防护 (221)5.10.5.涉及产品 (222)5.10.6.僵木蠕一次清理，保障终端安全 (223)5.10.7.已知威胁 (223)5.10.8.未知威胁 (224)5.11.高可用冗余保护 (225)5.11.1.双机部署方式 (226)5.11.2.双机维护 (227)5.13. 维护 (229)5.13.1. 日志 (230)5.13.2. 序列号 (231)5.13.3. 自动升级 (232)5.13.4. 备份/恢复 (233)5.13.5. 关机 (236)5.13.6.页面控制台 (236)5.13.7.远程技术支持 (238)第6 章方案整体设计 (240)6.1. 总部端 (240) (241) (241) (241)6.2. 数据中心互联 (241)6.3. 分支端 (242)6.4.大中型分支 (243)6.5.跨国分支 (244)6.6.智能应用选路 (245)第7 章广域网优化（SD-WAN 接入网元） (251)7.1.分钟级上线 (251)7.2.AUTO VPN (252)7.3.广域网数据传输优化 (253)7.4.广域网传输安全加固 (262)7.5.广域网立体安全防护 (263)7.6.应用及流量可视化，打造一张可管理的广域网 (267)7.7.应用识别功能 (267)对象设置 (270)策略设置 (283)流控设置 (292)7.7.1.HTP 高速传输协议解决高延迟高丢包 (312)7.7.2.改进型TCP 实现快速TCP 传输 (314)7.8.冗余数据削减技术，提高带宽吞吐 (314)7.8.1.基于码流特征的数据优化 (314)7.8.2.高效的数据流压缩算法 (316)7.8.3.全局IP 流量压缩，降低TCP 和UDP 流量占用 (316)7.9.应用加速，提升核心业务系统访问速度，提升工作效率 (317)7.9.1.传输协议优化 (317)7.9.2.应用协议优化 (318)7.9.3.CIFS 协议优化技术 (318)7.9.4.HTTP 和FTP 协议优化技术 (319)7.9.5.Exchange MAPI 协议优化技术 (320)7.9.6.RDP 与Citrix ICA 协议优化技术 (320)7.9.7.OracleTNS 协议优化技术 (320)7.9.8.常见应用系统加速效果 (321)7.10.广域网流量管理，实现流量整形和基于应用的带宽保障 (322)7.10.1.基于应用和内容的流量管理技术 (322)7.10.2.带宽通道实现智能带宽保证 (322)7.10.3.虚拟线路技术有效保障视频会议带宽，提升访问体验 (323)7.11.视频会议优化，零距离协同办公 (323)7.11.1.智能带宽保障 (323)7.11.2.丢包补偿（UDP 代理+FEC 前向校验） (324)7.11.3.业务数据压缩 (325)7.12.SD-WAN 广域网优化其他亮点技术 (326)7.12.1.移动客户端的广域网优化 (326)7.12.2.多线路复用 (327)7.12.3.HTTP 和FTP 文件预取功能 (327)7.12.4.数据中心智能报表，帮助用户智慧决策 (328)7.12.5.策略路由 (329)7.13.SD-WAN 广域网优化能为您解决的问题 (329)7.14.服务配置说明 (331)7.14.1.应用设置 (332)7.14.2.流缓存设置 (339)7.14.3.视频优化设置 (339)7.14.4. 服务端 (340)7.14.5. 客户端 (346)7.14.6.数字证书 (352)7.14.7.高级设置 (359)7.14.8.LDAP 服务器 (362)7.14.9.高级设置 (364)第8 章灰白盒化交付 (369)8.1.产品介绍 (369)8.2.集中可视可控运营管理 (371)第9 章虚拟化SD-WAN (377)9.1.性能部署要求 (377)9.1.1.场景描述 (377)9.1.2.性能相关要求 (377)9.1.3.检测性能参数 (377)9.1.4.场景拓扑 (378)9.2.前期准备 (378)9.3.部署操作 (378)9.3.1. 云部署 (378)9.3.2.WOC 基础配置 (398)9.3.3.VPN 配置 (402)9.3.4.配置引流策略 (405)9.3.5.验证VPN 业务 (405)9.4.业务配置 (406)9.4.1.加速配置 (406)9.4.2.流量管理 (406)9.4.3.SDWAN 智能选路 (406)9.5. FAQ (407)第10 章SDWAN 管控平台使用说明 (408)10.1.平台性能参数 (408)10.2.首页地图 (408)10.3.智能监控 (410)10.3.1.智能告警 (410)10.3.2.设备配置管理 (411)10.4.Restful API (412)10.4.1.协议规范说明 (412)10.4.2.用户管理接口格式 (413)10.4.3.设备管理接口格式 (414)10.4.4.虚拟网元管理网络编排接口格式 (414)10.4.5.设备功能调用接口格式 (415)10.4.6.平台管理接口格式 (415)10.4.7.数据分析输出接口格式 (415)第11 章数据中心的使用 (417)11.1. 首页 (417)11.2.流量分析 (418)11.2.1.流量排名 (418)11.2.2.带宽分布 (421)11.3.带宽优化 (423)11.4. 报表 (425)11.5. 日志 (430)11.5.1.管理日志 (430)11.5.2.防火墙日志 (431)11.6.系统设置 (433)11.6.1.数据库清理 (433)11.6.3. 子网 (435)第12 章案例集 (438)12.1.双单臂模式部署配置案例 (438)12.2.VLAN 环境下的单网桥部署配置案例 (439)12.3.网桥VPN 部署配置案例 (442)12.4.网桥多线路部署配置案例 (443)12.5.WCCP 的应用场景及配置案例 (445)12.6.MAC 跟踪的应用场景及配置案例 (447)12.7.加速本地子网和静态路由的配置案例 (450)12.8.网关VPN 模式EoIP 部署案例 (452)12.9.添加加速用户的案例 (460)12.10.Sangfor VPN 的配置案例 (462)12.10.1.隧道内NAT 案例 (462)12.10.2.移动PDLAN 用户接入WOC 设备的案例 (466)12.10.3.VPN 内网权限的设置案例 (472)12.10.4.VPN 多线路配置案例 (476)12.10.5.移动用户使用LDAP 认证接入案例 (481)12.10.6.VPN 多子网配置案例 (484)12.10.7.通过隧道间路由实现分支间互访的案例 (487)12.10.8.通过目的路由用户上网的配置案例 (489)12.11.和CISCO PIX 标准IPSEC VPN 互连的案例 (492)12.12.WOC 加速互连的案例 (500)12.12.1.为分支WOC 设备创建用户并关联策略的案例 (500)12.12.2.加速HTTP 或HTTPS 访问的Oracle EBS 案例 (501)12.12.3.加速访问Citrix 服务器的案例 (504)12.12.4.加速访问RDP 服务器的案例 (507)12.12.5.跟总部建立加速连接的配置案例 (510)12.12.6.加速Outlook Anywhere 访问Exchange 服务器的案例 (511)12.12.7.使用透明传输模式的案例 (516)12.12.8.使用反向加速建立双向加速连接的案例 (517)12.12.9.对FTP 服务器的预取案例 (524)12.12.10.通过排除规则对指定网段进行加速的案例 (525)12.13.UDP 优化配置案例 (527)12.14.委派的配置案例 (532)12.15.策略路由配置案例 (540)12.16.综合案例 (546)12.16.1.客户环境与需求 (546)12.16.2.配置思路 (546)12.16.3.总部WOC 设备配置步骤 (547)12.16.4.分支WOC 设备配置步骤 (553)附录A：SANGFOR 设备升级系统的使用 (556)附录B：通过USB 口恢复默认配置 (559)功能1：使用U 盘查看网口配置 (559)功能2：使用U 盘恢复控制台密码 (559)注意事项 (560)前言手册内容第1 部分SANGFOR SDWAN 产品介绍和安装。

sd-wan 标准SD-WAN是一种先进的网络架构，它基于第四代网络技术，可以为企业提供具有高可用性、灵活性、安全性和可扩展性的优质网络服务。

SD-WAN技术主要依赖于网络虚拟化、安全隔离、智能负载平衡和智能优化等功能来实现企业WAN网络的优化、安全加固和成本降低等目标。

为使不同厂商在SD-WAN网络构建中实现更好的协同和互通，需要指定相应的SD-WAN标准以保证广泛的可用性和稳定性。

下文将阐述SD-WAN标准的相关信息。

一、SD-WAN标准的概念SD-WAN标准是指一组规范或共识，可以保证不同厂商在SD-WAN网络构建、运维和管理各方面的协调、一致性和互通性。

SD-WAN标准的制定需要考虑以下方面：1.硬件与软件互通性：不同厂商的硬件设备和网络软件要能够相互连接和互通，以确保整个SD-WAN网络的稳定性和高可用性。

2.网络安全：SD-WAN业务数据的传输需要保证安全性和防护性，以避免数据被黑客和非法访问。

3.集中管理和控制：SD-WAN网络的运维和管理需要能够集中控制和管理，以提高管理效率和减少配置冲突。

4.设备互联和互操作性：SD-WAN标准需要确保不同设备之间的互联和互操作性，在更换设备或升级时不会影响整个SD-WAN网络。

随着SD-WAN技术的成熟和应用，很多国际和本土的SD-WAN标准已经开始制定和发布。

例如：1. MEF：是全球成立最久的SD-WAN标准制定机构之一，它提供了一系列用于云服务接入的SD-WAN技术规范和框架。

2.ONUG：是由全球IT大厂商组成的SD-WAN标准化组织，它的标准旨在提高SD-WAN网络的可用性和性能。

C：是由中国电信、中国移动和中国联通等公司组成的SD-WAN标准化联盟，主要致力于推动SD-WAN标准在中国的广泛推广和应用。

4.IETF：是互联网工程任务组，它致力于开发和制定互联网标准，包括SD-WAN协议标准。

目前，SD-WAN标准制定的进展还比较缓慢，主要是由于SD-WAN技术涉及的方方面面比较复杂，需要多方协调和共同努力才能够制订出比较成熟的标准。

深信服SD-WAN 产品使用手册目录前言 (11)手册内容 (11)本书约定 (12)技术支持 (13)致谢 (13)第1 章SDWAN 的安装 (15)1.1. 环境要求 (15)1.2. 电源 (15)1.3.产品形态 (15)1.3.1.SD-WAN-MIG 一体化网关 (16)1.3.2.SD-WAN-WOC (16)1.3.3.SDWAN 虚拟网元 (16)1.3.4.管控平台X-Central (17)1.3.5.硬件性能参数 (18)1.4.配置与管理 (19)1.5.设备接线方式 (19)1.6.设备开机方式 (20)第2 章SDWAN 组网方式 (21)2.1.hub-spoken 组网 (21)2.2.full mesh 组网 (21)2.3.partial mesh 组网 (22)第3 章SDWAN 的部署 (24)3.1.网关模式部署 (24)3.2.网桥模式部署 (24)3.3.网桥VPN 模式部署 (25)3.4.网桥多线路模式部署 (26)3.5.双网桥模式部署 (27)3.6.单臂模式的部署 (28)3.7.双单臂模式部署 (30)第4 章SD-WAN 易部署和应用选路 (32)4.1.分支邮件易部署 (32)4.2.AutoVPN (33)4.3.SD-WAN 应用选路 (34)4.3.1.指定线路 (34)4.3.2.高质量选路选路 (34)4.3.3.按剩余带宽负载 (35)4.3.4.带宽叠加 (35)4.3.5.线路质量探测原理与淘汰机制 (36)第5 章SDWAN 终端设备 (38)5.1.ssh 登录 (38)5.2.登录WebUI 配置界面 (38)5.3. 状态 (39)5.3.1.广域网优化状态 (39)5.3.2.流量监控 (42)5.3.3.DHCP 状态 (48)5.3.4.设备运行状态 (48)5.3.5.EoIP 状态 (48)5.4.路由设置 (49)5.4.1.系统设置 (50)5.4.2.部署设置 (54)5.4.3.路由设置 (85)5.4.4.用户管理 (93)5.4.5.网络对象 (97)5.4.6.DHCPv4 设置 (105)5.4.7.DHCPv6 设置 (108)5.4.8.Syslog & SNMP (109)5.4.9.SC 设置 (113)5.5.SD-WAN VPN (114)5.5.1.SDWAN 选路 (114)5.5.2. 服务端 (115)5.5.3. 客户端 (134)5.5.4. 多线路 (137)5.5.5.第三方认证 (140)5.5.6.高级设置 (144)5.6.SD-WAN VPN (153)5.6.1.第一阶段 (153)5.6.2.第二阶段 (156)5.6.3.安全选项 (159)5.6.4.EoIP 设置 (160)5.7.流量管理 (164)5.7.1.对象设置 (164)5.7.2.策略设置 (177)5.7.3.流控设置 (186)5.7.4.策略故障排除 (206)5.7.5.高级设置 (207)5.8.应用识别 (210)5.8.1.识别是管理的基础 (210)5.8.2.应用库说明 (211)5.9.NAT 设置 (212)5.9.1.代理上网网段 (212)5.9.2.端口映射 (214)5.10.安全防护能力 (216)5.10.1.端对端传输加密 (216)5.10.2.过滤规则 (217)5.10.3.防DoS 攻击 (219)5.10.4.ARP 欺骗防护 (221)5.10.5.涉及产品 (222)5.10.6.僵木蠕一次清理，保障终端安全 (223)5.10.7.已知威胁 (223)5.10.8.未知威胁 (224)5.11.高可用冗余保护 (225)5.11.1.双机部署方式 (226)5.11.2.双机维护 (227)5.13. 维护 (229)5.13.1. 日志 (230)5.13.2. 序列号 (231)5.13.3. 自动升级 (232)5.13.4. 备份/恢复 (233)5.13.5. 关机 (236)5.13.6.页面控制台 (236)5.13.7.远程技术支持 (238)第6 章方案整体设计 (240)6.1. 总部端 (240) (241) (241) (241)6.2. 数据中心互联 (241)6.3. 分支端 (242)6.4.大中型分支 (243)6.5.跨国分支 (244)6.6.智能应用选路 (245)第7 章广域网优化（SD-WAN 接入网元） (251)7.1.分钟级上线 (251)7.2.AUTO VPN (252)7.3.广域网数据传输优化 (253)7.4.广域网传输安全加固 (262)7.5.广域网立体安全防护 (263)7.6.应用及流量可视化，打造一张可管理的广域网 (267)7.7.应用识别功能 (267)对象设置 (270)策略设置 (283)流控设置 (292)7.7.1.HTP 高速传输协议解决高延迟高丢包 (312)7.7.2.改进型TCP 实现快速TCP 传输 (314)7.8.冗余数据削减技术，提高带宽吞吐 (314)7.8.1.基于码流特征的数据优化 (314)7.8.2.高效的数据流压缩算法 (316)7.8.3.全局IP 流量压缩，降低TCP 和UDP 流量占用 (316)7.9.应用加速，提升核心业务系统访问速度，提升工作效率 (317)7.9.1.传输协议优化 (317)7.9.2.应用协议优化 (318)7.9.3.CIFS 协议优化技术 (318)7.9.4.HTTP 和FTP 协议优化技术 (319)7.9.5.Exchange MAPI 协议优化技术 (320)7.9.6.RDP 与Citrix ICA 协议优化技术 (320)7.9.7.OracleTNS 协议优化技术 (320)7.9.8.常见应用系统加速效果 (321)7.10.广域网流量管理，实现流量整形和基于应用的带宽保障 (322)7.10.1.基于应用和内容的流量管理技术 (322)7.10.2.带宽通道实现智能带宽保证 (322)7.10.3.虚拟线路技术有效保障视频会议带宽，提升访问体验 (323)7.11.视频会议优化，零距离协同办公 (323)7.11.1.智能带宽保障 (323)7.11.2.丢包补偿（UDP 代理+FEC 前向校验） (324)7.11.3.业务数据压缩 (325)7.12.SD-WAN 广域网优化其他亮点技术 (326)7.12.1.移动客户端的广域网优化 (326)7.12.2.多线路复用 (327)7.12.3.HTTP 和FTP 文件预取功能 (327)7.12.4.数据中心智能报表，帮助用户智慧决策 (328)7.12.5.策略路由 (329)7.13.SD-WAN 广域网优化能为您解决的问题 (329)7.14.服务配置说明 (331)7.14.1.应用设置 (332)7.14.2.流缓存设置 (339)7.14.3.视频优化设置 (339)7.14.4. 服务端 (340)7.14.5. 客户端 (346)7.14.6.数字证书 (352)7.14.7.高级设置 (359)7.14.8.LDAP 服务器 (362)7.14.9.高级设置 (364)第8 章灰白盒化交付 (369)8.1.产品介绍 (369)8.2.集中可视可控运营管理 (371)第9 章虚拟化SD-WAN (377)9.1.性能部署要求 (377)9.1.1.场景描述 (377)9.1.2.性能相关要求 (377)9.1.3.检测性能参数 (377)9.1.4.场景拓扑 (378)9.2.前期准备 (378)9.3.部署操作 (378)9.3.1. 云部署 (378)9.3.2.WOC 基础配置 (398)9.3.3.VPN 配置 (402)9.3.4.配置引流策略 (405)9.3.5.验证VPN 业务 (405)9.4.业务配置 (406)9.4.1.加速配置 (406)9.4.2.流量管理 (406)9.4.3.SDWAN 智能选路 (406)9.5. FAQ (407)第10 章SDWAN 管控平台使用说明 (408)10.1.平台性能参数 (408)10.2.首页地图 (408)10.3.智能监控 (410)10.3.1.智能告警 (410)10.3.2.设备配置管理 (411)10.4.Restful API (412)10.4.1.协议规范说明 (412)10.4.2.用户管理接口格式 (413)10.4.3.设备管理接口格式 (414)10.4.4.虚拟网元管理网络编排接口格式 (414)10.4.5.设备功能调用接口格式 (415)10.4.6.平台管理接口格式 (415)10.4.7.数据分析输出接口格式 (415)第11 章数据中心的使用 (417)11.1. 首页 (417)11.2.流量分析 (418)11.2.1.流量排名 (418)11.2.2.带宽分布 (421)11.3.带宽优化 (423)11.4. 报表 (425)11.5. 日志 (430)11.5.1.管理日志 (430)11.5.2.防火墙日志 (431)11.6.系统设置 (433)11.6.1.数据库清理 (433)11.6.3. 子网 (435)第12 章案例集 (438)12.1.双单臂模式部署配置案例 (438)12.2.VLAN 环境下的单网桥部署配置案例 (439)12.3.网桥VPN 部署配置案例 (442)12.4.网桥多线路部署配置案例 (443)12.5.WCCP 的应用场景及配置案例 (445)12.6.MAC 跟踪的应用场景及配置案例 (447)12.7.加速本地子网和静态路由的配置案例 (450)12.8.网关VPN 模式EoIP 部署案例 (452)12.9.添加加速用户的案例 (460)12.10.Sangfor VPN 的配置案例 (462)12.10.1.隧道内NAT 案例 (462)12.10.2.移动PDLAN 用户接入WOC 设备的案例 (466)12.10.3.VPN 内网权限的设置案例 (472)12.10.4.VPN 多线路配置案例 (476)12.10.5.移动用户使用LDAP 认证接入案例 (481)12.10.6.VPN 多子网配置案例 (484)12.10.7.通过隧道间路由实现分支间互访的案例 (487)12.10.8.通过目的路由用户上网的配置案例 (489)12.11.和CISCO PIX 标准IPSEC VPN 互连的案例 (492)12.12.WOC 加速互连的案例 (500)12.12.1.为分支WOC 设备创建用户并关联策略的案例 (500)12.12.2.加速HTTP 或HTTPS 访问的Oracle EBS 案例 (501)12.12.3.加速访问Citrix 服务器的案例 (504)12.12.4.加速访问RDP 服务器的案例 (507)12.12.5.跟总部建立加速连接的配置案例 (510)12.12.6.加速Outlook Anywhere 访问Exchange 服务器的案例 (511)12.12.7.使用透明传输模式的案例 (516)12.12.8.使用反向加速建立双向加速连接的案例 (517)12.12.9.对FTP 服务器的预取案例 (524)12.12.10.通过排除规则对指定网段进行加速的案例 (525)12.13.UDP 优化配置案例 (527)12.14.委派的配置案例 (532)12.15.策略路由配置案例 (540)12.16.综合案例 (546)12.16.1.客户环境与需求 (546)12.16.2.配置思路 (546)12.16.3.总部WOC 设备配置步骤 (547)12.16.4.分支WOC 设备配置步骤 (553)附录A：SANGFOR 设备升级系统的使用 (556)附录B：通过USB 口恢复默认配置 (559)功能1：使用U 盘查看网口配置 (559)功能2：使用U 盘恢复控制台密码 (559)注意事项 (560)前言手册内容第1 部分SANGFOR SDWAN 产品介绍和安装。

虚拟网络技术：SD-WAN、SDN、NFV等技术的特点、功能和应用场景对比分析虚拟网络技术在当今互联网时代发展迅速，给企业和个人用户提供了更快速、灵活和安全的网络连接方式。

其中，SD-WAN（软件定义广域网）、SDN（软件定义网络）和NFV（网络功能虚拟化）是三种主要的虚拟网络技术。

它们各自具有不同的特点、功能和应用场景，本文将对它们进行详细的对比分析。

1. SD-WAN（软件定义广域网）SD-WAN是一种将企业广域网连接到云服务和分支机构的技术，它通过软件定义的方式管理和控制广域网，从而提高网络性能和降低成本。

SD-WAN的特点包括：-智能路由：SD-WAN能够根据网络流量和应用程序需求自动选择最佳路径，从而提高网络性能和可靠性。

-安全性：SD-WAN提供了端到端的加密和访问控制，保护企业网络不受攻击和数据泄露。

-灵活性：SD-WAN支持多种连接方式，包括互联网、MPLS和LTE 等，使得企业能够根据实际需求自由选择网络接入方式。

SD-WAN的功能主要包括：-智能网络管理：SD-WAN通过集中的控制器对网络进行管理和监控，提高了网络的可视性和可管理性。

-应用性能优化：SD-WAN能够根据网络流量和应用程序需求对网络进行优化，提高了应用程序的性能和用户体验。

-网络安全：SD-WAN能够提供端到端的加密和访问控制，保护企业网络不受攻击和数据泄露。

SD-WAN的应用场景包括：-企业分支机构连接：SD-WAN能够帮助企业分支机构通过云服务和广域网连接实现高性能和低成本的网络连接。

-云服务接入：SD-WAN能够帮助企业快速、安全地接入各种云服务，包括SaaS、PaaS和IaaS等。

-数据中心互联：SD-WAN能够帮助企业通过软件定义的方式管理和控制数据中心的连接，实现网络的灵活性和可靠性。

2. SDN（软件定义网络）SDN是一种将网络控制平面和数据平面分离的技术，它通过集中的控制器对网络进行管理和控制，从而提高了网络的灵活性和可编程性。

sdwan案例SD-WAN（Software-Defined Wide Area Network）是一种通过软件定义和虚拟化技术优化广域网的解决方案。

它能够提供更高的网络性能、更好的安全性和更低的成本。

下面列举了十个SD-WAN的实际应用案例。

1. 跨地域办公：一家公司在不同地区设有多个办事处，使用传统的MPLS网络连接，网络性能较差。

通过部署SD-WAN解决方案，可以实现办公室之间的高速连接，提高员工的工作效率。

2. 分支机构连接：一个公司有多个分支机构，每个分支机构都需要与总部进行数据通信。

传统的VPN连接速度慢且不稳定，使用SD-WAN可以提供更可靠的连接，提高分支机构的工作效率。

3. 应用优化：一家公司使用云服务来运行关键的业务应用。

由于网络延迟和带宽限制，应用程序的性能受到影响。

通过SD-WAN的应用优化功能，可以提供更快的应用响应时间和更稳定的连接，提高用户体验。

4. 多云连接：一个公司将业务应用部署在多个云平台上，需要稳定和高效的连接来访问这些云平台。

SD-WAN可以提供对不同云平台的直接连接，提高连接的可用性和性能。

5. 安全加固：一个公司拥有敏感的数据和业务，需要加强网络安全。

SD-WAN可以提供端到端的加密和安全控制，保护数据的机密性和完6. 网络流量管理：一个公司的网络流量较大，需要对网络流量进行有效管理。

SD-WAN可以提供流量监控和调整功能，根据业务需求优化网络资源的使用，提高网络的质量和可靠性。

7. 高可用性：一个公司需要保证关键业务的连续性，需要有备用的网络连接来应对主网络故障。

SD-WAN可以提供多路径冗余和快速故障切换功能，确保业务的高可用性。

8. 远程办公：一个公司有大量员工在远程办公，需要稳定的连接来访问公司内部资源。

SD-WAN可以提供安全的远程访问和优化的连接，提高远程办公的效率和便利性。

9. 多媒体传输：一个公司需要传输大量的多媒体数据，如视频会议和实时流媒体。

Support GuideYour New Service Request Process: Technical SupportReference Guide forCisco SD-WAN ProductsMarch 2019ContentsIntroduction (3)Registration for a User ID (4)Opening a Support Case by Phone (7)Support Numbers (7)Defining the Severity of a Support Case (8)Opening a Support Case by Email (9)Opening a Support Case by Web (10)Check Entitlement (11)Describe Problem (12)Review & Submit (15)Save as Draft (15)Managing Your Support Case (16)IntroductionThis document describes the procedure for obtaining Technical Support through your newly adopted case management system through the Cisco® Technical Assistance Center (TAC). This document covers the user ID registration process, how to contact technical support, as well as how to manage your support case online.We want you to know that this is only a change in the process through which you receive technical support. We at Cisco are committed to delivering the same high level of quality service that you are accustomed to receiving.The Cisco TAC will allow you to:●Open support cases by phone, web, or email 24 hours a day, 365 days a year●Download software updates (maintenance and minor releases) for your covered software●Access Cisco’s online support, including database of product and service information, support casetracking, and a robust set of tools that help facilitate knowledge transfer to your staff and help answerquestions more quicklyRegistration for a User IDTo contact Cisco Technical Support for questions or issues with your Cisco SD-WAN products, you first need to register for a user ID. If you already have a user ID, go to step 5, as you do not need to reregister.1. Navigate to and click “Create an account.”2. Fill out the information on the Registration form.3. Upon clicking “Submit” you will receive an email sent from Cisco. From the link provided in this email, you willbe directed to the Registration confirmation page. This step is to verify, confirm, and activate your registration.Note: This step in the registration process for a user ID is critical.You will need to select “Associate your user ID” to update your Cisco Account Profile.4. You will be directed to the Cisco Account Profile. Click the “Add Access” button, then select the “TAC andRMA case creation, Software Download, support tools, and entitled content on ” radio button on the pop-up screen, and then click “Go” to manage your Service Contract online.5. Enter your Service contract number(s) as provided in the Welcome to Cisco Services letter or contact yourCisco authorized partner or distributor for your contract number(s). Partners can access their new contract numbers in Cisco Commerce Workspace-Renewals (CCW-R). If you have multiple service contract numbers, separate them by commas. If you don’t know your service contract number, you can enter the serial number of any product covered by your service contract.If you have any problems with this web registration process, you may send an email to Cisco at web-**************. If you are located in North America, you may call 1-800-553-2447 for assistance to reach Cisco’s TAC support organization. For the rest of the world, it is recommended you consult the worldwide toll-free number list at /en/US/support/tsd_cisco_worldwide_contacts.html, and one of the support agents will assist you in completing the registration process.Service Access Management ToolThe Service Access Management Tool is an application that enables Partners or Customer Administrators to determine which of their service contract numbers are present in user profiles. It is ideal fororganizations that want to manage and associate multiple profiles.By using the Service Access Management Tool, Cisco partners and customers can manage access to the services provided by their contracts (e.g., TAC support, hardware replacement). This management can be done either using Bill to ID or contract number. To manage access by Bill to ID, the Bill to ID must be in an individual's profile and selected (enabled) for support access. This will ensure that all the contracts under the Bill to ID can be utilized for service. To manage access by contract number, a contract number must be in an individual's profile in order for that individual to be able to obtain service. Access the Service Access Management Tool, training, and related content for more information.Opening a Support Case by PhoneSupport Numbers1-800-553-2447 U.S.For worldwide support numbers, refer to Cisco worldwide contacts:/en/US/partner/support/tsd_cisco_worldwide_contacts.htmlWhen you want to report a case, make sure you have the following information available:● user ID that has been associated to the service contract●Service contract number●Business effect (case severity)Cisco entitles customers by contract number and ID. You must know your user name and have the contract number of the product when you are calling for support.Once the agent has all the appropriate information he/she will open a case, provide you with a case tracking number and route your case to a support engineer. They will contact you to provide technical assistance.Defining the Severity of a Support CaseSeverity 1 and 2 Support Cases must be opened by phone.Severity 3 and 4 Support Cases should be opened online or by email, but may be opened by phone.●Severity 1 (S1) – shall mean reported Error(s) in Covered Software that causes all or substantially all of asystem to be functionally inoperative severely affecting delivery to Customers and requiring immediatecorrective action, regardless of time of day or day of the week.◦Product and/or covered software are in operable for 100% of Customers◦Loss of service>0.5% of Customers●Severity 2 (S2) – shall mean reported Error(s) in covered products causing the loss of one or more majorfunctions of the system, causing perceptible degradation or interruption of services delivery to Customers or seriously affecting Customer’s ability to operate, administer, or maintain their system and requiringimmediate attention. Urgency is less than Severity 1 situation because of a lesser immediate or impending effect on system performance, Customer’s operation and revenue.◦Management system failure◦No backup is available●Severity 3 (S3) – shall mean reported Error(s) in covered products disabling specific noncritical functions ofthe system that do not significantly affect delivery services to Customers. The lost or degraded functionality impairs Customer’s ability to operate, administer, or maintain the system, but does not significantly affect services delivery to Customers.◦System functionality or performance is reduced◦System is working on backup◦Loss of service <0.5 % of Subscribers●Severity 4 (S4) – shall mean reported Error(s) in covered products which is an irritant only and has nosignificant effect on the functionality or operation of the system and requests for informational supportassistance, including product information requests and configuration assistance.◦Conditions that do not significantly impair the function of the system◦Documentation◦System enhancement/functionality requestOpening a Support Case by EmailOpen new support cases by email using the Cisco support email address:*************. If you are opening a new support case, include the product type as the subject line of your email; for example, “Cisco SD-WAN.” This will help the agent processing the incoming email to determine the correct support case queue to route your support request.Include the following information in your email:●Company name●Contact name●Contact phone number● User ID●Contact email address●Contract number●Product type (e.g. Cisco SD-WAN, Cisco vEdge, Cisco vBond Orchestrator, etc.)●Business effect (support case severity – as defined above)●Brief problem description●Equipment location (e.g., address)●Alternate contact name●Alternate contact phone numberProviding this information will help expedite the processing of the support case through the Cisco TAC agent.Once the agent has processed the email, he/she will open a support case and you will receive a support case number by email. A support engineer will contact you shortly regarding your support case.Opening a Support Case by WebThe online support case management tool, called Support Case Manager (SCM), allows users to open a support case, assign a severity (level 3 or 4), receive information through the web or email, maintain and track support cases online, and upload files.SCM allows you to create Cisco TAC support cases for issues covered under the terms of your Cisco support contract(s). At this time, SCM can assist you only with products currently covered by a Cisco service contract. If you would like assistance with a product that is not covered by a contract or is covered under warranty, contact the Cisco TAC by phone.Before you use SCM, you must be logged in with your user ID and password, and your ID must contain all of your appropriate Cisco support contracts in order for you to access the services covered by those contracts. You can use the Cisco Profile Manager to associate all of your Cisco service contracts to your profile.Note: If you have a Service Access Management Administrator, you can ask them to make sure that all of your service contracts are associated with your user ID. If you are unsure of your contract number(s), your Cisco Partner, Reseller, or Service Account Manager can provide you with a complete list of your service contracts.The main steps for opening a support case using SCM include:1. Check Entitlement – verify the product is covered by a service contract2. Describe the Problem – enter details about the product3. Submit Your Support Case – confirm information and edit accordinglyYou can access the online support case tool using this link:/caseYou will be required to log in with your ID and Password. Please make sure that you have your service contract number available with your ID.To open a new support case, click on Open New Case and then follow the instructions below.Check EntitlementIdentify the type of support case.Complete these steps in order to open a support case:1. Choose one of the Request Type options:•Diagnose and Fix•Request RMA•Ask a Question2. For hardware products enter the Product Serial Number and click on “Search.” For software products enterthe Service Contract number or product description to search for the product requiring support. If you have a Smart Account you can enter your Product Subscription Number.Note: At any time during the process, you can click the Save draft and exit link in order to save a draft of your support case. See the Save a Draft section in this document for the steps required to delete or continue submitting a saved support case.Describe ProblemIdentify the severity of the problem, loss of service (if applicable), case details and whether you would like the engineer to contact you. In addition, you can review and change your contact information.1231. Choose the severity from the Severity options. The Severity is automatically populated based on the type ofsupport case:•Diagnose and Fix = Severity 3 – Network Impaired•Request RMA = Severity 3 – Network Impaired•Answer my Question = Severity 4 – Normal Response TimeIf you need to open a severity 1 or 2 network-down emergency support case, please call the Technical Assistance Center (TAC) nearest you.2. Check the box if users are experiencing a loss of service for more than 15 seconds.3. Enter a Case Title and Description.Keep these guidelines in mind when describing your problem:•Include a meaningful case title that states the problem accurately. A meaningful title permits assignment of the case to the appropriate technical resources.•Describe the problem and symptoms (only one per support case).•Include a history of the problem and any troubleshooting steps you completed.•Describe your network topology.•Include any recent changes to your network or data center environment.•Include output from the show tech command (if applicable) and all other relevant output.•Include software versions and types of equipment.456744. Click on “Select a Technology” and select the Technology from the pop up menu.•For Cisco SD-WAN products choose one of the following technology and sub-technology categories: o Software Defined Wide Area Networking (SDWAN) PnP Portal – Serial number missingo Software Defined Wide Area Networking (SDWAN) SDWAN Cloud Infrao Software Defined Wide Area Networking (SDWAN) SDWAN Security (ZBF, IPS, IDS, AMP, URL Filtering)o Software Defined Wide Area Networking (SDWAN) Serial file SDWAN Licenseo Software Defined Wide Area Networking (SDWAN) cEdge (ASR/ISR)o Software Defined Wide Area Networking (SDWAN) vAnalyticso Software Defined Wide Area Networking (SDWAN) vBond - ZTP, Control Connectionso Software Defined Wide Area Networking (SDWAN) vEdge (100, 1000, 2000, 5000)o Software Defined Wide Area Networking (SDWAN) vManage - Templates, Deep Packet Inspection (DPI)o Software Defined Wide Area Networking (SDWAN) vSmart - Overlay Management Protocol (OMP), Policy5. Select the Problem Area.6. Review your contact information in the Contact Preference section. Your contact information is automaticallyprovided based on the username you used to log in to the tool.7. Click Review to review your case before you submit.Review & SubmitReview your information and submit your support case.1. Review the summary of your support case. If you need to update a section, click the Edit link.2. Click Submit in order to submit your support case.Your support case number will appear at the top of the page.Save as DraftDuring your process to open a support case, you can click the Save Draft and Exit link located at the bottom of the page in order to complete the process at a later time. When you click the Save Draft and Exit link, all information you entered is saved, and you are redirected to your open support cases page. Each saved draft has an expiration date, after which it will be automatically deleted.To continue submitting a saved draft, click the title of the support case.To delete a saved draft, click the checkbox located next to the support case, and click the Delete button.Managing Your Support CaseAfter you have created your support case, you can view the status, update the notes, upload files, turn automatic updates on or off, and request case closure.Navigate to /c/en/us/support/index.html and then select “View Open Cases” from the “My Support” menu.Or you may go directly to: /caseOn your Support Case Manager home page, you can filter your support cases.Here are the available options:•Open Cases•Draft Cases•Closed Cases•Advanced FilterIf you click Show Advanced Filter link, additional fields appear.Select an option from the Filter menu, and enter additional information in the remaining fields in order to further filter your support cases. Here are the Advanced Filter menu options:•Statuso Newo Customer Pendingo Cisco Pendingo Bug/Defect Requiredo Closure Pendingo Customer Requested Closureo Customer Updatedo Release Pendingo Restoration of Serviceo Service Order Pending•Severityo Severity 1o Severity 2o Severity 3o Severity 4•Linked Bugs•RMAs•Contract Number•PICA ID•Serial Number•Node Name•From DatePrinted in USA 03/19。

全面网络优化方案提升带宽价值深信服科技有限公司2010年5月目录全面网络优化方案，提升带宽价值 (1)深信服AC上网行为管理——实现内网有序管控 (2)深信服SSL VPN——全面的移动安全接入方案 (3)深信服IPSec VPN——异地网络安全、快速组网 (4)深信服广域网加速——让网络飞驰起来 (5)深信服BM流量管理——优化带宽资源 (6)深信服SG上网优化网关——提升上网效率 (7)深信服AD应用交付——链路、应用负载双优化 (9)招商局集团部署深信服产品解决网络性能问题 (10)更多成功客户： (12)全面网络优化方案，提升带宽价值——深信服科技深信服科技是中国规模最大、创新能力最强的前沿网络设备供应商，致力于通过创新、高品质的产品及卓越的服务，帮助用户提升互联网带宽的价值。

通过专业、创新、高性价比的产品，围绕商业用户Internet带宽资源，帮助用户降低成本（VPN实现网间互联、替代专线）、提高效率（广域网加速让应用更快捷）、产生效益（SSL VPN实现无处不在的移动办公）、防范风险（AC上网行为管理网关保证内、外网安全）、优化资源（BM流量控制实现带宽合理管控）、提高访问体验（AD应用交付实现链路及服务器双负载均衡），提供全面的网络优化解决方案！深信服科技现有AC上网行为管理、IPSec VPN、SSL VPN、广域网加速、BM流量控制、AD应用交付等全系列产品线。

丰富的产品系列给客户更大的选择空间。

不同层次、不同需求的客户都可以在深信服科技找到适合自己的网络连通、管理、优化产品。

截止到2010年5月，已有超过16，000家用户选择了同深信服合作并取得了显著收益。

这些用户包括中国移动、通用电气、壳牌石油、丰田汽车等世界500强企业，也包括中国人民银行、国资委、中国人寿、招商银行、南方航空、中国人民大学等中国知名用户。

在中国入选世界500强的企业中，超过一半的企业都是深信服的用户。

目前，深信服科技总人数已达900人，直属分支机构36个，销售网络遍布全国，并在香港、新加坡、阿联酋、泰国、印度等国家和地区设有直属办事机构。

虚拟网络技术：SD-WAN、SDN、NFV等技术的特点、功能和应用场景对比分析一、SD-WAN（软件定义的广域网）技术特点、功能和应用场景分析SD-WAN是一种基于软件定义的技术，可以为广域网提供更灵活、可扩展的架构。

它的特点包括：1.灵活性：SD-WAN可以将网络流量智能地分配到不同的连接，包括互联网、MPLS、LTE等，以实现更好的性能和可靠性。

2.高效性：SD-WAN可以自动优化网络流量，提高带宽利用率，减少网络拥塞和延迟。

3.安全性：SD-WAN对网络流量进行加密，提供端到端的安全保护，可以保护敏感数据不受攻击。

SD-WAN的功能包括：1.智能流量路由：SD-WAN可以根据网络条件自动调整流量路由，以确保最佳性能。

2.应用性能优化：SD-WAN可以对应用流量进行深度分析，并对其进行加速和优化，以提高用户体验。

3.安全保护：SD-WAN可以集成安全功能，如防火墙、入侵检测等，以保护网络免受恶意攻击。

SD-WAN的应用场景包括：1.跨地域连接：SD-WAN可以提供更灵活和可靠的跨地域连接，适用于分支办公和远程访问。

2.多云连接：SD-WAN可以帮助企业实现多云环境下的网络连接和流量管理，提高云应用的性能和可靠性。

3.分布式企业网络：SD-WAN可以帮助企业在多个分支机构之间建立高效的连接，简化网络管理。

二、SDN（软件定义网络）技术特点、功能和应用场景分析SDN是一种新型的网络架构，可以通过将网络控制与数据转发分离，提供更灵活、可编程的网络管理。

它的特点包括：1.可编程性：SDN可以通过软件编程灵活地管理网络设备和流量路由，以适应不同的应用需求。

2.集中控制：SDN可以通过集中的控制器实现对整个网络的实时监控和管理，以提高网络的灵活性和可靠性。

3.开放标准：SDN采用开放的标准和接口，可以与各种网络设备和应用程序集成，提高网络的互操作性和可扩展性。

SDN的功能包括：1.灵活的流量控制：SDN可以根据应用需求灵活地控制网络流量和路由，以提高网络性能。

网络安全销售专业名词1.AD:应用交付”，实际上就是指应用交付网络（Application Delivery Networking，简称ADN），它利用相应的网络优化/加速设备，确保用户的业务应用能够快速、安全、可靠地交付给内部员工和外部服务群。

从定义中可以看出应用交付的宗旨是保证企业关键业务的可靠性、可用性与安全性。

应用交付应是多种技术的殊途同归，比如广域网加速、负载均衡、Web应用防火墙…针对不同的应用需求有不同的产品依托和侧重。

2. AF:防火墙（英语：Firewall）技术是通过有机结合各类用于安全管理与筛选的软件和硬件设备，帮助计算机网络于其内、外网之间构建一道相对隔绝的保护屏障，以保护用户资料与信息安全性的一种技术。

3.AC：上网行为管理是指帮助互联网用户控制和管理对互联网的使用。

其包括对网页访问过滤、上网隐私保护、网络应用控制、带宽流量管理、信息收发审计、用户行为分析等。

4. EDR:终端检测响应平台（EDR）是深信服公司提供的一套终端安全解决方案，方案由轻量级的端点安全软件和管理平台软件共同组成。

EDR 的管理平台支持统一的终端资产管理、终端安全体检、终端合规检查，支持微隔离的访问控制策略统一管理，支持对安全事件的一键隔离处置，以及热点事件IOC 的全网威胁定位，历史行为数据的溯源分析，远程协助取证调查分析。

端点软件支持防病毒功能、入侵防御功能、防火墙隔离功能、数据信息采集上报、安全事件的一键处置等。

深信服的EDR 产品也支持与NGAF、AC、SIP 产品的联动协同响应，形成新一代的安全防护体系5.交换机：交换机（Switch）意为“开关”是一种用于电（光）信号转发的网络设备。

它可以为接入交换机的任意两个网络节点提供独享的电信号通路。

最常见的交换机是以太网交换机。

其他常见的还有电话语音交换机、光纤交换机等。

6. IPS:入侵防御系统(IPS: Intrusion Prevention System)是电脑网络安全设施，是对防病毒软件（Antivirus Programs）和防火墙(Packet Filter, Application Gateway)的补充。

SD-WAN技术和运维介绍您的姓名： [填空题] *_________________________________1. 1、SDWAN定义描述最准确的是（） [单选题]A、软件定义网络B、软件定义局域网C、软件定义广域网(正确答案)D、软件定义城域网2. 2、能够批量快速完成CPE终端上线的技术被称为（） [单选题]A、SLAB、ZIPC、ZTP(正确答案)D、QOS3. 3、以下哪个是传统VPN做不到的：（） [单选题]A、基于互联网建立VPN隧道B、基于专线建立VPN隧道C、基于4G建立VPN隧道D、感知广域网络且进行精确的优先级排序(正确答案)4. 4、以下哪个不属于SD-WAN技术架构的一部分：（） [单选题]A、集中管控平台B、接入网元C、云端网元D、PE设备(正确答案)5. 5、高端政企客户选择SD-WAN POP组网方式的原因是：（） [单选题]A、价格便宜B、时延低C、网络可靠性好(正确答案)D、设备功能强6. 6、上海电信统一的SD-WAN故障受理电话是：（） [单选题]A、10000B、114C、（021）962112(正确答案)D、其他7. 7、SD-WAN的组网方式包括：（）A、POP组网(正确答案)B、点对点组网(正确答案)C、点对多点组网D、专线组网8. 8、以下哪个厂商是目前上海电信SD-WAN的合作商：（）A、九州云(正确答案)B、缔安(正确答案)C、智汇科技(正确答案)D、华为9. 9、目前上海电信使用的SD-WAN平台和设备的原厂品牌包括：（）A、华为(正确答案)B、深信服(正确答案)C、思科D、VERSA(正确答案)10. 10、用户报修SD-WAN故障需要提供的必要信息包括：（）A、用户名(正确答案)B、站点地址(正确答案)C、SD-WAN编号(正确答案)D、故障现象(正确答案)。