Publication OVerview

Network Value Map Graphic

In the 2019 Software-Defined Wide Area Network (SD-WAN) Group Test, NSS Labs identified three use cases: manageability and cost, performance, and security in the form of protection against network-delivered exploitation.  All products tested met the use case requirements and offer a good ROI.

NSS Labs defines SD-WAN as the union of software-defined networking (SDN) and WAN technology. Part router, part WAN optimization, and part firewall, SD-WAN enables enterprises to leverage high-bandwidth, consumer-grade links (or links without guaranteed performance) for business-class services at a lower cost than traditional dedicated links. Enterprises are adopting SD-WANs for their branch office network needs – capitalizing on the visibility, scalability, performance, and control benefits the technology provides. 

What We Tested

For this second iteration of the SD-WAN Group Test, NSS Labs evaluated market-leading SD-WAN products on quality of experience (QoE) of VoIP and video, performance, total cost of ownership (TCO) and security effectiveness. The test provides Comparative Reports and Test Reports for eight of the industry’s leading SD-WAN products.

Key Takeaways

  • Products in this years test performed well against a rigorous series of test cases that capture efficacy in demanding WAN deployments. All products met the use case for quality of experience (QoE) for VoIP and Video, scoring above the minimum recommended by NSS Labs. 

  • Traditionally, the SD-WAN market has been dominated by pure play SD-WAN vendors. In the last few years, security vendors offering threat protections entered the space, now offering a combined firewall/IPS protection with SD-WAN. 

    • Security vendors already offer protection against network-delivered exploitation. 

    • Two products with built-in protection against network-delivered exploitation capabilities were tested with the functionality enabled; both products performed equal to or better than products without this functionality enabled. Products with the capabilities but choosing not to enable them for testing should be fully assessed before purchase and deployment. 

  • Two differentiators in this test were TCO per Mbps and protection against network-delivered exploitation. 

  • On average, vendors who were tested with network-delivered exploitation protection as part of their SD-WAN had a lower TCO per Mbps than those who did not.

  • All tested products had performance-to-cost ratios that were better than Multi-protocol Label Switching (MPLS) or dedicated links, making a strong case for deployment of these SD-WAN products. 

    • Most tested vendors had a simplified branch office configuration creation capability and feature measured deployment time of less than 10 minutes per device, demonstrating a positive impact on business expansion and productivity over legacy network solutions.

Products Evaluated

·       Barracuda Networks Barracuda CloudGen Firewall F82 v7.2.3

·       Citrix Systems Citrix SD-WAN 2100-1000-SE v10.0.0.6

·       Forcepoint NGFW 1101 SMC 6.5.3 and Engine 6.5.2

·       Fortinet FortiGate 61E v6.0.4 GA Build 0231

·       Oracle Talari SD-WAN E1000 v7.3

·       Silver Peak Systems Unity EdgeConnect EC-M VXOA 8.1.7 and Orchestrator 8.5.6

·       Versa Networks FlexVNF V220 v16.1R2-S6

·       VMware SD-WAN by VeloCloud Edge 2000 v3.2.1