đź”’ When Security Vendors Criticise SD-WAN (But Miss Their Own Flaws)

Ronald BartelsRonald Bartels
3 min read

In recent years, security vendors have been quick to criticise SD-WAN vendors, claiming that these networking solutions lack sufficient built-in security. On the surface, this might sound valid—but dig deeper, and it becomes clear that many of these criticisms are self-serving and ignore serious issues in the security vendors' own stacks.

One of the most vocal critics is Fortinet, who heavily promote their firewall-first SD-WAN approach, often citing their Gartner Magic Quadrant status as validation. But let’s take a closer look.

🎭 The Magic Quadrant or the Magic Quagmire?

The Gartner Magic Quadrant, once respected, has lost credibility in many circles—especially after findings like those from the Nugent Commission, which raised serious questions about its transparency and vendor influence. And while Fortinet may be featured prominently in this quadrant, appearance does not equal superiority.

Fortinet has become something of a paradox: a security vendor whose own firewall vulnerabilities are some of the most serious threats in the infrastructure world. The company’s track record includes:

  • Persistent zero-day vulnerabilities impacting enterprise customers worldwide

  • Delayed disclosures and patches

  • Exploitation by ransomware gangs and APT actors due to poor vulnerability lifecycle handling

In fact, many CISOs rank Fortinet’s own products among the top infrastructure risks, not SD-WAN. This reality exposes a massive contradiction: a vendor promoting itself as a “secure SD-WAN solution” while being the vector for critical exploits.

đź§± The Firewall Bottleneck

Fortinet claims that only a full-stack, single-vendor security model can protect modern networks. But this philosophy ignores a critical innovation in SD-WAN and cloud-native design: service chaining.

With service chaining, organisations can:

  • Deploy best-in-class security solutions (from multiple vendors)

  • Integrate dynamic routing, SD-WAN overlays, and cloud firewalls

  • Remain agile and modular, avoiding single-vendor lock-in

Fortinet's position—that anything outside their stack is vulnerable—is not only technologically outdated, but also strategically dangerous. It locks customers into a brittle, complex, and hard-to-manage platform that increases security risk rather than reducing it.

⚠️ The Risk of Using Fortinet for SD-WAN

While Fortinet boasts about combining security and SD-WAN in a single appliance, the reality is:

  • Their networking functionality is limited and deeply dependent on their firewall logic

  • Their configuration interface is complex and slow

  • Their security vulnerabilities routinely compromise customer environments

Compare that to a dedicated SD-WAN architecture, such as Fusion’s, which:

  • Provides a robust, modular SD-WAN overlay

  • Integrates seamlessly with existing security solutions via service chaining

  • Delivers superior performance without introducing unnecessary risk

  • Maintains network integrity, uptime, and control independently of any security vendor

In this model, security becomes a flexible, composable service, not a rigid dependency.


đź”— Wrap | Choose Networking First, Chain in Security

Security vendors have a vested interest in folding networking into their firewall products—but this approach is flawed, limiting, and ultimately more vulnerable. Instead, organisations should prioritise networking solutions that are built for networking, like Fusion’s SD-WAN, and chain in security where and when needed.

Fortinet doesn’t reduce your risk—it adds to it.

The future is clear: modular, interoperable architectures, where networking and security are decoupled, dynamic, and best-in-class.

10
Subscribe to my newsletter

Read articles from Ronald Bartels directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Ronald Bartels
Ronald Bartels

Driving SD-WAN Adoption in South Africa