Ensuring Internet Redundancy with High-Availability Bigleaf Routers & FortiGate Firewalls

It almost goes without saying that uninterrupted internet connectivity is crucial for businesses to maintain productivity and ensure seamless operations. Any downtime can result in costly disruptions, loss of data, and decreased customer trust. To address this concern, implementing a robust internet redundancy solution using a HA (High Availability) pair of Bigleaf SD-WAN devices with Wireless Connect and a HA (High Availability) pair of FortiGate firewalls can provide businesses with reliable, fail-safe networking.

In this blog, we’ll explore how these technologies work together to provide optimal internet redundancy, focusing on the role each component plays in maintaining uptime and security. Below is a diagram from a recent deployment I did for reference.

1. Understanding the Need for Internet Redundancy

Internet redundancy refers to the implementation of multiple pathways for data traffic to ensure that, if one connection fails, another is immediately available. This practice guarantees that critical systems, cloud applications, and communication channels remain active even during outages, minimizing downtime and keeping your business operational.

Common causes of internet outages include:

• ISP failures
• Cable cuts or hardware failures
• Congestion or network misconfigurations
• Power outages affecting wired infrastructure

By incorporating a redundancy solution, your business ensures continuous internet access, making you less vulnerable to these disruptions.

2. Bigleaf Networks: Intelligent Internet Connectivity

Bigleaf is a cloud-based SD-WAN platform that simplifies the management of multiple internet connections and optimizes traffic flow for increased performance. A High Availability (HA) pair of Bigleaf devices ensures that businesses benefit from both redundancy and intelligent traffic management. When configured in an HA pair, Bigleaf units can:

• Load-balance traffic between multiple ISPs (wired or wireless).
• Automatically detect failures and shift traffic to a healthy connection.
• Optimize traffic for critical applications, ensuring priority for VoIP, video conferencing, and other latency-sensitive services.

Wireless Connect: In addition to wired ISPs, adding a Wireless Connect subscription with Bigleaf (5G LTE) provides an extra layer of resilience. Wireless carriers are independent from traditional broadband infrastructure, so even if the physical wiring goes down, a wireless 5G LTE connection ensures continuous uptime.

3. FortiGate Firewalls: Securing the Network

The FortiGate firewalls are Fortinet’s next-generation firewall solution designed for SMBs and branch offices. When paired in an HA configuration, FortiGate firewalls provide:

• Seamless Failover: If one firewall experiences a hardware failure or network issue, the second firewall in the HA pair immediately takes over to prevent downtime.
• Comprehensive Security: FortiGate firewalls offer advanced threat protection, including antivirus, intrusion prevention, and web filtering. This ensures that your network remains secure, even during failover scenarios.
• Application Visibility and Control: FortiGate’s deep packet inspection capabilities allow it to prioritize traffic and optimize bandwidth usage, ensuring critical applications always have enough resources.

In an HA setup, the FortiGate firewalls not only ensure internet continuity but also enforce stringent security policies. They create a robust, zero-trust environment where only authorized traffic can flow through, preventing unauthorized access even during failover events.

4. Combining Bigleaf and FortiGate for a Complete Redundancy Solution

When combining Bigleaf SD-WAN with FortiGate firewalls in an HA configuration, you get the best of both worlds—intelligent traffic management and top-tier security. Here’s how they work together to ensure internet redundancy:

• Seamless Failover with SD-WAN: Bigleaf manages multiple ISP connections (wired and wireless) and ensures that traffic is routed optimally. In the event of an outage on one connection, Bigleaf seamlessly fails over to another connection, ensuring continuous internet availability.
• Firewall-Level Failover: FortiGate firewalls provide security for all traffic passing through the network. In an HA setup, the FortiGate pair ensures that even if one firewall goes offline, the other takes over instantly, continuing to inspect and protect traffic.
• Wireless Connect: By incorporating a Wireless Connect into your Bigleaf setup, you add an extra layer of protection against physical infrastructure issues like cable cuts. This ensures that your network stays online even if all wired connections fail through the use of 5G LTE.

5. Benefits of Internet Redundancy with Bigleaf and FortiGate

• Maximized Uptime: With an HA pair of Bigleafs and FortiGates, your internet and security infrastructure are fully redundant, reducing the risk of downtime due to single points of failure.
• Optimized Performance: Bigleaf’s intelligent traffic routing ensures that critical applications receive priority, reducing latency and jitter for services like VoIP and video conferencing.
• Enhanced Security: FortiGate firewalls protect your network with advanced threat prevention, ensuring that your data and applications remain secure even during failover scenarios.
• Scalability: Both Bigleaf and FortiGate solutions are scalable, making them ideal for businesses of any size. As your business grows, you can easily add more connections or devices to meet increased demand.
• Cost-Effective: Adding wireless redundancy using 5G is a cost-effective solution for businesses that want extra protection without the need to invest in additional physical lines.

6. Best Practices for Implementing Internet Redundancy

When setting up internet redundancy using Bigleaf and FortiGate firewalls, here are a few best practices to keep in mind:

• ISP Diversity: Choose ISPs that use different infrastructures (e.g., one fiber, one cable, one wireless) to reduce the risk of both connections going down simultaneously.
• Regular Testing: Regularly test failover scenarios to ensure that both your Bigleaf and FortiGate HA configurations are working as expected.
• Monitor Performance: Use monitoring tools to ensure that your redundant setup is not only maintaining uptime but also optimizing performance. Bigleaf’s real-time analytics and FortiGate’s network monitoring features can help with this.

In short, businesses cannot afford to rely on a single ISP or firewall. By deploying an HA pair of Bigleafs with Wireless Connect and an HA pair of FortiGate firewalls, you create a highly available, redundant network that ensures continuous internet access and protects against both internal and external threats. This comprehensive solution gives businesses the peace of mind to operate confidently, knowing that both uptime and security are maintained.

If you’re looking to implement a robust internet redundancy solution that combines the intelligence of Bigleaf SD-WAN with the security of FortiGate firewalls, contact us today to learn more about how we can help you create a resilient and secure network infrastructure.