Secured SD-WAN by Stormshield

A trusted and secure approach with Stormshield solutions

Control of your interconnections

The challenge of Stormshield's SD-WAN here is to better control WAN links and management costs without requiring a constant human presence to manually react to link quality issues.


of the load

Set of


Dynamic link selection

SD-WAN technology offers the ability to optimize WAN connectivity by dynamically choosing the best possible link and makes it easier to secure your site-to-site links.

Measurement of
the quality
of the link

Automatic switching
according to
the measured criteria

for links

Ease of bandwidth management

The Quality of Service (QoS) of Stormshield Network Security solutions prevents network congestion and ensures 100% reliable connectivity.

on the network

of the network

No loss


Some SD-WAN features

Management of multiple WAN links
(distribution and failover)

Easy deployment of equipment
on remote sites

VPN tunnels

Recognition of
web applications (SaaS)

Flow routing
by application and protocols

management (QoS)

Monitoring of link quality
via SLA indicators
(latency, jitter, packet loss)

Centralized management
from our SMC and SLS solutions
or via API

Stormshield SD-WAN Solutions

While SD-WAN players offer network functionality, security is not their core business and is absent or poorly integrated. Stormshield offers a secure and trusted SD-WAN approach through a range of Stormshield Network Security (SNS) firewalls, a centralised Stormshield Management Center (SMC) and a Stormshield Log Supervisor (SLS) log management solution. With our solutions certified to the highest European standards, we address both network and security components simultaneously.

Are you ready for SD-WAN?

Dig this topic with Stormshield in an interactive meeting, hosted by Manuel Jordan, Product Marketing. Our Network Security experts, Simon Dansette, Product Manager, and Quentin Tieghem, Pre-Sales Engineer, answered all your questions about this major advance in infrastructure protection.

Questions & Answers

    • How are link quality indicators measured?
      These indicators are measured through pings or TCP tests/li>
    • How are failover policies defined?
      They are defined by thresholds in the router objects.
    • What are the possibilities of pcap filters? The same as in console? Is it the same syntax as tcpdump?
      Indeed, pcap filters are based on the same syntax as tcpdump.
    • Have you started the certification of v4 by the ANSSI (The French National Cybersecurity Agency)?
      The process of obtaining a new certification has begun. It is underway for version 4.3. For more information, please visit this webpage
    • Will version 4.3 be the Long-term Servicing Branch (LTSB) version?
      Yes, this version will be announced as LTSB in the next few months.
    • Is a SAML-like authentication method planned for future releases?
      This topic is currently being studied but is not yet planned in the roadmap.
    • What multi-factor authentication (MFA) solutions are supported? Do you have a support matrix?
      We use the Radius protocol and there is not yet a matrix on this subject. However, you can contact our pre-sales engineers, depending on your case. For more information.
    • Can SD-WAN features replace a carrier's MPLS?
      SD-WAN could replace MLPS links. However, a case by case evaluation would be necessary. For more information, please visit our Professional Services page.
    • Is there SD-WAN compatibility with the Stormshield Management Center (SMC) solution?
      Yes, SD-WAN compatibility is planned and should be available soon.
    • Something like TCP Probe has appeared in the router object. How does it work? Is it only TCP Handshake? Can it be configured on any port or not?
      TCP Probe works with TCP Handshake and can be configured in any port.
    • Regarding QoS, what happens to the previously created rules? After the migration to version 4.3, it seems that the module should be finalized, but how will the firewall rules work with the old QoS rules, will they not handle the traffic properly or will they work as if the old QoS rules were not there?
      In this case, the old QoS will be disabled and the setting must be updated with the new QoS. Queues and queue assignment are retained. Traffic shapers must be created and assigned to the interfaces.
    • What does the traffic shaper in QoS refer to?
      The traffic shaper refers to the flow control mechanism implementing bandwidth limitation and reservation.
    • Will there be a technical documentation for QoS?
      The document is currently being written, a link to it will be available soon.
    • What are the differences between FQDNs and current objects?
      Current objects are made with active resolution while FQDNs used in web services are based on DNS flows observed by the firewall.
    • What about the management of wildcards in the filtering rules?
      This possibility will be introduced in the version following 4.3. Web services objects can be defined with wildcards in DNs and used in rules.
    • Do you plan to introduce SD-WAN for different applications?
      In the next version 4.4, we plan to introduce the notion of web services. They will allow the detection of applications before the use of SD-WAN.

Contact Stormshield teams

SD-WAN is a catch-all term that can seem complex. Our teams of experts are at your disposal to help you understand it and answer your questions.

  • * required fields
  • This field is for validation purposes and should be left unchanged.