When researching an SD-WAN solution, there are several key security considerations. A secure SD-WAN offering must as a baseline be able to encrypt all traffic using 128- or 256-bit AES encryption and have secure, dynamically changing encryption keys. Better still, it should support cipher block chaining, per-protocol sequence numbers, and per-session symmetric encryption. It needs to be able to support all three of the fundamental network security architectures that enterprises employ: fully distributed, centralized at private data centers or colocation facilities, or integrated with cloud-based network security. Plus, it should support integrated network security as well as the ability to overlay with an enterprise’s existing network security architecture. SD-WAN also needs to support not only basic stateful application firewall services, but features such as zone-based security, policy-based filtering for granular levels, and layers of security aligned on a per-application or traffic-type basis, traffic isolation, and traffic segmentation by user or VRF. Service chaining should be supported, and SD-WANs should integrate with cloud-based security solutions.