Unified SASE Without “Rip and Replace” – How to Co-exist and Still Move Forward

Many organisations like the promise of Secure Access Service Edge (SASE): simpler operations, better user experience and tighter security. But they’re also realistic. You already have firewalls, VPNs, SD‑WAN, secure web gateways and a stack of other investments in place.

The real question isn’t “SASE or not?” – it’s “How do we evolve to SASE without breaking what works today?”

That’s exactly where a co‑existence strategy and a Unified SASE platform come in.
Macquarie Telecom’s Unified SASE solution, powered by Fortinet, is designed to sit alongside your existing environment, then progressively take on more of the heavy lifting as it proves value.

Why co‑existence matters more than “big bang” change.

In most enterprises, the network and security stack has grown organically over many years. There are:

• Long‑term contracts on MPLS or security appliances
• Critical sites with bespoke designs
• Change‑sensitive applications and teams
• Limited project and operations capacity
• Ripping out everything at once isn’t realistic – and usually isn’t necessary.

A co‑existence strategy acknowledges:

• You can start where the pain is greatest (e.g. remote users, internet‑heavy branches, or a particular region)
• New SASE capabilities can run in parallel with existing controls while you test, tune and gain confidence
• Migration can happen site by site, user group by user group, aligned to business priorities rather than vendor timelines

With the right plan, SASE becomes a journey, not a cliff…

Deployment options: where Unified SASE can plug in.

Because Unified SASE converges SD‑WAN, secure web gateway, ZTNA, CASB and firewalling on a single platform, you can introduce it in several ways:

1. Branch and site modernisation

• Use SASE edge devices or SD‑WAN appliances at branches while core data centre firewalls remain in place initially.
• Let branch internet traffic break out locally with cloud‑delivered security, while sensitive apps still flow via existing paths.

2. Remote user and VPN transformation

• Start by moving a subset of remote users from legacy VPN to Zero Trust Network Access (ZTNA), while VPN remains available as a fallback.
• Gradually expand ZTNA coverage as user experience improves and policies mature.

3. Cloud and SaaS access control

• Introduce SASE security services (SWG, CASB, DNS security) for specific SaaS apps or cloud environments, without touching the WAN immediately.
• Extend policies across more apps and users over time.

In each case, Unified SASE can co‑exist with your current stack, share identity sources and routing, and then take on more as you retire older components.

TCO: why platform‑based SASE is different to bolt‑on stacks.

When comparing total cost of ownership (TCO), it’s tempting to look only at licensing. But the bigger picture includes:

• Number of consoles and policy sets
• Time spent on upgrades, troubleshooting and audits
• Overlapping capabilities across products
• The cost of inconsistent user experience and security gaps

A platform‑based Unified SASE approach offers distinct economic advantages versus stitching together multiple point products:

Consolidated licensing
Fewer separate subscriptions for SD‑WAN, web gateway, CASB, ZTNA and NGFW features.

Reduced hardware footprint
Multi‑function edge devices and cloud services shrink the need for multiple dedicated appliances per site.

Lower operational overhead
One policy framework and one analytics layer reduce the time senior engineers spend reconciling conflicting tools.

Faster rollout of new capabilities
New security functions can often be turned on through the same platform, rather than adding another vendor and integration.

Against competitors that still rely heavily on multiple discrete components, a Unified SASE platform can deliver better functional coverage at a lower all‑in operating cost – particularly when combined with a managed service to handle day‑to‑day operations.

Unified SASE: key differentiators and customer value.

Beyond cost, the real differentiators show up in outcomes:

True networking + security convergence

SD‑WAN, NGFW, SWG, ZTNA and CASB share the same operating system and threat intelligence, rather than being loosely integrated products.

Consistent Zero Trust model

Identity‑aware, device‑aware and application‑aware policies apply equally to branches, remote users and cloud workloads.

End‑to‑end visibility

A single view across site‑to‑site, user‑to‑cloud and internet traffic makes it easier to troubleshoot performance and security issues.

Flexible deployment

On‑premises appliances, cloud points of presence and endpoint agents all operate under the same fabric, so you can adapt to each location’s needs.

Managed service ready

Because it’s a unified platform, it’s far easier for an MSP to design, operate and continuously optimise – meaning you get expert 24×7 coverage without trying to build it all in‑house.

Macquarie Telecom’s Unified SASE solution combines this platform with Australian‑based design, migration support and round‑the‑clock operations, aligning technology outcomes to business priorities.

Three conversation starters for your own roadmap.

If you’re considering how Unified SASE could fit alongside your current environment, these questions help frame the discussion:

Which parts of our network or user base cause the most friction today – and would benefit most from a new approach first?
This is often where co‑existence pilots deliver quick wins and build internal support.

Where are we paying twice for overlapping capabilities across different vendors?
Identifying duplication is a powerful way to make the TCO case for consolidation.

What would success look like in 12–24 months – fewer tools, better experience, reduced risk, or all of the above?
Clear outcomes help prioritise which SASE components to turn on, and in what order.

Common customer questions we hear.

When we talk with organisations about Unified SASE co‑existence, three themes come up regularly:

“Do we need to standardise on one vendor everywhere?”

Not on day one. Co‑existence means running SASE where it adds the most value first, then deciding over time which legacy components to retire.

“How disruptive is this to our current network?”

With careful design, you can insert SASE alongside existing paths, test in monitor or limited‑enforcement modes, and only cut over when ready.

“Who will run all this, and do we have the skills?”

A managed SASE model lets you lean on an experienced team for policy design, 24×7 monitoring and continuous optimisation, while your internal team focuses on strategy and stakeholder alignment.

Taking the next step.

You don’t need a greenfield network to adopt a modern, converged security architecture. A Unified SASE platform, combined with a thoughtful co‑existence strategy, lets you modernise at your own pace – starting where it matters most.

Macquarie Telecom’s Unified SASE solution with Fortinet brings together:

• Platform‑based SASE (network + security in one fabric)
• Flexible deployment options for branches, remote users and cloud
• Local expertise and 24×7 managed operations to support your journey

If you’d like to explore what a staged Unified SASE roadmap could look like for your organisation, we’re ready to help you map it out.