Scalable

Securing Virtual Networks Virtualized

Security Solutions

The Benefits of Virtual Networking

Virtual networking provides a method to consolidate multiple devices, such as those typically found in a data center, in order to simplify and reduce
physical hardware requirements. Implementing virtual networking technologies allows a single network device to transparently host multiple networks
or customers on a common infrastructure. Implementing Virtual Local Area Networks (VLANs) allow network links to be shared by virtualized servers
to help improve network performance, reduce management complexity and enable more granular usage policies.

Virtual Data Center VIRTUAL Virtual Domain -1

SERVER
Application-1 Application-X
Virtual Domain -2
Customer-1 VLAN100
VIRTUAL VLAN VLAN 200 Application-1 Application-X
ROUTER FIREWALL SWITCH VLAN300
Virtual Domain -3
INTERNET
VIRTUAL Application-1 Application-X
SERVER Virtual Domain -4

VLAN400 Application-1 Application-X

VLAN500
Virtual Domain -5
Customer-X
Application-1 Application-X

Overview of Virtual Domains (VDOMs) Overview of Virtual LANs (VLANs)

VDOMs enable the capability to use a common infrastructure to provide VLANs allow a single physical trunk to support up to 4096 virtual
routing and network protection for several organizations or customers. networks. Using virtual networks allow a single trunk to support
This is useful for enterprises and service providers, where each multiple customers and applications while providing a method to
organization requires its own network interfaces (physical or virtual), manage traffic and network performance. Routing between VLANs and
routing requirements and network protection rules. between VDOMs adds more flexibility and scalability.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • •

Challenges in Virtual Network Security

The primary reasons for implementing VDOMs and VLANs are to improve network manageability, scalability and security. Security solutions for virtual
networks must allow management on a per-customer or per-application basis. Also required is a high-performance security platform that is capable
of scaling to support thousands of virtual networks with management, logging and reporting customized for each customer or application.
Manageability Virtual Network Security Requirements
Manageability
Manage multiple domains and multiple networks from a
Scalability Modular Security single device with domain specific administrative profiles
Manage / Log / Report
Antispam for log data, reports, alerts, options and menus
Web Filtering
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • •
Antivirus / Antispyware
Intrusion Prevention (IPS) Scalability
Firewall / VPN
Bandwidth Shaping
Provides the performance to support thousands of
Physical / Virtual
VDOMs and VLANs without impacting overall network
throughput, specific users or applications
Complete • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • •

Virtual Network Modular Security

Security Requires a complete security suite where specific solutions
can be applied on a per customer or per application basis
while providing a low cost of ownership
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • •

The Fortinet solution is surpassing our high expectations and demands. Though we were seeking a performance and
throughput improvement, we now also have less appliances to manage, 24/7 availability even if a data center goes down
and a way to report on network usage without taking the entire network down.
- Brian Bernard, Senior Network Administrator
Lee County Clerk of Courts
Fortinet Unified Threat Management (UTM) Solutions for Virtual Networks
Virtual Domains provide a way to divide your FortiGate TM unit and operate it as multiple unique security domains. You can configure and manage
interfaces, VLAN sub-interfaces, zones, firewall policies, routing and VPN configurations as if they were being applied to a dedicated security
appliance. This virtual domain separation simplifies configuration because it reduces the number of separate routers or firewalls that must be
managed. Support is provided for IEEE 802.1Q Virtual LAN tagging operating in both NAT/Route and Transparent modes, which allows administrators
to increase the number of network interfaces beyond the physical interfaces. This allows a single FortiGate device to provide security services and
control virtual networks across multiple security domains.
Fortinet Virtual Network Security VIRTUAL
Virtual Domain -1

Customer-1 SERVER
FortiGate Application-1 Application-X
Virtual Routing, Switching & Firewall Virtual Domain -2
VPN, Antivirus/Antispyware, IPS, Antispam, VLAN100
Web Filtering VLAN 200 Application-1 Application-X
VLAN300
Virtual Domain -3
IEEE 802.1Q VLAN
INTERNET
Application-1 Application-X
Transparent/NAT/Route VIRTUAL
SERVER Virtual Domain -4
Modes
Customer-X
VLAN400 Application-1 Application-X
VLAN500
Virtual Domain -5
FortiGuardTM FortiManagerTM / FortiAnalyzerTM
Subscription Management, Logging & Reporting Application-1 Application-X
Services Administrative ✔ Apply Fortinet UTM Security in Different VDOMs
Antivirus/Antispyware, IPS, Domains ✔ Inter-VLAN Routing (through Firewall policies)
(ADOMs)
Antispam, Web Filtering ✔ Inter-VDOM Routing with Virtual Links
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • •

Complete Managability Cost-Effective Scalability

Fortinet Administrative Domains (ADOMs)
Virtual
✔ Each ADOM is independent of other domains Administrator-2 Virtual
Administrator-X All FortiGate Models
✔ Manage all domains/devices from a single user interface
Include 10 VDOMs
✔ Administrative access profiles (logs, reports, menus, etc.)
Virtual
Fortinet VDOM Security Administrator-1 FortiGate-3000 Series
✔ Common or unique administrators for each VDOM FortiManager Support
✔ Firewall policies between VDOMs & VLAN subinterfaces FortiAnalyzer up to 250 VDOMs*
✔ Unique security configurations across different VDOMs
Fortinet VDOM / VLAN Networking ADOM-1
FortiGate-5000 Series
✔ IEEE 802.1Q VLAN Layer-2 switching & Layer-3 Routing Support
ADOM-2 ADOM-X
✔ Supports Transparent/NAT/Route modes per VDOM VDOM-2 VDOM-3 up to 3500 VDOMs*
✔ Inter-VLAN Routing (all traffic through firewall policies)
VDOM-4 VDOM-1 VDOM-5
✔ Inter-VDOM routing with virtual links * Purchased in 25 VDOM increments
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • •

Fortinet Platforms FortiOSTM FortiGuard Services

Protection, Management & Reporting Modular Multi-Threat Security Security Update Development / Distribution
Integrated
Management, Logging & Reporting FortiGuard
Antispam
Multi-Layered Security

FortiGuard
Complete Content

Traffic Shaping Antivirus

Antispam Antispyware
Protection

Web Filtering
Antivirus / Antispyware
IDS / IPS
FortiGuard FortiGuard Network FDS SINGAPORE

IPS
Firewall FortiGuard
Web Filtering
IPsec / SSL VPN

Network / Content Processing Fortinet Global Threat Research Teams

• Turn-Key Security Platforms • Modular Multi-Threat Security Suite • Global Network of Distribution Servers
• Perimeter / Edge / ROBO Deployments • Hardware Accelerated Performance • 24x7 Dedicated Threat Research Teams
• Device Based Licensing (Not Per User) • Multiple Management & Reporting Options • Industry Leading Coverage and Accuracy
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • •

GLOBAL HEADQUARTERS EMEA SALES OFFICE-FRANCE APAC SALES OFFICE-HONG KONG

Fortinet Incorporated Fortinet Incorporated Fortinet Incorporated
1090 Kifer Road, Sunnyvale, CA 94086 USA 120 rue Albert Caquot Room 2429-2431, 24/F Sun Hung Kai Centre
Tel +1-408-235-7700 06560, Sophia Antipolis, France No.30 Harbour Road, WanChai, Hong Kong
Fax +1-408-235-7737 Tel +33-4-8987-0510 Tel +852-3171-3000
www.fortinet.com/sales Fax +33-4-8987-0501 Fax +852-3171-3008

©2006-2007 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiOS, FortiAnalyzer, FortiASIC, FortiLog, FortiCare, FortiManager, FortiWiFi, FortiGuard, FortiClient, and FortiReporter are trademarks or registered trademarks of
the Fortinet Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Licensed under U.S. Patent No. 5,623,600.
Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. Please note that no Fortinet statements herein
constitute or contain any guarantee, warranty or legally binding representation. All materials contained in this publication are subject to change without notice, and Fortinet reserves the right to change, modify, transfer, or
otherwise revise this publication without notice. SOL121-1007-R1