Beruflich Dokumente
Kultur Dokumente
Fortinet Confidential
Agenda
1 2 3 4
Fortinet Confidential
Company Overview
Leading provider of
ASIC-accelerated Unified Threat Management (UTM) Security Solutions FW, VPN, SSL, AV, IPS, AS, URL & Content filtering Database Security : Vulnerability Assessment + Monitoring & Auditing
Company Stats
Founded in 2000 Silicon Valley based with offices worldwide Seasoned executive management team 1,050+ employees / 550+ engineers 350,000+ FortiGate devices shipped worldwide
Fortinet Confidential
Fortinets UTM product portfolio is seeing success across all price bands, including the high end, which has been the hardest sell for many vendors
Fortinet Confidential 4
9%
FortiGuard Security Subscription enables customers to realize the full potential of the FortiGate product Family
9% 1% 2% 2% 2% 2% 7% 7%
Anti-Spam (AS)
Greater than 94% spam catch rate Less than 0.01% false positive rate
edonkey bit_torrent gnutella Microsoft.IE.CreateTextRange.Remote.Code.Execution overlong_uri Slammer MS.Windows.ASN.1.Bitstring.Heap.Overflow.HTTP.B MS.Exchange.XLINK2STATE.CHUNK.Overflow CyberKit.2.2 Apache.CGI.Byterange.Request.DoS
Agenda
1 2 3 4
Fortinet Confidential
SOC
Fortinet Confidential
INTERNET
Customer Network MPLS, Frame, Leased Line
Fortinet Confidential
Security Requirements
Firewall IPSec/SSL Anti-Virus Anti-Spam IPS URL filtering Content filtering Application Control (P2P, IM,) Authentication & Authorization Reporting Traffic Shaping Routing capabilities DDoS resistance High Availability Ease of administration Ease of provisioning Integration in existing environments Compliancy (archive, best practices,)
Agenda
1 2 3 4
Fortinet Confidential
11
Fortinet Confidential
12
Fortinet Confidential
13
FortiManager
Fortinet Confidential
14
Fortinet Confidential
15
Customer 2
Fortinet Confidential 16
Fortinet Confidential
17
Fortinet Confidential
18
Fortinet Confidential
19
Introducing FortiMail
FortiMail sits at a different place in the network FortiMail provides a different type of AS/AV inspection for email traffic only FortiGates perimeter location means it is latency sensitive, unlike email traffic which can be delayed without notice FortiMail devices contain large amounts of disk space for mail quarantine and storage Email archiving and routing should not be performed from the network perimeter FortiMail and FortiGate combined offer an improved level of layered email security for the network
Fortinet Confidential
20
FortiMail-400
FortiMail-2000A
FortiMail-4000A
Inbound/Outbound inspection with a single device No per user license, no user or mailbox restrictions All models support High Availability (HA) configurations
Fortinet Confidential 21
FortiMail Overview
Flexible Deployment Options Maximum detection accuracy of Email-based threats Integrated Message Transfer Agent (MTA) Inbound & Outbound Email Messaging Security Email Archiving Logging and Reporting
The only email security solution that can be deployed in transparent, gateway or email server mode Integrated Multi-Threat/Blended-Threat detection including: Antispam, antivirus, antispyware and antimalware detection, all powered by the FortiGuard subscription service Specialized MTA engine for peak capacity, intelligent routing, QoS, virtualization, inbound and outbound SMTP routing Unlike other messaging security products, FortiMail secures inbound and outbound mail with only one system On-box archiving, facilitates regulatory compliance for content archiving Integrated Logging and Reporting engine, provides visibility into email usage, quarantine statistics and others
Fortinet Confidential 22
Email DOS/ DHA Spam & Virus, Spyware Malware* Content Email DDOS Prevention Phishing Prevention Prevention Prevention Policy Archiving
Prevention
Inbound Risks
SMTP
Prevention
Compliance
Fortinet Confidential
24
Email Content Spam Spam Policy Email Zombie & Virus, Spyware Malware* RBL DLP Archiving Or Bot Prevention Phishing Prevention Prevention Prevention Compliance Prevention Detection
SMTP
Outbound Risks
Fortinet Confidential
25
Server Mode
Full email server functionality Full antivirus and antispam functionality Ideal for small to medium sized companies and remote branch office locations (Models FE-100/400) Ideal for medium to large companies (Models FE-2000)
Server
Fortinet Confidential
26
Fortinet Confidential
27
Fortinet Confidential
28
Agenda
1 2 3 4
Fortinet Confidential
29
Fortinet Confidential
30
Enterprise
FortiGate-1000A FortiGate-5000
FortiGate-310B
Hardware
FortiASIC CP for UTM acceleration 8 FortiASIC Network Processor (NP) accelerated ports 2 Copper non-NP accelerated ports 1 Single-width front AMC slot 1 GB System Memory 2 USB ports Backup DC connector (for future use) 1 RU height rack mount unit
Throughput
FG-310B Base Model
8 Gbps firewall throughput 6 Gbps IPSec VPN throughput
Firmware
FortiOS Multi-Threat Engine Supported by FortiManager Supported by FortiAnalyzer Supported by FortiGuard A&M Svc.
32
Fortinet Confidential
FG-310B
Port 1
Switch
DMZ
Alternative was single security zone with no protection between LAN segments
Switch
Switch Switch
Sales
Switch
Finance
Secure Web Access Allows network devices secure access to the Internet while blocking blended threats with the ICSA-certified multilayered security protection platform
Fortinet Confidential
34
Secure Perimeter Access Enterprise-class Firewall and VPN technologies, combined with nextgeneration Antivirus and Intrusion Prevention technologies ensure that remote users can easily access the corporate network while also ensuring that remote users are not introducing security risks
Fortinet Confidential
35
Fortinet Confidential
36
Fortinet Confidential
37