& Demo Prepared and Presented by: Georges Nassif Technical Manager Triple C
Firewall Antivirus IPS Web Filtering AntiSpam Application Control DLP Client Reputation
(cont d) Traffic Shaping IPSEC VPN SSL VPN Link Load Balancer Server Load Balancer Virtual Domains Wireless Controller Captive Portal
Firewall 1. Source Interface 2. Source Address 3. Destination Interface 4. Destination Address 5. Protocols 6. Schedule 7. NAT/Route
Firewall
Antivirus Web Filter Application Control IPS Fortigate Features Security Features Email Filter DLP Sensor SSL Inspection
Security Features
Security Features Antivirus: Stop Malware Infections Unmatched Performance Comprehensive Malware Protection Automatic Update Push Update Demo: Quarantine Infected PC
IPS: Stop Network Intruders Custom Signatures DOS Fortigate Features Security Features DDOS Fortiguard Automatic Update Push Update
Security Features Application Control: Allowing, denying or monitoring Detected through Signature Traffic Shaping for Application Updates through IPS Demo: Deny Whatsapp
6 main Groups: 1. Security Risk 2. General Interest Business 3. General Interest-Personal 4. Adult/Mature Content 5. Bandwidth Consuming 6. Potentially Liable Security Features Web Filter: 75 Categories 47 Million Websites rated Demo: Deny News and Media Category
Security Features Basic AntiSpam Additional Layer Email Filter: Actions are globally applied: Tag or Discard Fortinet Dedicated Solution: Fortimail
Security Features Data Loss Prevention: 1. Prevent unauthorized communication of sensitive information and files through the network perimeter 2. Sensitive Information: Social security and Credit cards numbers, File Types, File Size, Regular Expression 3. Content can be Archived to FortiAanlayzer
SSL Inspection: FortiOS 5.0 fully supports flow-based inspection of SSL sessions. This means that: Fortigate Features Security Features HTTPS, IMAPS, POP3S, SMTPS and FTPS traffic can now be decrypted and inspected by IPS and application control and flow-based antivirus, web filtering and email filtering.
The Security scan types available on FortiGate units are varied and tailored to detect specific attacks. Look ups for a DNS name that does not exist Connection attempts to an IP address that has no route HTTP 404 errors Packets that are blocked by security policies. Attack detected. Malware detected. Fortigate Features Client Reputation Visit to web site in risky categories
Client Reputation
Traffic Shaping FortiGate units can implement Quality of Service (QoS) by applying bandwidth limits and prioritization
IPSEC VPN Between two Fortigates or between a Mobile user and the HQ. The remote branch can be a DSL subscriber without static public IP address and behind a NAT device. FortiASIC Network Processors to accelerate encryption and decryption of network traffic. Once the traffic has been decrypted, multiple threat inspections - including antivirus, intrusion prevention, application control, email filtering and web filtering - can be applied and enforced for all content traversing the VPN tunnel.
Uses HTTPS Modes: Fortigate Features SSL VPN Web-Only (portal page) Tunnel Mode
Link Load Balancing Configure the same fortigate to use multiple internet connections for business continuity purpose. These multiple internet connections can be configured to act in: Active Passive mode Dynamic Load Balancing Mode Static Load Balancing Mode
Server Load Balancing
Virtual Domains Virtual domains (VDOMs) divide a FortiGate into two or more (up to 250) virtual FortiGate devices, each operating as an independent FortiGate security gateway. Each VDOM can provide completely separate firewalling, routing, UTM, VPN, and next generation firewall services. All traffic enters and leaves a VDOM completely separated from traffic from other VDOMs.
Wireless Controller The FortiGate network security platform acts as a wireless controller for FortiAP Thin Access Points, while providing firewall, VPN, intrusion prevention, application control, web filtering and many other security and network capabilities. FortiAP: Thin Wireless Access Points are cost-effective IEEE 802.11ac and 802.11n Thin APs that provide Integrated Network Security and WiFi client access. The FortiAP series utilizes industry-leading wireless LAN technology, providing client access in both the 2.4 GHz and 5 GHz spectrum, with 802.11ac models supporting a maximum association rate of up to 1,300 Mbps per radio.
Captive Portal Can be used to provide Guests with secure internet access through an open SSID. Users are redirected to a web portal page, where they have to enter their credentials, provided by an operator. A guest management role can be assigned to multiple operators inside the company. Multiple users can be created at the same time.
Captive Portal Users are redirected to a web portal page.
Thank You