FortiCloud & FortiDeploy Soluzione di Management Zero-touch per Dispositivi FGT e FAP Roberto NARETTO System Engineer - IT Security
Agenda Introduzione Cloud as a Service FortiCloud in Azione Fortideploy in Azione Scalabilità Q&A Coming Soon
Introduzione
FortiCloud: Questo Sconosciuto San Jose (Headquarter s) s e c u r i t y p o l i c i e s f i r m w a r e u p d a t e s w i r e l e s s s e t t i n g s z e r o t o u c h p r o v i s i o n i n g H o s t e d F o r t i C l o u d M a n a g e m e n t FortiCloud New York (Branch Office)0 Las Vegas (Branch Office)
Management Centralizzato as a Service Cloud-Based Management Singular hosted console for managing wireless & security devices Dashboards for both wireless (FortiAP) and security (FortiGate) No setup fees; service is free of charge w/ no recurring expenses Zero Touch Provisioning Simple provisioning makes initial deployment much less complex Use included key to register a device to your FortiCloud account Bulk deployment options for mapping many FortiAPs to FortiCloud Integrated Security Configure wireless security modes, encryption, authentication, etc. Detection of rogue APs + WIDS facilitates PCI compliance Offloads suspicious files to cloud sandbox for analysis Reporting and Visibility Wireless/security log filtering and drill-down capabilities Built-in FortiView forensics for app/web/threat usage stats Includes pre-defined PDF reports with chart visualizations
FortiCloud: Come Funziona Challenge: Setting up a cost-effective, highly available logging and management infrastructure for security and wireless devices Device settings can be managed directly from the FortiCloud hosted management console FortiCloud Logging abilitato by default (no user traffic solo logs) Tutti i dispositivi sono gestiti direttamente AP possono essere raggruppati FortiAPs can be grouped and configured as logical units and locations Application and security logs are sent to FortiCloud LOGS FortiGates (Firewalls) FortiWiFis (Firewalls with Wireless) FortiAPs (Access Points)
Provisioning con FortiCloud Challenge: Deploying security/wireless infrastructure at remote locations (with limited on-site expertise) while centrally managing configuration/reporting functions Branch Offices (or Retail Stores) IT admin logs into FortiCloud, enters bulk FortiCloud key and configures FortiManager IP to assign as devices come online Enterprise HQ IT admin FGT-111 FortiCloud FortiManager FGT-222 Deployed devices phone home to FortiCloud and are assigned the specified FortiManager IP FWF-333 FWF-444 Now that devices are being managed, IT admin can push firewall policies and configurations down to FortiGates/FortiAPs directly
Cloud-based Sandboxing con FortiCloud Challenge: Detecting unknown malware and/or zero-day attacks & preventing them from compromising your network (ultimately culminating in data exfiltration) FortiGate detects a suspicious file with an unknown payload Copy of file is sent to FortiCloud for further inspection and is executed in a sandboxed environment Enterprise HQ IT admin FortiCloud IT administrator can view FortiCloud management UI at any time for an updated determination status Branch Office Firewall Any new FortiGate protection updates are now available to FortiGuard subscribers worldwide If further analysis is required, file is sent to FortiGuard Labs for deconstruction and signature creation FortiGuard Labs
Monitoraggio degli Artefatti
Licenze FortiCloud e FortiDeploy Estensione dello Storage con Licenza FortiCloud Segui le Istruzioni ❶ Acquista tante licenze quanti sono i dispositivi da gestire Nota: La licenza FortiCloud è necessaria solo quando i clienti vogliono incrementare la loro capacità mensile per dispositivo da 1 GB a 200 GB/anno o quando vogliono maggiore flessibilità nella creazione dei reports. Esempio: Avendo 3 FGTs gestiti Qty SKU Description 3 FC-10-90801-131-02-12 1-year FortiCloud (activate with reseller contract on support.fortinet.com) Accoppiare FortiDeploy ai Dispositivi Segui le istruzioni ❶ Aggiungi tanti FortiGates, FortiWifis o FortiAPs nel purchase order quanti ne servono ❷ Aggiungi lo SKU del FortiDeploy allo stesso PO Nota: C è un costo nominale associato al FortiDeploy, quindi assicurati che tutti i FortiGates / FortiWiFis / FortiAPs siano nello stesso PO. Esempio: Avendo 20 FortiAPs Qty SKU Description 20 FAP-221C-A Indoor wireless AP 20 FC-10-P0225-311-02-DD 8x5 FortiCare Contract 1 FDP-SINGLE-USE Enables zero touch bulk provisioning
Join al FortiCloud www.forticloud.com
FortiCloud come Management Station
FortiCloud come Management Station
Setup Wizard
Setup Wizard
FortiCloud in Azione
Hosted Management con FortiCloud Challenge: Upfront investments in management solutions can be costly and may only manage specific devices Minimize your capital investment: FortiCloud hosted management takes the worry out of deployment, log storage and on-site expertise without compromising security or ease of use Control your wired OR wireless network simply: Single pane of glass management utilizing a SaaS model makes it painless to manage devices of any type whether they re firewalls, access points or somewhere in between
Network Visibility con FortiCloud Challenge: Advanced analytics and risk analysis are typically features out of reach for smaller businesses and can be costly add-ons for larger enterprises Immediate network analysis: Utilizing a dashboard interface, IT administrators can get an instantaneous snapshot of the health and activity of their overall network usage Incident management made easy: Inspect risks to your network with FortiView to assist with threat prevention and oversight of application usage
Managed Wireless con FortiCloud Challenge: Cloud managed wireless typically invokes a limited feature set for an exorbitant subscription fee per device Wireless at your fingertips: Quickly determine wireless health, discover access point locations and modify AP device settings with a hosted FortiCloud cloud-based interface all with no additional fees
Wireless PCI Compliance con FortiCloud Challenge: All point of sale and credit card transactions mandate strict security standards (especially using wireless), but ensuring all of the infrastructure pieces deliver on this objective can be trying Out of the box PCI compliance: FortiCloud with FortiAP provides rogue AP detection, WIDS and scheduled reporting all key tenets of PCI
Comparative
FortiCloud Comparazione Funzionalità Capability Fortinet Aerohive Aruba Meraki Cloud-based Mgmt Zero Touch Provisioning Device Firmware Updates Drill-down Visibility Historical Reporting Limited Wireless AP Integration Multi-site Management $ Captive Portal $ Authentication (RADIUS) Authentication (Cloud) $ $ Multiple SSIDs per AP $ $ Security Integration Firewall Policy Mgmt ATP Sandboxing Rogue AP Detection
Comparazione FortiCloud vs FortiAnalyzer Capability FortiCloud FortiAnalyzer Per device licensing Free, subscription optional Max device limit by models (up to 10,000) Form factor Cloud-based SaaS Hardware or VM Granular admin access profiles Limited Supports external authentication for admin access Disk quota 1GB per device with valid FortiCare, additional storage contract allows 200GB per device Variable; quotas can be assigned to each device based on available storage Advanced report configuration Yes, with subscription Centralized logging Real-time and batch uploads Real-time and batch uploads Cloud-based sandboxing
Comparazione FortiCloud vs FortiManager Capability FortiCloud FortiManager Per device licensing Zero touch provisioning Free, subscription optional Max device limit by models (up to 10,000) Integrated with FortiCloud, but not possible via FortiManager itself Form factor Cloud-based SaaS Hardware or VM Granular admin access profiles Limited Multi-tenancy capabilities Supports external authentication for admin access FortiGuard proxy (FDS) capabilities Device firmware updates Limited Configuration management Security policy management Exposed APIs for automation and customization Limited, per device only Remote access to device UI only Full provisioning profiles & multi-device management Integrated multi-device object library/policies
Comparazione FortiCloud Free vs. Subscription Capability FortiCloud Free FortiCloud Subscription Firewall Interoperability Wireless AP Interoperability Device Logging Device Management Device Provisioning Built-in support, FortiDeploy purchase required for devices Built-in support, FortiDeploy purchase required for devices Device Reporting Max Storage (per Device) 1 GB 200GB Daily Limit on Log Storage (per Device) 100 MB Unlimited Generate Reports Schedule Reports Customize Reports
Case History
Use Case: Small Business (Sicurezza Gestita) Azienda e Sfida Piccola gioielleria artigianale con tre negozi Infrastrttura IT gestita dal titolare In precedenza aveva acquistato tre FortiGates, ma non poteva permetersi il costo iniziale di un FortiManager Perchè Abbamo Vinto FortiCloud External IT Contractor FortiCloud ha riempito una sostanziale necessità di management che era un costo di mantenimento (OPEX) Il titolare voleva una semplice console di gestione con più funzionalità Nel caso il business fosse incrementato è necessario poter integrare con FortiManager Cosa Hanno Comprato FortiCloud (200GB subscription), FortiGates Boutique A Boutique B Boutique C
Use Case: Azienda Distribuita (Gestione Wireless in Cloud) Organization and Challenge One of the top shoe retailers in the world with 4,000+ stores throughout the Americas Retailer wished to consolidate vendor relationships and present a wireless enabled showcase which stores could replicate and roll out Deployment Team Security Operations Team Corporate HQ Why We Won FortiCloud FortiCloud s provisioning capabilities for both wired and wireless devices Consolidated, single pane of glass management capabilities Breadth of complementary solution set What They Bought FortiCloud (FortiDeploy), FortiAPs, FortiWiFis, FortiGates, FortiManager & FortiAnalyzer 4,000+ Retail Locations
Next Steps Provalo da te! ❶ Crea un nuovo account FortiCloud ❷ Loggati al FortiCloud attraverso l apposito widget sul tuo FortiGate/FortiWiFi In alternativa, accedi al sito www.forticloud.com e clicca sul link Live Demo http://video.fortinet.com/video/131/manage-fortiap-from-forticloud
Frequently Asked Questions: FortiCloud + Wireless Q: How can I evaluate features of FortiCloud wireless? A: Without trialing a FortiAP, prospective customers can still look at the FortiCloud website (www.forticloud.com) and click on the live demo link Q: Why is Fortinet better than competitive wireless vendors? A: While there are some wireless vendors dabbling in security, there are very few security vendors with proven, mature wireless products like Fortinet Q: Where can I get more information on FortiCloud or FortiAPs? A: For more information on FortiCloud, refer to the FortiCloud FAQ; the Fortinet website (www.fortinet.com) is the best place to find information on FortiAPs
Frequently Asked Questions: FortiCloud + Security Q: What happens when the log volume reaches its storage limit? A: Earlier logs are deleted (FIFO) in order to keep storage adjusted for licensing (1 GB for FortiCloud free and 200 GB for FortiCloud annual subscription) Q: How much does the FortiCloud sandboxing feature cost? A: There is an additional license for this service not bundled (from 85 to 240 in SMB): FC-10-00XXX-123-02-12 FortiGuard FortiSandbox Cloud Service Q: How is my log data secured? A: All log communications are encrypted between your FortiGates and the FortiCloud hosted service Q: Can I view log information in aggregate from several firewalls? A: We recommend FortiAnalyzer for deployments requiring advanced capabilities such as log aggregation, extended retention and event management (alerting)
Q & A rnaretto@exclusive-networks.com System Engineer Exclusive Networks Italy
Cosa Stiamo Preparando Per Voi https://attendee.gotowebinar.com/register/818193147830114050 https://attendee.gotowebinar.com/register/8203592960392342786
Grazie! rnaretto@exclusive-networks.com System Engineer Exclusive Networks Italy