FortiGate-620B Security Appliance Frequently Asked Questions

Similar documents
Fortigate Features & Demo

TECHNICAL NOTE. FortiGate Traffic Shaping Version

INTRODUCTION TO FIREWALL SECURITY

Unified Threat Management Throughput Performance

- Introduction to PIX/ASA Firewalls -

QUESTION: 1 Which of the following are valid authentication user group types on a FortiGate unit? (Select all that apply.)

Feature Brief. FortiGate TM Multi-Threat Security System v3.00 MR5 Rev. 1.1 July 20, 2007

HA OVERVIEW. FortiGate FortiOS v3.0 MR5.

FortiGate 100D Series

High Availability. FortiOS Handbook v3 for FortiOS 4.0 MR3

Nokia IP Security Platforms Technical Specifications Guide Nokia Enterprise Solutions

FortiGate/FortiWiFi -60C Series Integrated Threat Management for Small Networks

High performance security for low-latency networks

Fortinet Certified Network Security Administrator

FortiOS Handbook WAN Optimization, Web Cache, Explicit Proxy, and WCCP for FortiOS 5.0

1Fortinet. 2How Logtrust. Firewall technologies from Fortinet offer integrated, As your business grows and volumes of data increase,

Cyberoam Perspective BFSI Security Guidelines. Overview

TECHNICAL NOTE. FortiGate Support for SIP FortiOS v3.0 MR5.

Sophos SG Series Appliances

FortiGate/FortiWiFi -90D Series Enterprise-Grade Protection for Smaller Networks

Sophos SG Series Appliances

FortiGate High Availability Overview Technical Note

Vulnerability Management for the Distributed Enterprise. The Integration Challenge

Supported Upgrade Paths for FortiOS Firmware VERSION

Astaro Gateway Software Applications

FortiGate /FortiWiFi -80 Series Enterprise-Class Protection for Branch Offices

WAN Optimization, Web Cache, Explicit Proxy, and WCCP. FortiOS Handbook v3 for FortiOS 4.0 MR3

Networking for Caribbean Development

LotWan Appliance User Guide USER GUIDE

Eliminates performance bottlenecks with high performance, compact data center firewall.

PERFORMANCE VALIDATION OF JUNIPER NETWORKS SRX5800 SERVICES GATEWAY

NetScreen-5GT Announcement Frequently Asked Questions (FAQ)

MANAGED FIREWALL SERVICE. Service definition

How To Configure The Fortigate Cluster Protocol In A Cluster Of Three (Fcfc) On A Microsoft Ipo (For A Powerpoint) On An Ipo 2.5 (For An Ipos 2.2.5)

High Performance NGFW Extended

Virtualized Security: The Next Generation of Consolidation

Implementing Cisco IOS Network Security

Total Cost of Ownership: Benefits of Comprehensive, Real-Time Gateway Security

Network Intrusion Prevention Systems (IPS) Frequently Asked Questions FAQ

Unified Threat Management, Managed Security, and the Cloud Services Model

Configuration Example

FortiCarrier Systems Specialized Security for Service Providers

FortiMail VM (Microsoft Hyper-V) Install Guide

ANNEXURE TO TENDER NO. MRPU/IGCAR/COMP/5239

FortiWeb 5.0, Web Application Firewall Course #251

Deployment Guide: Transparent Mode

Barracuda Link Balancer

FortiGate 200D Series

Introducing FortiDDoS. Mar, 2013

FortiGuard Web Content Filtering versus Websense March 2005

Firewall. FortiOS Handbook v3 for FortiOS 4.0 MR3

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

Check Point taps the power of virtualization to simplify security for private clouds

Scalable. Reliable. Flexible. High Performance Architecture. Fault Tolerant System Design. Expansion Options for Unique Business Needs

Appliance Comparison Chart

Intel Network Builders: Lanner and Intel Building the Best Network Security Platforms

Overview and Deployment Guide. Sophos UTM on AWS

Managing a FortiSwitch unit with a FortiGate Administration Guide

The Fortinet Secure Health Architecture

Configuring PA Firewalls for a Layer 3 Deployment

Mobile Configuration Profiles for ios Devices Technical Note

FortiGate Multi-Threat Security Systems I Administration, Content Inspection and SSL VPN Course #201

Appliance Comparison Chart

Sizing Guideline. Sophos UTM SG Series Appliances. Sophos UTM 9.2 Sizing Guide for SG Series appliances

NETASQ MIGRATING FROM V8 TO V9

Sizing Guideline. Sophos UTM 9.1

Appliance Comparison Chart

FortiGate -3040B/3140B 10-GbE Consolidated Security Appliances

FortiGate -3700D High Performance Data Center Firewall

Scalable. Reliable. Flexible. High Performance Architecture. Fault Tolerant System Design. Expansion Options for Unique Business Needs

Chapter 9 Firewalls and Intrusion Prevention Systems

Appliance Comparison Chart

Emerson Smart Firewall

Fortinet Network Security NSE4 test questions and answers:

Load Balance Router R258V

Cisco Small Business ISA500 Series Integrated Security Appliances

Check Point 2200 Appliance

Solution Brief FortiMail for Service Providers. Nathalie Rivat

FortiOS Handbook - FortiView VERSION 5.2.3

IREBOX X. Firebox X Family of Security Products. Comprehensive Unified Threat Management Solutions That Scale With Your Business

Network Security Market in India CY 2014

Classic IOS Firewall using CBACs Cisco and/or its affiliates. All rights reserved. 1

White Paper. Accelerating VMware vsphere Replication with Silver Peak

FortiGate 1500D. The Fortinet Enterprise Firewall Solution. One Enterprise Firewall Solution across the Extended Enterprise. Highlights. forti.

2012 North American Enterprise Firewalls Market Penetration Leadership Award

Edge-based Virus Scanning

Preventing credit card numbers from escaping your network

Virtual Private Networks Secured Connectivity for the Distributed Organization

The All-in-one Guest Access Solution of

Cisco PIX vs. Checkpoint Firewall

Table of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000

Protecting the Infrastructure: Symantec Web Gateway

FortiClient Administration Guide

User Manual. Page 2 of 38

FortiGate 3700D. The Fortinet Enterprise Firewall Solution. One Enterprise Firewall Solution across the Extended Enterprise. Highlights. forti.

74% 96 Action Items. Compliance

SonicWALL Team Nordic Recommendations for safe Unified Threat Management (UTM) Deployments*

Please report errors or omissions in this or any Fortinet technical document to

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

Transcription:

FortiGate-620B Security Appliance Frequently Asked Questions FAQ Hardware Questions Q: What is the FortiGate-620B? A: The FortiGate-620B is a new medium and large enterprise-class FortiGate with FortiASIC hardware acceleration for firewall/vpn. The FortiGate-620B offers twenty (20) 10/100/1000 Ethernet interfaces. Sixteen of these interfaces are accelerated by the FortiASIC NP2 network processor for wire-speed firewall throughput of 16 Gbps and IPSec VPN throughput of 12 Gbps. Intrusion prevention and antivirus throughput (1 Gbps and 250 Mbps, respectively) are accelerated via the FortiASIC content processor found in all FortiGate models. Optional Advanced Mezzanine Card (AMC) expansion options allow for an additional 4 Gigabit SFP-based Ethernet ports or local HDD capacity for log storage. The FortiGate-620B s increased firewall/vpn throughput and high port density relieves medium and large businesses of the restraints that have historically prevented internal network security segmentation. Q: What types of security features are available on the FG-620B? A: Fortinet s FortiGate-620B is a purpose-built appliances that provide comprehensive security capabilities including firewall, antivirus, antispyware, intrusion prevention, IPSec and SSL VPN, web content filtering, spam filtering, spyware/grayware filtering, and traffic management tools. The FG-620B is designed for medium to large enterprises and regional offices. This full-featured network security appliance offers comprehensive protection to distributed networks, meeting the needs for an array of mission critical applications such as Email, Web, VOIP, IM, and P2P with extensive network management, logging, and reporting capabilities. Q: What is different about the Fortinet FG-620B? A: The FG-620B is a disruptive new multi-threat security device that offers best in class throughput and port density by leveraging the power of FortiASIC network and content processors. Competitive advantages include: 3X greater FW/VPN throughput than any other product in its class Double the number ports of any other product in its class Optional AMC expansion capability (4 x NP accelerated SFP ports or HDD for local log and content archive) Best price/performance ratio of any product in its class Lowest price per port of any product in its class Lowest cost per Mbps of firewall throughput of any product in its class Backed by Fortinet s own FortiGuard Service Subscriptions which include: FortiGuard Antivirus and Antispyware Service FortiGuard Intrusion Prevention System Service FortiGuard Web Filtering Service FortiGuard Antispam Service Q: What is the advantage of having so many FortiASIC Network Processor-accelerated ports? A: Increasing newtork sizes, throughputs, and applications warrant internal network segmentation points for Gbps links in order to increase security layers and decrease security zone size. These drivers are requiring increased performance and interfaces within security infrastructure. Fortinet 1 August 2008

Q: Will fiber SFPs be supported by the FG-620B? A: The 20 ports available on a FG-620B base model are copper ports. However, the FG-620B does support AMC expansion module ASM-FB4, which offers four additional FortiASIC network processor-accelerated SFP ports which support fiber transceivers. Q: What happened to the older mid-range FortiGate products? A: Fortinet still sells most of these older models, however based on Moore s Law of increasing density of circuitry and performance over time with a decreasing price, Fortinet now offers the much higher performing FG-620B with a greatly improved price/performance ratio over older models. The FG-620B offers increased port density, security throughput, and modularity. Q: What is an AMC expansion slot? A: The Advanced Mezzanine Card (AMC) standard, also known as AdvancedMC, was developed by the PCI Industrial Computers Manufacturers Group (PICMG), which has over 100 companies building to the specification. AdvancedMC has been developed to meet the requirements for the next generation of carrier grade communications equipment. Q: What optional cards are supported by the FG-620B? A: The FG-620B supports two optional AMCs: 1. The ASM-FB4 AMC, which provides four additional FortiASIC network processor-accelerated SFP ports for an additional 4Gbps firewall and 3Gbps IPSec VPN throughput. 2. The ASM-SO8 AMC, which provides 80GB of disk-based storage for local logging and content archiving. The FortiGate does not boot from the disk drive, nor does it store configuration or operating system files on it. Q: What benefit does the ASM-SO8 hard drive AMC option provide? A: The hard drive option provides the added benefit of storing logs and quarantine files locally. This option would also allow customers to store traffic log data which is not available from a memory logging-only configuration. These added features are also available with an external FortiAnalyzer device which provides other benefits such as content logging, forensic analysis, as well as over 300 standard and customizable reports. Q: Is the FG-620B appliance rack mountable? A: Yes. All mid-range models come with rack mount ears and optional rubber feet to allow flexibility in any mounting environment. All models have built-in cooling fans. Each consumes only one rack unit of space in an industry standard 19-inch equipment rack. Q: Are there different models for countries with 220V vs. 110V power? A: All models have a built-in power supply that auto-senses between 100 to 240 VAC. Each unit comes with a regional power cord for most common worldwide power socket configurations. Simply add the proper two-digit suffix to the SKU when ordering to specify the desired power cord option, e.g. FG-620B-US or FG-620B-UK. Power cord choices include: -US (USA style), -UK (United Kingdom style), -EU (European style), -AU (Australian style). Q: Is the FG-620B RoHS compliant? A: Yes, the FG-620B is RoHS compliant. Software Questions Q: What is FortiOS? A: FortiOS is the multi-layered security software that runs on all FortiGate products. It is a proprietary securityhardened operating system that provides all of the multi-threat security functions. FortiOS provides the capability to manage FortiGate devices either via a secure GUI web-based user interface or a command line user interface. Q: What is the latest version of FortiOS? A: At the time of writing, Version 3.0 MR7 Patch 1 is the latest release of FortiOS. It was released to the public in October 2008. Q: What type of security modules does FortiOS offer? A: Fortinet's FortiGate systems provide the industry's broadest suite of best in class security protections in a single platform, inclusive of firewall, IPSec VPN, SSL VPN, antivirus, antispyware, intrusion detection/prevention system, web content filtering, antispam and traffic shaping functionality. Deployed as an integrated or standalone solution, Fortinet 2 August 2008

FortiGate systems detect and eliminate today's threats as well as emerging bended threats that cannot be detected and eliminated by competitive solutions. Q: Can I assign two ports as dual WAN interfaces for load balancing traffic? A: Yes you can. There are a couple of methods for doing this. One is to use the built-in Equal Cost Multi-Path (ECMP) routing mechanism offered in version 3.0 MR2 and above. This method uses a simple hash algorithm to automatically balance sessions between two or more equal cost routes. The other is to use policy-based routing rules (available since version 2.8) to manually send some traffic to one port and other traffic to a different port. You can route based on source or destination IP addresses or based on protocol type / TCP or UDP port numbers, or any combination of the above. Q: What happens to log messages if I don t have the hard drive AMC installed? A: Log messages can be sent to external logging and reporting devices such as a FortiAnalyzer, or can be forwarded to any syslog compatible server. Once sent to a FortiAnalyzer, log messages can be browsed directly from the FortiGate web GUI. Additionally each FortiGate reserves a small amount of memory for short term logging which can be uploaded or deleted as needed. Due to memory constraints FortiGate cannot perform detailed traffic or content logging to local memory. Multiple log output destinations are supported. The FortiGate can send logs to up to three syslog servers or FortiAnalyzers. Q: What types of high-availability features are offered? A: All mid-range FortiGate models support high-availability (HA) clustering. This includes both active-passive and active-active HA where the standby unit can also be used to load balance the traffic and in some cases provide additional processing power and overall throughput gains. The Fortinet HA clustering technique allows clustering of up to four units for increased reliability and performance. Various load-balancing algorithms are available such as round robin, least connections, and weighted round robin to take best advantage of different clustering configurations. However you can only combine like-models together in the same cluster. Security Subscription Services Q: What subscription services are available? A: All standard FortiGate product security subscription services are available on each FortiGate appliance. Security subscription services are inclusive of the FortiGuard Antivirus, IPS, Web Filtering, and Antispam services. Security subscription service bundles are also available to save cost over buying each service separately. No user licensing or user restrictions exist on any FortiGate model. Q: How often are these subscription services updated? A: Each FortiGuard service has constantly upgraded databases in order to keep your FortiGate units up to date to protect against recent cyber threats. The signature and vulnerability based Antivirus, Antispyware and Intrusion Prevention System services have the ability to automatically push real-time updates to registered and configured units at any time 24 hours a day. The real-time services inclusive of Antispam and Web Content Filtering are constantly upgraded databases that maintain the highest possible accuracy. Q: How does Fortinet subscription service response time compare to the industry? A: Fortinet s FortiGuard subscription services with Service Level Agreement and FortiGuard Distribution Network provides Fortinet customers with the highest responsiveness of security vendors in both response time of creating new signatures to new exploits and breadth of coverage for antivirus, antispyware, web content filtering, intrusion prevention and antispam. Security Deployment Scenarios Q: How do I determine what size FortiGate is needed for my deployment? A: Units are deployed based on throughput performance, not number of users. In fact, all FortiGate models have unlimited user licenses. Customers choose the proper model based on desired Firewall, or VPN, or content scanning performance needed. Customers should note that if they want to enable multiple security functions such as FW + VPN + AV they would use the lowest common performance factor as the denominator, which is usually the AV scanning performance. Contact your local Fortinet SE or Fortinet Value Added Reseller for assistance in FortiGate sizing. A sizing tool is also available on the Sales Intranet/Partner extranet site which will ask questions about users, throughput, and traffic requirements to help properly size the right model for customer requirements. Fortinet 3 August 2008

Q: How is the FG-620B positioned against the rest of the mid-range and high-end FortiGate models? A: The FG-620B is a replacement to the FG-800 product. It is the second new medium and large product introduction following the FG-310B. The price and performance of the FG-620B is roughly double that of the FG-310B, and is intended to continue raising the standard for mid-range security products by offering a high number of wire speed firewall ports. The new standard that Fortinet is setting for mid-range products and above is wire speed firewall ports on all models. Historically, firewall throughput has been the main metric used to determine product classification. Since all mid-range and high-end FortiGates will offer wire speed firewall, the new metric to determine classification is the full content inspection (i.e. IPS and AV). These are the performance metrics that distinguish mid-range products from high-end products. Other features of the high-end products (3000 series and 5000 series) may include switch-based form factors, stackability using multiple switch blades, extensive AMC modularity, dual power supplies, SFP ports, and, of course, increased IPS and AV throughput and content level metrics such as number of sessions, new sessions per second, number of policies, etc. Q: What security modules are recommended for MSSP (managed security service providers)? A: MSSPs typically need a flexible Customer Premise Equipment (CPE) platform that can be remotely managed and can have many security options available for menu-style security service offerings. All FortiGate models come with built-in remote management tools that allow centralized security policy management and remote event monitoring for control via a security operations center. Additional products available such as FortiManager and /or FortiAnalyzer provide the management tools to administer remote sites and scales from a multiple branch office network up to a global multi-domain operation. Q: What security modules are recommended for perimeter security? A: Perimeter networks generally require Firewall and VPN (IPSec and/or SSL) features and also will benefit from IPS and Antivirus protection. In some deployment scenarios where compliance requirements are in place that restrict access to specific web content, Web Content Filtering protection may be appropriate. Q: What security modules are recommended for secure messaging? A: A secure messaging system normally includes Antivirus and Antispam security and can also include Instant Messenger security if applicable. Q: What security modules are recommended for data center? A: Data Center security will normally require network and application security features including Firewall, IPS and Antivirus features. Antivirus protection will generally be used for specific application protocols used in the data center such as HTTP / FTP for web servers and SMTP / POP for email servers. Performance & Throughput Q: Can I cluster these units together for better performance? A: Yes, with HA clustering in active-active mode customers can gain performance improvements, but only for certain types of traffic; including antivirus scanned sessions and TCP sessions only. Consult with your local Fortinet SE to find out more about implementing HA in your environment. Q: What are the key technical specifications and throughput measurements of the FG-620B? A: See performance metric chart below: Fortinet 4 August 2008

System Performance Firewall Throughput - Avg Size Packets (512 byte) Firewall Throughput - Small Size Packets (64 byte) IPSec VPN Throughput FortiGate-620B Base Model 16 Gbps 16 Gbps 12 Gbps FG-620B With Optional 4-Port AMC Module (ASM-FB4) 20 Gbps 20 Gbps 15 Gbps Antivirus Throughput IPS Throughput Dedicated IPSec VPN Tunnels Concurrent Sessions New Sessions/Sec Policies Unlimited User Licenses 250 Mbps 1Gbps 20,000 600,000 25,000 100,000 Yes Q: What are the performance assumptions for these metrics? A: The FortiGate-620B firewall throughput specification is based on benchmark results for 512-byte and 64-byte UDP packets processed while the FortiGate is operating in NAT mode. Antivirus performance is measured based on HTTP traffic with 32-Kbyte file attachments and IPS performance is measured based on UDP traffic with 512-byte packet size. Actual performance may vary depending on network traffic and environments. Copyright 2008 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet Inc. Trademarks Products mentioned in this document are trademarks or registered trademarks of their respective holders. Disclaimer Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. More specific information is available on request from Fortinet. Please note that Fortinet's product information does not constitute or contain any guarantee, warranty or legally binding representation, unless expressly identified as such in a duly signed writing. FG-620B-FAQ-R4-1108 Fortinet 5 August 2008

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information