Virtual Private Networks Secured Connectivity for the Distributed Organization

Similar documents
Fortigate Features & Demo

IPSec or SSL VPN? Copyright 2004 Juniper Networks, Inc. 1

Remote-Access VPNs: Business Productivity, Deployment, and Security Considerations

Connecting an Android to a FortiGate with SSL VPN

Permeo Technologies WHITE PAPER. HIPAA Compliancy and Secure Remote Access: Challenges and Solutions

Enabling Secure BYOD How Fortinet Provides a Secure Environment for BYOD

November Defining the Value of MPLS VPNs

HughesNet Broadband VPN End-to-End Security Using the Cisco 87x

FortiOS Handbook - IPsec VPN VERSION 5.2.2

FortiOS Handbook IPsec VPN for FortiOS 5.0

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

How To Ensure Security In Pc Ds 3.0

PRODUCTIVITY NETWORK, INC. Information Technology. VPN Overview

VPN. Date: 4/15/2004 By: Heena Patel

Configuring IPsec VPN with a FortiGate and a Cisco ASA

ION Networks. White Paper

The Fortinet Secure Health Architecture

High performance security for low-latency networks

FortiOS Handbook - IPsec VPN VERSION 5.2.4

Cisco ASA 5500 Series VPN Edition for the Enterprise

Best Practices for Secure Remote Access. Aventail Technical White Paper

WHITE PAPER SECURING DISTRIBUTED ENTERPRISE NETWORKS FOR PCI DSS 3.0 COMPLIANCE

HughesNet Broadband VPN End-to-End Security Enabled by the HN7700S-R

Controlling Web 2.0 Applications in the Enterprise SOLUTION GUIDE

Cisco ASA 5500 Series SSL / IPsec VPN Edition for the Enterprise

SSL VPN Technical Primer

The Fortinet Secure Health Architecture

Unified Threat Management, Managed Security, and the Cloud Services Model

WHITE PAPER. Understanding How File Size Affects Malware Detection

Why Switch from IPSec to SSL VPN. And Four Steps to Ease Transition

The term Virtual Private Networks comes with a simple three-letter acronym VPN

FortiGate 200D Series

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance

Technical papers Virtual private networks

DEFENDING THE REMOTE OFFICE: WHICH VPN TECHNOLOGY IS BEST? AUGUST 2004

PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data

FortiGate 100D Series

VPN_2: Deploying Cisco ASA VPN Solutions

User Authentication. FortiOS Handbook v3 for FortiOS 4.0 MR3

Secure Network Design: Designing a DMZ & VPN

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview

Cisco IPsec and SSL VPN Solutions Portfolio

FortiGate Multi-Threat Security Systems I Administration, Content Inspection and SSL VPN Course #201

Advantages of Managed Security Services

High Level Overview of IPSec and MPLS IPVPNs

Solutions Guide. Secure Remote Access. Allied Telesis provides comprehensive solutions for secure remote access.

Licenses are not interchangeable between the ISRs and NGX Series ISRs.

Integrated Services Router with the "AIM-VPN/SSL" Module

Cisco IWAN and Akamai Intelligent Platform : Maximize Your WAN Investment

Chapter 1 The Principles of Auditing 1

SECURITY FOR ENTERPRISE TELEWORK AND REMOTE ACCESS SOLUTIONS

FortiOS Handbook - PCI DSS Compliance VERSION 5.4.0

SSL VPN vs. IPSec VPN

Total Cost of Ownership: Benefits of Comprehensive, Real-Time Gateway Security

IINS Implementing Cisco Network Security 3.0 (IINS)

MOBILITY & INTERCONNECTIVITY. Features SECURITY OF INFORMATION TECHNOLOGIES

White Paper. ZyWALL USG Trade-In Program

Integrated Services Router with the "AIM-VPN/SSL" Module

Cisco Cisco 3845 X X X X X X X X X X X X X X X X X X

1Fortinet. 2How Logtrust. Firewall technologies from Fortinet offer integrated, As your business grows and volumes of data increase,

Aventail White Paper. Comparing Secure Remote Access Options: IPSec VPNs vs. SSL VPNs

Securing Networks with Cisco Routers and Switches 1.0 (SECURE)

Site to Site Virtual Private Networks (VPNs):

WHITEPAPER. VPN or SSL-VPN. What Remote Access Solution is Right for You. By Don Faulkner, CISSP. w w w. s a f e n e t - i n c.

CCNA Security 2.0 Scope and Sequence

FortiGate/FortiWiFi -60C Series Integrated Threat Management for Small Networks

How To Protect Your Network From Attack

Professional Integrated SSL-VPN Appliance for Small and Medium-sized businesses

Datawire Secure Transport Value Proposition

Network Intrusion Prevention Systems (IPS) Frequently Asked Questions FAQ

TECHNICAL NOTE. FortiGate Traffic Shaping Version

Microsoft TMG Replacement. How FORTINET integrated secuity platforms Help Protect the Perimeter in a Microsoft Infrastructure Environment

Link Layer and Network Layer Security for Wireless Networks

Inspection of Encrypted HTTPS Traffic

Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications

A secure way to monitor your emergency lighting over the internet

FortiGate -3040B/3140B 10-GbE Consolidated Security Appliances

Security Considerations for DirectAccess Deployments. Whitepaper

IREBOX X. Firebox X Family of Security Products. Comprehensive Unified Threat Management Solutions That Scale With Your Business

Workflow Guide. Establish Site-to-Site VPN Connection using RSA Keys. For Customers with Sophos Firewall Document Date: November 2015

Accelerating UTM with Specialized Hardware WHITE PAPER

A Web Broker Architecture for Remote Access A simple and cost-effective way to remotely maintain and service industrial machinery worldwide

Cisco Small Business ISA500 Series Integrated Security Appliances

Implementing Cisco IOS Network Security v2.0 (IINS)

Why Choose Integrated VPN/Firewall Solutions over Stand-alone VPNs

Transcription:

Virtual Private Networks Secured Connectivity for the Distributed Organization

FORTINET VIRTUAL PRIVATE NETWORKS PAGE 2 Introduction A Virtual Private Network (VPN) allows organizations to securely connect multiple physical locations and users together using an untrusted public network, such as the Internet, as the primary transport medium. Moreover, mobile broadband, cable, and DSL providers have made notable increases in market penetration over the past decade, making access to high-bandwidth Internet connectivity almost ubiquitous. The increased adoption has also made these types of Internet connectivity less costly than private leased line alternatives. By combining VPN technology with common Internet access, organizations are able to extend the speed and reach of their network while also reducing costs. VPNs provide high levels of security by encrypting data in transit to prevent unauthorized access. VPNs are generally divided into one of two high-level categories: site-to-site (also known as gateway-to-gateway) or remote access (also known as client-to-gateway or dialup). While the fundamental concept of providing an encrypted tunnel between two networked nodes remains constant in both categories, the implementation and technologies used to deliver the solution differ substantially. Fortinet VPN solutions offer customers a broad range of options for establishing VPNs in both major categories by supporting IPsec, SSL-TLS, and L2TP VPN technologies. The Fortinet VPN solution is comprised of FortiGate multi-threat security devices, FortiClient endpoint agents, and FortiManager centralized management. The Fortinet solution for secured connectivity integrates technologies not commonly found together into a single platform, which improves security, simplifies the IT environment, lowers total cost of ownership, and provides the most flexibility and choice when it comes to deployment options. Site-to-Site VPNs VPN Tunnels Using the Internet as Primary Transport Medium Site-to-Site VPNs commonly connect remote office and branch office locations back to a headquarters location. Some organizations also use site-to-site VPNs to establish limited access for trusted business partners to their private network. In both situations, a FortiGate multi-threat security device, or other supported VPN device, is deployed at each network location where VPN tunnels are to be established. FortiGate devices are then configured to establish an authenticated and encrypted tunnel, routing traffic through this virtualized tunnel between the sites and according to the defined policy.

FORTINET VIRTUAL PRIVATE NETWORKS PAGE 3 There are varying VPN topologies for site-to-site tunnels, including hub-and-spoke, partially-meshed, and fully-meshed configurations. - In a hub-and-spoke configuration, VPN connections radiate from a central FortiGate device (the hub) to a number of remote FortiGate devices (the spokes). - With partially-meshed configurations, locations that commonly communicate with one another are configured to have dedicated VPN tunnels. - Fully-meshed configurations connect all VPN peers to one another for the most faulttolerance of the three deployment topologies. IPsec is the most common technology used in customer-provisioned site-to-site VPNs. Providerprovisioned VPNs, defined as connections provided by a network or service provider, often use other protocols but are beyond the scope of this paper. IPsec is not a single protocol, but rather a suite of protocols. The various protocols within the IPsec suite are used to provide integrity, authentication, and confidentiality of data between VPN endpoints. FortiGate devices support all commonly used VPN topologies. FortiManager centralized management platforms can greatly simplify the overhead associated with configuring highly redundant fully-meshed networks. Remote Access VPNs Remote access VPNs, also called client-to-gateway or dialup VPNs, connect a single host with the security gateway. The security gateway may connect tens, hundreds, or even thousands of unique remote clients to the private network. Many remote access VPN gateways use a single remote access technology, however products like the FortiGate system consolidate multiple access technologies into a common platform for simplicity, cost effectiveness, and maximum flexibility. Most remote access VPNs use the IPsec protocol suite discussed in the site-to-site VPN section or the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. There are advantages and disadvantages to each technology and the best solution for remote access is often a combination of the two, allowing the best-suited technology to be used as needed. IPsec-based VPN gateways, first discussed in the site-to-site VPN category, are capable of providing a remote user with the same access privileges as a local user. The disadvantage of this type of remote access VPN is that it requires a client on the remote user s system. Client-based systems lead to added complexity, but may be the best option in some situations to provide the most robust remote user experience. SSL-TLS VPN (SSL-VPN) gateways are commonly viewed as a more flexible alternative to IPsec VPN gateways. The primary reason for their added flexibility is due to their use of SSL-TLS protocols, which are commonly found in modern Internet browsers. By leveraging a browser s cryptographic facilities, SSL-VPNs eliminate the requirement for a separate endpoint client. This clientless access method is usually more limited, however, than client-based solutions and remote access is typically limited to web-based applications. To address this shortcoming, many SSL-VPN gateways commonly also include a lightweight client that is dynamically downloaded, installed, and executed upon initial connection to the gateway. This lightweight client provides a more robust experience over the clientless option.

FORTINET VIRTUAL PRIVATE NETWORKS PAGE 4 FortiGate systems include support for both major remote access VPN types in a single device, allowing them to support multiple remote access clients using multiple remote access technologies simultaneously on a single appliance. The systems also incorporate other critical security services that secure traffic entering the private network including: Firewall, Antivirus, and Intrusion Prevention. Providing gateway services and security inspection services in a single platform ensures that the remote access vector is secured and threats are not allowed to pass onto the private network, whether traffic is originating at a branch location or a single remote user. Fortinet VPN Solutions Fortinet VPN solutions allow distributed organizations of all sizes to be connected and secured. The Fortinet product family offers a fully integrated and complete end-to-end solution for connecting networks and users together, while also detecting and eliminating a wide spectrum of threats and malicious activity. Fortinet meets the connectivity needs of any-sized organization while offering unmatched functionality and price-performance. - FortiGate security platforms provide secure and cost-effective connectivity between two or more networked sites. - FortiClient endpoint agents allow remote users to connect to centralized network resources securely and efficiently. - FortiManager centralized management platform unifies all VPN provisioning and tunnel monitoring of the secured connectivity solution. FortiASIC acceleration, found exclusively in FortiGate platforms, is key to providing the performance necessary to support IPsec VPN and SSL-VPN services, along with the full suite of services provided by FortiOS, on a common hardware platform. FortiASIC processors are customdesigned silicon which work to reduce the load on the general purpose processor associated with complex cryptography and other processor-intensive security inspection techniques. FortiGate platforms go beyond basic VPN connectivity to provide a wide range of security and networking functions that are critical to an organizations security and network performance goals. Key services of interest to the distributed organization when using a FortiGate platform: - WAN Optimization / Web Caching: Distributed organizations often suffer from poor application performance at remote locations. The WAN optimization function available in many FortiGate models allows organizations to accelerate WAN-based traffic and improve performance to more closely match local area network performance. By inspecting traffic and enforcing security policy from the same device, only authorized traffic is allowed through the secured and accelerated tunnel, further enhancing performance. - Data Loss Prevention: Regulatory compliance governing sensitive data applies to branch locations and remote users as well as headquarters locations. FortiGate data loss prevention works to ensure that sensitive data is used according to policy. By extending data loss prevention to the branch location, visibility is also enhanced. - Vulnerability Management: In a multi-location network, often the weakest point of entry is the brand location. Now FortiGate systems can use the FortiGuard Vulnerability Management service to perform vulnerability assessments at the branch location, eliminating what has typically been a huge blind spot in a vulnerability management program.

FORTINET VIRTUAL PRIVATE NETWORKS PAGE 5 Summary VPN technology has become a staple of modern IT infrastructure. With almost universal access to the Internet from any physical location, VPNs are a fast, efficient, and cost-effective way to connect remote locations and users. While the types of VPNs in use today are varied, the IPsec suite of protocols are prevalently used with site-to-site and remote access VPNs. SSL and TLS protocols are primarily used with remote access VPNs. FortiGate VPN solutions support site-to-site and remote access VPNs concurrently. They also support IPsec and SSL-VPNs concurrently. FortiClient endpoint agents provide client-based access and FortiManager centralized management facilitates all VPN configuration and monitoring, from FortiGate systems to FortiClient endpoints, from a centralized location. SG-FG-VPN-R1-201008

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information