Date post: | 15-May-2015 |
Category: |
Technology |
Upload: | xkinanx |
View: | 2,029 times |
Download: | 3 times |
Fortinet Confidential
Securing the Cloud
Ondřej Šťáhlavský
Territory Manager CEE
Fortinet Confidential
Agenda
• Introduction
• Features and Virtualization
• FortiGate 3950 Series
• FortiGate VM
1
2
3
4
Fortinet Confidential
Fortinet Corporate Overview
• Founded in 2000
• Global presence with 30+ offices worldwide & 1,200+ employees
– 5,000+ channel partners
– 100,000+ customers
– Majority of the Fortune Global 100
• IPO Nov 2009
• NASDAQ: FTNT
• 2009 revenue of $252 Million
– 19% YoY growth
• World class management team
20032005
20072009
$13$39
$80
$123$155
$212
$252
Fortinet Revenue ($MM)
Fortinet Confidential
A Reliable Partner
• Proven Industry Leadership
» Since 2000, Fortinet has received more than 100 product & company awards.
• IDC: Overall leader in UTM factory revenue for all of 2009
• Gartner: Leader in Multi-Function Firewall Magic Quadrant
• Frost & Sullivan: 2010 "Fortinet is the established and undisputed leader" of worldwide UTM market
• SC Magazine: 2009 Readers' Trust Award for "Best Integrated Security Solution"
• Certified security
» Seven ICSA certifications (Firewall, AV, IPS, IPSec VPN, SSL VPN, Anti-Spam, WAF)
» Government Certifications (FIPS-2, Common Criteria EAL4+, JITC IPv6, SCAP)
» ISO 9001 certification
Fortinet Confidential
The Need for Complete
Content Protection
• Overlapping, complementary layers of protection
• Comprehensive, integrated inspection
• Allow but don’t trust any application
• Examine all application content & behavior
Fortinet Confidential
We Pioneered a New Approach
The Fortinet Solution Traditional Network Security Solutions
• Real-time, integrated security intelligence
• ASIC-accelerated performance
• Lower total cost of ownership
• Easy to deploy / manage / use
• Stand-alone, non-integrated security
• Mix of off the shelf systems and applications
• Higher total cost of ownership
• Difficult to deploy / manage / use
Fortinet Confidential
UTM Surpassing Traditional
Network Security
7
2008 2009 2010 2011 2012 2013
Firewall & VPN
UTM
$2.2
$2.1
$ in billions
$1.7
$3.2
Source: IDC “Worldwide Network Security 2008-2012 Forecast and 2007 Vendor Shares: Transitions – Appliances Are More Than Meets the Eye”
Fortinet Confidential
Market Leadership Across the Board
Worldwide UTM Market Share
Q2 2010 (1)
UTM Market Competitive Landscape, 2009(4)
Low Market Penetration High
Niche Participant
Specialist
Contender
Challenger
Market Leader
Low
High
Ability
to
Deliver
8
(1) IDC Worldwide Security Appliances Tracker, September 2010 (market share based on factory revenue) (2) Gartner, Inc., “Magic Quadrant for SMB Multifunction Firewalls”, June 2009 (3) Frost & Sullivan, “World Unified Threat Management, Products Market 2009”, 2010
Notes
Rank Company Market
Share (%) (2)
1 16.4
2 Cisco 9.8
3 Juniper 9.0
4 SonicWALL 8.1
5 Check Point 7.2
6 WatchGuard 4.9
7 McAfee 5.5
8 Crossbeam 2.6
9 Other 41.4
Total 100.0
Magic Quadrant for Multi-Function Firewalls (3)
Fortinet Confidential
Fortinet – Leader in Enterprise UTM
Vendor Q2 2010 Market Share
Fortinet $42.02 37%
Juniper $16.36 14%
Check Point $10.92 10%
Cisco $28.73 25%
McAfee $15.33 14%
9
IDC Worldwide Security Appliances Tracker, September 2010. Data based on $6-$9.9K, $10-$24.K, $25-$49.9K and $50-$99.9K UTM price bands.
Enterprise UTM Revenue
Fortinet Confidential
Agenda
• Introduction
• Features and Virtualization
• FortiGate 3950 Series
• FortiGate VM
1
2
3
4
Fortinet Confidential
Evolution of Firewall Security
Evolution of Firewall Security
Complete Protection
Antivirus/
Antispywar
e
ICSA
Data Loss
Prevention
Antispam WAN
Optimization
SSL VPN
ICSA
Firewall
ICSA
VPN(IPSEC
)
ICSA
IPS
ICSA
Web
Filtering
CIPA
App
Control
Vulnerability
Mgmt
Wireless
LAN IPv6,
Dynamic& Multicast Routing
Load Balancing
SSL Inspection
Endpoint
NAC
Fortinet Confidential
Virtual Domains
• Divide FortiGate unit to operate as multiple separate units
• One FortiGate unit servicing up to 250 separate domains
• Each VDOM has separate administration interface, routing policies, firewall policies …
… VDOM 1 VDOM 2 VDOM 3 VDOM X
Fortinet Confidential
Virtual Domains
• VDOMs can be in routed or transparent mode
• Transparent VDOMs lack IPSEC and SSL VPN, Load Balancing, Wireless Controller and
routing capabilities
Routed/NAT Transparent
Fortinet Confidential
VDOM Resource Limits
• Resource limits configurable globally and per-VDOM
(each VDOM has its own guarantied system resources)
Fortinet Confidential
Inter-VDOM Links
• Only Routed/NAT VDOMs can be interconnected
• VDOMs communicate internally
(Free up physical interfaces for external traffic)
• Inter VDOM traffic controlled by complete UTM inspection on both sides of the link
VDOM 1 VDOM 2 VDOM 3
Fortinet Confidential
Independent VDOM Configuration
• Multiple VDOMs, completely separate from each other
• No communication between VDOMs
(Treated as if on separate physical device)
Internet
External interfaces
VDOM 1 VDOM 3VDOM 2
Internal interfaces
Network 1 Network 2 Network 3
Fortinet Confidential
Management VDOM Configuration
• Root VDOM is management VDOM
(Other VDOMS connected with inter-VDOM links)
• All external traffic routed though management VDOM
Internet
External interface
VDOM 1 VDOM 3VDOM 2
Internal interfaces
Network 1 Network 2 Network 3
Management VDOM
Fortinet Confidential
Meshed VDOM Configuration
• VDOMs interconnected - mesh configuration
(Full access between VDOMS, but handle traffic differently depending on origin)
Internet
External interface
VDOM 1 VDOM 2
Internal interfaces
Network 1 Network 2
Management VDOM
Fortinet Confidential
Agenda
• Introduction
• Features and Virtualization
• FortiGate 3950 Series
• FortiGate VM
1
2
3
4
Fortinet Confidential
FortiGate-3950B Series
• Dedicated Performance » FW : Up to 120 Gbps
» IPS: Over 12 Gbps
• Modular Appliance
» Base model:
− FW: 20 Gbps
− IPS: 4 Gbps
» Fortinet Mezzanine Cards (FMC)
− 20 Gbps FW (both FMC cards)
− 4 Gbps IPS (FMC-XG2 / targeted)
» 64 GB SSD internal storage (FG-3951B)
− Fortinet Storage Module (FSM)
− Expandable to 256 GB (4 x FSM-064)
FortiGate-3950B
FortiGate-3951B
FMC-XD2 FMC-XG2
Fortinet Confidential
Enterprise-Class Benefits
• Build the performance your customers need
» - Scalable performance with the ability to grow from 20 Gbps up to 120 Gbps
• Customize the appliance to meet performance requirements
» Gateway, Datacenter
» Pure Firewall / UTM
• Exceed limited features/functions of ‘next generation’ devices
» Highest performing firewall appliance at 120 GB
» Seamless integration of FW, IPS, VPN, Web Filtering, and other FortiOS services
» Complete content protection: Application control + application security
• More than application identification
• Integration of content-based security technologies into the firewall to identify threats within trusted
application content
Fortinet Confidential
Specialized Processors within
FMC Modules
• FortiASIC-NP4
» Accelerates security services at the interface level
• Packet size independent , very low latency, wire speed performance for millions of sessions with dynamic
address translation
» IPSec ESP encryption and decryption processing
» Packet anomaly detection, checksum offload and packet defragmentation
» Traffic Shaping and priority queuing
• FortiASIC-SP2
» Multi-core multi-threaded security processing complex » Builds on the capabilities of the FortiASIC-NP4 to provide additional services, including
• Application control
• IPv6
• IPS Signature analysis
• DOS protection
• Multicast acceleration
Fortinet Confidential
Integrated Switch Fabric inside
FG-3950 Series
• Uniquely scalable approach to forwarding and security processing
» Utilizes specialized FortiASIC-NP4 and –SP2 processors to achieve breakthrough acceleration
» Fortinet Mezzanine Card (FMC) delivers additional processing power that can be distributed across
the entire appliance via the ISF
• Fully meshed connectivity between all FMC slots and associated processing modules
4x1G
FMC
0
FMC
1
FMC
2
FMC
3
FMC
4
On
Board
PHY
NP
NP/SP
NP/SP
NP/SP
NP/SP
NP/SP
PHY
PHY
PHY
PHY
PHY
I
S
F
Fortinet Confidential
Agenda
• Introduction
• Features and Virtualization
• FortiGate 3950 Series
• FortiGate VM
1
2
3
4
Fortinet Confidential
FortiGate VM Specifications
Feature FortiGate-VM
Hypervisors Supported VMware ESXi/ESX 3.5/4.0/4.1,
others that can run *.ovf format
Hardened Platform
Open Virtualization Format (OVF)
Yes (Using VMware HW version
7)
# of vCPU’s supported 2/4/8/U
Built in VDOMS (upgradeable) 10
Memory and CPU Uses Hypervisor
10/100/1000 Interfaces 10 Max (Uses Hypervisor)
Storage Capacity Uses Hypervisor
High Availability Yes
FortiGate version (Firmware) 4.2