© Copyright Fortinet Inc. All rights reserved.

Software-Defined Security FrameworkAgile Cloud & SDNLan & Wan Solutions – Soluzioni Informatiche per Reti Locali & Geografiche

2

Industry Validation for Fortinet’s Data Center Strategy

“Fortinet moves into second due to its strong position and price/ performance, and [should] gain some ground at the very high end of the market.”

Data Center Security Products, Biannnual Market Share, Size & Forecast, Oct 2014

Data Center Security Appliance Market Share

2015 Enterprise Firewall MQ – Fortinet Strengths:“-In addition to enterprise NGFW deployments, Fortinet is well-suited to deployments in carriers, data centers, service providers and distributed enterprises (for example, retail and franchises). -Fortinet has a well-articulated strategy regarding virtualization, public cloud and SDN, and has a promising partnership with VMware NSX.”

3

Data Center Trends

BYOD, Mobility & SaaS Anytime, anywhere access User-centric apps & services Customer/client responsiveness

Big Data & Internet of Things Billions of connected devices Continuous data aggregation Warehousing of petabytes of confidential data

Network Impact Higher core throughput & scalability Higher port density Increased small/mixed packet traffic Low user latency IPv4 to IPv6 migration Increased east-west traffic

Data Center Transformation Server & network virtualization Multi-tenant public clouds Elasticity & agility

4

Data Center Consolidation and SDN EvolutionData Center Firewalls

Deployments Data center edge Top of rack Virtual machine

protection SDN orchestration

Drivers Data center

consolidation Migration 10G to 100G Network segmentation Securing East West

traffic virtualization and SDN

EAST WEST

NORTH

SOUTH

Data Center/SDN VM & SDN SolutionFortiGate VM Series VMware (NSX) Cisco ACI OpenStack AWS Azure KVM Hyper V

DC FW SolutionFortiGate High End Series with 100G+ throughput in an

Appliance

5

Software-Defined Security Vision

Physical & VirtualSecurity

AppliancesFortiGate FortiManagerFortiSandbox FortiAnalyzer FortiWeb FortiADC

Virtualization SDN Cloud (IaaS) Cloud (SaaS)

vSphere

XenServer

Hyper-V NSX

FortiMail

1. Security must integrate with & support underlying SDx Infrastructure, i.e. cloud & SDN IaaS platforms

2. Security is itself fundamental infrastructure that can and should become agile and elastic, i.e. Software-Defined, independent of other SDx transformation

6

Fortinet’s Software-Defined Security Framework

Virtual x86Containers

Hardware-BasedPlatforms

Virtual Appliances/

Services

PlatformOrchestration& Automation

SinglePane-of-GlassManagement

Software-Defined Security Framework

Data Plane Control Plane ManagementPlane

Pla

tform

Ext

ensi

bilit

y

7

Virtual Appliances/Services

Virtual Appliances & VDOM’s Provide Scale-Out Elasticity

Scale-Out

PerformanceBoundary

Benefits

Scal

e-U

p

Elastic FirewallCapacity

East-WestTraffic Visibility

Deployable inPublic Clouds

vSphere

XenServer

Hyper-V

8

Platform Orchestration & Automation

Auto-ScalingFirewall & Rule

Provisioning

SDN FlowVisibility (dynamic

flow control,overlay/

underlay traffic)

Dynamic Policies(follow logical port,

IP, MAC)

Benefits

VM VM VM

VMware

Control PlaneFortinet Service VM

Control Plane Orchestration

Network Visibility Elastic provisioning Distributed Object-based policy

Agility Through Control Plane Integration

NSX

ACI

9

Single Pane-of-Glass Management

Consistent Policies and Posture Across the Hybrid Cloud

Public Cloud Physical Networks Virtualization

Centralized Management and Policy

VM VM VM

VMware

VM

Management & Policy Logging & Analysis SaaS-Based Portal

10

Software-Defined Security Use CasesAuto-Scale/Auto-Provision Protection for Elastic Workloads

Hypervisor Hypervisor

Requirements Solution

Auto-scale virtual firewall capacity to new virtualization hosts

FortiGate-VMX

Auto-provision firewall rules to new workload VM instances

FortiGate-VMX, FortiGate for Cisco ACI

Orchestrate firewall service insertion, service chaining (via SDN flow control)

FortiGate-VMX, FortiGate for Cisco ACI

Orchestrate physical and virtual firewalls

FortiGate for Cisco ACI

Distributed firewall rules across cluster or data center

FortiGate-VMX, FortiGate for Cisco ACI

Scale web apps and social media to connect virally with customers, partners, users at cloud speed, while transparently ensuring data privacy & compliance

IaaS

11

Centralized Policyand Logging/Reporting

Software-Defined Security Use CasesSecure Inter-VM Traffic in Virtual Environments

FortiAnalyzer

North-South

Data Center Edge

East-West

Hypervisor Hypervisor

FortiManagerRequirements Solution

Inter-VM traffic visibility FortiGate-VM or FortiGate-VMX

Stateful firewall session during live VM migration (e.g. vMotion)

FortiGate-VMX

Distributed firewall across cluster (policies follow VM independent of logical IP/MAC)

FortiGate-VMX

Distributed firewall rules across distributed virtual switch

FortiGate-VMX

Inspect VXLAN encapsulated traffic

FortiGate-VMX

Centralized management across physical and virtual firewalls

FortiManager, FortiAnalyzerVirtual Machine Firewall

(East West)

Data Center Firewall(North South)

Overcome visibility and enforcement challenges with inter-VM traffic and logical networks

12

Software-Defined Security Micro-Segmentation in Consolidated Data Centers

Mitigate increasing concentration of data and risk in consolidated and multi-tenant data centers Declarative, whitelist-based policy model Fine-grained honeycomb based on users,

roles, other metadata Deploy into flat, open networks without

disrupting network and infrastructure Leaf nodes

CiscoAPIC

Spine nodes

13

Platform Extensibility & Ecosystem Integration

Virtual x86Containers

Hardware-BasedPlatforms

Virtual Appliances/

Services

PlatformOrchestration& Automation

SinglePane-of-GlassManagement

Software-Defined Security Framework

Data Plane Control Plane ManagementPlane

Pla

tform

Ext

ensi

bilit

y

Cloud/SDNEcosystem

XML

JSON

OtherInterfaces

Logging/Event

SDNControllers

ProgrammableSwitches

CloudManagement

CentralizedPolicy &Analytics

OrchestrationPlatforms

MgmtAPI’s

CLI/Scripting

14

Fortinet Programmable Networking Partnership Ecosystem

ORCHESTRATION PLATFORMS

PROGRAMMABLE SWITCHING

• ACI announced

• vCNS certified

• NSX program

CENTRALIZED POLICY & ANALYTICS

Pla

tform

Ext

ensi

bilit

y

Sof

twar

e-D

efin

ed S

ecur

ity F

ram

ewor

kSDN CONTROLLERS

API’s

Fortinet SolutionsLan & Wan SolutionsInnovare la tua Azienda. La nostra sfida

16

Fortinet Virtual Appliance Platform Support

VMware Citrix Open Source Amazon Microsoft

Virtual Appliance vSphere v4.0/v4.1

vSphere v5.0

vSphere v5.1

vSphere v5.5

XenServer

v5.6 SP2

XenServer v6.0+

Xen KVM AWS Hyper-V 2008 R2

Hyper-V 2012

FortiGate-VM ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔* ✔ ✔

FortiManager-VM ✔ ✔ ✔ ✔   ✔ ✔ ✔

FortiAnalyzer-VM ✔ ✔ ✔ ✔   ✔ ✔ ✔

FortiWeb-VM ✔ ✔ ✔ ✔  ✔ ✔   ✔* ✔

FortiMail-VM ✔ ✔ ✔ ✔   ✔ ✔    ✔  ✔

FortiSandbox-VM ✔ ✔    

FortiAuthenticator-VM ✔ ✔ ✔ ✔         ✔  ✔

FortiADC-VM    ✔ ✔ ✔          

FortiCache-VM ✔ ✔ ✔ ✔              

FortiVoice-VM ✔ ✔ ✔ ✔ ✔ ✔

FortiRecorder-VM ✔ ✔ ✔ ✔ ✔ ✔

FortiGate-VMX ✔

17

Fortinet FortiGate-VMX

• The Challenge»Tight integration with

virtualization/network platform• VMware Network Extensibility APIs (NetX)

»Shared object database for easy creation of security policies

»Automated deployment of security services and policy enforcement

»Easily support live migration(s) of applications within clustered environments

»Dynamic security policy updates for newly created services without normal time lag paper trail requests PO

C (VMworld 2014)

vCNS Certification (Q4

2014)

NSX

Comp Certification

(Q1

2015)

Native

NSX

SDK

Certification (Q3/Q4 2015)

• Demonstrated at VMworld

• FortiOS v5.2

• Full UTM functionality

Proof of Concep

t • Plan for Q4 2014 release

• Support for vSphere v5.5 Update 2

• Certified with vCNS Manager

vSphere

v5.5u2 vCNS

integration

certified

• Plan for Q1 2015 release

• Support for vSphere v5.5 Update 2

• Certified compatible with NSX Manager

vSphere v5.5

u2 vCNS

integration NSX certified

• Support for new NSX SDK

• Will only work with NSX deployments

• Advanced NSX NetX functionality for tighter control of traffic

NSX new SDK

integration

Q4 2014Q3 2014January 2014 2015

18

VMware Kernel VMware Kernel

vDistributed Switch

1. Initiate communication with vCenter Server

2. Register Fortinet as security service with vCNS Manager

3. A

uto-

depl

oy F

ortiG

ate-

VM

X to

all

host

s in

sec

urity

cl

uste

r

4. F

ortiG

ate-

VM

X c

onne

cts

with

For

tiGat

e-V

MX

Ser

vice

Man

ager

5. License verification and configuration synchronization with FortiGate-VMX

6. K

erne

l age

nt c

reat

ion

and

defa

ult r

e-di

rect

ion

rule

s fo

r eac

h ho

st in

clu

ster

7. Real-time updates of object database

8. P

ush

polic

y sy

nchr

oniz

atio

n to

all

Forti

Gat

e-V

MX

dep

loye

d in

clu

ster

Fortinet FortiGate-VMX

19

Cisco ACI Partnership

Source: Infonetics

Technology collaboration with Cisco to bring Fortinet’s data center security to #1 SDN platform sought by enterprise customers Joint PR and demo at RSA Conference

» Integration of FortiGate into Cisco ACI deployment Joint demo at Interop (April 2015) Product launch targeted late Q2 2015

20

Cisco ACI (Application Centric Infrastructure) Overview

Spine nodes

Leaf nodes

ACI Fabric in Datacenter

APIC

VM VM VMVM VM VM

Ext

erna

l

Inte

rnal

NE

T-a

NE

T-b

PoC shows FortiGate service insertion and orchestration in Cisco APIC» APIC (Application Policy Infrastructure Controller) is SDN controller» FortiGate device package contains XML metadata» Customer benefits vary with use case, e.g. auto-provision new workloads in

multi-tenant clouds

21

OpenStack Integration Efforts

Service Providers – Open Source OpenStack» With open source through extensible mgmt API» In production in NEC and other provider clouds

Enterprise – Supportable OpenStack distro» HP Helion OpenStack emerging as frontrunner – need out-

of-box integration» Fortinet announced HP AllianceOne partnership» FG-VM certified HP Helion Ready

VM VM VM

Hypervisor

Software-Defined Security for Service ProvidersLan & Wan SolutionsInnovare la tua Azienda. La nostra sfida

23

Software-Defined Security Framework Extensions for Service Providers

Virtual x86Containers

Hardware-BasedPlatforms

Pla

tform

Ext

ensi

bilit

y

Virtual Appliances/

Services

PlatformOrchestration& Automation

SinglePane-of-GlassManagement

Software-Defined Security Framework Cloud/SDNEcosystem

XML

JSON

OtherInterfaces

Logging/Event

SDNControllers

ProgrammableSwitches

CloudManagement

CentralizedPolicy &Analytics

OrchestrationPlatforms

MgmtAPI’s

CLI/Scripting

Data Plane Control Plane ManagementPlaneSaaS

Multi-TenancyOn-DemandSelf-Service

NetworkFunction

Virtualization

Service Provider Extensions

24

Network Function Virtualization

Firewall VNF Service Chaining – Modular, Interoperable, Scalable

ETSI Multi-Vendor PoC on D-NFV (CPE)

D-NFV Alliance – Commercialized Offering on RAD Hardware

25

Orchestration

Deployment and instantation

Service Insertion into virtual network

On-Demand Self-Service – Utility-Based Pricing/Metering

Benefits

Pricing Options

Hourly/Annual(per-instance)

Five different instance sizes

Bundled support subscription

Utility-based Consumption

Licensing Provisioning Metering Billing

ProtectionOn-Demand Pay-as-you-Go User/Tenant

Self-Service

26

SaaS Multi-Tenancy - FortiPrivateCloud

Lan & Wan SolutionsInnovare la tua Azienda. La nostra sfida