1
Fortinet: NG Firewall
Presenting a Secure Eco System
Pieter-Jan Blaton (Exclusive Networks)
2
Agenda
• Fortinet Product Overview
• Fortigate overview
• Highlighted products, building our ATP eco system
» FortiSandbox, cloud or on premise
» FortiClient
» FortiMail
• Demo zero day ATP protection
3
4
FortiGate Integrated Architecture
5
FortiGate Appliances by segment
6
User Interface Interaction
7
Flat UI
Modern Flat UI Design
Admin dropdown menu
Color Themes
Full Screen View Option
Reorg on menu items
» Top Level Monitor
» Top Level Network
8
One-Click navigation
Quick Navigation
Allow administrators to easily and
accurately take on next steps
“Switch” to another
configuration/view panel from
right-click menu items with a
single click.
FortiView Logs
Policy TableObjects
9
One-Click from logs to Policy
FortiView/Log Viewer Quarantine
One-click
Simplifies administration
Quarantine Source
» Block traffic from user (Source IP)
permanently or for a period of time
Quarantine FortiClient
» Activates host quarantine
Release user using “User Quarantine”
monitoring panel
10
Policy Table One-Click Interface
Policy Table
One-click integrated
logs and FortiView
access
One-Click CLI edit
“Select Entries”
Contextual panel
11
Policy & Route Lookup
Reveal matching policy or route entry based on lookup input
12
FortiView
13
Fortiview
Increase visibility from log data
Selection can be real time or historical
Gives network admin statistical information based on source,
destination, application, …
Drill down to give more granular filtering capabilities.
14
Fortiview (Sources)
15
Fortiview (Application)
16
Fortiview Web Sites
17
Threats
Threads Weight definitions
18
Fortiview Threats
19
FortiView – Example Use Case
1
Is there anyone abusing the Internet
Access with P2P applications ?
2
3
3 easy steps to locate the answer» Select “Threats” view
» Search for “Threat Type” = P2P
» Choose “Source”
20
Session table Lookup
21
Fortiview (Cloud Application)
What V5.2 offers:
Deeper visibility to popular online
applications
» Cloud-based file storage and video sites
» Logins to popular apps/sites
» Via web browsers
Info extracted includes
» (upload/download) filenames
» video titles played,
» user ID when login is detected
Visibility:
» On “Cloud Applications” Viewer
» “Application Control” Logs
22
Fortiview (Cloud Application)
23
More FortiViews
New Viewers (Added in FortiOS 5.4)
More traffic viewers – view network traffic status from new
perspectives (by policy ID, by interface etc.)
Failed Authentication – show brute force attacks
» Tracks failed connections of Admin, VPN, SNMP query, etc
WiFi Clients
» Similar to existing FAZ viewer
» Display top wireless user network usage and information
24
Fortiview - Infographics
FortiView Visualizations
Graphical representation of network and threat status with mouse-over
contextual details
Bubble Chart Country Map
25
Fortiview– Infographics
Threat Map
Monitor real-time threats
Darts animation to
illustrate threats going to
particular FortiGate
26
Recently Added Security Features
27
Cloud Access Security Inspection (CASI) Profile
Deep Application Control
Reorganization
Phase 1, further
improvements in future
(patch) releases
Extract supported
applications from previous
App. Control DB and present
them separately as a security
profile.
28
Web Application Firewall functions
© Copyright Fortinet Inc. All rights reserved.
FortiSandbox
35
Advanced Threat Protection• Multi-layered filtering with Code Emulator, AV
engine, Cloud query and Virtual OS sandbox
• Handles multiple file types, includes files that
are encrypted or obfuscated
• Examine files from various protocols, included
those that uses SSL encryption
Flexible Operation Modes• Receives file sample using integration with
FortiGate/FortiMail, sniffer mode and manual
file uploads
• Capture files from remote locations using
deployed FortiGates
Monitoring and Reporting• Detailed analysis reports and real-time
monitoring and alerting
Introducing FortiSandbox
File Submission
Malicious
Analysis
output
Latest AV Signature Update
2
3
4
Centralized File Analysis1
?
Advanced Threat Protection solution designed to identify
and thwart the highly targeted and tailored attacks
36
ATP Integration
File Submission
File Submission
Detailed Status Report
FSA Dynamic Threat
DB Update
Control Host Quarantine
FortiSandbox
FortiClientFortiGate
1
2
3b
1
Real-time engine and
intelligence updates
Enforce Network
Quarantine
3c
File Status result for
auto File Hold &
Quarantine
2
FSA Dynamic
Threat DB Update
1 File submission for Analysis
2 Respective analysis results
are returned
44
3a
3a
Remediation
Auto File Quarantine on Host
with option to hold file until
result
Query
3b Manual Host Quarantine by
Admin
3cManual Source IP Quarantine
using Firewall
Protection
4Proactive dynamic Threat DB
update to gateway and host
37
FortiSandbox – FortiGate and FortiClient Integration
FSA-1000D, FSA-3000D, FSA-VM FSA-CLOUD
Input methods - File
SubmissionFortiGate, FortiMail, FortiWeb, FortiClient Windows FortiGate
File Quarantine FortiClient submits and queues files for scan results. NIL
Status Reporting to
FortiGate
FortiView FortiSandbox viewer, Analysis report via
FortiView Drill-in
FortiView FortiSandbox viewer, Analysis report via
FortiView Drill-in
Status Reporting to
FortiClientFortiClient Windows NIL
Dynamic Threat DB
updatesFortiGate, FortiClient Windows NIL
© Copyright Fortinet Inc. All rights reserved.
FortiClient
39
Multifunctional Host Security• Flexibility in deployment
• Fully integrated features, reduce needs for
multiple client solutions
End Point Control• Enforce compliance and security policies
on mobile hosts
Centralized Logging and Reporting• Via FortiGate for enterprise requirements
Introducing FortiClient
Comprehensive end-point protection & security
enforcement
40
FortiClient v5.4 for iOS
For Apple iOS9
FortiClient v5.4» SSLVPN (tunnel mode)
» WebFilter (supports all browsers traffic)
» FortiHeartBeat (registration to FortiGate/EMS)
Updated App is now available on App store
© Copyright Fortinet Inc. All rights reserved.
FortiMail
42
Specialized messaging security
system • Advanced, bi-directional filtering prevents
spread of spam, viruses, phishing, worms, and
spyware
Flexible deployment options• Transparent, Gateway, and Server modes that
adapts to organizational needs and budget
Identity based encryption• Secure, encrypted communication
Email archiving• On-box archiving facilitates policy and
regulatory compliance requirements
Introducing FortiMail
Servers
FortiMail
Advanced anti-spam and antivirus filtering solution, with
extensive quarantine and archiving capabilities.
43
Demo zero day protection
44
0 Day protection demo
FortiGate
FOS v5.4 .99.121
FortiMail ServerFortiMail Gateway
.1.5 .1.6
FortiSandbox
v2.1.2
U2
.2.102
.66.175
.97.101
U1
.1.101
xyz.intra
download malicious file
1send mail to [email protected]
24
block mail
5
AV hash update 3FSA check
AV hash update7block download
8
block download
6
FDN
9
signature update
.1.151
Internet
45
Demo zero day protection
46
FortiQuestions?
52
New Hardware
53
FortiGate/FortiWiFi 30E
① 1 x GE RJ45 WAN Port
② 4 x GE RJ45 Ports
③ WiFi Variant: 802.11a/b/g/n
1 2
3
950 MbpsFirewall throughput
0.9 MillionConcurrent Sessions
15,000New Sessions/Sec
600 MbpsIPS Throughput
200 MbpsSSL Inspection (IPS) Throughput
150 MbpsNGFW Throughput
20
020 2 N/A
Small Business / Remote OfficeConnected UTM
54
FortiGate/FortiWiFi 50E
① 2 x GE RJ45 WAN Ports
② 5 x GE RJ45 Ports
③ WiFi Variant: 802.11a/b/g/n
1 2
3
2.5 GbpsFirewall throughput
1.8 MillionConcurrent Sessions
21,000New Sessions/Sec
800 MbpsIPS Throughput
250 MbpsSSL Inspection (IPS) Throughput
160 MbpsNGFW Throughput
20
0
10
010 N/A
Small Business / Remote OfficeConnected UTM
55
FortiGate/FortiWiFi 51E
2.5 GbpsFirewall throughput
1.8 MillionConcurrent Sessions
21,000New Sessions/Sec
800 MbpsIPS Throughput
250 MbpsSSL Inspection (IPS) Throughput
160 MbpsNGFW Throughput
20
0
10
010 N/A
Small Business / Remote OfficeConnected UTM
① 2 x GE RJ45 WAN Ports
② 5 x GE RJ45 Ports
③ WiFi Variant: 802.11a/b/g/n
1 2
3
56
Product Transition
FG/FWF-60D
FG/FWF-60D-POE
(1) Change from SoCbased to CPU Based system
FG/FWF-20C-
ADSL
FG/FWF-60C
FG/FWF-40C
FG/FWF-60C-SFP
FG/FWF-60C-
POE
FG/FWF-30E1FG/FWF-30D
FG/FWF-30D-POE
FG/FWF-51E
FG/FWF-50E
FG/FWF-60E
FG/FWF-61E2
(2) New entry level with SSD storage
2
FG-60E-POE
57
FortiGate 800D
① 2x GE RJ45 Management Ports
② 2x Bypass GE RJ45 Pairs
③ 20x GE RJ45 Ports
④ 8x GE SPF Slots
⑤ 2x 10GE SPF+ Slots1 32 4 5
36 GbpsFirewall throughput
5 MillionConcurrent Sessions
280,000New Sessions/Sec
8 GbpsIPS Throughput
TBASSL Inspection (IPS) Throughput
TBANGFW Throughput
Branch Office / Mid EnterpriseNGFW / ISFW
2,000 1,000 1,024 N/A
58
Product Transition
FG-300D
FG-500D
(1) FG-800D offers bypass interfaces available on current 600C and 800C
FG-600C
FG-800C
FG-900D
FG-800D
FG-600D
1
10G
FG-400D
FG-300C
67
FortiQuestions?