Remerciez-le!

Remerciez @Admin pour avoir partagé cet document gratuitement, de la manière la plus simple, en partageant sur les réseaux sociaux.

1 June 6, 2014 Fortinet Product Quick Guide Ahmad Arafat Senior Security Engine

1 June 6, 2014 Fortinet Product Quick Guide Ahmad Arafat Senior Security Engineer, Middle East 2 • FortiGate/FortiWiFi • FortiAP • FortiSwitch • FortiClient • FortiToken • FortiAnalyzer • FortiManager • FortiSandbox • FortiAuthenticator • FortiDDoS • FortiMail • FortiWeb • FortiSandbox • FortiDB • FortiADC/AscenLink • FortiCache • FortiDNS Content 3 FortiGate/FortiWiFi 4 Syslog/SNMP FortiAnalyzer Centralized Log & Reporting FortiManager Centralized Device Management FortiGate: Integrated Architecture FORTIGATE FortiASIC(s) FortiAP FortiClient FortiToke n FortiSwitch APIs Integration Networking L2/L3 features Virtual Systems Traffic Shaping ●WAN Opt. High Availability ●IPv6 Networking L2/L3 features Virtual Systems Traffic Shaping ●WAN Opt. High Availability ●IPv6 Security Firewall ●VPN ●IPS App Control ●AV/ATP Web Filtering ●DLP Explicit Proxy Security Firewall ●VPN ●IPS App Control ●AV/ATP Web Filtering ●DLP Explicit Proxy FortiOS FortiGuard Threat Research & Security Updates Extensions WiFi/Switch Controller Endpoint Management Token Server Extensions WiFi/Switch Controller Endpoint Management Token Server 5 Anatomy of a FortiGate FortiCare • Standard and extended hardware, software and support packages Fortinet Premium Services • Enhanced SLAs and TAM Fortinet Prof. and Consultation Services • Design and Implementation Certification & Customized Courses • In-depth Training Sessions 8x5 Enhanced: 8x5 Support, Return and Replace, Firmware Upgrades 24x7 Comprehensive: 24x7 Support, Advanced Hardware Replacement (NBD), Firmware Upgrades 6 Anatomy of a FortiGate FortiGate Hardware Appliance • Purposed built high performance systems • Acceleration chips • Wired and Wireless Connectivity FortiGate Virtual Appliance • UTM solution for Cloud environment Content Processor Network Processor Security Processor 7 Anatomy of a FortiGate FortiOS Operating Systems • Proprietary OS, eliminates vulnerabilities & issues associated with common OSes • Harden and small footprint for security & efficiency • Runs on flash, more reliable • Nearly common feature set across all platform • * Default with 10 VDOMs* WebUI, CLI Dashboard & Statistics SNMP Monitoring Syslogging Email Alerts In-box Reporting * SFLOW Content Archives * Available on selected models. 8 Anatomy of a FortiGate Features & Capabilities • Available by default, no requirement for hidden charges and software upgrades Firewall VPN IPS App. Ctrl AntiVirus Web Filter AntiSpam DLP NAC Vuln Mgmt Traffic Shaping WAN opt. HA: A-A, A-P, Virtual cluster, weighted IPv6 FW + UTM Routing Protocols Wireless Controller Server LB 9 Anatomy of a FortiGate FortiGuard Subscription Services • Deliver real-time Automated Updates • Industry Leading Threat Response Time • Comprehensive Threat Library 24x7x365 Operations • Power by Fortinet in-house Global Threat Research Team FortiGuard AntiVirus Service FortiGuard NGFW Service FortiGuard Web Filtering Service FortiGuard Antispam Service 10 FortiGate Appliance by Segments MSSP ✔ ✔ ✔ ✔ ✔ ✔ ✔ Carrier ✔ ✔ ✔ Data Center / Cloud ✔ ✔ ✔ ✔ Enterprise ✔ ✔ (Branch) ✔ (Branch) ✔ (Branch) ✔ (Campus) ✔ (Campus) ✔ Distributed Enterprise ✔ ✔ ✔ ✔ ✔ ✔ ✔ SMB ✔ ✔ ✔ ✔ Model 20-90 Series 100 Series 200 Series 300-800 Series 1000 Series 3000 Series 5000 Series Product Range Entry Level Mid Range High End *Key Hardware Features PoE, Switch, WiFi PoE, High Density GE High Density GE High Density GE, 10 GE 10 GE, 40 GE Chassis & Blades * May be available as hardware variants 11 FortiGate Small Business Devices Security Appliances For Small/Home Offices & Small Branch Offices • High performance, feature-rich multi- threat security for Branch Offices, SoHo and telecommuters Primary Benefits: ✓High speed Firewall and IPSec VPN performance ✓High Speed Application Control ✓Accelerated IPS/AV performance ✓On board storage for WAN Optimization, local reporting and archiving ✓Integrated WiFi on certain models FG/FWF-30D Series FG/FWF-60D Series FG-100D Series FG/FWF-90D Series 12 FortiGate Small Business Devices: Comparison FGT-30D FGT-60C FGT-60D FGT-90D FGT-100D Firewall (1518/512/64 byte UDP) 800 / 800 / 800 Mbps 1 / 1 / 1 Gbps 1.5 /1.5 /1.5 Gbps 3.5 /3.5 /3.5 Gbps 2500 / 1000 / 200 Mbps Concurrent Sessions 200,000 400,000 500,000 1.5 Mil 3 Mil New Sessions/Sec 3,500 3,000 4,000 4,000 22,000 IPSec VPN 350 Mbps 70 Mbps 1 Gbps 1 Gbps 450 Mbps IPS (HTTP) 150 Mbps 135 Mbps 200 Mbps 275 Mbps 950 Mbps Antivirus (Proxy/Flow) 30 / 40 Mbps 20 / 40 Mbps 35 / 50 Mbps 35 / 65 Mbps 300 / 700 Mbps Interfaces (LAN, WAN & DMZ) 5 x GE RJ45 8 x GE RJ45 10 x GE RJ45 16 x GE RJ45 20 x GE RJ45, 2 x GE SFP Storage - - - 32GB 32GB Variants WiFi, PoE WiFi, Ana. Modem, Wifi + Ana. Modem, LENC, SFP, POE, ADSL WiFi, PoE WiFi, PoE LENC, high port density, T1 port, PoE 13 FortiGate Mid-Range Devices Mid-Range Security Appliances For Mid-Size Organizations & Large Enterprise Branch Offices FGT- 600C FGT-800C FGT-1000C • High performance multi-threat security for medium-sized enterprises and branch offices of large enterprises. • Higher price/performance ratio and more interfaces than any products in their class Primary Benefits: ✓High speed Firewall and IPSec VPN performance ✓High Speed Application Control ✓Accelerated IPS/AV performance ✓On board storage for WAN Optimization, local reporting and archiving* FGT-1240B FGT- 300C FGT-200D Series *FGT-200B requires optional HDD FGT-1500D 14 FortiGate Mid Range Devices: Comparison FGT-200D FGT-240D FGT-280D- POE FGT-300C FG-600C FG-800C Firewall (1518/512/64 byte UDP) 3 / 3 / 3 Gbps 4 / 4 / 4 Gbps 4 / 4 / 4 Gbps 8 / 8 / 8 Gbps 16 / 16 /16 Gbps 20 / 20 / 20 Gbps Concurrent Sessions 1.4 Mil 3.2 Mil 3.2 Mil 2 Mil 3 Mil 7 Mil New Sessions/Sec 77,000 77,000 77,000 50,000 70,000 190,000 IPSec VPN 1.3 Gbps 1.3 Gbps 1.3 Gbps 4.5 Gbps 8 Gbps 8 Gbps IPS (HTTP) 1.7 Mbps 2.1 Gbps 2.1 Gbps 1.4 Gbps 3 Gbps 6 Gbps Antivirus (Proxy/Flow) 600 / 1,100 Mbps 600 / 1,100 Mbps 600 / 1,100 Mbps 200 / 550 Mbps 1.3 /1.7 Gbps 1.7 / 2.1 Gbps Interfaces (LAN, WAN & DMZ) 18 x GE RJ45, 2 x GE SFP 42 x GE RJ45, 2 x GE SFP 54 x GE RJ45, 32 x GE PoE RJ45, 4 x GE SFP 10 x GE RJ45 18x GE RJ45, 4 x Shared port pairs, 2 x bypass Pairs 2 x 10GE SFP+,14 x GE RJ45, 8 x Shared port pairs, 2 x bypass Pairs Storage 16 GB 32 GB 64 GB 16 GB 64 GB 64 GB Variants - - - LENC DC, LENC - 15 FortiGate Mid Range Devices: Comparison FG-1000C FG-1240B FG-1500D Firewall (1518/512/64 byte UDP) 20 / 20 / 20 Gbps 40-44 / 40-44 / 38-42 Gbps 80 / 80 / 55 Gbps Concurrent Sessions 7 Mil 5 Mil 12 Mil New Sessions/Sec 190,000 120,000 250,000 IPSec VPN 8 Gbps 16-18.5 Gbps 50 Gbps IPS (HTTP) 6 Gbps 5-8 Gbps 11 Gbps Antivirus (Proxy/Flow) 1.7 / 2.1 Gbps 1.2 / 1.6 Gbps 4.3 / 13 Gbps Interfaces (LAN, WAN & DMZ) 2 x 10GE SFP+,14 x GE RJ45, 8 x Shared port pairs, 2 x bypass Pairs 16 x GE RJ45, 24 x GE SFP 8x 10GE SPF+, 16x GE SFP, 18x GE RJ45 Storage 128 GB 64 GB, 384 GB opt. 240 GB Variants DC DC - 16 FortiGate-1500D Hardware Performance Firewall Throughput (1518/512/64) 80 / 80 / 55 Gbps IPS Throughput 11 Gbps Firewall Latency 3 μs Antivirus Throughput (Proxy Based / Flow Based) 4.3 / 13 Gbps Concurrent Sessions 12 Mil Virtual Domains (Default / Max) 10/250 New Sessions/Sec 250,000 Max Number of FortiAPs (Total/Tunnel) 4096 / 1024 Firewall Policies 100,000 Max Number of FortiTokens 5,000 IPSec VPN Throughput 50 Gbps Client-to-Gateway IPSec VPN Tunnels 50,000 SSL-VPN Throughput 4 Gbps Concurrent SSL-VPN Users (Recommended Max) 10,000 1 2 3 4 • 2x GE RJ45 Management Ports • 16x GE SFP Slots • 16x GE RJ45 Ports • 8x 10GE SPF+ Slots 1 2 3 4 17 FortiGate 3000 Series Security Appliances For Large Enterprises & Managed Service Providers FG-3950B • Ideal for securing traditional high- bandwidth networks, as well as virtualized, or cloud-based infrastructures. • Higher price/performance ratio and more interfaces than any products in their class Primary Benefits: ✓Rich feature set for protecting next generation networks, including integrated IPS, application control, user-based policies, and endpoint policy enforcement ✓On-board storage for WAN Optimization, local reporting and archiving ✓Integration with FortiManager and FortiAnalyzer simplifies management, reporting and analysis for up to thousands of Fortinet devices FG-3240C FG-3600C FG-3700D 18 FortiGate 3000 Series: Comparison FG3040/ FG3140B FG-3240C FG-3600C FG-3700D FG-3950B Firewall (1518/512/64 byte UDP) 40 / 40 / 40 58 / 55 / 43 Gbps 40 / 40 /40 Gbps 60 / 60 /60 Gbps 160 / 160 /110 Gbps 20-120 / 20-120 / 20-120 Gbps Concurrent Sessions 5 Mil 10 Mil 28 Mil 44 Mil 20 Mil New Sessions/Sec 200,000 200,000 235,000 300,000 250,000 – 300,000* IPSec VPN 17 / 22 Gbps 17 Gbps 25 Gbps 100 Gbps 8 – 50.5 Gbps IPS (HTTP) 6 / 8.4 Gbps 8 Gbps 14 Gbps 23 Gbps 20 Gbps Antivirus (Proxy/Flow) 2.3 / 4.5 Gbps 2.6 / 9 Gbps 5.8 / 18 Gbps 7.5 / 18 Gbps 4 / 15 Gbps Interfaces 8 x 10GE SFP+, 10 x GE SFP, 2 uploads/Management/ fortinet-product-guide.pdf