1. Bohuslav Partyk, Product Manager
Fortinet FG3600C
špička mezi Next Generation Firewally
Bohuslav Partyk, Product Manager

2. Skyvera – IT distributor s přidanou hodnotou
Široké portfolio produktů z oblasti bezpečnosti a síťových technologií
Vytvoření cenové nabídky a sizing řešení
Příprava podkladů k výběrovým řízením
Generování poptávky na koncovém trhu
Centrální sklad
Místní sklad pro zápůjčky a testování
Logistika, celní procedury, doprava k zákazníkovi zdarma v rámci ČR a SR

3. Next Generation Firewall
Marketing?
Reklama?
… nebo reálný základ?

4. Aplikace se mění, firewally ne …
Rozhraní sítě je to pravé místo pro posílení inspekce
Vidí na veškerý provoz
Definuje hranici důvěry
ALE … aplikace se mění
Potřebujeme obnovit viditelnost a inspekci dat ve firewallu

5. Riziko přenosu nákazy v aplikaci
Aplikace mohou být „útočníky“ Aplikace mohou nést útoky

6. Next Generation Firewall
Marketing?
Reklama?
… nebo reálný základ?
Aplikace, uživatelé, obsah

7. Produkty Fortinet
S použitím původní prezentace spol. Fortinet

8. Široké portfolio produktů
FortiASIC
FortiOS
FortiDDoS
SMALL/MEDIUM ENTERPRISE VM
Fortinet has a wide range of devices. Besides the flagship FortiGate line of devices.
In addition to FortiGate – there is a wide range of additional devices including management and analytics, wireless access points, virtual machine deployments for cloud deployments and mail, web and database among others.
Six ICSA certifications (Firewall, AV, IPS, IPSec VPN, SSL, VPN, Anti-Spam)
Government Certifications (FIPS-2, Common Criteria EAL4+)
ISO 9001 certification
Fortinet offers:
End-to-end IT security including security and WAF
Complete portfolio to protect different layers of the network/communications
Integrated protection of wired and wireless networks
Virtual appliances to secure virtual datacenters: hypervisor independent inter-VM and Inter-Zone security; XML API to ease provisioning of appliance policies
The Result: security of the extended enterprise - from endpoints, to the perimeter and the core, including DB infrastructure, messaging servers and content systems
SERVICE PROVIDER
FortiGate Series
FortiGate Series
FortiAuthenticator
LARGE ENTERPRISE
FortiGate Series
FortiSwitch
FortiAP
FortiScan
FortiManager
FortiDB
FortiAnalyzer
FortiMail
FortiWeb

9. Portfolio produktů Fortinet
FortiGate
Network Security
Platform
FortiMail
Messaging Security
Gateway
FortiDB
Database Security
Solution
FortiDDoS
Application D/DOS Mitigator
Security
FortiWeb
Web Application
Firewall
FortiScan
Vulnerability
Management
FortiAuthenticator
Access Management
FortiAP
Wireless Access
FortiBalancer
Application Delivery
FortiDNS
High Performance DNS Server
FortiSwitch
Wired Access
Network Services
FortiCache
Content Caching
FortiVoice
VoIP & IP Telephony
FortiClient
Endpoint Security
FortiToken
2-Factor Authentication
FortiManager
Centralized Device
Manager
FortiAnalyzer
Centralized Logging
& Reporting
Management
FortiGuard
Security & Network Services
FortiCare
Support Services
FAMS
Hosted Services
Services
Also Available as Virtual Appliance

10. FortiGate/FortiWiFi

11. FortiGate: Integrovaná architektura
Real-Time Protection
FortiGuard™ Updates
Fully Integrated
Security & Networking
Technologies AV
IPS
Web Filter
Antispam
App Ctrl VM
Firewall
VPN
DLP
WAN Opt
Traffic Shaping
WLAN
VoIP
SSL Insp HA
Load Balancing
Hardened Platform
Specialized OS
High Performance
Purpose-Built Hardware
Support and Services
FortiCare™
FortiGuard Labs
Purpose-built to deliver overlapping, complementary security
Provides both flexibility & defense-in-depth capabilities

12. Anatomie FortiGate Real Time Protection Extensive Capabilities
Secured System
FortiGate Hardware Appliance
Purposed built high performance systems
Acceleration chips
Wired and Wireless Connectivity
FortiGate Virtual Appliance
UTM solution for Cloud environment
Content Processor
Network
Processor
Security
Processor
Flexible Platform
World Class Support

13. WebUI, CLI Dashboard & Statistics
Anatomie FortiGate
Real Time Protection
Extensive Capabilities
FortiOS Operating Systems
Proprietary OS, eliminates vulnerabilities & issues associated with common OSes
Harden and small footprint for security & efficiency
Runs on flash, more reliable
Nearly common feature set across all platform
* Default with 10 VDOMs
WebUI, CLI Dashboard & Statistics
SNMP Monitoring
Syslogging
In-box Reporting **
Alerts
Content Archives
SFLOW
Secured System
Flexible Platform
World Class Support

14. HA: A-A, A-P, Virtual cluster, weighted
Anatomie FortiGate
Real Time Protection
Features & Capabilities
Available by default, no requirement for hidden charges and software upgrades
HA: A-A, A-P, Virtual cluster, weighted
IPv6 FW + UTM
Firewall
VPN
IPS
App. Ctrl
AntiVirus
Web Filter
Routing Protocols
Wireless Controller
Server LB
AntiSpam
DLP
NAC
Vuln Mgmt
Traffic Shaping
WAN opt.
Extensive Capabilities
Secured System
Flexible Platform
World Class Support

15. Anatomie FortiGate Real Time Protection Extensive Capabilities
FortiGuard Subscription Services
Deliver real-time Automated Updates
Industry Leading Threat Response Time
Comprehensive Threat Library 24x7x365 Operations
Power by Fortinet in-house Global Threat Research Team
FortiGuard AntiVirus Service
FortiGuard IPS Service
FortiGuard WCF Service
FortiGuard Antispam Service
Real Time Protection
Extensive Capabilities
Secured System
Flexible Platform
World Class Support

16. FortiGate „Small Business“ zařízení
Security Appliances For Small/Home Offices & Small Branch Offices
FWF-20C
FGT-20C
High performance, feature-rich multi-threat security for Branch Offices, SoHo and telecommuters
FWF-40C
FGT-40C
Primary Benefits:
High speed Firewall and IPSec VPN performance
High Speed Application Control
Accelerated IPS/AV performance
On board storage for WAN Optimization, local reporting and archiving
Integrated WiFi on certain models
FWF-60C
FGT-60C
FWF-80C
FGT-80C

17. FortiGate - zařízení pro střední segment
Mid-Range Security Appliances For Mid-Size Organizations & Large Enterprise Branch Offices
High performance multi-threat security for medium-sized enterprises and branch offices of large enterprises.
Higher price/performance ratio and more interfaces than any products in their class
FGT-1240B
FGT-1000C
Primary Benefits:
High speed Firewall and IPSec VPN performance
High Speed Application Control
Accelerated IPS/AV performance
On board storage for WAN Optimization, local reporting and archiving*
FGT-800C
FGT-600C
FGT-300C
FGT-200B
FGT-200B-POE
*FGT-200B requires optional HDD

18. FortiGate serie 3000 FG-3600C novinka
Security Appliances For Large Enterprises & Managed Service Providers
Ideal for securing traditional high-bandwidth networks, as well as virtualized, or cloud-based infrastructures.
Higher price/performance ratio and more interfaces than any products in their class
FG-3040B
FG-3140B
FG-3600C novinka
Primary Benefits:
Rich feature set for protecting next generation networks, including integrated IPS, application control, user-based policies, and endpoint policy enforcement
On-board storage for WAN Optimization, local reporting and archiving
Integration with FortiManager and FortiAnalyzer simplifies management, reporting and analysis for up to thousands of Fortinet devices
FG-3240C
FG-3950B

19. FortiGate serie 5000 (tzv. chasiss)
Security Appliances For Very Large Enterprises & Managed Service Provides
Chassis-based platforms offer maximum performance, reliability, and scalability for high-speed service provider, large enterprise or telecommunications carrier networks.
Fastest chassis-based firewall in the industry
Flexibility enables protection of complex, multi-tenant cloud-based security-as-a-service and infrastructure-as-a-service environments.
Primary Benefits:
Native 10-GbE support for high speed requirements
ATCA-compliant architecture delivers carrier-grade performance, reliability, availability and serviceability
Chassis support two, six, or fourteen FortiGate series blades, allowing customization and scaling
FG-5140B

20. FortiGate-3600C Next Generation Firewall

21. FortiGate-3600C
Next Generation Firewall with Breakthrough Firewall & IPS Performance
12x 10GE SFP+ Slots, 16x GbE SFP Slots & 2x GbE Copper Management ports
Primary Benefits:
Next Generation Firewall functionality
User, device and application-based enforcement provides exceptional visibility and control
Unmatched throughput and ultra-low latency delivers performance you need for critical datacenter, core and perimeter deployments.
FG-3600C

22. High Port Density

23. FortiGate serie 3000 - srovnání
FG-3040B
FG-3140B
FG-3240C
FG-3600C
FG-3950B
Firewall
(1518/512/64 byte UDP)
40 / 40 / 40 Gbps
58 / 55 /43 Gbps
40 / 40 /40 Gbps
60 / 60 / 60 Gbps
/ / Gbps
Concurrent Sessions
5 Mil
10 Mil
28 Mil
20 Mil
New Sessions/Sec
200,000
250,000
IPSec VPN
17 Gbps
22 Gbps
8 – 50.5 Gbps
IPS (HTTP)
6 Gbps
8.4 Gbps
8 Gbps
14 Gbps
20 Gbps
Antivirus (Proxy/Flow)
2.3 / 4.5 Gbps
2.6 / 5 Gbps
5.5/18 Gbps
4 / 15 Gbps
Max FortiAP
1,024
Max FortiToken
5,000
VDOM (Default/Max)
10 / 250
10 / 500
Storage
64 GB, 256 GB opt.
64 GB
128 GB
256 GB
Variants
LENC
DC, LENC -

24. Určení produktů serie FG-3000
FG-3950B: Highest firewall performance. 5 expansion bays for flexibility DC power available. For MSSP and Enterprise.
FG-3600C: High port density. Strong IPS and Antimalware performance For MSSP and enterprise.
FG-3240C: Mid-priced 3000 Series FortiGate. High port density. DC power available. For enterprise.
FG-3140B: Lower port density. High firewall throughput. Expandable storage. DC power available. For enterprise.
FG-3040B: Lowest priced 3000 Series. Expandable storage. DC power available. For enterprise.

25. Nasazení: Next Generation Perimeter Security
FortiManager
Stop threats at the perimeter with next generation firewall protection.
60 Gbps firewall throughput for 64 byte packets, ideal for BYOD environments.
High capacity for the most demanding environments. Able to handle 28 million concurrent sessions.
FortiAnalyzer
Headquarters

26. Nasazení: Data Center Security
FortiManager
Protect critical data by blocking non-compliant applications and untrusted traffic.
High density 10G interfaces for connectivity among multiple segments without need for bridging.
Single-pane-of-glass management for both physical and virtual data center security.
FortiAnalyzer
VDOM #3
VDOM #2
Data Center
VDOM #1

27. Nasazení: MSSP Core Security
Customizable features and up to 500 virtual domains ideal for multi-tenant deployments.
Granular management and reporting for each customer.
High connections/second and low latency make it ideal for BYOD and other demanding environments.
Customers
FortiManager
FortiAnalyzer
Provisioning Systems
Security Operation Center
Subscribers DB

28. bohuslav.partyk@skyvera.cz, www.skyvera.cz
Děkuji za pozornost