You are on page 1of 26

Fortigate Features

&
Demo
Prepared and Presented by:

Georges Nassif
Technical Manager
Triple C

TRIPLE C, Computer Communication Consultants All copyrights reserved 2014

www.triplec.com.lb

Fortigate Features

Firewall
Antivirus
IPS
Web Filtering
AntiSpam
Application Control
DLP
Client Reputation

TRIPLE C, Computer Communication Consultants All copyrights reserved 2014

www.triplec.com.lb

Fortigate Features

Traffic Shaping

IPSEC VPN

SSL VPN

Link Load Balancer

Server Load Balancer

Virtual Domains

Wireless Controller

Captive Portal

TRIPLE C, Computer Communication Consultants All copyrights reserved 2014

(contd)

www.triplec.com.lb

Fortigate Features
Firewall
1.

Source Interface

2.

Source Address

3.

Destination Interface

4.

Destination Address

5.

Protocols

6.

Schedule

7.

NAT/Route

TRIPLE C, Computer Communication Consultants All copyrights reserved 2014

www.triplec.com.lb

Fortigate Features
Firewall

TRIPLE C, Computer Communication Consultants All copyrights reserved 2014

www.triplec.com.lb

Fortigate Features
Security Features

Antivirus

Web Filter

Application Control

IPS

Email Filter

DLP Sensor

SSL Inspection

TRIPLE C, Computer Communication Consultants All copyrights reserved 2014

www.triplec.com.lb

Fortigate Features
Security Features

TRIPLE C, Computer Communication Consultants All copyrights reserved 2014

www.triplec.com.lb

Fortigate Features
Security Features
Antivirus:

Stop Malware Infections

Unmatched Performance

Comprehensive Malware Protection

Automatic Update

Push Update

Demo: Quarantine Infected PC

TRIPLE C, Computer Communication Consultants All copyrights reserved 2014

www.triplec.com.lb

Fortigate Features
Security Features
IPS:

Stop Network Intruders

Custom Signatures

DOS

DDOS

Fortiguard

Automatic Update

Push Update

TRIPLE C, Computer Communication Consultants All copyrights reserved 2014

www.triplec.com.lb

Fortigate Features
Security Features
Application Control:

Allowing, denying or monitoring

Detected through Signature

Traffic Shaping for Application

Updates through IPS

Demo: Deny Whatsapp

TRIPLE C, Computer Communication Consultants All copyrights reserved 2014

www.triplec.com.lb

Fortigate Features
Security Features
Web Filter:
6 main Groups:
1.

Security Risk

2.

General InterestBusiness

3.

General Interest-Personal

4.

Adult/Mature Content

5.

Bandwidth Consuming

6.

Potentially Liable

75 Categories
47 Million Websites rated
Demo: Deny News and Media Category
TRIPLE C, Computer Communication Consultants All copyrights reserved 2014

www.triplec.com.lb

Fortigate Features
Security Features
Email Filter:

Basic AntiSpam

Additional Layer

Actions are globally applied: Tag or Discard

Fortinet Dedicated Solution: Fortimail

TRIPLE C, Computer Communication Consultants All copyrights reserved 2014

www.triplec.com.lb

Fortigate Features
Security Features
Data Loss Prevention:
1.

Prevent unauthorized communication of


sensitive information and files through
the network perimeter

2.

Sensitive Information: Social security and


Credit cards numbers, File Types, File
Size, Regular Expression

3.

Content can be Archived to


FortiAanlayzer

TRIPLE C, Computer Communication Consultants All copyrights reserved 2014

www.triplec.com.lb

Fortigate Features
Security Features
SSL Inspection:
FortiOS 5.0 fully supports flow-based inspection of
SSL sessions.
This means that:
HTTPS, IMAPS, POP3S, SMTPS and FTPS traffic can
now be decrypted and inspected by IPS and
application control and flow-based antivirus, web
filtering and email filtering.

TRIPLE C, Computer Communication Consultants All copyrights reserved 2014

www.triplec.com.lb

Fortigate Features
Client Reputation

The Security scan types available on FortiGate units are


varied and tailored to detect specific attacks.

Look ups for a DNS name that does not exist

Connection attempts to an IP address that has no route

HTTP 404 errors

Packets that are blocked by security policies.

Attack detected.

Malware detected.

Visit to web site in risky categories

TRIPLE C, Computer Communication Consultants All copyrights reserved 2014

www.triplec.com.lb

Fortigate Features
Client Reputation

TRIPLE C, Computer Communication Consultants All copyrights reserved 2014

www.triplec.com.lb

Fortigate Features
Traffic Shaping
FortiGate units can implement Quality of Service (QoS)
by applying bandwidth limits and prioritization

TRIPLE C, Computer Communication Consultants All copyrights reserved 2014

www.triplec.com.lb

Fortigate Features
IPSEC VPN

Between two Fortigates or between a Mobile user


and the HQ.
The remote branch can be a DSL subscriber without
static public IP address and behind a NAT device.
FortiASIC Network Processors to accelerate
encryption and decryption of network traffic.
Once the traffic has been decrypted, multiple
threat inspections - including antivirus, intrusion
prevention, application control, email filtering and
web filtering - can be applied and enforced for all
content traversing the VPN tunnel.

TRIPLE C, Computer Communication Consultants All copyrights reserved 2014

www.triplec.com.lb

Fortigate Features
SSL VPN

Uses HTTPS
Modes:
Web-Only (portal page)
Tunnel Mode

TRIPLE C, Computer Communication Consultants All copyrights reserved 2014

www.triplec.com.lb

Fortigate Features
Link Load Balancing

Configure the same fortigate to use multiple


internet connections for business continuity
purpose.
These multiple internet connections can be
configured to act in:

Active Passive mode


Dynamic Load Balancing Mode
Static Load Balancing Mode

TRIPLE C, Computer Communication Consultants All copyrights reserved 2014

www.triplec.com.lb

Fortigate Features
Server Load Balancing

TRIPLE C, Computer Communication Consultants All copyrights reserved 2014

www.triplec.com.lb

Fortigate Features
Virtual Domains

Virtual domains (VDOMs) divide a FortiGate into two


or more (up to 250) virtual FortiGate devices, each
operating as an independent FortiGate security
gateway.

Each VDOM can provide completely separate


firewalling, routing, UTM, VPN, and next generation
firewall services.

All traffic enters and leaves a VDOM completely


separated from traffic from other VDOMs.

TRIPLE C, Computer Communication Consultants All copyrights reserved 2014

www.triplec.com.lb

Fortigate Features
Wireless Controller

The FortiGate network security platform acts as a wireless


controller for FortiAP Thin Access Points, while providing
firewall, VPN, intrusion prevention, application control, web
filtering and many other security and network capabilities.

FortiAP: Thin Wireless Access Points are cost-effective IEEE


802.11ac and 802.11n Thin APs that provide Integrated
Network Security and WiFi client access. The FortiAP series
utilizes industry-leading wireless LAN technology, providing
client access in both the 2.4 GHz and 5 GHz spectrum, with
802.11ac models supporting a maximum association rate of up
to 1,300 Mbps per radio.

TRIPLE C, Computer Communication Consultants All copyrights reserved 2014

www.triplec.com.lb

Fortigate Features
Captive Portal

Can be used to provide Guests with secure internet


access through an open SSID.

Users are redirected to a web portal page, where they


have to enter their credentials , provided by an operator.

A guest management role can be assigned to multiple


operators inside the company.

Multiple users can be created at the same time.

TRIPLE C, Computer Communication Consultants All copyrights reserved 2014

www.triplec.com.lb

Fortigate Features
Captive Portal

Users are redirected to a web portal page.

TRIPLE C, Computer Communication Consultants All copyrights reserved 2014

www.triplec.com.lb

Thank You
TRIPLE C, Computer Communication Consultants All copyrights reserved 2014

www.triplec.com.lb

You might also like