Post on 01-Jun-2018
8/9/2019 Fortigate Demo
1/26
TRIPLE C, Computer Communication Consultants All copyrights reserved 2014© www.triplec.com.lb
Fortigate Features
&Demo
Prepared and Presented by:
Georges Nassif
Technical Manager
Triple C
8/9/2019 Fortigate Demo
2/26
TRIPLE C, Computer Communication Consultants All copyrights reserved 2014© www.triplec.com.lb
Fortigate Features
• Firewall
• Antivirus
• IPS
• Web Filtering• AntiSpam
• Application Control
• DLP
• Client Reputation
8/9/2019 Fortigate Demo
3/26
TRIPLE C, Computer Communication Consultants All copyrights reserved 2014© www.triplec.com.lb
Fortigate Features
(cont’d)
• Traffic Shaping
• IPSEC VPN
• SSL VPN
• Link Load Balancer
• Server Load Balancer
• Virtual Domains
• Wireless Controller
• Captive Portal
8/9/2019 Fortigate Demo
4/26
TRIPLE C, Computer Communication Consultants All copyrights reserved 2014© www.triplec.com.lb
1. Source Interface
2. Source Address
3. Destination Interface
4. Destination Address
5. Protocols
6. Schedule
7. NAT/Route
Fortigate FeaturesFirewall
8/9/2019 Fortigate Demo
5/26
TRIPLE C, Computer Communication Consultants All copyrights reserved 2014© www.triplec.com.lb
Fortigate FeaturesFirewall
8/9/2019 Fortigate Demo
6/26
TRIPLE C, Computer Communication Consultants All copyrights reserved 2014© www.triplec.com.lb
• Antivirus
• Web Filter
• Application Control
• IPS
• Email Filter
• DLP Sensor
• SSL Inspection
Fortigate FeaturesSecurity Features
8/9/2019 Fortigate Demo
7/26
TRIPLE C, Computer Communication Consultants All copyrights reserved 2014© www.triplec.com.lb
Fortigate FeaturesSecurity Features
8/9/2019 Fortigate Demo
8/26
TRIPLE C, Computer Communication Consultants All copyrights reserved 2014© www.triplec.com.lb
Antivirus:
• Stop Malware Infections
•
Unmatched Performance• Comprehensive Malware Protection
• Automatic Update
•
Push Update• Demo: Quarantine Infected PC
Fortigate FeaturesSecurity Features
8/9/2019 Fortigate Demo
9/26
TRIPLE C, Computer Communication Consultants All copyrights reserved 2014© www.triplec.com.lb
IPS:
• Stop Network Intruders
•
Custom Signatures• DOS
• DDOS
•
Fortiguard• Automatic Update
• Push Update
Fortigate FeaturesSecurity Features
8/9/2019 Fortigate Demo
10/26
TRIPLE C, Computer Communication Consultants All copyrights reserved 2014© www.triplec.com.lb
Application Control:
• Allowing, denying or monitoring
• Detected through Signature
• Traffic Shaping for Application
• Updates through IPS
• Demo: Deny Whatsapp
Fortigate FeaturesSecurity Features
8/9/2019 Fortigate Demo
11/26
TRIPLE C, Computer Communication Consultants All copyrights reserved 2014© www.triplec.com.lb
Web Filter:
6 main Groups:
1. Security Risk
2. General Interest–Business3. General Interest-Personal
4. Adult/Mature Content
5. Bandwidth Consuming
6. Potentially Liable
75 Categories
47 Million Websites rated
Demo: Deny News and Media Category
Fortigate FeaturesSecurity Features
8/9/2019 Fortigate Demo
12/26
TRIPLE C, Computer Communication Consultants All copyrights reserved 2014© www.triplec.com.lb
Email Filter:
• Basic AntiSpam
•
Additional Layer• Actions are globally applied: Tag or Discard
• Fortinet Dedicated Solution: Fortimail
Fortigate FeaturesSecurity Features
8/9/2019 Fortigate Demo
13/26
TRIPLE C, Computer Communication Consultants All copyrights reserved 2014© www.triplec.com.lb
Data Loss Prevention:
1. Prevent unauthorized communication of
sensitive information and files through
the network perimeter
2. Sensitive Information: Social security and
Credit cards numbers, File Types, File
Size, Regular Expression
3. Content can be Archived to
FortiAanlayzer
Fortigate FeaturesSecurity Features
8/9/2019 Fortigate Demo
14/26
TRIPLE C, Computer Communication Consultants All copyrights reserved 2014© www.triplec.com.lb
SSL Inspection:
FortiOS 5.0 fully supports flow-based inspection of
SSL sessions.
This means that:
HTTPS, IMAPS, POP3S, SMTPS and FTPS traffic can
now be decrypted and inspected by IPS and
application control and flow-based antivirus, web
filtering and email filtering.
Fortigate FeaturesSecurity Features
8/9/2019 Fortigate Demo
15/26
TRIPLE C, Computer Communication Consultants All copyrights reserved 2014© www.triplec.com.lb
• The Security scan types available on FortiGate units are
varied and tailored to detect specific attacks.
• Look ups for a DNS name that does not exist
• Connection attempts to an IP address that has no route
• HTTP 404 errors
• Packets that are blocked by security policies.
• Attack detected.
• Malware detected.
• Visit to web site in risky categories
Fortigate FeaturesClient Reputation
8/9/2019 Fortigate Demo
16/26
8/9/2019 Fortigate Demo
17/26
TRIPLE C, Computer Communication Consultants All copyrights reserved 2014© www.triplec.com.lb
FortiGate units can implement Quality of Service (QoS)
by applying bandwidth limits and prioritization
Fortigate FeaturesTraffic Shaping
8/9/2019 Fortigate Demo
18/26
TRIPLE C, Computer Communication Consultants All copyrights reserved 2014© www.triplec.com.lb
• Between two Fortigates or between a Mobile userand the HQ.
• The remote branch can be a DSL subscriber without
static public IP address and behind a NAT device.• FortiASIC™ Network Processors to accelerate
encryption and decryption of network traffic.
• Once the traffic has been decrypted, multiplethreat inspections - including antivirus, intrusionprevention, application control, email filtering andweb filtering - can be applied and enforced for allcontent traversing the VPN tunnel.
Fortigate FeaturesIPSEC VPN
8/9/2019 Fortigate Demo
19/26
TRIPLE C, Computer Communication Consultants All copyrights reserved 2014© www.triplec.com.lb
• Uses HTTPS
• Modes:
• Web-Only (portal page)
• Tunnel Mode
Fortigate FeaturesSSL VPN
8/9/2019 Fortigate Demo
20/26
TRIPLE C, Computer Communication Consultants All copyrights reserved 2014© www.triplec.com.lb
• Configure the same fortigate to use multipleinternet connections for business continuity
purpose.• These multiple internet connections can be
configured to act in:
• Active – Passive mode• Dynamic Load Balancing Mode
• Static Load Balancing Mode
Fortigate FeaturesLink Load Balancing
8/9/2019 Fortigate Demo
21/26
TRIPLE C, Computer Communication Consultants All copyrights reserved 2014© www.triplec.com.lb
Fortigate FeaturesServer Load Balancing
8/9/2019 Fortigate Demo
22/26
TRIPLE C, Computer Communication Consultants All copyrights reserved 2014© www.triplec.com.lb
• Virtual domains (VDOMs) divide a FortiGate into two
or more (up to 250) virtual FortiGate devices, each
operating as an independent FortiGate securitygateway.
• Each VDOM can provide completely separate
firewalling, routing, UTM, VPN, and next generation
firewall services.
• All traffic enters and leaves a VDOM completely
separated from traffic from other VDOMs.
Fortigate FeaturesVirtual Domains
8/9/2019 Fortigate Demo
23/26
TRIPLE C, Computer Communication Consultants All copyrights reserved 2014© www.triplec.com.lb
• The FortiGate network security platform acts as a wirelesscontroller for FortiAP Thin Access Points, while providingfirewall, VPN, intrusion prevention, application control, web
filtering and many other security and network capabilities.
• FortiAP: Thin Wireless Access Points are cost-effective IEEE802.11ac and 802.11n “Thin” APs that provide Integrated
Network Security and WiFi client access. The FortiAP seriesutilizes industry-leading wireless LAN technology, providingclient access in both the 2.4 GHz and 5 GHz spectrum, with802.11ac models supporting a maximum association rate of upto 1,300 Mbps per radio.
Fortigate FeaturesWireless Controller
8/9/2019 Fortigate Demo
24/26
TRIPLE C, Computer Communication Consultants All copyrights reserved 2014© www.triplec.com.lb
• Can be used to provide Guests with secure internet
access through an open SSID.
• Users are redirected to a web portal page, where theyhave to enter their credentials , provided by an operator.
• A guest management role can be assigned to multiple
operators inside the company.
• Multiple users can be created at the same time.
Fortigate FeaturesCaptive Portal
8/9/2019 Fortigate Demo
25/26
TRIPLE C, Computer Communication Consultants All copyrights reserved 2014© www.triplec.com.lb
• Users are redirected to a web portal page.
Fortigate FeaturesCaptive Portal
8/9/2019 Fortigate Demo
26/26
TRIPLE C, Computer Communication Consultants All copyrights reserved 2014© www.triplec.com.lb
Thank You