Fortigate Demo

8/9/2019 Fortigate Demo

1/26

TRIPLE C, Computer Communication Consultants All copyrights reserved 2014© www.triplec.com.lb

Fortigate Features

&Demo

Prepared and Presented by:

Georges Nassif

Technical Manager

Triple C


2/26


Fortigate Features

• Firewall

• Antivirus

• IPS

• Web Filtering• AntiSpam

• Application Control

• DLP

• Client Reputation


3/26


Fortigate Features

(cont’d)

• Traffic Shaping

• IPSEC VPN

• SSL VPN

• Link Load Balancer

• Server Load Balancer

• Virtual Domains

• Wireless Controller

• Captive Portal


4/26


1. Source Interface

2. Source Address

3. Destination Interface

4. Destination Address

5. Protocols

6. Schedule

7. NAT/Route

Fortigate FeaturesFirewall


5/26


Fortigate FeaturesFirewall


6/26


• Antivirus

• Web Filter

• Application Control

• IPS

• Email Filter

• DLP Sensor

• SSL Inspection

Fortigate FeaturesSecurity Features


7/26




8/26


Antivirus:

• Stop Malware Infections

•

Unmatched Performance• Comprehensive Malware Protection

• Automatic Update

•

Push Update• Demo: Quarantine Infected PC



9/26


IPS:

• Stop Network Intruders

•

Custom Signatures• DOS

• DDOS

•

Fortiguard• Automatic Update

• Push Update



10/26


Application Control:

• Allowing, denying or monitoring

• Detected through Signature

• Traffic Shaping for Application

• Updates through IPS

• Demo: Deny Whatsapp



11/26


Web Filter:

6 main Groups:

1. Security Risk

2. General Interest–Business3. General Interest-Personal

4. Adult/Mature Content

5. Bandwidth Consuming

6. Potentially Liable

75 Categories

47 Million Websites rated

Demo: Deny News and Media Category



12/26


Email Filter:

• Basic AntiSpam

•

Additional Layer• Actions are globally applied: Tag or Discard

• Fortinet Dedicated Solution: Fortimail



13/26


Data Loss Prevention:

1. Prevent unauthorized communication of

sensitive information and files through

the network perimeter

2. Sensitive Information: Social security and

Credit cards numbers, File Types, File

Size, Regular Expression

3. Content can be Archived to

FortiAanlayzer



14/26


SSL Inspection:

FortiOS 5.0 fully supports flow-based inspection of

SSL sessions.

This means that:

HTTPS, IMAPS, POP3S, SMTPS and FTPS traffic can

now be decrypted and inspected by IPS and

application control and flow-based antivirus, web

filtering and email filtering.



15/26


• The Security scan types available on FortiGate units are

varied and tailored to detect specific attacks.

• Look ups for a DNS name that does not exist

• Connection attempts to an IP address that has no route

• HTTP 404 errors

• Packets that are blocked by security policies.

• Attack detected.

• Malware detected.

• Visit to web site in risky categories

Fortigate FeaturesClient Reputation


16/26


17/26


FortiGate units can implement Quality of Service (QoS)

by applying bandwidth limits and prioritization

Fortigate FeaturesTraffic Shaping


18/26


• Between two Fortigates or between a Mobile userand the HQ.

• The remote branch can be a DSL subscriber without

static public IP address and behind a NAT device.• FortiASIC™ Network Processors to accelerate

encryption and decryption of network traffic.

• Once the traffic has been decrypted, multiplethreat inspections - including antivirus, intrusionprevention, application control, email filtering andweb filtering - can be applied and enforced for allcontent traversing the VPN tunnel.

Fortigate FeaturesIPSEC VPN


19/26


• Uses HTTPS

• Modes:

• Web-Only (portal page)

• Tunnel Mode

Fortigate FeaturesSSL VPN


20/26


• Configure the same fortigate to use multipleinternet connections for business continuity

purpose.• These multiple internet connections can be

configured to act in:

• Active – Passive mode• Dynamic Load Balancing Mode

• Static Load Balancing Mode

Fortigate FeaturesLink Load Balancing


21/26


Fortigate FeaturesServer Load Balancing


22/26


• Virtual domains (VDOMs) divide a FortiGate into two

or more (up to 250) virtual FortiGate devices, each

operating as an independent FortiGate securitygateway.

• Each VDOM can provide completely separate

firewalling, routing, UTM, VPN, and next generation

firewall services.

• All traffic enters and leaves a VDOM completely

separated from traffic from other VDOMs.

Fortigate FeaturesVirtual Domains


23/26


• The FortiGate network security platform acts as a wirelesscontroller for FortiAP Thin Access Points, while providingfirewall, VPN, intrusion prevention, application control, web

filtering and many other security and network capabilities.

• FortiAP: Thin Wireless Access Points are cost-effective IEEE802.11ac and 802.11n “Thin” APs that provide Integrated

Network Security and WiFi client access. The FortiAP seriesutilizes industry-leading wireless LAN technology, providingclient access in both the 2.4 GHz and 5 GHz spectrum, with802.11ac models supporting a maximum association rate of upto 1,300 Mbps per radio.

Fortigate FeaturesWireless Controller


24/26


• Can be used to provide Guests with secure internet

access through an open SSID.

• Users are redirected to a web portal page, where theyhave to enter their credentials , provided by an operator.

• A guest management role can be assigned to multiple

operators inside the company.

• Multiple users can be created at the same time.

Fortigate FeaturesCaptive Portal


25/26


• Users are redirected to a web portal page.

Fortigate FeaturesCaptive Portal


26/26


Thank You

Fortigate Demo

Documents

Transcript of Fortigate Demo