Fortinet FortiOS 5 Presentation
33
1 CONFIDENTIAL – INTERNAL ONLY 1 Fortinet Confidential June 17, 2022 Introducing FortiOS 5 More Security, More Control, More Intelligence
-
Upload
ncs-computech-ltd -
Category
Devices & Hardware
-
view
4.198 -
download
2
Transcript of Fortinet FortiOS 5 Presentation
1 CONFIDENTIAL – INTERNAL ONLY 1 Fortinet ConfidentialMay 2, 2023
Introducing FortiOS 5More Security, More Control, More Intelligence
2 CONFIDENTIAL – INTERNAL ONLY
Network TrendsWired Connectivity Moving Beyond 10GUbiquitous Wireless ConnectivityMobile Devices EverywhereVideo and Audio ContentIPv6 a Reality
Background
3 CONFIDENTIAL – INTERNAL ONLY
Security TrendsVisibility of TrafficAccuracy of DetectionPolicy ExplosionLog ExplosionThreats Scale
Background
4 CONFIDENTIAL – INTERNAL ONLY
No ChangeBudgetDepartment Size
Background
5 CONFIDENTIAL – INTERNAL ONLY 5 Fortinet Confidential
FortiOS 5
6 CONFIDENTIAL – INTERNAL ONLY 6 F O R T I N E T C O N F I D E N T I A L
FortiOS 5
More SecurityMore SecurityMore ControlMore ControlMore IntelligenceMore Intelligence
7 CONFIDENTIAL – INTERNAL ONLY
Over 150 New Features & Enhancements
Fighting Advanced Threats--------------------------------------Client ReputationAdvanced Anti-malware Protection
More Security
Securing Mobile Devices------------------------------------Device IdentificationDevice Based PolicyEndpoint Control
More Control
Making Smart Policies--------------------------------------Identity Centric EnforcementSecured Guest AccessVisibility & reporting
More Intelligence
FortiOS 5 Highlights
8 CONFIDENTIAL – INTERNAL ONLY
Fighting Advanced Fighting Advanced ThreatsThreatsClient ReputationAdvanced Anti-malware Protection
More Security
9 CONFIDENTIAL – INTERNAL ONLY
Ranking
Client Reputation
Identification
Policy Enforceme
nt
Multiple Scoring VectorsReputation by Activity Threat Status
Real Time, Relative,Drill-down, Correlated
Identify potential … zero-day attacks
Score Computati
on
Zero Day Attack Detection
10 CONFIDENTIAL – INTERNAL ONLY
Multi-pass Filters
In-box Enhanced AV Engine Cloud Based AV Service
Hardware Accelerated& Code optimized
Real time updated, 3rd party validated Signature DB
Local LightweightSandboxing
Behavior / Attribute Based Heuristic Detection
Application Control – Botnet Category
FortiGuard Botnet IP Reputation DB
Cloud BasedSandboxing
Improves threat …. … detection
Advanced Anti-Malware Protection
11 CONFIDENTIAL – INTERNAL ONLY
Client ReputationThreat profiling to quickly identify most suspicious clientsEffective zero-day attacks detection
!
Advanced Anti-malware ProtectionMutilayered: Combines best-in class local AV Engine with additional cloud based detection systemDetects and block Botnet clients and activitiesImproves malware detection capabilities
More Security
12 CONFIDENTIAL – INTERNAL ONLY
Securing Mobile DevicesSecuring Mobile DevicesDevice IdentificationDevice Based PolicyEndpoint Control
More Control
13 CONFIDENTIAL – INTERNAL ONLY
See It… Control IT
Seamless integration!
BYOD – Device Identity & Policies
Device BasedIdentity Policies
AgentlessAgent based
Device Identification
Access Control Security Application
UTM Profiles
Awareness
14 CONFIDENTIAL – INTERNAL ONLY
Authorized Device
Device Based PolicySecurely adopt BYODSetup different security and network usage policies based on device types
Personal Device
✔DMZ ✔INTERNET
✗DMZ ✔INTERNET
More Control
15 CONFIDENTIAL – INTERNAL ONLY
“Off-Net” Protection
Endpoint Control: FortiClient 5
INTERNET
LAN
OFF
ON
• Client enrolls into the FortiGate and then receives its end point policy. It will receive any updates when connected again.
• Client uses last known security policies and VPN configurations.
1
2
16 CONFIDENTIAL – INTERNAL ONLY
Securing Remote DevicesProtect mobile hosts against malicious external threatsEnforce consistent end point security policies, anywhere all the timeSimplified host security and remote VPN management
Endpoint Control: FortiClient 5
17 CONFIDENTIAL – INTERNAL ONLY
Making Smart PoliciesMaking Smart PoliciesIdentity Centric EnforcementSecured Guest AccessVisibility & Reporting
More Intelligence
18 CONFIDENTIAL – INTERNAL ONLY
Identity = Policy
External Radius Service
Windows AD
Citrix Environment
= M.Jones = = S.Lim = = V.Baker == J.Jackson =
Captive Portal
802.1x
Users identified without additional logins
FortiClient
DMZ
DMZ
Users assigned to their policies
Identity-Centric Enforcement
FSSO Identity based Policies
19 CONFIDENTIAL – INTERNAL ONLY
Single Sign-On and Role Based PoliciesAuthorized network access based on user credentials secure network right at entry pointReuse captured information for security policies unifies security configurations and offers better user experience. Reduce administrative tasks & configuration errors
Marketing, Management
Operation, Staff
✔CMS ✔INTERNET
✗CMS ✔INTERNET
M.Jones
S.Lim
SSID: STAFF
SSID: MGMT
Identity-Centric Enforcement
20 CONFIDENTIAL – INTERNAL ONLY
Temporary Network Access Guest Administration PortalCredential Generation & DeliveryTime Quota
Ad hoc access without compromising security
Integrated Guest Access
Identify and track guest activities Time limits prevent unnecessary exposure to exploits
21 CONFIDENTIAL – INTERNAL ONLY
Network & Threat StatusKnowledge is Power !
Drill-Down StatisticsFilter & SortingObject DetailsContextual Information
Visibility & Reporting
22 CONFIDENTIAL – INTERNAL ONLY
Deep InsightsNew PDF FormattingDrill-downsPer User Summary
FortiManagerFortiCloud
Comprehensive reports
Visibility & Reporting
23 CONFIDENTIAL – INTERNAL ONLY
EnhancementsEnhancementsUsability / WebUIIPv6UTMWirelessFortiGuard Services
Highlights
24 CONFIDENTIAL – INTERNAL ONLY
Usability
Wizards
Improved Policy Editor
Contextual Pictograms
Enhancements
25 CONFIDENTIAL – INTERNAL ONLY
IPv6NAT64 / DNS64IPS (Forwarding Policy)Explicit ProxyHA Session Pickup
DHCP ClientPer-IP Traffic ShapingPolicy RoutingDHCPv6 Relay
Enhancements
26 CONFIDENTIAL – INTERNAL ONLY
UTMSSL Inspection of IPS & App ControlDNS-based Web FilteringCIFS (Flow-AV) & MAPI ScanningSSH proxyDLP Watermarking
Enhancements
27 CONFIDENTIAL – INTERNAL ONLY
WirelessWireless IDSWireless MeshLocal Bridge Mode (Remote sites)SSID & Port Bridging
Enhancements
28 CONFIDENTIAL – INTERNAL ONLY
User NotificationNotify Users in Real-Time• Blocked Applications• Denied Traffic• Quotas• Notifies via FortiClient if Host is Registered
Additional Enhancements
29 CONFIDENTIAL – INTERNAL ONLY
FortiGuard Services
DNS-based Web Filter DB Query
DDNS Service
NTP ServiceBYOD Signature Updates
Geography Updates
USB Modem Updates
Vulnerability Scan DB Updates SMS Messaging
FDN
Real time protection & new services
Enhancements
30 CONFIDENTIAL – INTERNAL ONLY
Supported Platforms
Desktop
Mid Range
3000 Series
5000 Series
FortiGate-VM * Available on patch release
31 CONFIDENTIAL – INTERNAL ONLY
Feature Matrix for Desktop Models
* Requires FMG/FAZ, FortiCloud for Monitoring, available in near future
32 CONFIDENTIAL – INTERNAL ONLY
Services, Licenses & Subscriptions
*Registration Required** Available on selected Models
Included with FortiGate•DNS Service •DDNS Service•NTP Service•2 FortiTokenMobile License*•10 FortiClient Endpoint License*•10 VDOMs License•FortiCloud Service (trial)*
FortiCare Subscription Required•Geography Updates•BYOD Signatures Updates•USB Modem DB Updates•Vulnerability Scan Signature Updates•Firmware Update
+ FortiTokenMobile License + Endpoint License** + VDOM License**
+ SMS Top-up+ FortiCloud Storage Top-up
BOLD: New Offerings
33 CONFIDENTIAL – INTERNAL ONLY
Services, Licenses & Subscriptions
FortiGuard AV Subscription•Botnet IP reputation DB•FortiGuard Analytics Service•Proxy & Flow based AV signatures
FortiGuard Web Filter Subscription•Botnet IP reputation DB•FortiGuard Analytics Service•Proxy & Flow based AV signatures
FortiGuard IPS Subscription•IPS Signature Updates•Application Control Signature Updates
FortiGuard Anti-spam Subscription•Anti-spam Services
BOLD: New Offerings
