Presentation fortinet securing the cloud

26
Fortinet Confidential Securing the Cloud Ondřej Šťáhlavský Territory Manager CEE

Transcript of Presentation fortinet securing the cloud

Page 1: Presentation   fortinet securing the cloud

Fortinet Confidential

Securing the Cloud

Ondřej Šťáhlavský

Territory Manager CEE

Page 2: Presentation   fortinet securing the cloud

Fortinet Confidential

Agenda

• Introduction

• Features and Virtualization

• FortiGate 3950 Series

• FortiGate VM

1

2

3

4

Page 3: Presentation   fortinet securing the cloud

Fortinet Confidential

Fortinet Corporate Overview

• Founded in 2000

• Global presence with 30+ offices worldwide & 1,200+ employees

– 5,000+ channel partners

– 100,000+ customers

– Majority of the Fortune Global 100

• IPO Nov 2009

• NASDAQ: FTNT

• 2009 revenue of $252 Million

– 19% YoY growth

• World class management team

20032005

20072009

$13$39

$80

$123$155

$212

$252

Fortinet Revenue ($MM)

Page 4: Presentation   fortinet securing the cloud

Fortinet Confidential

A Reliable Partner

• Proven Industry Leadership

» Since 2000, Fortinet has received more than 100 product & company awards.

• IDC: Overall leader in UTM factory revenue for all of 2009

• Gartner: Leader in Multi-Function Firewall Magic Quadrant

• Frost & Sullivan: 2010 "Fortinet is the established and undisputed leader" of worldwide UTM market

• SC Magazine: 2009 Readers' Trust Award for "Best Integrated Security Solution"

• Certified security

» Seven ICSA certifications (Firewall, AV, IPS, IPSec VPN, SSL VPN, Anti-Spam, WAF)

» Government Certifications (FIPS-2, Common Criteria EAL4+, JITC IPv6, SCAP)

» ISO 9001 certification

Page 5: Presentation   fortinet securing the cloud

Fortinet Confidential

The Need for Complete

Content Protection

• Overlapping, complementary layers of protection

• Comprehensive, integrated inspection

• Allow but don’t trust any application

• Examine all application content & behavior

Page 6: Presentation   fortinet securing the cloud

Fortinet Confidential

We Pioneered a New Approach

The Fortinet Solution Traditional Network Security Solutions

• Real-time, integrated security intelligence

• ASIC-accelerated performance

• Lower total cost of ownership

• Easy to deploy / manage / use

• Stand-alone, non-integrated security

• Mix of off the shelf systems and applications

• Higher total cost of ownership

• Difficult to deploy / manage / use

Page 7: Presentation   fortinet securing the cloud

Fortinet Confidential

UTM Surpassing Traditional

Network Security

7

2008 2009 2010 2011 2012 2013

Firewall & VPN

UTM

$2.2

$2.1

$ in billions

$1.7

$3.2

Source: IDC “Worldwide Network Security 2008-2012 Forecast and 2007 Vendor Shares: Transitions – Appliances Are More Than Meets the Eye”

Page 8: Presentation   fortinet securing the cloud

Fortinet Confidential

Market Leadership Across the Board

Worldwide UTM Market Share

Q2 2010 (1)

UTM Market Competitive Landscape, 2009(4)

Low Market Penetration High

Niche Participant

Specialist

Contender

Challenger

Market Leader

Low

High

Ability

to

Deliver

8

(1) IDC Worldwide Security Appliances Tracker, September 2010 (market share based on factory revenue) (2) Gartner, Inc., “Magic Quadrant for SMB Multifunction Firewalls”, June 2009 (3) Frost & Sullivan, “World Unified Threat Management, Products Market 2009”, 2010

Notes

Rank Company Market

Share (%) (2)

1 16.4

2 Cisco 9.8

3 Juniper 9.0

4 SonicWALL 8.1

5 Check Point 7.2

6 WatchGuard 4.9

7 McAfee 5.5

8 Crossbeam 2.6

9 Other 41.4

Total 100.0

Magic Quadrant for Multi-Function Firewalls (3)

Page 9: Presentation   fortinet securing the cloud

Fortinet Confidential

Fortinet – Leader in Enterprise UTM

Vendor Q2 2010 Market Share

Fortinet $42.02 37%

Juniper $16.36 14%

Check Point $10.92 10%

Cisco $28.73 25%

McAfee $15.33 14%

9

IDC Worldwide Security Appliances Tracker, September 2010. Data based on $6-$9.9K, $10-$24.K, $25-$49.9K and $50-$99.9K UTM price bands.

Enterprise UTM Revenue

Page 10: Presentation   fortinet securing the cloud

Fortinet Confidential

Agenda

• Introduction

• Features and Virtualization

• FortiGate 3950 Series

• FortiGate VM

1

2

3

4

Page 11: Presentation   fortinet securing the cloud

Fortinet Confidential

Evolution of Firewall Security

Evolution of Firewall Security

Complete Protection

Antivirus/

Antispywar

e

ICSA

Data Loss

Prevention

Antispam WAN

Optimization

SSL VPN

ICSA

Firewall

ICSA

VPN(IPSEC

)

ICSA

IPS

ICSA

Web

Filtering

CIPA

App

Control

Vulnerability

Mgmt

Wireless

LAN IPv6,

Dynamic& Multicast Routing

Load Balancing

SSL Inspection

Endpoint

NAC

Page 12: Presentation   fortinet securing the cloud

Fortinet Confidential

Virtual Domains

• Divide FortiGate unit to operate as multiple separate units

• One FortiGate unit servicing up to 250 separate domains

• Each VDOM has separate administration interface, routing policies, firewall policies …

… VDOM 1 VDOM 2 VDOM 3 VDOM X

Page 13: Presentation   fortinet securing the cloud

Fortinet Confidential

Virtual Domains

• VDOMs can be in routed or transparent mode

• Transparent VDOMs lack IPSEC and SSL VPN, Load Balancing, Wireless Controller and

routing capabilities

Routed/NAT Transparent

Page 14: Presentation   fortinet securing the cloud

Fortinet Confidential

VDOM Resource Limits

• Resource limits configurable globally and per-VDOM

(each VDOM has its own guarantied system resources)

Page 15: Presentation   fortinet securing the cloud

Fortinet Confidential

Inter-VDOM Links

• Only Routed/NAT VDOMs can be interconnected

• VDOMs communicate internally

(Free up physical interfaces for external traffic)

• Inter VDOM traffic controlled by complete UTM inspection on both sides of the link

VDOM 1 VDOM 2 VDOM 3

Page 16: Presentation   fortinet securing the cloud

Fortinet Confidential

Independent VDOM Configuration

• Multiple VDOMs, completely separate from each other

• No communication between VDOMs

(Treated as if on separate physical device)

Internet

External interfaces

VDOM 1 VDOM 3VDOM 2

Internal interfaces

Network 1 Network 2 Network 3

Page 17: Presentation   fortinet securing the cloud

Fortinet Confidential

Management VDOM Configuration

• Root VDOM is management VDOM

(Other VDOMS connected with inter-VDOM links)

• All external traffic routed though management VDOM

Internet

External interface

VDOM 1 VDOM 3VDOM 2

Internal interfaces

Network 1 Network 2 Network 3

Management VDOM

Page 18: Presentation   fortinet securing the cloud

Fortinet Confidential

Meshed VDOM Configuration

• VDOMs interconnected - mesh configuration

(Full access between VDOMS, but handle traffic differently depending on origin)

Internet

External interface

VDOM 1 VDOM 2

Internal interfaces

Network 1 Network 2

Management VDOM

Page 19: Presentation   fortinet securing the cloud

Fortinet Confidential

Agenda

• Introduction

• Features and Virtualization

• FortiGate 3950 Series

• FortiGate VM

1

2

3

4

Page 20: Presentation   fortinet securing the cloud

Fortinet Confidential

FortiGate-3950B Series

• Dedicated Performance » FW : Up to 120 Gbps

» IPS: Over 12 Gbps

• Modular Appliance

» Base model:

− FW: 20 Gbps

− IPS: 4 Gbps

» Fortinet Mezzanine Cards (FMC)

− 20 Gbps FW (both FMC cards)

− 4 Gbps IPS (FMC-XG2 / targeted)

» 64 GB SSD internal storage (FG-3951B)

− Fortinet Storage Module (FSM)

− Expandable to 256 GB (4 x FSM-064)

FortiGate-3950B

FortiGate-3951B

FMC-XD2 FMC-XG2

Page 21: Presentation   fortinet securing the cloud

Fortinet Confidential

Enterprise-Class Benefits

• Build the performance your customers need

» - Scalable performance with the ability to grow from 20 Gbps up to 120 Gbps

• Customize the appliance to meet performance requirements

» Gateway, Datacenter

» Pure Firewall / UTM

• Exceed limited features/functions of ‘next generation’ devices

» Highest performing firewall appliance at 120 GB

» Seamless integration of FW, IPS, VPN, Web Filtering, and other FortiOS services

» Complete content protection: Application control + application security

• More than application identification

• Integration of content-based security technologies into the firewall to identify threats within trusted

application content

Page 22: Presentation   fortinet securing the cloud

Fortinet Confidential

Specialized Processors within

FMC Modules

• FortiASIC-NP4

» Accelerates security services at the interface level

• Packet size independent , very low latency, wire speed performance for millions of sessions with dynamic

address translation

» IPSec ESP encryption and decryption processing

» Packet anomaly detection, checksum offload and packet defragmentation

» Traffic Shaping and priority queuing

• FortiASIC-SP2

» Multi-core multi-threaded security processing complex » Builds on the capabilities of the FortiASIC-NP4 to provide additional services, including

• Application control

• IPv6

• IPS Signature analysis

• DOS protection

• Multicast acceleration

Page 23: Presentation   fortinet securing the cloud

Fortinet Confidential

Integrated Switch Fabric inside

FG-3950 Series

• Uniquely scalable approach to forwarding and security processing

» Utilizes specialized FortiASIC-NP4 and –SP2 processors to achieve breakthrough acceleration

» Fortinet Mezzanine Card (FMC) delivers additional processing power that can be distributed across

the entire appliance via the ISF

• Fully meshed connectivity between all FMC slots and associated processing modules

4x1G

FMC

0

FMC

1

FMC

2

FMC

3

FMC

4

On

Board

PHY

NP

NP/SP

NP/SP

NP/SP

NP/SP

NP/SP

PHY

PHY

PHY

PHY

PHY

I

S

F

Page 24: Presentation   fortinet securing the cloud

Fortinet Confidential

Agenda

• Introduction

• Features and Virtualization

• FortiGate 3950 Series

• FortiGate VM

1

2

3

4

Page 25: Presentation   fortinet securing the cloud

Fortinet Confidential

FortiGate VM Specifications

Feature FortiGate-VM

Hypervisors Supported VMware ESXi/ESX 3.5/4.0/4.1,

others that can run *.ovf format

Hardened Platform

Open Virtualization Format (OVF)

Yes (Using VMware HW version

7)

# of vCPU’s supported 2/4/8/U

Built in VDOMS (upgradeable) 10

Memory and CPU Uses Hypervisor

10/100/1000 Interfaces 10 Max (Uses Hypervisor)

Storage Capacity Uses Hypervisor

High Availability Yes

FortiGate version (Firmware) 4.2

Page 26: Presentation   fortinet securing the cloud

Fortinet Confidential

[email protected]