1 Fortinet Confidential Copyright 2013 Fortinet Inc. All rights reserved.

Fortinet Virtualized Security Solutions Jason Bandouveres Senior Product Manager Cloud & Virtualization Solutions

2 Fortinet Confidential

This document contains confidential material proprietary to Fortinet, Inc.

This document and information and ideas herein may not be disclosed, copied, reproduced or distributed to anyone outside Fortinet, Inc. without prior written consent of Fortinet, Inc.

This information is pre-release and forward looking and therefore is subject to change without notice.

The purpose of this document is to provide a statement of the current direction of Fortinets product strategy and product marketing efforts.

Please note that this Product Roadmap is neither intended to bind Fortinet to any particular course of product marketing and development nor to constitute a part of the license agreement or any contractual agreement with Fortinet or its subsidiaries or affiliates.

D I S C L A I M E R

3 Fortinet Confidential

Data Center FW - Virtualization and SDN Integration

Unified Network Access

Secure WiFi & Switching Unified Communication

Systems

Authentication

Core Firewall Platform

Sclabale ASIC Driven Architecture + Virtualization Flexible FOS (FW Personalities NGFW, DCFW,

UTM, Carrier)

Advanced Security Updates

Application Delivery Network

Application Delivery Controllers Web Applicaton Firewalls Distrbuted Denial of Service

Core Network

Data Center

Access Network

Global Management

Platform

SDN/NSX Virtualization Orchestration

Logging, Analytics & Reporting

Multi Platform Policy Object Manager Operations APIs

4 Fortinet Confidential

VMware NSX Integation Network Extensibility (NetX) API Integration

Platforms & The Cloud

Availability of all Major Virtualization Platforms

Fortinet Virtualized Solutions

Widest breadth of Security Solutions in the Marketplace

Agenda

5 Fortinet Confidential

Virtualization of Security Controls Is Happening Quickly

6 Fortinet Confidential

Gartner Hype Cycle Cloud Security

7 Fortinet Confidential

Fortinet Virtualized Solution Strategy

Widest breadth of security virtual appliances

Single Pane-of-Glass Management

Hypervisors & Cloud FortiGate-VMX Integrated Solutions

8 Fortinet Confidential

Fortinet Virtualized Solutions - Diagram

9 Fortinet Confidential

Use Case 1: Dedicated Resources

Dedicated physical compute, network and storage resources.

Dedicated security gateways.

No need to route outside of virtual infrastructure.

Reduce stress on physical network links and eliminates unnecessary latency in application tiers.

FortiGate-VM

Internet

Web Servers Application Servers Database Servers Customer Hosted Application Secured by FortiGate-VM

vSwitch APP

Hypervisor

vSwitch DB vSwitch WEB

vSwitch External

10 Fortinet Confidential

Use Case 2: Dedicated Security Physical and Virtualized

Take advantage of FortiGates ASIC acceleration technology for enhance performance.

FortiGate-VM secures each trust zone so the application doesnt need to route out to the physical network.

Ensures minimal latency and maximum performance.

Fortigate HW secures vDatacenter against threats.

FortiGate-VM

FortiGate HW Appliance

Internet

Web Servers Application Servers Database Servers Customer Hosted Application Secured by FortiGate & FortiGate-VM

Hypervisor

vSwitch APP vSwitch DB vSwitch WEB

vSwitch External

11 Fortinet Confidential

Use Case 3: Dedicated FortiGate-VM per tenant

FortiGate-VM will secure all traffic in and out of customers environment

Ability to deploy multiple FortiGate-VMs per virtualization host

Protect individual depain multi-tenant environments

Common scenario in Enterprise space

Customer Alpha Customer Bravo

Port Group External (VLAN 100)

Virtual Switch Architecture

Internet

VLAN 1010

VLAN 1020

Connectivity VLAN (VLAN 100)

Port Group Alpha (VLAN 1010)

Port Group Beta (VLAN 1020)

FortiGate-VM

Hypervisor

FortiGate-VM

12 Fortinet Confidential

Use Case 4: FortiGate-VM with VDOMs

Utilize Virtual Domains (VDOMs) within FortiGate-VM

1 VDOM: 1 tenant

Segregate customers or business organizations in multi-tenant environments (private and/or public clouds)

Customer Alpha Customer Bravo

Port Group External (VLAN 100)

Virtual Switch Architecture

Internet

VLAN 1010

VLAN 1020

Connectivity VLAN (VLAN 100)

Port Group Alpha (VLAN 1010)

Port Group Beta (VLAN 1020)

VDOM Bravo VDOM Alpha

Hypervisor

13 Fortinet Confidential

vSwitch Fabric

vSwitch Bravo 1-n Inter-VM

Use Case 5: Inter-Zone and Inter-VM Security

All Inter-VM traffic in Bravo Zones are subject to full UTM scan through L2 VDOM. Inter-Zone traffic subject to full Next Gen Firewall and UTM scan by L3 VDOM. Alpha Zone VMs can all talk to each other freely.

Alpha Zones

VLAN trunk to L2 VDOM

Bravo 1 Port Gr VLAN 102{1-n}

VLAN trunk to L2 VDOM

vSwitch Inter-ZONE

To L3 VDOM

Bravo 1

vSwitch Alpha

Bravo 2 Port Gr VLAN 103{1-n}

For0Gate-VM

VLAN 1021

1022

VLAN 1031

1032

Hypervisor

Alpha Port Group (VLAN 101)

Bravo 2

14 Fortinet Confidential

Use Case 5:Inter-Zone and Inter-VM Security A closer look inside the FortiGate-VM

ZONE 2 192.168.1.x

For0Gate-VM

VM1

VM2

VM3,4

VM5 VM7,8

VM6

NGFW/UTM

NGFW/UTM

NGFW/UTM

ZONE 1 192.168.2.x

ZONE 1 to 2

Zones: Web/DB/App Tenant1,2,3 HR/Finance/QA

Secure Inter-VM traffic in same broadcast domain Transparent VDOM to bridge VLANs Inter-Zone L3 VDOM within FortiGate-VM instance (not vSwitch) No hypervisor API dependency

Hypervisor Layer

15 Fortinet Confidential

Deployment Scenario: Single Pain of Glass Management of Physical and Virtual Security Appliances

Centrally manage physical and virtualized Fortinet security appliances

No limits on virtual hardware so adding memory and CPU is a matter of editing the FortiManager-VM virtual appliance

Ability to grow as your environment grows no need to swap out hardware

Same central management infrastructure you are already familiar with Internet

Web Servers Application Servers Database Servers

Hypervisor

vSwitch External

vSwitch MGMT vSwitch App vSwitch DB vSwitch Web

FMG-VM

16 Fortinet Confidential

Deployment Scenario: Collect and Analyze Logs from Both Physical and Virtual Security Appliances

Centrally gather logs and run analytics from virtualized and physical Fortinet appliances

Deploy fully tiered environment with multiple collectors gathering logs for a central analyzer

No limits on virtual hardware so adding memory and CPU is a matter of editing the FortiAnalyzer-VM virtual appliance

Ability to grow as your environment grows no need to swap out hardware

HR Finance Engineering

Internet

FAZ-VM FMG-VM FAZ-VM Collector

FAZ-VM Collector

Local FAZ Collector

Hypervisor

vSwitch External

vSwitch MGMT vSwitch Collector

Finance Dev HR

Local FAZ Collector

17 Fortinet Confidential

VMware NSX Integation

Network Extensibility (NetX) API Integration

Platforms & The Cloud

Availability of all Major Virtualization Platforms

Fortinet Virtualized Solutions

Widest breadth of Security Solutions in the Marketplace

Agenda

18 Fortinet Confidential

Fortinet Virtual Appliance Platform Support

VMware Citrix Open Source Amazon Microsoft

Virtual Appliance vSphere v4.0 vSphere

v4.1 vSphere

v5.0 vSphere

v5.1

Xen Server

v5.6 SP2

Xen Server v6.0

Xen KVM AWS Hyper-V 2008 R2 Hyper-V

2012

FortiGate-VM Q1

FortiManager-VM 1H 1H 1H

FortiAnalyzer-VM 1H 1H 1H

FortiWeb-VM

FortiMail-VM

FortiScan-VM

FortiAuthenticator-VM

FortiADC-VM

FortiCache-VM

FortiVoice-VM

FortiRecorder-VM

19 Fortinet Confidential

VMware NSX Integation

Network Extensibility (NetX) API Integration

Platforms & The Cloud

Availability of all Major Virtualization Platforms

Fortinet Virtualized Solutions

Widest breadth of Security Solutions in the Marketplace

Agenda

20 Fortinet Confidential

NSX Integrated Partners Integration Points

NSX Controller

NSX API

Partner Extensions

Network Gateway Services

Network Security

Platforms Application

Delivery IDS/IPS

+

Cloud MGT Platforms

AV/FIM Vulnerability Management

Security Services

VMware NSX network virtualization platform provides security across virtual and physical infrastructures Similar to virtual machines for compute, virtual networks are programmatically provisioned and managed independent of underlying networking hardware

21 Fortinet Confidential

VMware Network Extensibility (NetX)

Program provides tools and resources to help partners develop and certify network security and network services solutions that are integrated into VMwares cloud infrastructure suite

Service Virtual Machine (FortiGate-VMX) is automatically deployed using the vShield Manager/NetX REST APIs

Set rules about what sort of packets are accepted, rejected, sent or copied to it for examination, based on IP address, MAC address and port number Inserts virtual filter between vNIC of the protected VM and the virtual switch (i.e. hypervisor-based security)

22 Fortinet Confidential

Fortinet Service Manager integrates with vShield Manager

Fortinet Service Manager integrates with FortiGlobal via JSON API

Service Manager registers solution with VMware environment

Service Manager is updated with all vCenter dbase objects

Service Manager deploys security service VMs

FortiGlobal pushes policies to security service VMs

Fortinet Integration

VMware vSphere

FortiGate-VMX FortiGate-VMX FortiGate-VMX

VMware vSphere VMware vSphere

vDistributed Switch

VMware vCenter Server VMware vShield Manager

Fortinet Service Manager JSON

FortiGlobal-VM

23 Fortinet Confidential

Q & A