© Copyright Fortinet Inc. All rights reserved. The Fortinet Secured Network Матенко Александр,

2 About Company FORTINET Fortinet является глобальным поставщиком устройств сетевой безопасности и лидером рынка в сегменте унифицированного управления угрозами (UTM). Штаб квартира Fortinet расположена в Саннивейл, штат Калифорния, США, кроме этого компания имеет офисы по всему миру. Fortinet был основан в 2000 Кеном Кси, визионером и бывшим президентом компании NetScreen (которую в 2004 купил Juniper). Флагман продуктовой линейки Fortinet - платформы по обеспечению безопасности FortiGate представляет собой аппаратно-ускоренную производительность, встроенную систему защиты от множественных угроз, постоянно обновляющуюся систему глубокого анализа угроз.

3 SECURITY Complete Network Security Solution USERS ENDPOINTS Защита устройств ACCESS Безопасный доступ SEGMENTATION Политики и зоны NETWORK Балансировка, DDoS APPLICATION Почта, Malware, etc DATA SECURITY MANAGEMENT Единая точка управления и отчетности PLATFORM THREAT INTELLIGENCE

4 FortiWeb FortiDDoS FortiMail FortiADCFortiSwitchFortiAP FortiGate FortiClient FortiSandBox FortiAuthenticatorFortiAnalyzerFortiManager FortiToken FortiExtender FortiCloud FortiRecorder FortiCamera FortiVoice/ FortiGateVoice FortiFone 3G/4G WAN FortiCache 2 Factor OTP Token DATA CENTERSECURITY OPERATING CENTER LAN MOBILE REMOTE Cloud based Mgmt. FortiWAN Security gateway Mail Security Gateway Secure Web Caching server Web App. Firewall Load Balancer WiFi Access IP PBX L2 Switching Remote VPN Endpoint Security Site-to- site VPN Secure WiFi Access Link Load Balancer DB Servers App Servers Mail Servers Web Servers FortiWiFi Failopen Device FortiBridge FortiTap Network Tap File Analysis User ID Mgmt. Central Log & report Central Device mgmt. FortiTester IP Cam. Recorder Network Tester L7 D/DOS Mitigator DB Security FortiDB

5 FortiGate Product Range Personality, Performance and Scalability DCFW/CCFW ISFW CFW/ VMFW NGFW/ NGIPS UTM Software & Services Product Range Entry Level Mid RangeHigh End Virtual Appliances SoC CPU CP Multi Core CPU NP Multi Core CPU NPCP Multi Core CPU H/W Dependent1 Gbps10 Gbps10 Gbps - 50 Gbps Chassis System FortiGuard Security Services FortiOS Operating System FortiCare Support Services Series Series Series 1000 Series 3000 Series 5000 Series VM Series 50 Gbps - 1 Tbps

6 Inside FortiOS * Features may varied by models ATPOSS SupportAAACentral Mgmt. Integrations ConfigurationVisibilityLog & ReportDiagnostics Management Anti-MalwareIPS Application Control Web Filtering Filtering FirewallVPNDLP User & Device Identity SSL inspection Security Functions Wireless Controller Switch Controller Endpoint Manager Token Server Vulnerability Scanner Extensions :::::::::: Virtual Domains :::::::::: Virtual Systems RoutingNAT/CGNL2/Switching WAN Link / Server LB High Availability Network Functions QoSIPv6 Wan Optimization Network Services NAT/RouteTransparentSniffer Operating Modes LANWiFiWAN Network Interface Physical Appliance (+ASICS)HypervisorCloud Platform

7 FortiGate 300D 2x GE RJ45 Management Ports 4x GE RJ45 Ports 4x GE SFP Slots Hardware Performance Firewall Throughput (1518/512/64)8/8/8 GbpsIPS Throughput2.8 Gbps Firewall Latency3 μsAntivirus Throughput (Proxy Based)1.4 Gbps Concurrent Sessions6 MilVirtual Domains (Default / Max)10 / 10 New Sessions/Sec200,000Max Number of FortiAPs (Total/Tunnel)512 / 256 Firewall Policies ( System/VDOM)10,000Max Number of FortiTokens1,000 IPSec VPN Throughput7 GbpsClient-to-Gateway IPSec VPN Tunnels10,000 SSL-VPN Throughput350 Mbps Concurrent SSL-VPN Users (Recommended Max)

8 FortiGate 5000-Series Bundles  Chassis-based platforms offer maximum performance, reliability, and scalability for high- speed service provider, large enterprise or telecommunications carrier networks.  Fastest chassis-based firewall in the industry  Flexibility enables protection of complex, multi- tenant cloud-based security-as-a-service and infrastructure-as-a-service environments. * Based on sum of individual Security Blades, not as a controller-based system. FG-5060-BaseFG-5060-FullFG 5144C-BaseFG 5144C-Full Firewall Throughput160 Gbps400 Gbps160 Gbps960 Gbps Concurrent Sessions46 Million115 Million46 Million276 Million New Sessions/Sec1.13 Million2.82 Million1.13 Million6.78 Million IPS (HTTP)36 Gbps90 Gbps36 Gbps216 Gbps

/Q12009/Q3 V 2.8V 3.0V 4.0V4.1V 4.2V 4.3 New Key functionalities AntispamSSL VPN IM/P2P mgmt DLP WAN Opt. SSL Proxy App Control Wireless ctrl IPv6 UTM SQL Logging New GUI Network VM Token Server ICAP FortiOS Software Evolution 2010/Q12011/Q3 2012/Q42014/Q2 V 5.0V 5.2 New Key functionalities Client reputation Sandbox integration Endpoint control Device based policy FortiView Deep Flow AV Software performance optimization

10 FortiAP Family 3x3:3 Resiliency and Versatility Dual Radio Dual Band 2x2:2 Performance Single Radio 1x1:1 Value RemoteOutdoorIndoor FAP-221/223C FAP-222B FAP-210B FAP-320B FAP-112D FAP-112B FAP-28C FAP-14C FAP-11C FAP-320C ac FAP-222C FAP-25D FAP-21D FAP-224D ac FAP-321C ac FAP-221/223B FAP-24D

11 FortiAP 221/223C 1 x GE RJ45 Interface Hardware Performance Target EnvironmentIndoorSimultaneous SSIDs 8(7 for client access, 1 for monitoring) Number of Antenna 221C :4 Internal 223C :4 External Max Transmission Power17 dBm (50mW) Number of Radio2PoE Support802.3af Tx / RX Stream (802.11n) 2x2 MIMO with Dual Spatial streams, 1167 Mbps Total

12 FortiAP 222C 1 x GE RJ45 Interface Hardware Performance Target EnvironmentOutdoorSimultaneous SSIDs 16 (14 for client access, 2 for monitoring) Number of Antenna4 ExternalMax Transmission Power26dBm (398mW) Number of Radio2PoE Support802.3at & proprietary Tx / RX Stream (802.11n) 2x2 MIMO with 2 spatial streams, 1167 Mbps Total

13 FSW-348B Overview FortiSwitch  Outstanding price, performance, and scalability to organizations with diverse operational needs. Primary Benefits: ✓ High Port Density ✓ Integrated Power Over Ethernet ✓ Connect Access Points, Peripherals, Cameras, Phones ✓ Create an integrated, secure network FSW-80-POE FSW-124B-POE FSW-224B-POE FSW-324-POE FSW-28C FSW-448B Access level Gigabit Switches with ease of use and low cost of ownership

14 Multifunctional Host Security Flexibility in deployment Fully integrated features, reduce needs for multiple client solutions End Point Control Enforce compliance and security policies on mobile hosts Centralized Logging and Reporting Via FortiGate for enterprise requirements Overview FortiClient Comprehensive end-point protection & security enforcement

15 Supports Strong Authentication IPSEC VPN SSL VPN Administrative Login Captive Web Portal 802.1x Authentication Web Application Access SSO Authentication Platforms FortiGate (FOS4.3 and later) FortiAuthenticator (FAC 1.4 and later) Secure Seed Delivery Options Online Via FortiGuard Encrypted file on CD (FTK-200S) In-house Seed Provisioning Tool (special order) Overview FortiToken Oath Compliant Time Based Hardware One Time Password Token

16 Overview FortiAnalyzer Aggregated Logging Singular View of all Fortinet Devices Built-in Content Archiving Malicious File Quarantine Centralized Reporting Predefined Summary & Device Reports Hundreds of Customizable Charts & Graphs Analysis & Event Correlation Vulnerability Assessment Network & Log Analysis Scalable Solution Hardware and VM Versions Available Collector/Analyzer Modes for Large Deployments High Performance Logs/Sec Processing Support for Internal or External SQL Databases Logging, reporting and analysis from multiple Fortinet devices

17 Administrative Domains (ADOMs) Enables the primary ‘admin’ to create Virtual Management Domains containing devices for other administrators to monitor and manage Hierarchical Objects & Policy Management Create Global Objects and Policies Assign to ADOM or groups of ADOMS Create device configuration templates to quickly configure a new Fortinet appliance Web Portal SDK JSON-based API allows MSSPs to offer administrative web portals to customers Overview FortiManager * Capabilities varied by Models Locally Hosted Security Content Allows administrators better control over security content updates and provides improved response time for rating databases. Run a local copy of AV, IPS, URL, A/S signature databases.* Tools that effectively manage any size Fortinet security infrastructure, from a few to thousands of appliances

18 Overview FortiMonitor Unified Risk Management Solution Log collection with enterprise performance Correlation automatically determines priority threats Assess your network’s Key Risk Indicators Manage host assets critical to your network Schedule regular vulnerability scans Visualize your holistic security with dashboards and reports Unified event correlation and risk management for modern networks

19 Advanced Threat Protection Multi-layered filtering with Code Emulator, AV engine, Cloud query and Virtual OS sandbox Handles multiple file types, includes files that are encrypted or obfuscated Examine files from various protocols, included those that uses SSL encryption Flexible Operation Modes Receives file sample using integration with FortiGate/FortiMail, sniffer mode and manual file uploads Capture files from remote locations using deployed FortiGates Monitoring and Reporting Detailed analysis reports and real-time monitoring and alerting Overview FortiSandbox File Submission Malicious Analysis output Latest AV Signature Update Centralized File Analysis 1 1 ? Advanced Threat Protection solution designed to identify and thwart the highly targeted and tailored attacks

20 Rate Based Detection High performance protection using ASIC Self Learning Baseline Ease Maintenance Maintain appropriate protection dynamically Signature Free Defense Hardware based protection Inline Full Transparent Mode No MAC address changes Granular Protection Multiple thresholds to detect subtle changes and provide rapid mitigation Overview FortiDDoS FortiDDoS Web Hosting Center Firewall Legitimate Traffic Malicious Traffic ISP 1ISP 2 Hardware Accelerated DDoS Intent Based Defense

21 Specialized messaging security system Advanced, bi-directional filtering prevents spread of spam, viruses, phishing, worms, and spyware Flexible deployment options Transparent, Gateway, and Server modes that adapts to organizational needs and budget Identity based encryption Secure, encrypted communication archiving On-box archiving facilitates policy and regulatory compliance requirements Introducing FortiMail Mail Servers FortiMail Advanced anti-spam and antivirus filtering solution, with extensive quarantine and archiving capabilities.

22 Web Application Firewall Aids in PCI DSS 6.6 compliance Protection against OWASP Top 10 Application layer DDoS protection Auto Learn security profiles Geo IP data analysis and security Web Vulnerability Scanner Scans, analyzes and detects web application vulnerabilities Application Delivery Assures availability and accelerates performance of critical web applications Introducing FortiWeb FortiWeb Web Application Servers SQL Injection, XSS… Web application firewall to protect, balance, and accelerate web applications.

23 Database Activity Monitoring (DAM) Real-time monitoring of key users and critical transactions User Activity Base lining Block database attacks in real time Vulnerability Assessment Sensitive data discovery in databases Vulnerability scanning with remediation advice Policy Driven Controls Automated process of establishing IT controls Database Audit and Compliance For compliance and forensics analysis purpose Introducing FortiDB Database Servers FortiDB Deployment options: Sniffer, Native Audit and Agents Database Activity Monitoring and Vulnerability Assessment solution

24 Introducing FortiTester Network performance tester that aids in infrastructure optimization and configuration validation  Affordable appliance that provides low TCO  Ability to run 8 types of network performance tests  Connections (TCP)  throughput (TCP)  PPS (UDP)  CPS (HTTP/HTTPS)  RPS (HTTP/HTTPS)  CAPWAP throughput  Ease-to-use web-based UI  History Viewer  Case Profiles

25 Virtual Appliance Platforms * Also as FortiGate-VMX for VMWare NSX ** Also available as pay-as-you-go licensing option Virtual Appliance VMwareCitrixOpen SourceAmazonMicrosoft vSphere v4.x vSphere v5.x vSphere v6.0 Xen Server v5.6 SP2 Xen Server v6.0 XenKVMAWS Hyper-V 2008 R2 Hyper-V 2012 Azure FortiGate-VM* ✔✔✔✔✔✔✔✔✔✔✔ FortiManager-VM ✔✔✔ ✔✔✔✔✔✔ FortiAnalyzer-VM ✔✔✔ ✔✔✔✔✔✔ FortiWeb-VM ✔✔✔✔✔✔ ✔✔✔ FortiMail-VM ✔✔✔ ✔✔ ✔✔ FortiAuthenticator-VM ✔✔ ✔✔ FortiADC-VM ✔ FortiCache-VM ✔✔ FortiVoice-VM ✔✔✔✔✔ FortiRecorder-VM ✔✔✔✔✔ FortiSandbox-VM 5.1, 5.5 **