Selling in the Telco sector JOSE GRANDMOUGIN EMEA SENIOR CONSULTANT

Protecting the Service Provider’s Infrastructure MOBILE NETWORK MOBILE NETWORK RADIUS SERVER GGSN SGSN 2 2 Protecting the customer (Managed Security Service Provider) Subscriber Network 1 1 Security Solutions for Service Providers Two discrete solutions for Service Providers

Managed Security Services

NOC/SOC Traditional CPE / Client Based MSS 4 Internet

Virtualized Services Per Customer Virtual Domain Application Control Web Filtering AntiVirus / AntiSpyware Data Leak Prevention AntiSpam Intrusion Protection VPN (IPSec / SSL) Firewall Dynamic Routing 5

Security Processing Modules ADM-XE2 and ASM-CE4 Intrusion Prevention Offloading Inspects traffic traversing network interfaces for network-based attacks Provides protocol anomaly and signature- based inspection Multi-Gigabit performance Firewall Offloading Inspects traffic traversing network interfaces and blocks/allows according to firewall policy Line-Rate performance IP Multicast Offloading Accelerates and routes IP Multicast traffic Contributes to improved performance of video, voice, and other IP Multicast applications ASM-CE4 ADM-XE2

NP4 Based Dual Wide AMC Module Compatible with 5001A/3810A Firewall and IPSec offload 4 x 10G SFP+ Interfaces Includes 2xSR SFP+ transceivers 20G Firewall Processing 8G IPSec VPN Processing 7 ADM-XD4

Value Added Internet Access Services COMPETITION Juniper CrossBeam Cisco WINNING FACTORS Protection Profiles and Virtualization Routing flexibility Hardware scalability Customer 1 Customer 2Customer 3 Internet 8

Value Added RAS COMPETITION Cisco Juniper WINNING FACTORS Features Integration, IPSec, SSL VPN Antivirus, Web Filtering Self Service Management Portal Internet Client CPE Internet 9

3G High-Performance VAS COMPETITION Cisco Juniper WINNING FACTORS Features Integration, Fast Antivirus services Self Service Management Portal 10Gb real throughput Internet 3G Network 10

Management Interfaces in the Cloud 11 ProvisioningBilling Troubleshooting Monitoring NOC / SOC Network Self Service Portal Device Group JSON API XML API XML API / GUI CLI / SNMP / GUI LOG / ARCHIVE QUARANTINE MGMT GUI CUSTOMERS

FortiManager Portal User Portal Customization Development Toolkit Provides a full set of customization options Function, content, and branding Secondary database interfaces Consumer Portal Simplified option set Uses Development Toolkit Targets consumer opportunities Linked with Dynamic Profile Feature on FortiOS Carrier

Virtualized Management Device Group 2 Device Group 1 Admin 2 Admin 1 Customer 1 Customer 2 Multiple Administrative Domains Administrative Domain (ADOM) Per Customer / Device Group Policy Management Per Customer / Device Report Generation Supports VDOM groups and physical device groups in any combination

Dynamic Security Profiles

Applies to two key target service provider markets Managed Security and Mobile Allows user “Self-Service” automation RADIUS Accounting Record attributes used to create a context for a source IP address Context can associate IP address with any other RADIUS attribute Username, MSISDN, Service Name Protection Profile also extracted from the RADIUS record Assumes an authentication event has occurred within the Carriers network Typical in both fixed (DSL) and mobile environments RADIUS SERVER Radius Accounting Message Dynamic Policy Created Dynamic Security Profiles Portal Provisioning PORTAL SERVER DYNAMIC SECURITY PROFILES

 Provides an authenticated bypass of the Service Restrictions  Within a domestic environment  Both end-points (users) are behind the same NAT boundary  Clientless solution to differentiate access – no software to ‘hack’  Parental control is maintained DSL Home user 1 (Adult) NAT DSL Home user 2 (Child) Dynamic Security Profiles In Home Parental Control* DYNAMIC SECURITY PROFILES *FortiOS Carrier 4.1

Per end-point Black / White List End points (users, MSISDN) can have their own black white list No requirement for end user to access FortiGate infrastructure Can be populated on Self Service Portal Dynamically configured on FortiGate as end points attach RADIUS VSA Extension, no fixed limit for URLs DSL+3G RADIUS Dynamic Security Profiles End-Point customisation DYNAMIC SECURITY PROFILES Self Service Portal *FortiOS Carrier 4.2

Infrastructure protection

FortiOS Carrier 4.0 Highlights Dynamic Profiles Per user services via a RADIUS API Protection Profile derived from RADIUS record Session Initiation Protocol (SIP) Security Stateful SIP tracking, Malicious SIP message protection, SIP Rate Limitation SIP Transparent or SIP NAT mode, IP Topology Hiding, RTP Pinholing Geographical Redundancy, SIP Stateful High-Availability Multimedia Message Service (MMS) Security Antivirus, Antispam/Antifraud, Antiphising (via Web Filtering) Sender and Admin notification GPRS Tunneling Protocol (GTP) Firewall 3GPP version 6.9.0, including Overbilling Protection Protocol Anomaly Checks, IMSI/APN/IE filtering

 20 FortiCarrier SIP Security Softswitch SIP Application Server (AS) Signalling Control (SIP ) Media Control (RTP) All Traffic – Access and Peering - Hosted NAT Traversal - Call Admission - Interoperability - Interworking (IWF) - Media Pinholing and Policing - Call Control - Routing - Features - Billing NGN Network Topology SIP RTP SIP Firewall SIP RTP Session Border controller Optional RTP bypass - SIP aware Firewall - Denial of Service prevention - Message Filtering - Message rate limiting - IPS detection and prevention VOICE SECURITY

Mobile Security FortiCarrier also provides: MMS Antivirus MM1/3/4/7 Monitor mode Intercept, Archive, Quarantine, Block Actions Sender Notification and alerting MMS Antispam MM1/4 Duplicate Message, Sender Flooding Admin Notification INTERNET OTHER OPERATOR MMSC MM3 MM1 MM4 CONTENT PROVIDER MM7 MOBILE SECURITY

Cloud / Endpoint Managed Services

Global Service Offerings FortiGuard™ Global Research Team provides original security intelligence via FortiGuard subscriptions Antivirus Intrusion Prevention Web Filtering Antispam FortiCare™ Support services provides technical assistance anywhere, anytime Multiple service levels to meet customer requirements

FortiMail – Security Role Based Administrative Domain Management Thousands of domains LDAP Profiling Outsourced policy management / service enablement Inbound and Outbound Antivirus and Antispam Centralised Quarantine Multiple Operating Modes Server, Gateway/Relay and Transparent Unlimited License Model Not per mail box or domain Integrated with FortiManager and FortiAnalyzer Chassis Blade and Appliance Form Factor 24

FortiClient Desktop Access to FortiGuard Services Antivirus & Antispyware Protection Personal Firewall Content Filtering Windows Registry Monitor IPSec VPN Client Private Label Branding Microsoft MSI installer for rapid deployment to many clients Client lockout to prevent unauthorized configuration License Control

FortiMobile Security Client Software Symbian Series 60 2 nd Edition: v7.0s, V8.0a, v8.1a 3 rd Edition: v9.1, v9.2, v9.3 Windows Mobile 2003 SE: Pocket PC, PPC Phone 5.x: Pocket PC, PPC Phone, Smartphone* 6.x: Professional, Standard, Classic Capabilities include Personal Firewall VPN (IPSec, SSL) Incoming Call Filter SMS Antispam Antivirus Phone Security (Contact / SMS / Call Log / Data Encryption) Multi-Language Support Smartphone support to be added in 4.3

Questions?