Presentation is loading. Please wait.

Presentation is loading. Please wait.

FortiGateAntivirusFirewallOverview. 2 Fortinet Technologies Network Security Network security can be viewed from three perspectives: t controlling access.

Published byRalph Mitchell Modified over 9 years ago

Similar presentations

Presentation on theme: "FortiGateAntivirusFirewallOverview. 2 Fortinet Technologies Network Security Network security can be viewed from three perspectives: t controlling access."— Presentation transcript:

1 FortiGateAntivirusFirewallOverview

2 2 Fortinet Technologies Network Security Network security can be viewed from three perspectives: t controlling access to the inside of the network from outside the network t controlling access to the outside of the network from inside the network t controlling access between networks

3 3 Fortinet Technologies The Nature of the Threat Has Evolved…

4 4 Fortinet Technologies Fueling an Explosion of Point “Solutions”

5 5 Fortinet Technologies FortiGate Antivirus Firewall Network-level Services t Firewall t Intrusion prevention and detection t VPN t Traffic shaping Application-level Services t Firewall t Intrusion prevention and detection t Virus protection t Content filtering for web connections and email

6 6 Fortinet Technologies Secure Installation, Configuration, and Management Secure management of your FortiGate unit can be assured in a number of ways: t IP/MAC binding t HTTPS for browser connections t SSH for command line connections (up to a maximum of 5 connections) t individual management accounts t separate user names and passwords t read-only t write-only

7 7 Fortinet Technologies Web-based Manager t HTTP or HTTPS t Web browser t Windows t Mac t Linux t Configure and monitor a FortiGate unit t Configuration changes effective immediately t Download, save, and restore configurations

8 8 Fortinet Technologies Command Line Interface t Serial port t RS232 t Network t Telnet t SSH t Same configuration capabilities as the web-based manager t Advanced configuration capabilities

9 9 Fortinet Technologies Firewall t set of related programs located at a network gateway server t protects the resources of a private network from users on other networks

10 10 Fortinet Technologies NAT/Route and Transparent Modes NAT/Route mode t the FortiGate unit is visible to the network t all interfaces are on different subnets t policies control communications through the unit t the FortiGate unit acts as a gateway between private and public networks Transparent mode t the FortiGate unit is invisible to the network t policies control communications through the unit

11 11 Fortinet Technologies NAT/Route Mode Hide your internal addressing scheme behind a firewall

12 12 Fortinet Technologies Transparent Mode The firewall acts as a bridge and requires an IP address for management and updates The FortiGate unit is invisible to the network

13 13 Fortinet Technologies Firewall Problem!

14 14 Fortinet Technologies Antivirus Protection Antivirus protection falls under two categories: t host-based t a class of program that searches your hard drive or floppy disks for any known or potential viruses t network-based t resides on a server and has certain traffic at the gateway directed to it for antivirus scanning Your FortiGate antivirus firewall identifies and blocks viruses at the network’s edge

15 15 Fortinet Technologies Web Content Filtering Control network usage by blocking access to t categories of web sites (URL, FortiGuard) t particular web sites (URL) t any page that contains banned words or phrases Systems are policy-based t can associate a user or group of users with a list of prohibited URLs t can block by time of day, keeping working hours more productive Script filter to block Java Applets, cookies, and ActiveX

16 16 Fortinet Technologies Spam Filtering t Scans IMPA, POP3, and SMTP content t Blocks t IP addresses t Email addresses t MIME headers t Banned words and phrases t Checks RBL and ORDBL t SMPT, POP3, IMAP t Exempt lists to override block lists

17 17 Fortinet Technologies Intrusion Prevention System (IPS) t real-time network intrusion detection sensor t attack signatures block more than 1400 attacks t user-defined signatures t configurable thresholds t policy-based

18 18 Fortinet Technologies Static Routing t Configure routing to add static routes to control the destination of traffic exiting the FortiGate unit t Configure routes by adding destination IP addresses and netmasks and adding gateways for these destination addresses

19 19 Fortinet Technologies Policy Routing Policy routing extends the functions of destination routing by routing traffic based on: t destination address t source address t protocol, service type, or port range t incoming interface t IP address Routing table independent

20 20 Fortinet Technologies Routing Information Protocol (RIP) t distance-vector routing protocol t FortiGate implementation supports both RIP v1 (RFC 1058) and RIP v2 (RFC 2453) t RIP t uses hop count as its routing metric where each network is usually counted as one hop t network diameter is limited to 15 hops t RIP v2 t enables RIP messages to carry more information t supports simple authentication and subnet masks

21 21 Fortinet Technologies VLANs t Highly flexible, efficient network segmentation t Supported on models 60 and higher t IEEE 802.1Q t Segregate devices logically instead of physically by adding 802.1Q VLAN tags to all packets sent and received by the devices t A single FortiGate unit can provide security services and control connections between multiple security domains t NAT/Route and Transparent modes

22 22 Fortinet Technologies Virtual Domains t ease of management t lower costs – one system with multiple firewalls t each virtual domain functions like a single FortiGate unit t exclusive firewall and routing services to multiple networks t traffic from each network is effectively separated for every other network t packets never cross virtual domain borders t NAT/Route and Transparent modes

23 23 Fortinet Technologies Virtual Private Networks (VPN) t a private data network that uses the public telecommunication infrastructure t maintains privacy through the use of a tunneling protocol and security procedures

24 24 Fortinet Technologies VPN The FortiGate unit supports the following types of VPN: t PPTP and L2TP t IPSec t NAT traversal t DPD t IPSec redundancy t site-to-site tunnels t Hub and spoke topology t DHCP over IPSec

25 25 Fortinet Technologies High Availability t provides fail-over between two or more FortiGate units t provides fail-over between links t achieved using redundant hardware t matching FortiGate models running in NAT/Route mode t FortiGate units can be configured for either active- passive (A-P) or active-active (A-A) t supported on FortiGate models 60 and higher

26 26 Fortinet Technologies Logging and Reporting The FortiGate unit supports logging for various categories of traffic and configuration changes You can configure logging to report: t traffic that connects to the firewall t network services used t traffic that was permitted by firewall policies t traffic that was denied by firewall policies t events such as configuration changes and other management events, IPSec tunnel negotiation, virus detection, attacks, and web page blocking t attacks detected by the IPS t virus incidents, intrusions, and firewall or VPN events or violations to system administrators using alert email

27 27 Fortinet Technologies Updates and Support t antivirus and anomaly definitions are updated regularly t your FortiGate unit can be configured to: t accept push updates from the FortiResponse Distribution Network (FDN) t check the FDN regularly for updates following a schedule

28 28 Fortinet Technologies FortiProtect Bulletins t emailed whenever updates are made to the antivirus or IPS databases t specifies the latest release numbers so you can confirm your FortiGate unit is up to date t distributed free of charge t sign up at www.fortinet.com

29 29 Fortinet Technologies Online Help t Online help is available through the web-based manager screens t Access help through: t contents t index t search

30 30 Fortinet Technologies Documentation In addition to online help, Fortinet offers a number of publications to assist you in maximizing the effectiveness of your FortiGate unit Most of these publications are on the CD accompanying your FortiGate unit

Download ppt "FortiGateAntivirusFirewallOverview. 2 Fortinet Technologies Network Security Network security can be viewed from three perspectives: t controlling access."

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Firewall Simulation Teaching Information Security Using: Visualization Tools, Case Studies, and Hands-on Exercises May 23, 2012.

Firewall Simulation Teaching Information Security Using: Visualization Tools, Case Studies, and Hands-on Exercises May 23, 2012.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Jonas Lippuner. Overview IPCop  Introduction  Network Structure  Services  Addons Installing IPCop on a SD card  Hardware  Installation.

Jonas Lippuner. Overview IPCop  Introduction  Network Structure  Services  Addons Installing IPCop on a SD card  Hardware  Installation.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Course 301 – Secured Network Deployment and IPSec VPN

Course 301 – Secured Network Deployment and IPSec VPN
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Firewalls: General Principles & Configuration (in Linux)

Firewalls: General Principles & Configuration (in Linux)
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.

Similar presentations

Ads by Google