Embed Size (px)
Citation preview
© Copyright Fortinet Inc. All rights reserved.
Secure Access ArchitectureAlessandro Berta – Systems Engineer15 Aprile 2016
2
Trend: Device Growth ContinuesMore devices and newer device types are entering the network
33 Billion endpoints projected to be connected by 2020 – Gartner
New device types entering the network
» ‘headless’ IoT, wireless sensor nodes, beacons, wearables
3
Trend: Devices Going WirelessWi-Fi becoming the primary access medium
© Nemertes Research, August 2015
Other
ZigBee
Bluetooth
Wi-Fi
Ethernet
0% 10% 20% 30% 40% 50%
9%
7%
13%
35%
36%
2014Percent of Respondents
LAN
Acc
ess
Tech
nolo
gies
• Each generation of Wi-Fi technology accelerates the migration to wireless for users
IoT Access Technology Predications
© Infonetics, M2M Strategies by Vertical: N. American Enterprise Survey, January 2014
64%Wireless
• IoT devices going wireless
4
Trend: Need for More SpeedMigration to 802.11ac continues
1st Generation1997-1998
2nd Generation1999-2001
3rd Generation2002-2006
4th Generation2007-2011
5th GenerationNow
802.112 Mbps
802.11b11 Mbps
802.11g/a54 Mbps
802.11n450 Mbps
802.11acGigabit Mbps
Infonetics, Wireless LAN Equipment Quarterly Worldwide and Regional Market Share: 4Q14
Migration to 802.11acWi-Fi Standards Evolution
802.11ac
5
Trend: Seamless User ExperienceA unified access experience is the expected norm
Users utilize multiple devices in the enterprise» Wireless: smartphone, tablets» Wired: desktops, workstations
Consistent user experience is the norm» Consistent policies for access, application, security
Seamless device experience» New device types must be provisioned appropriately» “Headless” devices – IoT
AccessPoints Switch
Wireless WiredAuthentication
6
Wireless - the Weakest Link
Endpoint Core network infrastructure Wireless Databases Applications Storage Email0%
10%
20%
30%
40%
50%
60%
WLAN Ranked as the Most Vulnerable IT infrastructure
Source: Fortinet Security Census 2015, 1490 respondents
7
Expectations are on the Rise
Need More SpeedMigration to 802.11ac
SeamlessUnified Experience
Unified Network Operations
RisingExpectation
Application Growth
Move to wireless
Device Growth
8
Combine Security and Access
Need More SpeedMigration to 802.11ac
SeamlessUnified Experience
Unified Network Operations
Application Growth
Move to wireless
Device Growth
AccessSecurity
SECURE ACCESS ARCHITECTURE
9
FortiPresence FortiAuthenticator
FortiManager FortiWLM
FortiClient FortiWiFi
FortiWLC
FortiAP
FortiGate Controller
FortiSwitch (POE)
SECURE ACCESS ARCHITECTURE
CampusRetail/Distributed
SMB/Remote
INFR
ASTR
UC
TUR
E
CLO
UD
INTEG
RATED
N
Secure Access
Why Fortinet?
10
Complete Secure Access Offerings
Note: formally Meru Networks
Cloud
APSwitch
Cloud(Cloud Management)
Security+
WLAN Management
APSwitch
Integrated(Integrated Controller)
AP
SecurityWLAN
Management
Switch
Infrastructure(Dedicated Controller)
1 2 3
11
Fortinet Offers More Choices
Infrastructure(Dedicated Controller)
Integrated(Integrated Controller)
Cloud(Cloud Management)
Distributed Enterprise (Retail / QSR) Healthcare / Financials K-12 / Primary / Secondary School Higher Education Large Public Venue
Infrastructure WirelessSecure Access Architecture
13
Why Infrastructure?
1
Mobile: Fit for highly mobile deploymentsFlexible: Many deployment optionsStand-alone: Able to separate access purchase decision from security
FortiWLC-50D
FortiWLC-200D
FortiWLC-500D
Infrastructure Wireless
14
Infrastructure Wireless
Multi-Channel
One channel to simplify deployment and seamless roaming
Multiple channels to maximize spectrum reuse and performance
Single Channel + Virtual Cell
36 36 36
36 36 36 36
36 36 36
Multiple channels to segment application traffic and add capacity
Channel Layers + Virtual Cells
36 36 36
36 36 36 36
58 58 5844 44 44
44 44 44 44
42 42 42149 149 149
149 149 149 149
149 149 149
1
15
Infrastructure Wireless
Network In ControlFortinet decides when clients roam for best possible user experience in time-sensitive applications.
Mobile Fit for highly mobile and scalable deployments where low latency and roaming support matter
Controlling the User Experience
1
16
Client-in-control: the “Sticky Clients” issue
Scanners and VoIP handsets re-charging in the cradles
1
17
Client-in-control: the “Sticky Clients” issue
WiFi Client tend to stick to the same AP, depending on their NIC driver
1
18
Client-in-control: the “Sticky Clients” issue
The AP-Client links are barely optimized. Many connections are at long distance, weak signal, low data rate, scarce throughput.
1
19
Network-in-control
Optimized Distribution of Clients
Wi-Fi Clients are always associated to the best AP: higher signal, faster data rate, better performance, AP’s are not congested by far-away clients.
1
20
Roaming is really Seamless and at the right time
20
X
Multi-Channel Virtual Cell100 ms – 3
seconds between handoff
5 - 10 ms between handoff
X
1
Integrated WirelessSecure Access Architecture
22
Integrated Wireless
Security AccessControl
Enterprise WLAN controller Rogue AP and WIDS Integrated captive portal Tunnel, bridge and mesh
Single pane of glass Unified wired/wireless Application control FortiGuard Services
Security
2
23
Integrated Wireless
Every FortiGate includes a WLAN controller
Largest range of controllers in the industry
Support ranges from 5 APs (100 users) up to 10K APs
(32,000 users)
2
WiFi > SSID2
FortiView > Device topology (SSID and VLAN)2
FortiView > Applications2
FortiView > Applications > Drill Down > Sessions2
FortiView > Threat Map2
Cloud WirelessSecure Access Architecture
30
Why Cloud?
3
FAP-S323C802.11ac3x3:3
FAP-S321C802.11ac3x3:3
Secure: Industry’s only UTM + AP solution Cloud: Roll out remote sites in minutes - not hours and days Controller-less: Wi-Fi without the complexity of on premise controllers
Cloud Wireless
31
Competitor Cloud Wi-Fi FortiAP-S Series
Connection
Credential Lookup
Authentication
Gap in Security Protection
Continue to Wire
Connection
Credential Lookup
Authentication
IPS, AV, Botnet
URL Filter, App Control
Continue to Wire
Managed by FortiCloud No controller required FortiGuard services run on each AP Simplifies deployment and management
Cloud Wireless3
32
Cloud Wireless
Intrusion Prevention System
Antivirus and Anti-botnet
L7 Application Control
Web Filtering
3
Other Secure Access related productsSecure Access Architecture
34
FortiPlanner
Wireless LAN Planning and Real-Time Visualization Software Free download for deployments of up to 30 FortiAPs. Pro license supports unlimited FortiAPs and enables Site Survey and Real-Time
Heat-map features
FortiPlanner wireless deployment planning FortiPlanner wireless site survey
35
FortiPresence
Presence Analytics SolutionUses existing in-store FortiAP or FortiWiFi access points to collect the WiFi signal information from the smartphones of visitors.
Solution Components:» FortiAP or FortiWiFi - Detects WiFi signal from smartphones» FortiGate or FortiWLC - Aggregates signal information from multiple APs» FortiPresence Cloud – Processes data and presents analytics on dashboard
FortiPresence
36
FortiPresence
Total visitor traffic Real time visit capture rate Dwell time duration A/B comparison across stores Repeat visitors, frequency
VIP Alert Heat maps with animated flows Real-time density, staff resources Measure marketing campaign effectiveness
37
FortiSwitch
Why FortiSwitch? Control: Managed and secured from FortiGate GUI Power: Full PoE+ power for APs and other Power over Ethernet devices Stackable: 1GbE, 10GbE and 40GbE with stacking capability
38
FortiGate Switch Management
» Fortilink protocol for secure management
» Visibility into port speed/status» Centrally manage VLANs» Apply security policy» Authenticate clients centrally via
802.1x or captive portal
FortiSwitch
39
FortiPresence FortiAuthenticator
FortiManager FortiWLM
FortiClient FortiWiFi
FortiWLC
FortiAP
FortiGate Controller
FortiSwitch (POE)
SECURE ACCESS ARCHITECTURE
CampusRetail/Distributed
SMB/Remote
INFR
ASTR
UC
TUR
E
CLO
UD
INTEG
RATED
N
Secure Access
