Embed Size (px)
Citation preview
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • •
FortiOS CarrierFortiOS Carrier
Securing Carrier Networks
Carrier-GradeSecurity Solutions
Multi-Threat Security and Content ProtectionFortiOS™ Carrier security solutions utilize a combination of signature, anomaly, behavioral and heuristic detection engines to provide real-time multi-layered security. Fortinet’s FortiOS Carrier provides a high-performance, scalable solution to detect and eliminate a wide spectrum of attacks including blended threats, intrusion attempts, viruses, trojans, worms, spyware, grayware, adware and denials-of-service.
FortiOS Carrier Security Platforms
Fortinet’s FortiOS Carrier security platforms provide end-to-end mobile network and device protection. FortiGate network-based ASIC-accelerated hardware platforms, available as integrated platforms or modular ATCA based platforms scale to meet the capacity and performance requirements of the largest networks. FortiOS Carrier security engines can be used separately or together to enable a comprehensive security solution based on the network and service requirements. Also available is FortiClient endpoint protection software that utilizes the power of Fortinet’s sophisticated security engines to protect mobile and personal computing devices and to protect the network from malware propagated by client devices.
Antivirus Protection Profi le
Antispam Protection Profi le
Client Protection
Cyber crime and network attacks pose serious threats to subscribers that can lead to service outages, customer dissatisfaction and increased support costs. FortiOS Carrier provides protection for client devices such as PC’s, basic wireless handsets and Windows Mobile and Symbian OS based smartphones.
Core Network Protection
Carrier-grade GTP Firewall:- GTP Profi le associated with Firewall policy- 3GPP 29.060 version 6.9.0
Transparent mode MPLS:- Intrusion Protection System (IPS) scanning
of MPLS encapsulated traffi c
MMS / IMS Protection
MMS Antivirus / Antispam:- MM1, MM3, MM4, MM7 interfaces - Reporting based on MSISDN and user agent
Secure Next Generation networks:- SIP Signalling fi rewall for NGN/IMS networks- Supports SIP/SDP and ALG driven NAT/NAPT
FortiGate-5050FortiGate-5020 FortiGate-5140
FortiClientMobile / PC
Software
FortiGateIntegrated Security PlatformsPowered by FortiOS Carrier
FortiGateModular ATCA Security Platforms
Powered by FortiOS Carrier
Protection Profiles
Associated on a per MISDN / per user basis.
The protection profi le provides:- Antivirus / Antispam- URL Categorization- Intrusion Protection (IPS)- Instant Messenger control
Parental Control Application
Associated on a per MISDN / per user basis.
The parental control application provides:- Filter Web URL categories- Content Rating / Blocking- Opt-in / Opt-out depending on the default
protection profi le settings
ADM-XB2
2-Port 10-Gigabit Ethernet 4-Port Gigabit Ethernet
ASM-FB4
FortiGate-3810A AMC Expansion Modules
FortiGate-3810A
FortiGate-3600AF iG 3600A
SIP Statistics / Logging
Direct / Proxy SIP Calling
SIP/SDP NAT/NAPT Context Based NAT
Message Rate Limiting
Redundant Proxy Path
SIP ALG Stateful Failover
NAT Support for Call Detail Record (CDR)
Protocol Anomaly Detection and Prevention
Multiple Filter Options Message, APN, IE removal, etc.)
Sanity Checking
Stateful Inspection
Over Billing Protection
High Availability Virtual Domain Support
MMS Content Scanning / Keyword Blocking
Antivirus Scanning / File Type Blocking
Antispam Detection
Per user services, such as URL fi ltering and logging. Reporting based on MSISDN and user agent. Notifi cations can be sent to the handset (sender/recipient)
Scanning of all MMS interfaces
VLAN and High Availability Support
FortiOS Carrier Security SolutionsFortiOS Carrier provided a fully integrated and complete solution securing the Application, Control, Transport and Access layers of the IP infrastructure network.
GTP Firewall
SIP / IMS Signalling Firewall
Secure Multimedia Messaging Service (MMS)
INTERNET
SUBSCRIPTION SERVICES
MM3
MM4MM7
WAPGateway
MM1
MMSC &FORIEGN
OPERATORSVALUE-ADDED
SERVICES
CENTRALIZED MANAGEMENT
CENTRALIZED REPORTING
P-CSCF
S-CSCF
HSS
I-CSCF
Applications
Media Gateway
INTERNET
SUBSCRIPTION SERVICES
SIP / DIAMETER
FORIEGNOPERATORS
PSTN / NGN
CENTRALIZED MANAGEMENT
CENTRALIZED REPORTINGIMSINFRASTRUCTURE
SGSN GGSNGn Gn
Gp
Gi
FORIEGNOPERATORS
INTERNET
CENTRALIZED MANAGEMENT
CENTRALIZED REPORTINGSUBSCRIPTION SERVICES
FortiGuard™ Distribution Network / Update ManagerFortiGuard is a global network of redundant high speed database servers that deliver real-time signature updates. FortiGuard is configurable in a hierarchical architecture where signature updates are cached in real-time from the Fortinet global database to a locally hosted service provider database. This enables service providers to flexibly customize their protection configuration while maximizing performance, ensuring security, and sustaining service levels. FortiGuard provides real-time ‘push / pull’ update services for Antivirus, Content Filtering, Antispam, System Software Updates and Intrusion Prevention Services.
Global Virus Research TeamFortinet’s Antivirus security services are created, updated and managed by a global team of Fortinet security professionals working around-the-clock, seven days-a-week to ensure that the latest attacks are detected and blocked before they can harm your corporate resources or infect your end-user computing devices. Fortinet provides the fastest Antivirus signature response times in the industry.
©2006-2007 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiOS, FortiAnalyzer, FortiASIC, FortiLog, FortiCare, FortiManager, FortiWiFi, FortiGuard, FortiClient, and FortiReporter are trademarks or registered trademarks of the Fortinet Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Licensed under U.S. Patent No. 5,623,600. Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. Please note that no Fortinet statements herein constitute or contain any guarantee, warranty or legally binding representation. All materials contained in this publication are subject to change without notice, and Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice. SOL123 1207 R2
GLOBAL HEADQUARTERSFortinet Incorporated1090 Kifer Road, Sunnyvale, CA 94086 USATel +1-408-235-7700 Fax +1-408-235-7737www.fortinet.com/[email protected]
EMEA SALES OFFICE-FRANCEFortinet Incorporated120 rue Albert Caquot06560, Sophia Antipolis, FranceTel +33-4-8987-0510 Fax +33-1-5858-0025
APAC SALES OFFICE-HONG KONGFortinet IncorporatedRoom 2429-2431, 24/F Sun Hung Kai CentreNo.30 Harbour Road, WanChai, Hong KongTel +852-3171-3000 Fax +852-3171-3008
Fortinet Means Carrier-Grade SecurityFortiOS Carrier Security Solutions deliver the performance, reliability and scalability to protect next-generation IP based networks and services. Carrier Network Internet Protocol (IP) ServicesCarrier networks are evolving to an all-IP infrastructure capable of delivering a vast array of new multimedia services to drive revenue growth. IP infrastructure also allows carriers to reduce capital costs, speed time-to-market and gain competitive advantage. However IP networks also present new challenges. Maintaining quality-of-service, reliability and security equivalent to circuit-switched networks is critical to the success and profitability of new IP-based services.
IP networks are inherently open and therefore a target of hackers and criminals. Theft of services, identity fraud, and denial-of-service attacks are common. Spam, spyware, grayware, adware and inappropriate content clog networks and impact customer satisfaction. Subscribers expect carrier IP-based services to be reliable and secure. Managing service quality, support costs and revenue assurance is critical.
Fortinet FortiOS™ CarrierFortinet FortiOS Carrier platforms provide a fully integrated and complete solution to detect and eliminate a wide spectrum of attacks at all layers of the IP infrastructure. Patented ASIC-accelerated hardware platforms powered by Fortinet’s award winning FortiOS, enable an integrated portfolio of UTM (Unifi ed Threat Management) security services that deliver the highest level of multi-threat protection with industry-leading performance and scalability. Fortinet solutions are fully IPv6 compatible and support “dual-stack” and “IPv4 tunneling” for seamless transition to IPv6. The fully integrated FortiManager/FortiAnalyzer unifi ed management, logging and reporting systems make deployment, maintenance and operation easy and cost-effective.
Threat Evolution
Firewall Inspection / VPN
Proc
essi
ng P
ower
Req
uire
d
IPS(Intrusion Protection)
CompleteContent Level
Inspection
1990 1995 2000 2005 2007+
Viruses
MMS Malware
Email Spam
Spyware
Phishing / Pharming
Inapprpriate Web Content
Sophisticated Worms
Basic Worms
Intrusions
Network Eavesdropping
DOS / DDOS
CONTENT LEVEL
NETWORK LEVEL
SECURITYMulti-Layered
PERFORMANCEWire-Speed
FLEXIBILITYModular
COST-EFFECTIVECAPEX / OPEX
MANAGEABLEIntegrated
RELIABLEField Proven
Carrier-Grade Security Solutions
FortiOS Multi-Layered Security
Network / Content Security
FirewallIDS / IPS
Antivirus / Antispyware
Web Filtering
Antispam
Traffi c Shaping
IPsec / SSL VPN Co
mp
lete
Co
nte
nt
Pro
tect
ion
Mul
ti-L
ayer
ed S
ecur
ity
Integrated Management, Logging & Reporting
Management, Logging & ReportingFortiASIC Hardware Acceleration
Network / Content Processing
Ind
ust
ry L
ead
ing
Perf
orm
ance
Prot
ecti
on A
cros
s O
SI S
tack
NetworkProcessor
Fortinet Unique Intelectual Proptery
ContentProcessor
FortiASICTM - CP
FortiASICTM - NP
