1

Fortinet: NG Firewall

Presenting a Secure Eco System

Pieter-Jan Blaton (Exclusive Networks)

2

Agenda

• Fortinet Product Overview

• Fortigate overview

• Highlighted products, building our ATP eco system

» FortiSandbox, cloud or on premise

» FortiClient

» FortiMail

• Demo zero day ATP protection

3

4

FortiGate Integrated Architecture

5

FortiGate Appliances by segment

6

User Interface Interaction

7

Flat UI

Modern Flat UI Design

Admin dropdown menu

Color Themes

Full Screen View Option

Reorg on menu items

» Top Level Monitor

» Top Level Network

8

One-Click navigation

Quick Navigation

Allow administrators to easily and

accurately take on next steps

“Switch” to another

configuration/view panel from

right-click menu items with a

single click.

FortiView Logs

Policy TableObjects

9

One-Click from logs to Policy

FortiView/Log Viewer Quarantine

One-click

Simplifies administration

Quarantine Source

» Block traffic from user (Source IP)

permanently or for a period of time

Quarantine FortiClient

» Activates host quarantine

Release user using “User Quarantine”

monitoring panel

10

Policy Table One-Click Interface

Policy Table

One-click integrated

logs and FortiView

access

One-Click CLI edit

“Select Entries”

Contextual panel

11

Policy & Route Lookup

Reveal matching policy or route entry based on lookup input

12

FortiView

13

Fortiview

Increase visibility from log data

Selection can be real time or historical

Gives network admin statistical information based on source,

destination, application, …

Drill down to give more granular filtering capabilities.

14

Fortiview (Sources)

15

Fortiview (Application)

16

Fortiview Web Sites

17

Threats

Threads Weight definitions

18

Fortiview Threats

19

FortiView – Example Use Case

1

Is there anyone abusing the Internet

Access with P2P applications ?

2

3

3 easy steps to locate the answer» Select “Threats” view

» Search for “Threat Type” = P2P

» Choose “Source”

20

Session table Lookup

21

Fortiview (Cloud Application)

What V5.2 offers:

Deeper visibility to popular online

applications

» Cloud-based file storage and video sites

» Logins to popular apps/sites

» Via web browsers

Info extracted includes

» (upload/download) filenames

» video titles played,

» user ID when login is detected

Visibility:

» On “Cloud Applications” Viewer

» “Application Control” Logs

22

Fortiview (Cloud Application)

23

More FortiViews

New Viewers (Added in FortiOS 5.4)

More traffic viewers – view network traffic status from new

perspectives (by policy ID, by interface etc.)

Failed Authentication – show brute force attacks

» Tracks failed connections of Admin, VPN, SNMP query, etc

WiFi Clients

» Similar to existing FAZ viewer

» Display top wireless user network usage and information

24

Fortiview - Infographics

FortiView Visualizations

Graphical representation of network and threat status with mouse-over

contextual details

Bubble Chart Country Map

25

Fortiview– Infographics

Threat Map

Monitor real-time threats

Darts animation to

illustrate threats going to

particular FortiGate

26

Recently Added Security Features

27

Cloud Access Security Inspection (CASI) Profile

Deep Application Control

Reorganization

Phase 1, further

improvements in future

(patch) releases

Extract supported

applications from previous

App. Control DB and present

them separately as a security

profile.

28

Web Application Firewall functions

© Copyright Fortinet Inc. All rights reserved.

FortiSandbox

35

Advanced Threat Protection• Multi-layered filtering with Code Emulator, AV

engine, Cloud query and Virtual OS sandbox

• Handles multiple file types, includes files that

are encrypted or obfuscated

• Examine files from various protocols, included

those that uses SSL encryption

Flexible Operation Modes• Receives file sample using integration with

FortiGate/FortiMail, sniffer mode and manual

file uploads

• Capture files from remote locations using

deployed FortiGates

Monitoring and Reporting• Detailed analysis reports and real-time

monitoring and alerting

Introducing FortiSandbox

File Submission

Malicious

Analysis

output

Latest AV Signature Update

2

3

4

Centralized File Analysis1

?

Advanced Threat Protection solution designed to identify

and thwart the highly targeted and tailored attacks

36

ATP Integration

File Submission

File Submission

Detailed Status Report

FSA Dynamic Threat

DB Update

Control Host Quarantine

FortiSandbox

FortiClientFortiGate

1

2

3b

1

Real-time engine and

intelligence updates

Enforce Network

Quarantine

3c

File Status result for

auto File Hold &

Quarantine

2

FSA Dynamic

Threat DB Update

1 File submission for Analysis

2 Respective analysis results

are returned

44

3a

3a

Remediation

Auto File Quarantine on Host

with option to hold file until

result

Query

3b Manual Host Quarantine by

Admin

3cManual Source IP Quarantine

using Firewall

Protection

4Proactive dynamic Threat DB

update to gateway and host

37

FortiSandbox – FortiGate and FortiClient Integration

FSA-1000D, FSA-3000D, FSA-VM FSA-CLOUD

Input methods - File

SubmissionFortiGate, FortiMail, FortiWeb, FortiClient Windows FortiGate

File Quarantine FortiClient submits and queues files for scan results. NIL

Status Reporting to

FortiGate

FortiView FortiSandbox viewer, Analysis report via

FortiView Drill-in

FortiView FortiSandbox viewer, Analysis report via

FortiView Drill-in

Status Reporting to

FortiClientFortiClient Windows NIL

Dynamic Threat DB

updatesFortiGate, FortiClient Windows NIL

© Copyright Fortinet Inc. All rights reserved.

FortiClient

39

Multifunctional Host Security• Flexibility in deployment

• Fully integrated features, reduce needs for

multiple client solutions

End Point Control• Enforce compliance and security policies

on mobile hosts

Centralized Logging and Reporting• Via FortiGate for enterprise requirements

Introducing FortiClient

Comprehensive end-point protection & security

enforcement

40

FortiClient v5.4 for iOS

For Apple iOS9

FortiClient v5.4» SSLVPN (tunnel mode)

» WebFilter (supports all browsers traffic)

» FortiHeartBeat (registration to FortiGate/EMS)

Updated App is now available on App store

© Copyright Fortinet Inc. All rights reserved.

FortiMail

42

Specialized messaging security

system • Advanced, bi-directional filtering prevents

spread of spam, viruses, phishing, worms, and

spyware

Flexible deployment options• Transparent, Gateway, and Server modes that

adapts to organizational needs and budget

Identity based encryption• Secure, encrypted communication

Email archiving• On-box archiving facilitates policy and

regulatory compliance requirements

Introducing FortiMail

Mail

Servers

FortiMail

Advanced anti-spam and antivirus filtering solution, with

extensive quarantine and archiving capabilities.

43

Demo zero day protection

44

0 Day protection demo

FortiGate

FOS v5.4 .99.121

FortiMail ServerFortiMail Gateway

.1.5 .1.6

FortiSandbox

v2.1.2

U2

.2.102

.66.175

u1@xyz.intraW8-1

.97.101

U1

.1.101

xyz.intra

download malicious file

1send mail to peter@xyz.intra

24

block mail

5

AV hash update 3FSA check

AV hash update7block download

8

block download

6

FDN

9

signature update

.1.151

Internet

45

Demo zero day protection

46

FortiQuestions?

52

New Hardware

53

FortiGate/FortiWiFi 30E

① 1 x GE RJ45 WAN Port

② 4 x GE RJ45 Ports

③ WiFi Variant: 802.11a/b/g/n

1 2

3

950 MbpsFirewall throughput

0.9 MillionConcurrent Sessions

15,000New Sessions/Sec

600 MbpsIPS Throughput

200 MbpsSSL Inspection (IPS) Throughput

150 MbpsNGFW Throughput

20

020 2 N/A

Small Business / Remote OfficeConnected UTM

54

FortiGate/FortiWiFi 50E

① 2 x GE RJ45 WAN Ports

② 5 x GE RJ45 Ports

③ WiFi Variant: 802.11a/b/g/n

1 2

3

2.5 GbpsFirewall throughput

1.8 MillionConcurrent Sessions

21,000New Sessions/Sec

800 MbpsIPS Throughput

250 MbpsSSL Inspection (IPS) Throughput

160 MbpsNGFW Throughput

20

0

10

010 N/A

Small Business / Remote OfficeConnected UTM

55

FortiGate/FortiWiFi 51E

2.5 GbpsFirewall throughput

1.8 MillionConcurrent Sessions

21,000New Sessions/Sec

800 MbpsIPS Throughput

250 MbpsSSL Inspection (IPS) Throughput

160 MbpsNGFW Throughput

20

0

10

010 N/A

Small Business / Remote OfficeConnected UTM

① 2 x GE RJ45 WAN Ports

② 5 x GE RJ45 Ports

③ WiFi Variant: 802.11a/b/g/n

1 2

3

56

Product Transition

FG/FWF-60D

FG/FWF-60D-POE

(1) Change from SoCbased to CPU Based system

FG/FWF-20C-

ADSL

FG/FWF-60C

FG/FWF-40C

FG/FWF-60C-SFP

FG/FWF-60C-

POE

FG/FWF-30E1FG/FWF-30D

FG/FWF-30D-POE

FG/FWF-51E

FG/FWF-50E

FG/FWF-60E

FG/FWF-61E2

(2) New entry level with SSD storage

2

FG-60E-POE

57

FortiGate 800D

① 2x GE RJ45 Management Ports

② 2x Bypass GE RJ45 Pairs

③ 20x GE RJ45 Ports

④ 8x GE SPF Slots

⑤ 2x 10GE SPF+ Slots1 32 4 5

36 GbpsFirewall throughput

5 MillionConcurrent Sessions

280,000New Sessions/Sec

8 GbpsIPS Throughput

TBASSL Inspection (IPS) Throughput

TBANGFW Throughput

Branch Office / Mid EnterpriseNGFW / ISFW

2,000 1,000 1,024 N/A

58

Product Transition

FG-300D

FG-500D

(1) FG-800D offers bypass interfaces available on current 600C and 800C

FG-600C

FG-800C

FG-900D

FG-800D

FG-600D

1

10G

FG-400D

FG-300C

67

FortiQuestions?