La descarga está en progreso. Por favor, espere

La descarga está en progreso. Por favor, espere

FortiGate Overview. Fortinet Confidential2 Agenda Introducción La compañía Producto 1 2 3 4 Funcionalidades técnicas.

Presentaciones similares


Presentación del tema: "FortiGate Overview. Fortinet Confidential2 Agenda Introducción La compañía Producto 1 2 3 4 Funcionalidades técnicas."— Transcripción de la presentación:

1 FortiGate Overview

2 Fortinet Confidential2 Agenda Introducción La compañía Producto Funcionalidades técnicas

3 Fortinet Confidential3 La naturaleza de las Amenazas evoluciona…

4 Fortinet Confidential4 Principales Amenazas para las empresas – Seguridad de red Source: InfoWorld IT Solutions Study- June 2004 Among those involved in the acquisition of security products and services and employed at companies with 50 or more employees. (Base 437) Q20-What is the single greatest threat to your companys enterprise network security? Test Center Research Report Fielded June 2004 Fortinet Webcast Presented on September 14, 2004 Conducted for InfoWorld and IDC by IDG Research Services Group

5 Fortinet Confidential5 Los Firewalls no analizan los Contenidos - los Ataques basados en Contenidos… pasan Four score and BAD CONTENT our forefathers brou ght forth upon this continent a new nation, n liberty, and dedicated to the proposition that all STATEFUL INSPECTION FIREWALL Sólo inspeccionan las cabeceras – p.e. miran el sobre, pero no lo que contiene en su interior Packet headers (A, DE, TIPO DE DATOS, etc.) Packet payload (datos) PAQUETES DE DATOS OK NO escaneado OK CONFIDENTIAL

6 Fortinet Confidential6 Algunos Firewalls dicen hacer Deep Packet Inspection – pero todavía dejan mucho… ght forth upon this continent a new nation, n liberty, and dedicated to the proposition that all DEEP PACKET INSPECTION Inspeccionan los contenidos paquete a paquete – pero fácilmente permiten pasar complejos ataques distribuidos en múltiples paquetes. OK No detectado CONFIDENTIAL Four score and BAD CONTENT our forefathers brou !

7 Fortinet Confidential7 Parar los Ataques basados en Contenidos requiere algo más que Deep Packet Inspection PROTECCIÓN COMPLETA DE CONTENIDOS Four score and seven years ago our forefathers brought forth upon this BAD CONTENT a new liberty, and dedicated to the proposition that all… !! BAD CONTENT NASTY THINGS NASTIER THINGS CONTENIDO NO PERMITIDO FIRMAS DE ATAQUES Four score and BAD CONTENT our forefathers brou ght forth upon this continent a new nation, n liberty, and dedicated to the proposition that all 2. Compara con contenidos no permitidos y listas de ataques CONFIDENTIAL 1. De Paquetes individuales a Contenido inicial

8 Fortinet Confidential8 …Complete Content Protection requiere una enorme poder de procesado PODER DE PROCESADO RQUERIDO Spam Virus Troyanos Gusanos Contenido Web Inapropiado Stateful inspection IntrusionesSimples Denial of Service Ataques DeepPacketInspection CompleteContentProtection SofisticadasIntrusiones Seguridad FortinetRevolución La Seguridad Fortinet es una Revolución, no una Evolución, de las soluciones de seguridad anteriores.

9 Fortinet Confidential9 Anti-SPAM Inconvenientes Requiere múltiples productos Incrementa la complejidad de la red y sus costes operacionales No defiende contra blended threats IPS / IDS Seguridad Multi-Nivel – Ventajas e Inconvenientes Ventajas Proporciona un acercaminto completo a la Seguridad Minimiza el tiempo de caída frente a ataques individuales Users Servers Antivirus Firewall URL Filters VPN

10 Fortinet Confidential10 Amenazas basadas en contenido: Ahora Ataques combinados Combine functionality of worms, viruses, trojans, malicious mobile code, more Example: Sobig.F with.PIF or.SCP attachment Vector Harvest addresses Function Propagation Send using spoofed source address with built-in SMTP engine Payload At pre-designated time, ping one of 20 sites to retrieve URL. Download file referenced in URL. Execute the downloaded program.

11 Fortinet Confidential11 Los ataques recientes evaden la aproximación convencional Slammer, LovSan/MSBlaster, SoBig, MyDoom, Sasser No capturados por muchos sistemas antivirus o IDP Por qué? Los sistemas Antivirus hacen scan de un número limitado de protocolos Mail (SMTP, POP3, IMAP), Web (HTTP), File Transfer (FTP) Los nuevos ataques usan protocolos no escaneados por los AV RPC, TFTP, SQL, etc. Algunos IPS precisan de actualizaciones manuales Los nuevos ataques se propagan rápidamente y las actualizaciones manuales son muy lentas La línea entre AV e IDP tiende a desaparecer Mix the best aspects of both technologies Protocol agility of IDP Low false positives & dynamic updates of AV

12 Fortinet Confidential12 Agenda Introducción La compañía Producto Funcionalidades técnicas

13 Fortinet Confidential13 Fortinet Confidential Fortinet Primer fabricante de Plataformas de Seguridad Multi-Nivel con aceleración ASIC La mayor Compañía privada de seguridad de redes ~750 empleados/ > 300 R&D 200,000 FortiGate WW Fundada in 2000 Operaciones Globales en U.S., EMEA & Asia Pac Certificaciones Independientes 8 ICSA certifications (único fabricante) Government Certifications (FIPS-2, Common Criteria EAL4+) 50+ industry awards VB 100 and NSS Certifications

14 Fortinet Confidential14 Fortinet – Liderazgo de Mercado y Crecimiento 48% combined annual growth rate En 2009 el segmento UTM será el mayor mercado – el mercado IDP estará a la par con el de Firewall/VPN. Fortinet es pionero en el mercado UTM y ha sido el líder mundial del mercado UTM mundial durante los últimos 3 años.

15 Fortinet Confidential15 Magic Quadrant for Enterprise Network Firewalls, 2H07 Source: Gartner, Inc., 2H07 Enterprise Firewall Magic Quadrant by G. Young and J. Pescatore, Sept. 13, This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from Fortinet. The Magic Quadrant is copyrighted Sept. 13, 2007 by Gartner, Inc., and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

16 Fortinet Confidential16 Fortinet ha desarrollado una Arquitectura Única para una COMPLETA Protección de Red en TIEMPO REAL Soporte Completo Gestion Centralizada Servicios FortiGuard Updates Instantáneos

17 Fortinet Confidential17 Los Servicios FortiProtect Aseguran Respuesta Rápida a Nuevos Ataques Fortinet Threat Response Team and Update Distribution Servers Update Automático AV & IDP de las Uds. FortiGate en todo el mundo en menos de 5 Minutos FortiProtect Center Web Portal & Bulletins

18 Fortinet Confidential Our IBERIA References I IndustryBanking & Finance Print/ Media / Retail Telecom Central Gobernment

19 Fortinet Confidential Our IBERIA References II Health Regional Gobernment Education

20 Fortinet Confidential 2007 IBERIA Key wins > $100 K deals Telco/MSSPGobernmentHealth/Education Industry

21 Fortinet Confidential21 Agenda Introducción La compañía Producto Funcionalidades técnicas

22 Fortinet Confidential22 Product Portfolio Powerful Centralized Management & Reporting Secure & Client Software FortiGate-50B – FortiGate-100A SMB & Remote Office FortiGate-200A – FortiGate-800F Enterprise FortiGate-1000A – FortiGate-5000 Carrier, MSSP & Large Enterprise

23 Fortinet Confidential23 FortiGate 50 – 100 Series Platforms for SMB, SOHO, and Enterprise Branch Offices FortiGate /FortiGateFortiWifiFortiGateFortiGate FortiWifi 50B60B60B60 ADSL100A HARDWARE SPECIFICATIONS LAN / WAN / DMZ interfaces 3 / 2 / NA6 / 2 / 1 6 / 2 / 14 / 2 / 1 4 / 2 / 2 Internal switch YesYesYesYesYes Analog modem -Yes Yes -- ADSL interface ---Annex A- POE (Powered Device)Yes*---- CardBus SlotNoYesYesNoNo Wireless LAN 80211a/b/g b/g* -a/b/g -- (* FortiWifi 50B only) NETWORKING FEATURES DHCP/PPPoE Client/Server Yes Yes Yes Yes Yes Static/Dynamic Routing* Yes Yes Yes Yes Yes Traffic shaping Yes Yes Yes Yes Yes Radius, LDAP, Active DirYes Yes Yes Yes Yes Local DBYes Yes Yes Yes Yes User group supportYes Yes Yes Yes Yes SYSTEM PERFORMANCE Firewall/VPN 3DES 50/48 Mbps 100/64Mbps 100/64 Mbps 70/20 Mbps 100/40 Mbps Concurrent sessions 25,000 70,000 70,000 50, ,000 New sessions/second 2,000 3,000 3,000 2,000 4,000 Site-site IPSec VPN tunnels Antivirus throughput 19 Mbps 20 Mbps 20 Mbps 15 Mbps 20 Mbps

24 Fortinet Confidential24 Fortinet Security Solutions for the 50 – 100 Series FortiGate /FortiGateFortiWifiFortiGateFortiGate FortiWifi 50B60B60B60 ADSL100A SECURITY FEATURES Gateway antivirus protection (virus, spyware, trojan) Yes Yes Yes Yes Yes Integrated IPS (signature & anomaly) Yes Yes Yes Yes Yes Integrated URL filtering Yes Yes Yes Yes Yes Integrated spam filtering Yes Yes Yes Yes Yes VPN (IPSec, SSL, PPTP) Yes Yes Yes Yes Yes VOIP Security (H323, SIP)Yes Yes Yes Yes Yes OPTIONAL SUBSCRIPTION SERVICES Automatic and scheduled Antivirus and IPS updates Yes Yes Yes Yes Yes URL categorizing Yes Yes Yes Yes Yes Antispam RBL/SURBL Yes Yes Yes Yes Yes CERTIFICATIONS ICSA: Firewall, IPSec, SSL, Antivirus, IPS COMPLIANCE FCC Class B (FG100A – Class A), Part 15, UL/CUL, C Tick, CE, VCCI

25 Fortinet Confidential25 FortiGate Series Platforms For Medium-Sized Enterprise Networks FortiGateFortiGateFortiGateFortiGateFortiGate 200A300A400A500A800F/800 HARDWARE SPECIFICATIONS 10/100 interfaces /100/1000 interfaces * 4-port switch Yes--Yes- User-Definable Ports-YesYesYesYes * Optional fiber SFP interfaces NETWORKING FEATURES DHCP/PPPoE Client/Server Yes Yes Yes Yes Yes 1:1 NAT, 1:Many NAT, PATYes Yes Yes Yes Yes Static/Dynamic Routing** Yes Yes Yes Yes Yes Traffic shaping Yes Yes Yes Yes Yes Radius, LDAP, Active DirYes Yes Yes Yes Yes Local DBYes Yes Yes Yes Yes User group supportYes Yes Yes Yes Yes SYSTEM PERFORMANCE Firewall/VPN 3DES 150/70 Mbps 300/120Mbps 400/140 Mbps 500/150 Mbps 600/200 Mbps Concurrent sessions 400K 400K 400K 400K 400K New sessions/second 4,000 10,000 10,000 10,000 10,000 Site-Site IPSec VPN tunnels 200 1,500 2,000 3,000 3,000 Antivirus throughput 30 Mbps 70 Mbps 100 Mbps 120 Mbps 150 Mbps ** Including BGP,OSPF,RIP

26 Fortinet Confidential26 FortiGate Series Platforms For Medium-Sized Enterprise Networks * Including BGP,OSPF,RIP) FortiGateFortiGateFortiGateFortiGateFortiGate 200A300A400A500A800F/800 SECURITY FEATURES Gateway antivirus protection (virus/worm, spyware, Trojan) Yes Yes Yes Yes Yes Integrated IPS (signature & anomaly) Yes Yes Yes Yes Yes Integrated URL filtering Yes Yes Yes Yes Yes Integrated spam filtering Yes Yes Yes Yes Yes VPN (IPSec, SSL, PPTP) Yes Yes Yes Yes Yes VOIP Security (H323, SIP)Yes Yes Yes Yes Yes SUBSCRIPTION SERVICES Automatic and scheduled Antivirus and IPS updates Yes Yes Yes Yes Yes URL categorizing Yes Yes Yes Yes Yes Antispam RBL/SURBL Yes Yes Yes Yes Yes CERTIFICATIONS ICSA: Firewall, IPSec, SSL, Antivirus, IPS COMPLIANCE FCC Class A, Part 15, UL/CUL, C Tick, CE, VCCI

27 Fortinet Confidential27 Introducing the FortiGate 1000A-3800A Series FortiGate 1000A and 1000A FA2 FortiGate 3016B FortiGate 3600A Flexible Perimeter Security High port capacity for DMZ deployments Accelerated port performance option FW + IPS + AV + AS + WF High Performance Next Generation FW 16 port NP2 ASIC accelerated FW + VPN High capacity VPN support FW + VPN +IPS High Performance Data Center Security Dual Core CPUs provide higher overall UTM performance Accelerated port performance (2 ports) FW + VPN + IPS + AV +AS + WF FortiGate 3810A Expandable 10-Gig UTM Platform Supports up 4 ASIC based 10-Gig ports High capacity UTM performance Four AMC expansion slots FW + VPN +IPS + AV

28 Fortinet Confidential28 Fortinets FortiGate 1000A-3800A Series High-performance for Large Enterprises Performance results displayed as base/full AMC expanded using UDP large packet sizes AV = http application throughput ProductFWVPNIPSAVPoliciesSessionsTunnels FG- 1000A/1000FA2 2 Gbps400 Mbps1 Gbps200 Mbps30,000600,0005,000 FG-3016B16/20 Gbps 12/15 Gbps 2 Gbps300 Mbps100,0002,500,00010,000 FG-3600A6/10 Gbps 800/3800 Mbps 3 Gbps400 Mbps100,0001,000,00010,000 FG-3810A7/26 Gbps 1/13 Gbps4 Gbps500 Mbps100,0002,000,00010,000

29 Fortinet Confidential29 Introducing FortiAnalyzer Ideal for: Enterprises (Small to Large) Service Providers Telecom Customers Centralizes functions for: Security Log Analysis / Forensics Graphical Reporting Content Archiving / Data Mining Network Analysis Malicious File Quarantine Vulnerability Assessment FortiAnalyzer is an integrated network logging, analysis, and reporting platform

30 Fortinet Confidential30 FortiAnalyzer Logging, Analysis and Reporting Platforms FortiAnalyzer-100B For Small Sized Deployments For Medium Sized Deployments For Medium-to-Large Sized Deployments FortiAnalyzer-800B FortiAnalyzer-2000A Up to 10 FortiGate devices Up to 100 FortiClient devices Up to 250 FortiGate Devices Up to 2500 FortiClient Agents Up to 500 FortiGate Devices Up to 5000 FortiClient Agents FortiAnalyzer-4000A For Large Sized Deployments Up to 700 FortiGate Devices Up to 5000 FortiClient Agents See ordering guide section for other sizing limitations

31 Fortinet Confidential31 Introducing FortiManager Ideal for: Enterprises (Small to Large) Service Providers Telecom Customers Centralizes functions for: Product Deployments Real-time Monitoring Device/Policy Maintenance Device/Security Updates FortiManager is an integrated management and monitoring platform for all Fortinet products

32 Fortinet Confidential32 FortiManager Centralized Management Platforms FortiManager-400A Small-to-Medium Deployments 200 FortiGate devices 2000 FortiClient agents FortiManager-3000 Medium-to-Large Deployments 500 FortiGate devices 5000 FortiClient agents FortiManager-100 Small Deployments 10 FortiGate devices 100 FortiClient agents

33 Fortinet Confidential33 Security Challenges Action is needed to secure mail inbound and outbound

34 Fortinet Confidential34 FortiMail Secure Messaging Platforms FortiMail-400 SME Deployments Up to154,800 s/hour (Full-Inspection) RAID Support FortiMail-100 Small Business Deployments Up to 54,000 s/hour (Full-Inspection) FortiMail-2000 Large Enterprise & Service Provider Deployments Over 280,800 s/hour (Full-Inspection) RAID Support Redundant/Hot-Swappable Power Supplies & Fans Inbound/Outbound inspection with a single device No user or mailbox restrictions All models support High Availability (HA) configurations FortiMail-4000A Large Enterprise/ Service Provider Deployments Over 295,200 s/hour (Full-Inspection) RAID Support Redundant/Hot-Swappable Power Supplies & Fans

35 Fortinet Confidential35 The Buzz Around FortiClient PC FortiClient PC multi-layered security capabilities is ICSA Anti-Spyware, Anti-Virus and VB 100 certified! IPSEC VPN Anti-Virus, Anti-Spyware & Anti-Greyware Personal Firewall Anti-Spam Web Content Filtering Centralized Management Subscription Updates

36 Fortinet Confidential36 CUSTOMER A MSSP Central Site Mapping from MPLS ID to VLAN tag Virtual Domain to isolate and secure customer traffic SECURITY OPERATION CENTER SHARED / HOSTED SERVICES CUSTOMER B MPLS VLAN TRUNK INTERNET

37 Fortinet Confidential37 SECURITY OPERATION CENTER MSSP CPE Equipment in Client Site Remote Management & logging/reporting SHARED / HOSTED SERVICES MPLSINTERNET CUSTOMER A CUSTOMER B Equipment in Client Site Remote Management & logging/reporting Mgment Logs

38 ¡ Gracias ! user:demo pass: fortigate


Descargar ppt "FortiGate Overview. Fortinet Confidential2 Agenda Introducción La compañía Producto 1 2 3 4 Funcionalidades técnicas."

Presentaciones similares


Anuncios Google