Security for a New World

Peter Smetny, Bill Park, Derek Holmes, Mike Bailey

May 5th, 2016

Copyright Fortinet Inc. All rights reserved.

Agenda
Fortinet Overview
Fortinet EcoSystem Overview
Fortinet Advanced Threat Prevention
Fortinet SDN Framework
FortiGuard Threat Intelligence
Questions

Fortinet Facts
FOUNDED

2000
IPO

2009

HQ

SUNNYVALE, CA

100+
OFFICES
WORLDWIDE

OVER

MILLION
2
DEVICES SHIPPED

#1

UNIT SHARE
WORLDWIDE

In Network Security (IDC)

1.17B

CASH

40%
GROWTH

3,900+
EMPLOYEES

MARKET LEADING

TECHNOLOGY

255,000+
CUSTOMERS

257 PATENTS
228 PENDING
280+ 0-DAYs
Discovered
3

SECURITY HAS CHANGED

3.2

BILLION
INTERNET
USERS

10,000x
INCREASE IN CYBER THREATS

1.3

BILLION
SMARTPHONES
SHIPPED
WORLDWIDE

BILLION
NEW DEVICES
PER YEAR
THROUGH 2020

PUBLIC CLOUD MARKET IS ESTIMATED TO REACH

$191 BILLION
4

TODAYS STANDARD APPROACHES

NO LONGER WORK
TOO MUCH FOCUS
ON COMPLIANCE

TOO RISK BASED

TOO MANY POINT

SOLUTIONS

Enterprises spend too much on checking

boxes down a list.

Taking a reactive approach only

addresses known threats, not the new
unknowns.

Too many different security vendors whose

products do not communicate with one
another.

SECURITY FOR A NEW WORLD IS

SECURITY WITHOUT COMPROMISE

Advanced
Security

Network
Performance

Our customers can have both

6

Security Without Compromise

Seamless Security Across the Entire Attack Surface

FortiGuard Threat Intelligence & Services

Client
Security

Secure
Access

Network Security

Application
Security

Cloud
Security

FortiGate

SEAMLESS
Consistent threat posture
end-to-end, across the
expanding attack surface

INTELLIGENT
Threat intelligence and advanced threat
protection from the inside out for full
visibility and control

POWERFUL
Unrivaled network
performance for today and
the power to take on the
future
7

Global Intelligence & Control

FortiGuard
Labs

Global Threat Intelligence

200+
Full Visibility
Single Pane of Glass

FortiGuard
Services

FortiGuard
Sensors

2M+
8

Global Intelligence & Control

Global Threat Intelligence

Full Visibility
Single Pane of Glass

Global Intelligence & Control

Global Threat Intelligence

Full Visibility
Single Pane of Glass

10

Agenda
Fortinet Overview
Fortinet EcoSystem Overview
Fortinet Advanced Threat Prevention
Fortinet SDN Framework
FortiGuard Threat Intelligence
Questions

11

Broad Complementary Solution Portfolio

Further Simplify Your Network
Product List
FortiADC

Application Delivery Controller

FortiAnalyzer

Log Analysis

FortiAP

Secure Wireless

FortiAuthenticator

Authentication

FortiCamera

IP Video Security

FortiClient

DATA CENTER
FortiAuthenticator
User Identity Management

Cloud Logging and Provisioning

FortiDB

Database Security

FortiDDoS

DDoS Protection

FortiExtender

Cellular LTE Extension

FortiGate

Core Firewall Platform

FortiMail

Email Security

FortiManager

Centralized Management

FortiSandbox

Advanced Threat Protection

FortiSwitch

Access & Data Switching

FortiToken

2FA Token

FortiVoice

IP PBX Phone Systems

FortiWeb

Web Application Firewall

FortiWiFi

UTM with Wireless Access

Cloud

FortiManager

Endpoint Security

FortiCloud

FortiGate
FortiGate

FortiDB

Top-of-Rack

Database
Protection

FortiGateVMX

Centralized Management

Secure Wireless Access

SDN, Virtual
Firewall

FortiAnalyzer

Switching

FortiADC

Logging, Analysis,
Reporting

Application
Delivery
FortiWeb Controller
Web Application
Firewall

CAMPUS
FortiSandbox

Advanced Threat Protection

FortiGate

Advanced Threat
Protection

Next Gen
IPS
FortiGate
DCFW

FortiAP
Secure Access
Point

Authentication & Tokens

FortiGate

FortiGate

Internal NGFW

NGFW

FortiMail

Application Security

Email Security

FortiDDoS

FortiSwitch

Application Delivery/SLB

DDoS Protection

Switching

FortiWiFi

Endpoint Security

UTM

FortiToken
Two Factor
Authentication

FortiCamera
IP Video Security

FortiClient

IP PBX and Phones

Endpoint Protection, VPN

FortiClient

FortiExtender

Endpoint Protection

LTE Extension

FortiVoice
IP PBX Phone System

More

BRANCH
OFFICE
12

Solution-Based Ecosystem
Enterprise
Firewall

ENTERPRISE
NextGen FIREWALL

CONNECTED UTM

Application & Access Security

ATP FRAMEWORK

CLOUD SECURITY

Data Center SECURITY

SECURE ACCESS
ARCHITECTURE

Security Research & Services

Reputation

App Control

Antivirus

Anti-Botnet

IPS

Web App

Mobile
Security

Web
Filtering

Anti-spam

13

ENTERPRISE FIREWALL

5.4

FortiASIC

FortiGuard

FortiAuthenticator

FortiOS

Physical

IPS

Virtual

SWG

FortiManager
Cloud

VFW

Rugged

FortiAnalyzer

SDN

FortiGate

14

CONNECTED UTM (Branch)

5.4

FortiASIC

FortiGuard

FortiManager

FortiPrivateCloud

FortiCloud

FortiSwitch

FortiAP

FortiClient

FortiVoice

FortiMail

FortiOS

FortiWiFi

Physical

FortiExtender

FortiWAN

Cloud

FortiGate

15

FORTIGATE UTM, HIGH-END DATA CENTER FIREWALLS

AND NEXT-GENERATION SECURITY APPLIANCES

FortiGate
50-900 SERIES
UNIFIED THREAT
MANAGEMENT

FortiGate

FortiGate

1000-2000 SERIES

3000-6000 SERIES

Data Center Firewall and

Next-Generation Security

High Performance Data Center

Firewall & Next-Gen. Security

Multiple form-factors and port options

including wifi, PoE & rugged for varied
options.

Ultra-high 1/10 GE port density enables

broad connectivity and visibility closer to
assets.

High-speed 40/100 GE ports provide

future-proofing for next-generation
network fabrics.

Manages wireless APs, switches & 4G

LTE wireless WAN extenders directly.

Multi-gigabit throughput (up to 80 Gbps)

inspects traffic while keeping up with
higher internal network speeds.

Up to Terabit throughputs (1 Tbps+)

inspects traffic while keeping up with
higher internal network speeds.

ASIC-based Optimal Path Processing (OPP) ensures high-security and high-performance

FortiOS 5.4 provides feature rich Networking, Security and Management functions
IPv6 hardware acceleration provides IPv4-to-IPv6 performance parity.
Extensible management platform enables automation and orchestration with cloud management and SDN controllers.
Features also include compact, power-efficient appliance form factors.

Ensures continuous protection from the latest threats with dynamic updates from FortiGuard Labs.
Simplifies config and troubleshooting via single-pane-of-glass management.
16

SECURITY MANAGEMENT

FortiManager

FortiAnalyzer

FortiMoM

CENTRALIZED DEVICE
MANAGEMENT

CENTRALIZED LOGGING
AND REPORTING

HYPERSCALED SECURITY
ENTERPRISE MANAGEMENT

Combines analytics, reporting and

logging functions.

Delivers high-performance log

rates for large enterprises/MSSPs.

Supports a high number of

managed devices (up to 10,000).

Optimizes policy pushes for large

enterprises/MSPs.

Multiple concurrency and locking

options.
Manages the security policy
approvals process with Workflow
Mode.
Full API support for orchestration
integration, as well as scripting
support using CLI or TCL.

Ability to control multiple

FortiManagers / FortiAnalyzers for
mass scale security operations.

Provides interoperability with thirdparty devices using Syslog.

Enables forensics for post-breach

discovery and future risk
prevention.

Immediate visibility into

problematic devices or current
management tasks in progress.

Offers more application, user and

Web insights with new report
templates.

Holistic view of objects (devices,

policy packages, domains, etc.)
residing on disparate systems.

Enables migration and

instantaneous provisioning of
devices/domains to any
management system.

Provides Forensics with central

Fortiviews.

Fully customizeable using SQL

queries, charts and macros
17

FIREWALL CONVERSION

FortiConverter
CONFIGURATION AND
MIGRATION TOOL

Provides a single tool for multiple

installations allowing for cross vendor
installation conversion.

Supports automated configuration

conversion.

Significantly reduces the possibility of

human error in the conversion process.

Identifies and eliminates errors in existing

configurations.

18

DATA CENTER SECURITY

Virtual

Physical

FortiGuard (IP Rep, WAF, AV)

Virtual

Physical

FortiADC

Virtual

Physical

FortiWeb

Physical

Physical

FortiMail

FortiDB

FortiDDoS

19

APPLICATION SECURITY AND DELIVERY PRODUCTS

FortiWeb

FortiADC

FortiDDoS

WEB APPLICATION
FIREWALLS

APPLICATION DELIVERY
CONTROLLERS

DDOS ATTACK
MITIGATION APPLIANCES

Protect custom and commercial

applications with automatic usage
profiling and anomaly scanning.

Scale applications with Server

Load Balancing.

Detect DDoS attacks faster with

100% ASIC-based DDoS
detection and mitigation.

Improve secure application/server

performance with SSL Offloading /
Acceleration.

Protect against zero-day threats

with 100% behavior-based
detection.

Get complete DDoS protection

with 100% traffic inspection.

Delivers the lowest false positive

detection rate with Continuous
Attack Reevaluation.

Meet PCI Compliance (5.5 and

6.6) with behavior-based attack
detection and mitigation.

Identify Web application security

weaknesses with vulnerability
scanning.
Publish websites with Single Sign
On/Authentication.

Reduce bandwidth needs with

HTTP Compression.
Provide disaster recovery that
spans multiple data centers with
included Global Server Load
Balancing.

20

FortiWeb Web Application Firewall

Protects web-based applications from
code-based attacks

Web Application
Servers

SQL Injection or other injection types

Cross Site Scripting and Request Forgery
Layer 7 DoS/DDoS attacks
Cookie poisoning

Protects against application

vulnerabilities in custom code
and commercial platforms
Understands/learns normal
behaviors and stops anomalies
URL parameters, HTTP methods,
session IDs, cookies, etc.

Dynamic and adaptive to adjust

to new threats
FortiASIC= High performance and low
TCO compared to competition

FortiWeb WAF

INTERNET

SQL Injection, XSS, Defacement

Cant a Firewall or IPS do this?

Firewalls look for network-based attacks

IPS Signatures detect only known problems
Firewall has no understand of application (fields, flow, etc.)
FortiWeb has rich feature-set for web-related functions:
Vulnerability Scanner (with 3rd party support)
Robust Load-Balancing
Authentication, Site Publishing, SSO
Out-of-Box profiles for common apps Sharepoint, Drupal, OWA, Wordpress

21

FortiWeb Web Application Firewalls

5 models from 25 Mbps to 20 Gbps HTTP throughput

Automatic behavior-based scanning

Auto setup/learning mode

4 Virtual Models for virtual and cloud deployments (AWS, Azure)

Layer 7 DDoS protection

Up to 8x GE and models with 4x 10GE SFP+ ports

FortiGuard antivirus, IP reputation and

signatures

Included vulnerability scanning and antivirus

Hardware and VM options
FortiGate and FortiSandbox Integration

Transparent, reverse and non-inline

deployment options
Central Management/ADOMs
REST API
Virtual Patching/3rd Party support
Advanced False Positive Mitigation
Advanced real-time reporting
SSL offloading/compression
SSO/Authentication
Layer 7 load balancing
User Threat Scoring & auto-quarantine

Fastest Web Application Firewall in the Industry

22

FortiWeb Protection at all Layers

ATTACKS/THREATS

APPLICATION LEVEL
DDOS ATTACKS
IMPROPER
HTTP RFC
KNOWN APPLICATION
ATTACK TYPES
VIRUSES, MALWARE,
LOSS OF DATA
FORTIGATE AND FORTISANDBOX
APT DETECTION

IP REPUTATION
DDOS PROTECTION
PROTOCOL VALIDATION
ATTACK SIGNATURES
ANTIVIRUS/DLP
INTEGRATION

SCANNERS, CRAWLERS,
SCRAPERS

ADVANCED PROTECTION

UNKNOWN APPLICATION
ATTACKS

BEHAVIORAL VALIDATION

CORRELATION

BOTNETS, MALICIOUS HOSTS,

ANONYMOUS PROXIES, DDOS SOURCES

APPLICATION
23

FortiWeb Recommended by NSS Labs

Test Categories
Security: URL Parameter manipulation, form/hidden field
manipulation, cookie/session poisoning, cross-site scripting,
directory traversal, SQL injection and padding Oracle attacks
Evasions: packet fragmentation reassembly, stream
segmentation, URL obfuscation
Performance: stability, reliability and
connections per second

Fortinet FortiWeb-1000D earned a Recommended

rating
Strong performance with 99.85% block rate and
15,865 connections/second
Passed all tests for evasion techniques and for
stability and reliability
0.366% false positive detection rate
SVM Published on September 30, 2014
24

DATA CENTER SECURITY

5.4

FortiASIC

Physical

FortiGuard

Virtual

FortiOS

Physical

FortiAnalyzer

Virtual

FortiManager

VMX

FortiCore

FortiGate VMX

Physical

Virtual

FortiGate

25

CLOUD SECURITY

5.4

FortiGuard

Cloud

Virtual

FortiOS

Cloud

Virtual

FortiAnalyzer

FortiManager

FortiSandbox

FortiWeb

Cloud

Virtual

FortiGate

26

ADVANCED THREAT
PROTECTION FRAMEWORK

5.4

FortiGuard

FortiOS

FortiClient

FortiManager

FortiWeb

FortiAnalyzer

FortiMail

FortiMonitor

FortiSandbox
FortiGate

Virtual
Physical

Cloud

27

A Picture of the ATP Framework in Action

FortiClient

Unkown URLs and Files

submission to FortiSandbox

FortiSandbox

Bit9

EPP lockdown in case of

infection, from the NGFW
FortiView FortiSandbox

Internet
FortiMail
FortiGateNGFW

Known threats on web/messaging traffic

blocked on the NGFW, WAF and SEG.

FortiSandbox to deliver URL and

AV DB updates for malicious or
suspicious detection.
FortiWeb
28

ATP Integration

Status Summary on dashboard

FortiView FortiSandbox viewer

By Source (with Threat Scoring) , by File

Analysis report via FortiView Drill-in

Detailed
Status Report
Signatures,
URL lists

FortiGate - FortiSandbox Integration

Status Reporting, Signatures, URLs
29

ICSA Labs Advanced Threat Defense Report-at-a-Glance

Fortinet, Inc.

Advanced Threat
Protection Framework

Executive Summary

Ran by ICSA Labs for 33 days, with close to 600 runs.

Periodic launch of innocuous apps and constant validation
of logs and alerts
Fortinet ATP framework obtained great results.
Test Length

33 days

Malicious Samples

279

Innocuous Apps

318

Test Runs

597

% Detected

99.6%

% False Positives

1.6%

Fig1 High Detection Effectiveness & Few False Positives

ICSA Labs Advanced

Threat Defense

Certified
Test Period: Q1 2016
Certified Since: 12 / 2015

ATD-FORTINET-2016-0330-01

Fig. 2 Detected 278 of 279 New & Little-Known Malicious Samples

Fig. 3 Few Alerts on Innocuous Applications

30

Sandboxing - Integrated vs. Standalone

Sample Stand Alone FireEye Sandboxing- Conceptual Level
30 Dedicated Sandbox Appliances, $5.7m
Mobile Users

Internet

Satellite Offices

Branch Offices

Customers and
Partners

FireEye
(NX900)

FireEye
(EX8400)

FireEye
(NX2400)
FireEye
(CM9400)

FireEye
(AX5400)

FireEye
(NX4400)

Main Offices

FireEye
(NX10000)

FireEye
(FX8400)

Datacenters

FireEye
(CM9400)

FireEye
(AX5400)

Enterprise-Wide
? Firewalls- $?m
30 Sandboxes- $5.7m
31

Sandboxing - Integrated vs. Standalone

Sample Integrated Fortinet NGFW + ATP Full Coverage Detail
44 NGFWs, $3.2m + 12 Sandboxes, $1.5M
Satellite Offices

Mobile Users

Internet

Next Generation
Firewall
(NGFW)

Customers and
Partners

Branch Offices

Web
Application
Firewalls
Perimeter
Firewalls

Secure Mail
Gateways

Advanced
Threat Protection
(ATP)

NGFW &
ATP (Opt.)

Core Firewalls

Main Offices

NGFW &
ATP (opt.)

Datacenters

Remote
Access
Firewalls

Partner
Access
Firewalls

Authentication,
Management &
Reporting

Enterprise-Wide
4.7M NGFW+ATP

32

SECURE ACCESS
ARCHITECTURE

FortiPresence

FortiAuthenticator

FortiManager

FortiWLM

FortiClient

FortiWiFi

FortiWLC

FortiGate Controller

FortiSwitch (POE)

FortiAP

33

Infrastructure
Infrastructure WLAN solution to provide scale and flexibility
Why Infrastructure?

Mobile: Fit for highly mobile and scalable deployments where low latency and roaming support matter
Channel Flexibility: Channel planning flexibility to shorten site survey and deployment times
Stand-alone: Able to separate access infrastructure purchase decision from security purchase

Security

Mobility / Roaming / Scale

Supports highly mobile environments
Lowest latencies for video and voice
traffic
Network in control optimizes access

Channel Planning Flexibility

Reduce site survey planning
Reduce deployment times

WLAN Management

Stand-alone Flexibility
Security and access unbundled
Ability to pick and choice best options
34

Integrated
Integrated WLAN solution to provide security and wireless control in one box
Why Integrated?

Integrated: Industrys most integrated secure access offering

Unified Management: Single pane of glass to manage both security and access
Scalable: Scalable to support enterprises of all different sizes

Central Location

Security

Access
Control

FortiCloud

Remote

Fully Security Integrated

Full integration of FortiGuard and FortiOS
threat intelligences and securty
Includes Wireless Security: WIDS, Rogues

Branch Office

Single Pane Management/Reporting

Integrates into FMG & FAZ
Can be managed directly for FGT
Leverage central authentication &
identity management

Sizing Scalability
From 5 APs to 10K Aps
Management options (bridge, tunnel)
35

Integrated Wireless Deployment Diagram

Security

FortiGate
NGFW/UTM

WLAN
Controller

Access
Points

Wireless Plane

FortiSwitch
POE
Access
Points

Data
Control
Management

36

Cloud
Cloud WLAN solution to provide simplified management
Why Cloud?

Secure: Industrys only UTM + AP solution

Cloud: Roll out remote sites in minutes - not hours and days
Controller-less: Wi-Fi without the complexity of on premise controllers

Cloud
Management

Fortinet UTM Built-In

Controller-less

37

Agenda
Fortinet Overview
Fortinet EcoSystem Overview
Fortinet Central Management
Fortinet SDN Framework
FortiGuard Threat Intelligence
Questions

38

Single Pane-of-Glass Management

Consistent Policies and Posture Across the Hybrid Cloud
Management & Policy

Logging & Analysis

SaaS-Based Portal

Centralized Management and Policy

Public Cloud

Physical Networks

Virtualization
VM VM VM VM
VMware

39

Core Management Products

Fortinet Security Management Lineup

FortiAnalyzer

FortiMonitor

Aggregated logging, event management,

reporting and analytics

Unified risk management , big data

logging and event correlation

FortiManager

FortiMoM

Centralized management of security

policies, firmware and content updates

Hyperscale security management

(manager of managers) for FMG/FAZ

FortiCloud

FortiDeploy

Subscription-based provisioning,
management & analytics in the cloud

Cloud-based device provisioning and

bootstrapping from the cloud

FortiPrivateCloud

Fortinet Developer Network

Cloud-based security management that

MSSPs can whitelabel for their clientele

Subscription-based web portal for

developers using management APIs

40

FortiManager Enterprise central management

43

FortiManager Enterprise central management

44

Key Features of FortiManager

Centralized management / Configuration revision control and tracking
Firmware management / local FortiGuard service provisioning
Administrative domains & Global Policies
Scripting & APIs for integration with external tools
Logging and reporting / Alert management

45

FortiManager Features

Traditional
FortiManager
Functions

ADOM &
Notifications
Menu

Traditional
FortiAnalyzer
Functions

46

FortiManager Device Manager

Total Devices

Device
Connections

Device Config
Changes

Policy
Package
Changes

47

FortiAnalyzer Overview
FortiAnalyzer is an integrated network
logging, analysis, alerting and reporting platform

FortiMail
FortiCarrier

FortiWeb

FortiGate

FortiCache

FortiSandbox
FortiClient

Syslog
48

Key Features of FortiAnalyzer

Device Logs Aggregation and Management
Security Log Analysis / Forensics
Breach Detection & Network Analysis
Content Archiving / Quarantine
Alerts Management
Admin Partitions (ADOMS)
Graphical Reporting

49

FortiAnalyzer Drill-Down Dashboards

Drillable Views
Threat Map
Top Countries
Policy Hits
Top Browsing Users
Authorized APs
Authorized SSIDs
WiFi Clients
Storage Statistics
Failed Auth Attempts
All Endpoints
Etc.
50

FortiAnalyzer Drill-Down Analytics

51

FortiAnalyzer Event Management

52

FortiAnalyzer Threat Detection Service

FortiAnalyzer historically has relied
on the ratings and static/point-intime FortiGuard analytics from the
FortiGate devices to generate
FortiView and Reports.
Breach detection brings fresh
correlation and IOC (indicator of
compromise) data daily to the
FortiAnalyzer itself, and allows it to
re-analyze webfilter logs and realtime events applying todays new
FortiGuard intelligence to
understand yesterdays events.

53

FortiAnalyzer Threat Detection Service

Real-Time and Retroactive Log Correlation
New Menu Item Breach Detection in FortiView Threats Section!

54

FortiAnalyzer Threat Detection Service

Real-Time and Retroactive Log Correlation

What is FortiAnalyzer
Breach Detection?

Threat Analytics/Intelligence from Fortiguard Labs Threat Detection Service

FortiGate detects and logs threats using FortiGuard services as usual (point-in-time log creation)
FortiAnalyzer will do further analytics and correlation against WebFilter logs using new Threat
Detection data and present the info in FortiView for up to 7 days prior.
Breach Detection Comprehensive Reports may be generated for earlier time periods

55

Scalable Architecture Options

FortiAnalyzer (Analyzer Mode)
FortiAnalyzers
(Collector Mode)

Analytics Logs
DATA & COMPLIANCE POLICY

90 DAYS

SIEM

(Compressed 8:1)

(SQL Insertion)

FortiGates, etc.

Archived Logs

FortiAnalyzer
(Fetch Client)

365 DAYS

56

Scaling beyond single FortiManager: FortiMoM

What is it?
A Manager of Managers (MoM)
Horizontally scalable architecture
Hierarchical add-on to existing Fortinet Products
Multi Forti- product management console
FortiManager

FortiAnalyzer

FortiDDoS

FortiWeb

FortiMail

FortiMoM

57

FortiMoM Features
Manager of Managers
Central policy editor and objects DB
Domain (ADOMS) Manager ADOM Grouping, Clone, Migrate
Manages multiple products
Services

Objects

Domains

FortiManager 1

FortiManager 2

Policies

FortiAnalyzer 1

FMGR

FAZ

FDOS

FWEB

FMAIL

58

Agenda
Fortinet Overview
Fortinet EcoSystem Overview
Fortinet Advanced Threat Prevention
Fortinet SDN Framework
FortiGuard Threat Intelligence
Questions

59

Fortinet Solutions for Software-Defined Network Security

FortiGate VM
FortiGate Cloud
VDOM

FortiGate VMX (NSX)

Cisco ACI Connector
OpenStack Connector
FortiCore
Control Plane

Data Plane

FortiManager
FortiAnalyzer
Splunk Connector

Mgmt
APIs

Mgmt Plane

SDNS Framework
Platform
Orchestration
& Automation

Network
Data Plane
Function
Virtualization

Control
Plane
On-Demand

Self-Service

Single
Pane-of-Glass
Management

Management
SaaS
Plane
Multi-Tenancy

XML

Platform Extensibility

Virtual
Appliances/
Services

JSON
Other
Interfaces

CLI/
Scripting

Service Delivery Extensions

Service Delivery Extensions

Logging/
Event

VNF Support
NFV MANO
Integration

Utility Pricing
AWS & Azure
Marketplace Integration

FortiCloud
FortiPrivateCloud

Cloud/SDN
Ecosystem

SDN
Controllers
Orchestration
Platforms
Programmable
Switches
Cloud
Management
Centralized
Policy &
Analytics

60

Software-Defined Network Security Partner Ecosystem

ORCHESTRATION PLATFORMS

Platform Extensibility

Software-Defined Security Framework

SDN / NETWORK VIRTUALIZATION CONTROLLERS

APIs
PROGRAMMABLE SWITCHING

CENTRALIZED POLICY & ANALYTICS

61

Platform Orchestration & Automation

Agility Through Control Plane Integration
VM

VM

VM

Control Plane Orchestration

Network Visibility

VMware

Elastic provisioning
Distributed

NSX

Object-based policy

Control Plane
Fortinet Service VM

ACI
Benefits

Auto-Scaling
Firewall & Rule
Provisioning

SDN Flow
Visibility (dynamic
flow control,
overlay/
underlay traffic)

Dynamic Policies
(follow logical port,
IP, MAC)

62

FortiGate-VMX Solution Interaction / Workflow

FortiGate-VMX Service
Manager
1. Register Fortinet as security service with NSX Manager

7. Policy synchronization to all

FortiGate-VMX deployed in cluster

2. Auto-deploy FortiGate-VMX to
all hosts in security cluster

5. Redirection policy rules updated for

enablement of FortiGate-VMX security
service

4. License verification and configuration

synchronization with FortiGate-VMX

3. FortiGate-VMX connects with

FortiGate-VMX Service Manager

6. Real-time updates of object database

vDistributed Switch
VMware Kernel

VMware Kernel

63

FGT-VMX and VMWARE NSX Filter Driver Interaction

1

Define NGFW Firewall Policies

FortiGate-VMX
Service Manager

FGT-VMX
2

Packet Flow
NetX NSX Filter Driver
dvSwitch
VMware Kernel

int
ext

1.
2.
3.
4.

From VM to NSX Filter Driver

NSX Filter Driver Forward to Third
party Solution (FGT-VMX)
FGT-VMX applies Security and sends
packet back to NSX Filter Driver
NSX Filter Driver can do service
chaining or send packet to destination

Leverages TSO for High Throughput

64

Integrated FortiGate Solution for Cisco ACI

Fortinet SDN Security

Cisco ACI

FortiGate Physical or Virtual

Appliances
FortiGate Connector for Cisco ACI

Nexus 9000 Leaf/Spine Switches

APIC Controller

Spine nodes
APIC

VM

Internal

External

NET-b

NET-a

Leaf nodes

VM

VM

65

Integrated FortiGate Solution for Cisco ACI

66

Cisco ACI Integration Details

ACI enables third-party L4-L7 service insertion
Application Centric Infrastructure - Endpoint/Workload-centric policy

FortiGate Connector for Cisco ACI enables Fortinet orchestration in APIC console
FortiGate device package contains XML metadata describing Fortinets device and
security services
Admininstrator assigns Fortinet security policies to traffic (Contracts) between
applications (Endpoint Groups)

Use Cases

Auto-provisioning workload security

Micro-segmentation
Secure multi-tenancy
Tenant function segmentation

67

FortiCore SDN Security Platform

Scaling NSFs to meet architecture
Transparent link transection
Leaf-Spine

Pipeline Security
FortiGuard security intelligence
Augments partner/open SDN/NFV
architectures

High Flow-Capacitance for Security

Enabled SDN
>1 Tbps switch fabric
~200K Flows REGX (Single-Table)
~2M Flows EXACT MATCH (MultiTable)
vs Trident 2+ = 32K flows

Hypervisor

Hypervisor

68

Agenda
Fortinet Overview
Fortinet EcoSystem Overview
Fortinet Advanced Threat Prevention
Fortinet SDN Framework
Questions

69