|The name of the base system (platform):||Fortinet Security Fabric|
|Last Release Date:||2020/02/12|
|Technology:||Cybersecurity - Antiviruses, Firewall|
Hardware and software systems of the FortiGate series are constructed based on microprocessors of the ASIC family and have unprecedentedly high performance in the class UTM of devices, providing a comprehensive protection of local computer networks, systems and complexes from a set of types of the modern mixed threats: unauthorized access, attempts of invasion, viruses, worms, trojan horses, spyware, attempts of a phishing, spam and other types of security risks based on content and network.
The line of FortiGate represents hardware accelerated devices having the following functionality: firewalling, the organization of the protected VPN connections (SSL and IPSec), an antivirus, an intrusion prevention, the web filter, an antispam, control of applications, protection against information leaks, the analysis of the encoded SSL traffic and WAN optimization. The technology which is used in FortiGate combines specialized FortiScan coprocessors with base processors of the last generation that allows to minimize time of processing of each packet, carrying out at the same time a careful inspection on existence of threats. FortiASIC coprocessors allow to detect a malicious code and other types of threats at gigabit speeds.
All products of the FortiGate series perform the following functions on information security support:
- detection system and prevention of network attacks
- spam filter
- web filter
- system of traffic shaping (traffic shaping)
With an exit of a new firmware, FortiOS 4.0, the standard functionality of FortiGate was complemented with a row essentially new (besides, not only for Fortinet, but also for all segment of UTM in general) opportunities:
- fight against leaks of confidential information (DLP) – search of the text information prohibited to transfer is performed, including, in the Microsoft Office files, the PDF files and archives. Illegal transfer of binary data comes to light (for example, graphic files);
- the analysis and control of the encoded traffic - now the data transferred through SSL- connections (HTTPS FTPS STMPS , etc.) can be controlled the same as transferred on "open" channels (in particular, functions of an antivirus, IPS are applicable to them now and also DLP);
- intellectual control of applications – it is possible to control traffic of the set applications (including Skype, torrent, web applications) regardless of what TCP-and UDP ports they use;
- compression and optimization of traffic – increases the speed of work of the distributed applications and reduces use of bandwidth.
Adding of Fortinet FortiGate Secure SD-WAN in structure of Equinix Network Edge
On February 12, 2020 the Fortinet company announced the beginning of cooperation with Equinix company. A project objective – acceleration of connection with cloud networks by means of adding of the solution Fortinet Secure SD-WAN in structure of Equinix's Network Edge.
Business even more often addresses SD-WAN for improvement of the user experience, cost reduction and optimization of connection to a set of cloud platforms from different branches and divisions.
For February, 2020 more than 21,000 clients selected Fortinet Secure SD-WAN, many of them preferred to deploy the solution directly in branches for acceleration of implementation of cloud computing and increase in convenience of work with applications to business. For the enterprises which implement the strategy of Cloud First, or hybrid multicloud strategy, using a set of open clouds for faster connection from borders of WAN, Fortinet Secure SD-WAN is available as a virtual network service through Network Edge on the Equinix platform now.
Connection of Fortinet Secure SD-WAN in Network Edge allows Equinix company to provide to corporate clients the solution based on cloud computing in different open clouds from the full-function SD-WAN scaled from averages to the large distributed enterprises. Thanks to it corporate clients will be able to solve the problems connected with delays at access to multicloud applicaions and to optimize the cloud connections without prejudice to security. Also colocation which is available via the hardware device, as NFV to local deployment and also as the virtual device at all main cloud providers expands possibilities of Fortinet Secure SD-WAN adding of an option. The solution Fortinet Secure SD-WAN provides the accelerated capacity for the workloads which are available for any supplier of public cloud services worldwide with a full support of multiple and hybrid clouds.
Thanks to integration of the firewall of the next generation (NGFW), the solution Fortinet Secure SD-WAN which is available through Edgeix Network Edge now allows the organizations not only to accelerate connection to a cloud through public clouds and the SaaS applications, but also ensures steady safety. The simplified transactions with centralized operation and analytics allow corporate clients to initialize a system "zero contact" for faster deployment. The flexible model of licensing based on the way to bring-your-own-license or a subscription (subscription-based pay-as-you-go) allows clients to select licensing model which in the best way meets their requirements.
| ||Most of our clients use services of several cloud providers therefore for them it is very important to have an opportunity to select where they unroll services. Cooperation with Equinix and the offer of Fortinet Secure SD-WAN through Network Edge gives to our clients additional flexibility in deployment, allowing them to place services outside branches and to accelerate work in a cloud,|| |
| ||Services of Equinix's Network Edge accelerate digital conversions for global business, allowing the companies to upgrade networks virtually. Using Fortinet Secure SD-WAN as virtual network service on Network Edge, customers can potentially reduce a capital expenditure, at the same time freely developing the simplified transactions WAN Edge is closer to end users, clouds and valuable ecosystems in wider locations,|| |
Integration about "Office control and DLP Safetica"
Safetica provided upgraded version of the solution "Office Control and DLP Safetica". On January 28, 2020 the ESET company reported about it. One of the major updates — integration with Fortinet through API Fortigate. Thanks to integration of Safetica with Fortinet (FortiGate, FortiMail and FortiSIEM), it is possible to recognize easily information, to protect a confidential information or to create an end-to-end system of management of threats at the minimum costs of time and resources. Read more here.
2019: Integration of FortiGate Next-Generation Firewall into switches and routers for Ruggedcom Multi-Service Platform
The Fortinet company specializing in area global of the integrated and automated architecture of security, announced on November 25, 2019 creation of technology partnership within the existing alliance with Siemens concern. Besides, it is announced release of the first joint integrated product and its global availability to clients of the industrial networks (IN).
Realizing the growing requirements imposed to cyber security at construction of PS and the need of the market for specially developed products, the Siemens company decided to join the affiliate program of Fortinet Fabric-Ready Technology Alliance to participate in solving of tasks, PS and IT networks arising at convergence. Creation of broad technology partnership within all ecosystem is a crucial element of construction of infrastructure of Fortinet Security Fabric where are applied the products Fortinet and the partners ensuring full-fledged safety at joint work.
Integration of the program FortiGate Next-Generation Firewall firewall with family of switches and routers for the Ruggedcom Multi-Service Platform platform became the first joint solution of Fortinet and Siemens companies within partnership of Fabric-Ready. It allows to increase security in places with critical requirements to infrastructure, for example, at power plants, at the same time simplifying management and reducing requirements for the occupied space and a power supply.
The solution provides itself the separate integrated device for PS. Thanks to simplification of deployment only of one unit, the difficulties connected with ensuring a power supply, the choice of the place for placement, physical security and availability characteristic of solution deployment of several devices are eliminated. Use of remote control simplifies a problem of deployment and the subsequent management. In addition a product, Siemens is going to offer the market the FortiGate Next-Generation Firewall VM virtual machine developed in Fortinet. It will be delivered complete with the product APE 1808, expanding the horizons for use of the advanced means of protecting for PS.
In general this announcement and connection of Siemens to the affiliate program of Fabric-Ready lead to building of the list of integrated solutions for security, PS, available to clients, through infrastructure of Fortinet Security Fabric.
2018: Integration with Solar Dozor
The solution for protection against date leaks of Solar Dozor from Solar Security and firewalls of the next generation FortiGate next-generation firewall virtual appliances of Fortinet company are tested on compatibility. On May 7, 2018 reported about it in Solar Security company. Read more here.
Placement on the Oracle Cloud Marketplace platform
The firewall is available to clients of Oracle Cloud within model of use of own license (BYOL) to the FortiGate virtual machine. The solution supports safe transfer of corporate workloads and applications in a public cloud, connections like "network network", segmentation between clouds and the approved use of security policies.
The Oracle Cloud Marketplace platform is equipped with the intuitive user interface of search of available applications and services. Customers can select the business solutions, the most suitable for their organizations. Functions of the automated installation of applications simplify deployment of business applications of suppliers in client infrastructures by means of the centralized cloud interface.
The solution Oracle Cloud supports scaling by means of several domains of availability (AD) and shows low indicators of a delay at high capacity. The FortiGate technology complements cloud services with the safety features providing multilevel protection of high availability that is relevant for transfer of important workloads at the interregional level.
Certificate of conformity of FSTEC
The Fortinet company announced in March completion of certification of FortiGate Enterprise Firewall firewalls on compliance to requirements of the Federal Service for Technical and Export Control (FSTEC). The certificate of conformity of FSTEC No. 3720 was issued on March 16, 2017.
The certificate confirms that FortiGate Enterprise Firewall functioning running the FortiOS operating system with a software version 5.4.1 is the program technical tool of protection against unauthorized access to information which is not containing the data which are the state secret and conforms to requirements of regulating documents: "Requirements to firewalls" (FSTEC of Russia, 2016); "Profile of protection of the firewall of A type of the fourth class of protection. IT.ME.A4.P3" (FSTEC of Russia, 2016); "Profile of protection of the firewall of B type of the fourth class of protection. IT.ME.B4.PZ" (FSTEC of Russia, 2016); "Requirements to intrusion detection systems" (FSTEC of Russia, 2011); "Profile of protection of intrusion detection systems of level of network of the fourth class of protection. IT.SOV.S4.P3" (FSTEC of Russia, 2012).
Compliance to the specified classes of protection provides fulfillment of requirements of control of an initial status of software and also control of completeness and lack of redundancy of source texts at the level of files and at the level of function objects (procedures). What, in turn, provides compliance to requirements of the regulating document "Protection against unauthorized access to information. Part 1. Information security software. Classification by the level of absence control of not declared opportunities" (State Technical Commission of Russia, 1999) — on the 4th level of control, emphasized in the company.
FortiGate Enterprise Firewall can be applied in the state information systems up to 1 class of security inclusive and also in information systems up to 1 level of security of personal data inclusive.
The solutions FortiGate Enterprise Firewall are a part of Fortinet Security Fabric which implements functions of tracking, integration, management and scaling of infrastructure, and provides protection against sophisticated modern threats. Devices of complex network security FortiGate Enterprise Firewall provide the unsurpassed performance and protection, at the same time simplifying network infrastructure.
Fortinet offers a wide lineup of the solutions suitable for the most different customers: from the small enterprises and offices to the large companies and providers. For providing a comprehensive and high-performance protection of network of the solution FortiGate use the FortiOS operating system with FortiASIC processors and other hardware.
The solutions FortiGate Enterprise Firewall provide high protection against modern network threats and threats at the level of applications. FortiGate Enterprise Firewall have wide network functionality, including a clustering (active/active, active/passive) and virtual domains (VDOM).
FortiGate 3980E и FortiGate 7060E
On February 9, 2017 the Fortinet company announced release of the FortiGate 3980E firewall - the firewall for corporate networks, data processing centers and suppliers of telecom services. Capacity of the device ~ 1 Tbit / page. The FortiGate 7060E firewall by capacity ~ 100 Gbps is at the same time announced.
Both corporate firewalls use processors of security (SPU) Fortinet for providing the high level of performance, scaling and efficiency of adaptive system of network security. The large organizations have an opportunity of the organization of a circuit of security without capacity reduction.
| ||Cloud computing, IoT and the virtual economy focused on service of a superlarge number of requests render considerable load of corporate IT resources and lead to rapid growth of requirements to performance of modern security aids. In the conditions of the growing competition and permanent emergence of new threats of the organization are not able to afford to offer either network performance, or efficiency of protection. The Fortinet company regularly puts on the market the innovative high-performance and reliable solutions thanks to which our clients can seize all opportunities of the technology infrastructures, without having any doubts in security of users and data.|
Ken Xie, founder, chairman of the board and CEO of Fortinet company
The corporate FortiGate 3980E firewall is means of network security which capacity reaches terabit per second. Network transmission capacity of VPN - 470 Gbps at performance level 1.12 Tbit / page. Performance of FortiGate 3980E is confirmed during the testing of security aids which is carried out by Ixia company by means of the module of loading BreakingPoint and the module of loading of CloudStorm 100GE.
FortiGate 3980E is created as the firewall for a data processing center, maintenance of safety of connections of data processing, uses as the firewall of internal segmentation of network of a data processing center between centers.
The complex of protection is suitable for corporate networks with high capacity and is delivered in a compact form factor that promotes reduction of the occupied space as a part of infrastructure and to decrease in operating costs. Means is equipped with 32 separate processors of security which accelerate performing procedures of security and network transactions, at the same time cutting an electric power consumption.
Equipment of FortiGate 3980E:
- two ports GE RJ45,
- sixteen ports 1/10 GE SFP/SFP +
- ten ports 100 Gigabit QSFP28.
Fortinet 7060E is a modern corporate firewall which is suitable for deployment in large corporate networks, data processing centers and networks of service providers. This means is intended for those clients for whom the highest indicators of capacity and scalability and also advanced safety features are necessary.
The corporate FortiGate 7060E firewall is the modular firewall of high capacity and flexibility. The device supports up to four payments of security, providing high rates of performance of NGFW and SSL, two modules of input-output, it allows to achieve the maximum density of the interface and increases network transmission capacity.
FortiGate 7060E also passed the tests which are carried out using modules of loading Ixia BreakingPoint and CloudStorm 100GE. Based on testing the proved performance of NGFW - 100 Gbps, capacity in process of management of applications separately — 160 Gbps, during an intrusion prevention — 120 Gbps.
The device supports up to eight ports 100 GE (Gigabit Ethernet), sixteen ports 40 GE or forty six ports 10 GE.
Thanks to modular structure, flexibility and high capacity of NGFW solution 7060E supports different parameters of deployment with a scope of all network from perimeter to a core of a data processing center, including in a difficult configuration of the firewall of internal segmentation.
The corporate FortiGate 7060E firewall is available in the form of the simplified packet with the centralized payment and a binding of licensing to all body, but not separate payments that simplifies structure and improves a ratio of cost and performance.
| ||The modern threats becoming more and more sophisticated represent a major issue for the organizations planning development and deployment of the most effective remedies of security. The Ixia company assists clients in selection process, testing security aids in actual practice. Before acquisition of the solution clients can study results of these tests which give an idea of real efficiency of solutions. Thanks to our tests the organizations and operators can quickly make reasoned decision on deployment of the means which are most corresponding to their requirements.|
Dennis Cox, director of inspection department of products of Ixia company
FortiGate 7060E and 3980E will go on sale by the end of the first quarter 2017.
2016: FortiGate 6040E
The FortiGate 6040E firewall is the first product in series 6000 which other high-performance corporate firewalls will enter afterwards. This firewall of the next generation has unprecedented performance, supports scaling and provides protection of the highest level thanks to what the large organizations have an opportunity to use safety features without capacity reduction of network.
Means of protecting serve as the gateway providing access to a cloud
Distribution of cloud services and simplicity of remote access to network created a catastrophic situation for the large organizations owing to significant increase in external load of IT networks and the explosive growth of quantity of the directions of the attacks. It means that corporate firewalls of the next generation became some kind of gateways opening access to a cloud.
In addition to the described problems, market leaders of security technologies are faced by a problem of overcoming the restrictions inherent to the majority of firewalls of the next generation available at the moment. Suppliers are forced to make the choice between implementation of functions of security and preserving of performance of networks at the previous level.
Hardware acceleration of FortiASIC eliminates vulnerabilities
Characteristics of the FortiGate 6040E firewall considerably exceed the corresponding indicators of traditional firewalls of the next generation thanks to new architecture of the data processing using processors of processing of contents and network FortiASIC processors. Processors promote unloading and acceleration of operation of the central processor of general purpose. Due to functions of safe data processing, intellectual management and high-speed connection the FortiGate 6040E firewall provides unprecedented protection with preserving of high performance of network in a compact form factor.
Technical characteristics of FortiGate 6040E:
- Capacity of the corporate firewall of 320 Gbps.
- Capacity of the firewall of the next generation with completely involved functionality – 80 Gbps.
- The FortiASIC CP9 processor provides higher performance of interpretation of SSL that reduces quantity of the directions of the attacks.
- Support functions of an intelligent network, security, data processing and management are implemented based on the compact body.
- Six different options of a configuration of the interfaces adapting to individual customer requirements:
Capacity of the new Fortinet FortiASIC CP9 processor allows to process huge volumes of traffic that corresponds to requirements of the largest organizations and provides support of the different modes of deployment of firewalls, including installation of firewalls of the next generation and strategy implementation of internal segmentation. Thanks to it the security system can be unrolled as necessary without prejudice to functionality of network.
Fortinet FortiGate для Splunk Enterprise
Cyber attacks become more and more sophisticated therefore the companies should realize that their systems already in a varying degree are in danger. The isolated security protections are insufficiently effective. Only the integrated model of protection which will increase efficiency and will expand possibilities of the isolated solutions can ensure sufficient security of corporate network.
The Fortinet FortiGate application for Splunk Enterprise in real time polls a system on existence of threats to confidential data of the company, based on different parameters and also fixes cases of aberrant behavior in a system. Evident data visualization of processes is available to users. The Fortinet company applies the solutions Splunk for development of big and difficult IT environments thanks to which corporate security services will be able more quickly and effectively to identify the threats constituting the greatest danger to networks of the organization. The solution interacts with the integrated model of protection Splunk that does it to even more effective and allows employees of security services to automate and accelerate protection against critical threats.
New Foritgate-5001B is the high-performance "edge" integrating in itself a broad spectrum of services of security and support of 10 Gbit of Ethernet for the platforms built on the basis of the FortiGate-5000 chassis. ATCA developed for a form factor (the improved architecture for solutions of a segment of telecommunications) Fortigate-5001B integrates in itself basic functions of security, including an internetwork ekrantrovaniye with performance of 40 Gbps and support of VPN connections with speed up to 17 Gbps. As the device the corporate firewall, VPN, control of applications, the system of protection against invasions (IPS), means of protecting from viruses and malware, means of protecting from spam, filtering of web traffic enter. For optimization of performance of these functions in the device the last four-nuclear processor released by Intel and two network FortiASIC NP4 processors is used.
This solution represents fourth generation of ATCA compatible solutions, first of which, constructed on the basis of FortiGate-5001SX and FortiSwitch-5003, it was offered to the market in the 2004th year. The second generation of ATCA compatible solutions of Fortinet left in 2006, based on FortiGate-5005FA2 and FortiController-5208, and third generation, on the basis of FortiGate-5001A and FortiSwitch-5003A, it was provided in 2008. In addition to these innovative solutions for the telecommunication industry, FortiGate obtained compliance to the NEBS Level 3 standard – regulating requirements for telecommunication equipment of the central offices of large telecommunication companies.
New 10-GbE the FortiSwitch-5003B switch - "edge" for the chassis of the FortiGate-5000 series works with exclusively minimum delays that is necessary for data processing centers with the large volume of transmitted data. The new products Fortinet created for very large corporations, providers of services and Internet service providers are the solution of network security and a part of network infrastructure integrating in itself much the increased performance, the improved comprehensive protection and significantly the reduced operating expenses.
Integrating Foritgate-5001B with the FortiGate-5140B chassis, telecommunication corporations and providers can receive performance to 500 Gbps on the firewall that is the fastest in the industry of the firewalls constructed using "edges". Combining the chassis of the FortiGate-5000 series with new "edge" of security of FortiGate-5001B and in addition with switching FortiSwitch-5003B "edge", clients get access to the building block solution of security having reliability and scalability corresponding to networks of the large providers using 10-GigE infrastructure. Owing to the modularity the FortiGate-5000 series complemented with new "edges" of FortiGate-5001B and FortiSwitch-5003B can be integrated with solutions of Fortinet in the field of centralized operation and the reporting that gives ample opportunities of control in big networks.
In addition a series of FortiGate-5000 devices offers the following advantages:
- Additional, supporting "hot swaps", power supplies and fans that reduces quantity of the components able to be the only point of failure.
- Use of the modes of reservation of active/active and active/passive for providing continuous services.
- Integration into the centralized solutions on an upraleniye and the reporting, such as FortiManger and FortiAnalyzer that gives the chance to simplify and reduce security management cost, the reporting and the analysis. Availability of services of a subscription of FortiGuard to automatic receiving (in real time) updates of mechanisms of protection against threats.
- The flexibility of deployment including segmentation of networks on the basis of users of divisions or any other logical ones is provided using virtual domains. This platform is also ideal for the virtualized environments.
- Supplements or upgrades the existing security infrastructure by inclusion of necessary services on the "edges" providing safety features.
- Represents necessary set of security tools, load distribution and high-performance data transmission for ensuring requirements of the companies in the field of security.
The solution provides the unprecedented level of prevention of threats, high performance and is focused on use by large enterprises.
- The firewall with tracking of a status of connections – provides capacity to 80 GB / with, sets the new standard of cost for GB / from the protected traffic
- High performance of new generation of prevention of threats –
provides performance in 11 GB / with in an intrusion prevention and control of applications that is five times faster, than any other firewall of new generation irrespective of a price segment
- Unsurpassed computing power – Thanks to the latest network FortiASIC processor to NP6 and the specialized CP8 processor, accelerating traffic handling, the device is capable to detect harmful content with a speed of several Gigabits without reducing availability and network performance, with a low delay - to 3 microsec.
Advanced prevention of threats
The solution FortiGate-1500D supports FortiGuard Subscription Services which provides the automated protection in real time against the last threats.
FortiGate-1500D includes eight 10 GbE (SFP +) and 32 GbE of ports of high density, the compact (2U) size of the chassis. As the enterprises even more often reconstruct or upgrade structure of the networks, separation into separate segments occupies more and more important role in architecture of network. Segmentation can be based on architecture perimeter, services, functions or regulatory requirements and to separate networks physically or virtually better to provide arrangements on the service level in the field of IT of security. The high density of FortiGate-1500D port allows the enterprises to meet the changing requirements of their architecture with flexibility. FortiGate-1500D can also provide high scalability thanks to virtual domains (VDOM) which allow to support several virtual firewalls within one chassis.
Fortinet ensures safety of access of VPN to the Microsoft Azure Cloud Platform platform
As the enterprises even more often place crucial data in a cloud, secure access to confidential information and applications is especially important task. Thanks to complex application of the different technologies of network security from Fortinet company protecting network, applications and transmitted data, customers can use secure access to a virtual private network (VPN) to Microsoft Azure.
"The cloud platform of Microsoft Azure provides high scalability, performance and has real economic advantages. It is a fine alternative for the customers wishing to place data in a cloud, saving, at the same time, classical infrastructure", – Venkat Gattamneni, the senior manager on products of Microsoft Azure, Microsoft said. "These clients need the access protected by VPN from office and branch networks to a cloud. Firewalls of new generation of Fortinet company at the same time ensure safety, both data processing centers, and cloud infrastructure of the enterprise".
FortiGate safety controls of Fortinet company provide security blanket of access of VPN to Microsoft Azure Virtual Network service, providing to customers an opportunity to create quickly and freely protected VPN tunnels connecting classical and cloud infrastructures. Besides, all solutions FortiGate allow to manage on a centralized basis virtual and physical infrastructure of the enterprise thanks to a uniform unique management system.
"As we help customers to expand the existing infrastructure using a cloud, using Microsoft Azure, we need to provide at the same time the high level of security and easy access to data in several environments at once", - Michael Xie, the founder, the technical director and the president of Fortinet company commented. "Irrespective of a combination of a cloud, network or virtual environment, Fortinet provides the powerful system of prevention of threats in network, e-mail, the Internet and data".
Containing among the clients 57% of the companies from the list of Fortune 500, Microsoft Azure promptly gains steam. ¹ Now more than 20% of the market of cloud computing for the enterprises are the share of Azure. It agrees with Amazon dollars article "Microsoft throws down a challenge-sales of Microsoft Azure exceeded 1 billion", analytics of Forrester Research, Inc. James Steyten (April, 2013), this digit will grow to 35% in 2014. ²
"Microsoft Azure, certainly, is the attractive solution for the enterprises which wish to improve and expand availability of the IT services", - John Maddison, the marketing vice president of Fortinet company said. "We are glad to work in close cooperation with Microsoft and we try to provide the same wide and highly effective security level in a cloud, as well as in traditional private networks".
FortiGate-3700D (NP6 ASIC)
The Fortinet company announced in October, 2013 start of the firewall for data processing centers, service providers, providers of cloud services and telecom operators. The new FortiGate-3700D platform includes four ports 40 GbE (QSFP+) and 28 10GbE (SFP+) and is capable to develop capacity to 160 gigabits per second. Thanks to the NP6 ASIC FortiGate-3700D processor provides performance, a low delay of applications and high processing speed of packets, as when using in network of a stack of IPv4 protocol, and IPv6.
The FortiGate-3700D platform includes the FortiASIC NP6 processor which was created by experts in Fortinet.
The stack of IPv6 protocols is even more often used in networks around the world. For the firewalls installed on network edge it is very important to provide processing of packets with an identical speed when using in network of a stack of protocols both IPv4, and IPv6. Besides, customers often need broadcast of the network addresses (NAT46, NAT64, NAT66) that requires additional opportunities of data processing. The network FortiASIC processor allows to provide comparable characteristics of performance for functions of broadcast of the addresses of stacks IPv6 and IPv4, removing bottlenecks from network that profitable distinguishes the products Fortinet in the market from other similar solutions.
The new FortiGate-3700D platform is founded on FortiOS 5. FortiOS is the cornerstone of all integrated platforms of security of FortiGate and has wide feature set, both for small, and for large networks.
FortiOS 5 provides elastic implementation in DPC of the main firewall with a midget delay of applications which can be used for the internal and external communities requiring the different trust levels and internetwork functions, for example: firewall + VPN, firewall + IPS, firewall of new generation, protection against advanced threats, etc.
At the time of creation or reconstruction of a data processing center, customers try to segment network. Segmentation can be performed agrees with the selected architecture of network, services, functions or regulatory requirements. Physical or virtual separation of networks allows to improve the service layer on security. Fortinet offers customers opportunities of both physical, and virtual segmentation of network, thanks to use of technology of virtual domains (VDOM).
FortiGate-200B и FortiGate-620B
FortiGate-200B and FortiGate-620B UTM devices and also the FortiOS 4.0 operating system correspond to General criterions (Common Criteria) with the estimated trust level (Evaluation Assurance Level) 4+. The certification which was carried out by third-party expert services testifies to high degree of reliability of products of security that is essentially important for corporate customers and government institutions.
Certification of Common Criteria includes a careful research and testing during which the tested products or systems in terms of aspects of security are studied in detail. Extensive multi-stage testing is held for check of degree of compliance of reality of the safety features declared the producer. Special attention during testing is paid to possible shortcomings of protection and potential vulnerabilities.
Multi-function printers of complex security (UTM) FortiGate provide a comprehensive high-performance and flexible protection for all spheres of business: from small remote offices to large corporations and providers of services. FortiOS – the specialized highly reliable operating system which uses hardware acceleration of the FortiASIC processors providing a broad set of network services in the uniform device is the cornerstone of the FortiGate platform.
The general criterions of assessment of security also known as ISO - 15408, were developed by the national organizations of security of the United States, Canada, Great Britain, France, Germany and the Netherlands. This standard provides a broad spectrum of criteria for evaluation of products of security for use in the commercial and state organizations.
The Fortinet company provided new products at a conference of the American national federation of retailers NRF which took place from January 13 to January 15, 2012 in the Jacob K conference center. Javits Convention Center in New York.
6 new products provided by Fortinet company include 4 new devices of the FortiGate family: FortiGate-60D, FortiWiFi-60D, FortiGate-60C-POE and FortiGate-60CM-3G4G-B. And also 2 new FortiSwitch platforms: FortiSwitch-124B-POE and FortiSwitch-224B-POE. Thus, Fortinet delivers the complete solution for distributed networks for which protection solutions of several vendors were required earlier. In turn, partners of the company have an opportunity to purchase for a comprehensive protection of network of the solution of one vendor which distinguish high quality, the unique price offer, low cost of ownership and which give an opportunity of centralized operation by geographically distributed network. The announced products enter new architecture of Fortinet for the distributed corporate networks.
This architecture consists of the following components:
- Level of management. Considering that corporate networks of most of retailers are geographically distributed today, the possibility of operational change of configurations of devices and management of them has basic value. Families of the solutions FortiManager and FortiAnalyzer of Fortinet help retailers to manage geographically distributed networks.
- Level of collection of information. As a rule, all information comes to head office of the retailer. At this level such key solutions on security as firewalls, control of applications and also VPN tunnels are applied.
- Level of separate shops. Level of separate shops requires security and a possibility of network interaction for a wide number of functions, including WiFi, effective interaction of voice and telecommunication networks. Also for effective interaction of users each shop should provide control of the used applications and protection against the malware. Products of Fortinet company, including, FortiGate, FortiWiFi and FortiVoice include all necessary functions for security of retail stores of new generation.
- The access level in corporate network. As shops begin to provide access to corporate network to the employees using tablets and to the buyers using mobile devices, the problem of ensuring secure access becomes extremely important. Products of Fortinet company provide control of secure access by identification of enemy access points, authentications, services of guest WiFi of access, restriction of transmission rate of traffic and balancing of loading.
New solutions of FortiGate-60D and FortiWiFi-60D are devices of network security of the next generation in which the new technology from Fortinet including architecture of SoC II (system-on-chip II) and specialized ASIC coprocessors is applied. It is the first case of use of technology which provides double performance in the field of the unified management of threats for devices of initial level. Besides that two these FortiGate devices differ in the best price offer and the best performance, more economical energy consumption and also bigger density of ports, they turn on such functions necessary for users as the high-performance firewall, IPS and protection against the malware.
FortiGate-60C-POE combines functions of security with 24-gigabit PoE ports which can support access points, routers and wireless repeaters to simplify infrastructure of network security on remote objects. This solution also provides protection of corporate devices and data with the help of a wide number of technologies in the field of information security for protection of the distributed corporate networks of retailers and remote offices. The solution having the built-in router and developed for protection of corporate network up to 3000 m ² allows to provide protection of communications of employees in the wireless networks and interactions of guest access points.
Products of the FortiGate-60CM-3G4G family have the built-in wireless WAN 3G/4G modem for ensuring interaction with wireless providers. This flexible platform can be added with the specialized modem and also to certify for different communication networks. This highly integrated device on security provides high degree of availability due to simultaneous use of high-speed wireless traffic 4G and a local network, and also protocol V.90 as support, eliminating the need for external USB WAN modems. This capability also does this device ideal for mobile booths in places which do not provide services of access to the wire Internet.
The FortiGate-60C device, with a performance of 1 GB / with, became the first product in a broad spectrum of solutions of Fortinet company which received the FSTEC certificate.
The certificate of the Federal Service for Technical and Export Control (FSTEC) confirms compliance of the FortiGate-60C device to requirements of the regulating document "Computer aids. Firewalls. Protection against unauthorized access. Security indicators from unauthorized access to information" on the 4th class of security for firewalls (RD ME-4). The certified hardware FortiGate-60C firewall can be used for creation of automated systems to a class of security 1G inclusive and during creation of personal data information systems to the 2nd class inclusive (ISPDN by K2).
Certification is performed according to the scheme of certification of production. The received certificate is sufficient for confidential information protection and personal data in the majority of personal data information systems.
Obtaining the FSTEC certificate for the FortiGate-60C device confirms high reliability and security of solutions of Fortinet company and also is the crucial requirement by consideration of questions of use of this device at creation or upgrade and expansion of IT infrastructures in the state organizations. About the device
FortiGate-60C is highly productive (1 Gbps) the solution for protection of networks of small and average offices and also remote branches. The device combines hardware acceleration of functions of network security, internal storage and support of broadband wireless connection.
"We waited for it long ago, Fortinet - the world leader in the field of complete solutions of security (UTM devices) and in addition to recognized international certificates with such Common Criteria Evaluation Assurance Level 2 (EAL 2+), ICSA Labs and NSS Labs, the solution at last received also the Russian certificate of conformity to Specifications. Existence of the FSTEC certificate allows to use the hardware FortiGate-60C firewall in information systems which require confirmation of conformity of the applied means of protecting, including in systems processing personal data, - Skasyrsky Jan, the head of the Russian representative office of Fortinet in Russia says. - And also existence of the certificate of conformity allows to use the hardware FortiGate-60C firewall in those companies which should use the certified software products. Public institutions of different fields of activity, and a number of the commercial enterprises working with information of limited distribution, as a rule, treat them. Certification of FortiGate-60C was initiated by the Russian representative office of "Fortinet" in a voluntary order for the purpose of increase in the trust level of users to this device."
The device of complex security FortiGate-3140B is intended for the large companies and data processing centers which are demanding maximum capacity from the firewall, the server of virtual private networks (VPN) and an intrusion prevention system (IPS) necessary for optimization of protection against complex threats, the malicious software and constantly evolving methods of manner of protection in high-speed networks.
Thanks to processors of own development FortiASIC, the FortiGate-3140B device provides the large companies with a performance of firewall of 58 Gbps, performance of IPS is 10 Gbps, VPN-to 22 Gbps. At the same time the device has the compact sizes (2RU) allowing to save the place in wiring closets. The new device is standardly delivered with ten 10-GbE interfaces. For ensuring the most flexible protection of different network environments the device is equipped with only 22 ports that does it ideal for data processing centers and other applications with high consumption of bandwidth. The unsurpassed density of ports allows to use FortiGate-3140B as the high-performance firewall or as the device of complex security which without performance penalty can be easily configured for support of VPN, IPS, control of applications, functions of an antispam and anti-virus functions. Equipped with the third release of the FortiOS 4.0 MR3 operating system, the FortiGate-3140B device provides additional gain the politician and stream inspection for Web filtering and shaping of traffic.
On May 17, 2011 the Russian representative office of Fortinet announced that the solution of information security of the corporate level Fortigate-3950B received assessment 95/100 in the BreakingPoint Resiliency Score test that became the highest result in the history. The automated BreakingPoint Resiliency Score tests are based on industrial standards of performance, protection and stability of network solutions and solutions of security.
The set of The BreakingPoint Resiliency Score standards is a measuring instrument of quality of operation of network devices and devices of network security. The automated and standartizivanny methods of determination of flexibility of a network infrastrutura, network equipment and data processing centers enter it.
The BreakingPoint Cyber Tomography Machines (CTM) standard determines performance, security and stability of the networks and data processing centers working with real traffic online of the attacks and also in the conditions of extreme user loads and accidental input data for applications. The BreakingPoint Resiliency Score test has a scale from 1 to 100.
Fortinet provided for tests the solution which is based on the FortiGate-3950B platform with the installed FortiOS 4.0 MR3 operating system and using two the built-in 10 Gigabit Ethernets of the interface which allow to increase capacity both the firewall, and IPSec VPN. Measurements were performed using the BreakingPoint Storm CTM device containing one 4th the port network interface card 10-Gbit Ethernet.
Complete solutions of security of FortiGate from Fortinet are hardware accelerated safety controls which functionality the firewall, VPN-the SSL and IPSec tunnels, control of applications, an intrusion prevention system, filtering of web content, an antispam, protection against leaks and malware, check of traffic of SSL and optimization of the WAN connections enters. The uniqueness of platforms of FortiGate consists in a set of chips of own development – FortiASIC which together with the processor of general purpose reduce delays when processing packets, without reducing quality of data validation regarding existence of the latest threats.
The new product provides a comprehensive protection from network threats, has the high performance and flexibility of deployment that is very important for the small and medium enterprises and also for branches of the large companies.
The new FortiGate-100D device integrates in itself a broad spectrum of sensing technologies and prevention of the attacks in a single platform that helps small networks to protect successfully users, data and systems from the purposeful attacks of the cybercriminals directed to penetration into network and theft of valuable information.
The FortiGate-100D device allows to provide high reliability of network functioning which is so necessary for customers. First, requirements to capacity grow because of processing of large volume of data every year, and also uses of appendices which high-quality video quite often contain. Secondly, users actively use mobile devices, including smartphones and tablets, for an information access and to applications. These mobile devices transfer packets of the smaller size therefore the firewall needs to process a large number of connections per second. And, thirdly, the majority of difficult modern threats are implemented at the application layer therefore it is necessary to detect and prevent the attacks which are built in thousands of different applications. As a result of the company face serious problems of security, control and infrastructure management of the enterprise which constantly changes, and requirements to performance grow.
Considerable potential and high performance of new FortiGate-100D allow to provide growth of network and expansion of branches. The device combines the firewall, control of applications, IP Sec and SSL VPN, an intrusion prevention system, an antivirus, protection against the malware, an antispam and a possibility of web filtering that allows the companies to provide reliable protection against new viruses, network vulnerabilities, hearts, spam and phishing attacks.
The device has the internal memory of 16 GB for archiving of data, generation of SQL reports or use of WAN optimization. Function of optimization of WAN becomes especially demanded in connection with high requirements to performance. Permanent data exchange can significantly reduce data transfer rate between branches and the central office, use of optimization increases performance due to reduction of number of the communications transmitted between applications and servers through a global network. Optimization of WAN will help the organizations to cope with performance concerns of applications and availability of information.
Considering limitation of resources in the small companies or branches of the large companies, FortiGate-100D is the attractive solution which can be set in several minutes using FortiExplorer setup wizard, besides, there is a regular automatic update of all subscriptions of FortiGuard that allows to provide modern protection against network threats without need to contain in staff of the engineer on security.
As well as other devices of a line FortiGate-100D has the FortiOS operating system which uses specialized high-performance FortiASIC processors, Advantages of FortiGate-100D
- In FortiGate-100D possibilities of remote access of a large number of users are improved, system performance of an intrusion prevention (IPS) and speed of a stream antivirus is increased.
- Capacity of the firewall of 2.5 Gbps, and system performance of IPS of 950 Mbps, the device supports up to 2.5 million simultaneous sessions.
- Due to the permanent growth of number of mobile users who need to transfer confidential information to the central office the FortiGate-100D device is supported to the 5000th by the client gateways of IPSec VPN and prior to 200 simultaneous sessions of SSL VPN.
- In comparison with the previous FortiGate-110C model capacity of an antivirus is increased by 4.5 times: the maximum capacity of a stream antivirus of 700 Mbps and 300 Mbps in the proxy mode.
For simplification of deployment of network infrastructures of any complexity of FortiGate-100D has the greatest number of ports among devices of the price range. The device is equipped with 22 gigabit ports which allow to separate network into independent zones, 2 WAN ports for ensuring the maximum reliability and also specialized port DMZ which allows to provide the additional level of protection of Web servers. Besides the device has USB port for external control and setup.