The name of the base system (platform): | Fortinet Security Fabric |
Developers: | Fortinet |
Last Release Date: | 2023/06/11 |
Technology: | Information Security - Antiviruses, Information Security - Firewalls |
Main article:
2024: Hackers infect 20,000 Fortinet devices worldwide via VPN client
In mid-June 2024, it became known that hackers working for the Chinese government gained access to more than 20,000 Fortinet VPN devices, exploiting a critical vulnerability that the company did not disclose for two weeks after it was fixed.
The hazard assessment of the identified vulnerability was 9.8 out of 10 points. Network security software maker Fortinet fixed the vulnerability on November 28, 2022, but did not disclose the threat until December 12 of that year. More than six weeks after the vulnerability was fixed, Fortinet warned that the attacker was using this window to infect government equipment and related organizations with a malicious custom-made virus.
Netherlands Chinese state hackers exploited this vulnerability to install the CoatHanger backdoor on Fortigate devices inside the Dutch Ministry of Defense, the government said. They downloaded, malware specially designed for the base, operating system FortiOS which was not deleted even after a reboot or firmware update. Officials have warned that CoatHanger is also capable of circumventing traditional protections. However, the damage caused by hackers turned out to be uncritical, since it did not affect the equipment of secret units.
However, Chinese state hackers have infected more than 20,000 FortiGate VPN devices sold by Fortinet and include dozens of Western governmental institutions, international organizations and defense industry companies. Representatives of the National Center of cyber security the Netherlands urge users to pay special attention to this hacker attack.[1]
2023: More than 300,000 firewalls exposed to critical vulnerability due to upgrade failure
Bishop Fox information security specialists report that more than 300,000 FortiGate firewalls are subject to a critical CVE-2023-27997 vulnerability (CVSS: 9.8) despite the fact that Fortinet released an update a month ago that fixes this flaw. This became known on July 4, 2023.
The Remote Code Execution (RCE) vulnerability occurs due to a heap buffer overflow problem in FortiOS, the operating system that connects all Fortinet network components to integrate them into the Fortinet Security Fabric platform.
CVE-2023-27997 allows an unauthenticated attacker to remotely execute code on vulnerable devices with an SSL VPN interface open on the Internet. Fortinet fixed the vulnerability on June 11, 2023, before publicly disclosing it by releasing firmware versions of FortiOS 6.0.17, 6.2.15, 6.4.13, 7.0.12 and 7.2.5.
Despite calls for a fix, more than 300,000 FortiGate firewalls are still vulnerable to attacks and available over the internet, according to Bishop Fox.
Bishop Fox researchers used the Shodan search engine to find devices that responded in a way that pointed to an unsecured SSL VPN interface. This was achieved by searching for devices that returned a specific HTTP response header.
Experts filtered the results to those that were redirected to "/remote/login, "which is a clear sign of an open SSL VPN interface. Thus, the researchers found about 335,900 FortiGate firewalls available over the Internet that are vulnerable to attacks.
Bishop Fox also found that many of the open FortiGate devices have not received updates for the past 8 years, some of them running FortiOS 6, which ended support on September 29, 2022. These devices are vulnerable to several critical vulnerabilities that have public Proof of Concept (PoC) exploit code.
To demonstrate that CVE-2023-27997 can be used to remotely execute code on vulnerable devices, Bishop Fox has created an exploit that allows you to reconnect to the attacker's server, download a BusyBox binary file and open an interactive shell.
Bishop Fox researchers recommend that FortiGate users update their firmware to the latest version as soon as possible and disable the SSL VPN interface if it is not used.
On March 7, 2023, Fortinet released security updates to address a critical vulnerability under the CVE-2022-41328 identifier. It allowed attackers to remotely execute unauthorized code on the target system. The attacks targeted computers with outdated software and targeted primarily large government organizations around the world. Malicious operation led to damage to the operating system and loss of data[2]
2021
FortiGate 3500F
On August 9, 2021, the company Fortinet announced the next firewall generation of FortiGate 3500F Next-Generation (Firewall NGFW) to protect organizations with hybrids data centers as part of an ever-evolving threat landscape and. attacks programs extortioners FortiGate 3500F offers proper Security Compute Rating metrics for industry verification SSL , including TLS1.3, with automatic post-decryption for threat protection. In addition, FortiGate 3500F implements zero-trust network access (ZTNA) capabilities, which additionally provides continuous safety and user experience anywhere thanks to a security-based network approach.
With FortiGate 3500F Fortinet is a provider that initially integrates access proxy capabilities into its NGFWs to enable zero-trust network access. In addition, FortiGate 3500F allows organizations to protect themselves from ransomware threats and attacks by providing the right Security Compute Rating (6x for performance), including TLS1.3, for ongoing end-to-end security. |
According to the company, with the transition to remote work, organizations are implementing hybrid data centers to optimize responsiveness by deploying some resources in multiple clouds, while maintaining other business-critical applications and data in local data centers for compliance and control. However, as the data center infrastructure becomes more distributed, the attack surface expands and more blind spots appear, reducing transparency and increasing the likelihood of hacks and attacks. It is critical for organizations to check encrypted threads to detect all types of attacks, especially malware, that are hidden in secure channels to prevent the spread of ransomware and violation of command and control attacks to steal customer and company data.
Organizations also need a strategy to manage excessive implicit trust and ensure that the growing volume of encrypted traffic that cybercriminals are increasingly using to mask malicious traffic is verified. Otherwise, organizations will struggle to secure growth and accelerate digital transformation because their traditional security strategy and solutions cannot meet the growing needs of the business.
To address these challenges, FortiGate 3500F NGFW helps organizations ensure business continuity and appropriate security for hybrid data centers. With a compute security rating (SCR) of 6x IPsec, FortiGate 3500F NGFW protects the data center boundary, core, and interconnect, providing a secure path from data center to data center to create disaster recovery sites. It also allows organizations to protect data center channels - cloud storage. Other key features of FortiGate 3500F:
- Fortinet's FortiGuard security services and ASIC SPUs provide hyper-scalable protection against ransomware and complex threats: FortiGate 3500F is powered by specialized Fortinet ASICs (SPUs), such as NP7 and CP9. FortiGate 3500F offers Security Compute Rating, including TLS1.3 support, to detect threats such as ZEUS, Trickbot, Dridex, and protect organizations from attacks on networks, applications and files, as well as many other complex threats. FortiGate 3500F is also natively integrated with FortiGuard security services. This additionally helps organizations protect themselves with network antivirus, mail protection, DDoS protection, and similar features such as IPS and anti-malware solutions.
- Built-in access proxy capabilities such as zero-trust network access (ZTNA): FortiGate 3500F - NGFW, which initially combines access proxy capabilities to provide zero-trust network access (ZTNA). This enables organizations to place applications anywhere with consistent policy controls to enable and protect hybrid work models with an intuitive user interface.
- Intuitive user interface through consolidation: Fortinet further offers a security-based approach to the network with FortiGate 3500F, which combines security and networking capabilities including secure SD-WAN and zero-trust network access. Fortinet offers Secure SD-WAN, SD-Branch and ZTNA in one offering.
FortiGate 7121F и FortiExtender 511F-5G
Fortinet on May 18, 2021 announced the release of FortiGate 7121F and FortiExtender 511F-5G to further improve security and accelerate the adoption of 5G technologies. Equipped with Fortinet's patented ASICs SPUs, FortiGate 7121F provides the high security needed for 5G networks and enterprise zero-trust access, while FortiExtender 511F-5G provides wireless WAN connectivity for SD-WAN and SASE solutions.
Fortinet has invested heavily in the development of its 5G security portfolio. By providing an NGFW network, we help service providers protect wireless and Internet interfaces with price-performance values. In addition, FortiExtender's revamped 5G provides more connectivity to the global network and is fully integrated into FortiGate's SD-WAN policy engine, said John Maddison, first vice president of product and solutions marketing at Fortinet. |
5G will deliver transformation and innovation for both businesses and mobile operators (MNOs). To fully unlock the potential of this network generation, a 5G ecosystem is being formed that includes operating technology (OT), as well as suppliers of industrial controls and providers of public cloud services to create sets of applications and services that will stimulate the transformation of industrial enterprises. This expanded 5G ecosystem provides additional pros for attackers and expands the surface of digital attacks, creating cybersecurity risks. These risks must be addressed to avoid disruption and ensure low latency, high reliability, and scalability without compromising end-to-end security and compliance.
To address this challenge, FortiGate 7121F integrates network and security through a security-based network approach to provide complete visibility, scalability, and advanced security to protect critical business applications in a distributed and hybrid 5G ecosystem. With a large range of Security Fabric, Fortinet provides end-to-end security for private and public 5G network ecosystems, and provides flexible connectivity and threat analysis.
5G connectivity provides users and organizations Internet with ultra-fast access speeds in, providing employees working from anywhere with less signal latency. The FortiExtender 511F-5G wireless WAN provides 5G connectivity at less than 6 GHz to support SD-WAN and SASE solutions. FortiExtender is easy to configure and connect to the solution Secure SD-WAN от Fortinet to provide flexible WAN connectivity for hybrid WAN and improve user experience. FortiExtender also provides thin 5G edge connectivity to FortiSASE for cloud security and validation, offering fast and secure wireless WAN connectivity for a variety of business areas including retail, trade OT and. health care
As an integral part of Fortinet Security Fabric, FortiGate 7121F and FortiGate's portfolio complement Fortinet Security Fabric's ability to create value for both industrial and mobile network operators by providing consistent security across 5G and OT private and public networks, multi-access edge computing environments, and public private cloud environments through:
- End-to-end security and optimized operations for industrial enterprises: Fortinet Security Fabric provides scalable security from RAN to core and multi-access edge computing (MEC). This enables industrial enterprises to implement digital innovation, flexibility, increased security, and compliance while optimizing performance and eliminating latency.
- Creating value-added differentiated services: Mobile network operators use Fortinet Security Fabric to create differentiated value-added value-added services for their corporate customers implementing private and public 5G networks. In addition, mobile carriers rely on Fortinet to protect their own private and public 5G networks, allowing them to provide RAN security gateway, roaming security, reduce vulnerability of major 5G APIs, and provide overall transparency and security automation.
- Efficient Operations - With the Fortinet Fabric Management Center, Fortinet streamlines network and security operations and simplifies workflows. This is partially possible thanks to the integration of Security Fabric with more than 400 Open Fabric Ecosystem partners in technological areas, including the cloud, OT, IoT, SD-WAN, networks and much more.
FortiGate 7121F, powered by Fortinet SPU processors, offers some of the highest performance in the industry, including a high computing security rating over competing next-generation firewalls. Security Compute Rating is a benchmark (performance multiplier) that compares the performance of the FortiGate network firewall to the industry average for competing products in different categories within the same price range. In addition, FortiGate 7121F twice as fast as the industry average for threat protection and 19 times faster for SSL decryption, helping businesses eliminate blind spots.
Eliminate denial-of-service vulnerability
Fortinet has fixed critical vulnerabilities in FortiWeb, FortiGate and FortiDeceptor. This became known on January 7, 2021. The discovered vulnerabilities allow an attacker to gain access to sensitive data, cause a denial of service, or compromise a vulnerable device. Read more here.
2020
Based on the DataLine network protection service
DataLine on December 15, 2020 announced the launch of a network protection service based on the FortiGate virtual firewall. Read more here.
FortiGate 2600F
On November 5, 2020, Fortinet announced FortiGate 2600F, a firewall capable of securing multiple network peripherals at once, including hybrid data centers, multi-cloud environments and a large number of remote workstations. FortiGate 2600F, equipped with specialized Fortinet, NP7 and CP9 security processing units (SPUs).
According to the company, these opportunities led to the following options for using the solution by large organizations:
- High-speed cloud deployment: FortiGate 2600F enables high-speed cloud deployment to connect enterprise data centers to multiple cloud environments, enabling organizations to leverage cloud applications for big data analytics.
- Edge protection at any scale: FortiGate 2600F provides full visibility through SSL validation (including TLS1.3), detects unauthorized applications and threats, and protects users and data that traverse hybrid data center environments to manage external risk. FortiGate 2600F provides hardware-accelerated fault tolerance by measuring IPv4 and IPv6 DDoS for avalanche attacks to ensure business continuity for peripheral services.
- Flexibility to expand the capabilities of a large number of remote employees: FortiGate 2600F is designed to provide flexibility to allow a large number of remote employees to connect to the network. FortiGate 2600F ensures the confidentiality and integrity of the company's data when transmitted and monitored in accordance with the organization's existing cybersecurity policy. FortiGate 2600F offers an average of 9 times faster IPsec VPN, allowing organizations to provide business continuity while maintaining ongoing operations.
- Simplifying operations and increasing ROI: As of November 2020, a Fortinet survey of cybersecurity decision makers found that nearly 70% of organizations are concerned about internal threats. FortiGate 2600F combines segmentation, SD-WAN, and network firewall capabilities in a single, compact platform to help large enterprises reduce complexity, simplify operations, and take advantage of increased ROI. 2600F also reduces the attack surface through segmentation and protects enterprise data and business applications with artificial intelligence/machine learning-based FortiGuard Labs Services . FortiGate 2600F provides hardware-accelerated VXLAN segmentation for secure and fast connectivity in hybrid IT architectures using virtual LAN extensions (VXLANs).
Corporations are accelerating digital innovation initiatives while also having to protect remote and hybrid workforces. In this complex environment, it is critical to deploy a system that can provide enterprise-class security anywhere. |
FortiGate 2600F Features:
- FortiGate 2601F Specification
- Firewall 198Gbps
- IPsec VPN 55Gbps
- Threat Protection 20Gbps
- SSL Verification 20Gbps
- Parallel connections 24M
- Connections per second 900k
Fortinet's Security Processing Units (SPUs), including NP7 and CP9, are designed to optimize the speed, scale, performance, efficiency, and value of Fortinet solutions. At the same time, they optimize the user experience by reducing footprint and energy requirements.
FortiGate 4400F
On August 13, 2020, Fortinet unveiled the FortiGate 4400F hyperscale firewall.
According to the company, FortiGate 4400F is equipped with a seventh generation Fortinet (NP7) network processor that offers hardware acceleration, making it a firewall that is fast enough to protect hyper-scalable data centers and 5G networks.
Today's digital innovation organizations face growing and often unpredictable resource needs that quickly outpace their security solutions . As a result, security has become a bottleneck for traffic coming in and out of most hyperscale data centers. This has a negative impact on user interaction and results in reduced performance, resulting in many network administrators being pressured by business units to mitigate security. Allowing all traffic to enter and exit an organization's network without security puts organizations at risk of cyberattacks that could severely undermine their brand reputation and lead to potential loss of revenue due to prolonged downtime. Although many organizations have deployed hyperscale network architectures, achieving hyperscale security has proven to be a major challenge. For August 2020, some vendors say they are implementing hyper-scalable security with multiple firewalls combined to achieve a hyper-scalable architecture that has proven cumbersome and expensive. Hardware acceleration with dedicated NP7 FortiGate 4400F network processors is a compact, scalable and powerful device that keeps pace with the growth of today's hyper-scalable data centers and provides the following uses:
- Electronic retail. trade Enables e-retailers to provide their customers with user experience while maintaining tens of millions of connections per second, providing the required 4th level of security and hardware-accelerated prevention of distributed denial of service () DDoS attacks.
- Research: Improves the performance of research centers and other industries, such as the oil and gas industry, by supporting the secure transmission of extremely large datasets - also known as elephant flows - at speeds up to 100 Gbps. In situations where high-speed encryption is required, IPsec can be quietly activated to support high-bandwidth IPsec tunnel flows.
- Financial institutions, cloudy providers and other large enterprises. Enables enterprises to run services in the most flexible and secure way to improve productivity and revenue. By accelerating VXLAN-based segmentation, FortiGate 4400F provides connectivity between highly scalable services (such as computing, storage or) applications that are hosted in the physical and. virtualized domains
The modern hyper-connected world allows data exchange between the user, user and machine, as well as between machines, which, in turn, imposes security requirements, the scale of which should be extensive. As they move from 4G to 5G, these requirements will be pushed to the limit as network operations groups must ensure both security and business continuity. Most solutions lack the scale needed to overcome a shortage of IPv4 addresses, meet increasing mobile bandwidth requirements, and increase the number of encrypted tunnels connecting the infrastructure. The latter, in turn, does not allow telecom operators to serve a large circle of customers. FortiGate 4400F solves these problems by providing:
- Carrier Layer Network Address Translation (CGNAT), which provides a hyperscale packet delivery network (PDN).
- Critical scale for security gateway (SecGW) in 4G and 5G networks for radio access network management (RAN) enabling service providers to build networks with the required bandwidth.
- Allows service providers to differentiate their customer offerings by providing value-added services such as parental controls with technologies such as URL filtering.
FortiGate 4401F Specification:
- Firewall 1.2Tbps
- Parallel connections 600M
- Connections per second 10M
- IPsec VPN 420Gbps
- Threat Prevention 70Gbps
- SSL inspection 65Gbps
FortiGate 4400F, as part of the Fortinet Security Fabric integrated security platform, also secures hybrid data centers:
- Protection against attacks known for August 2020 using artificial intelligence-based FortiGuard services, including web filtering and intrusion prevention system services.
- Proactive threat detection for any segmentation that the customer plans to implement with a 2x security rating.
- Complete threat visibility and blind spot resolution with SSL scanning, including TLS 1.3.
- Protect business-critical applications and servers with virtual patches using consolidated IPS.
Secure SD-WAN as an integrated FortiGate feature
On July 20, 2020, Fortinet introduced Fortinet Secure SD-WAN for multi-cloud environments, a network and security solution that can respond to the common challenges of performance, visibility, cost, and control that arise from deploying applications across multiple cloud environments by leveraging SD-WAN across multiple clouds and regions. Fortinet offers a secure SD-WAN as an integrated feature of FortiGate Next Generation Firewall based on ASIC SD-WAN. Read more here.
FortiGate 4200F on Fortinet processor NP7
On May 18, 2020, Fortinet introduced the FortiGate 4200F firewall, designed to provide the scalability and performance needed for modern and future networks.
"Recently, the lack of performance and scalability of integrated firewalls and VPN solutions has challenged organizations to scale their initiatives for secure remote access. Organizations using traditional firewalls could not scale between multiple applications and had to update existing or even install completely separate devices. FortiGate 4200F, powered by a 7th Generation Network Processor (NP7), delivers 10 times the performance of solutions at the same price point. " |
Fortinet believes that organizations should be able to expand and adapt their network security to changing business conditions at any time. Whether an organization is rebuilding its network to suddenly support remote work or leveraging digital innovation, performance and scalability are key factors. The multitude of cybersecurity solutions available simply cannot provide speed and scale at a price that most companies can afford. This is due to the fact that security manufacturers simply do not invest in the technologies necessary to meet the requirements of the modern digital workplace with minimal cost. This forced organizations to acquire cybersecurity solutions with minimal headroom for performance and scalability. As a result, when a critical event occurs or the market requires digital innovation, firewalls become a "bottleneck" rather than an opportunity driver.
Fortinet introduces the FortiGate 4200F firewall to meet the scale and performance requirements of today's data center realities. An integral part of Fortinet Security Fabric, FortiGate 4200F was specifically designed to provide an innovative, security-centric networking approach that seamlessly integrates security into the company's network resources. FortiGate 4200F hardware acceleration using the seventh-generation NP7 Fortinet network processor provides Security Compute Ratings 5-15 times higher than comparable competitor solutions, Fortinet claims.
According to the developer of the solution, with such performance indicators, FortiGate 4200F provides ultra-fast firewall, accelerated internal segmentation and scalable, Remote Work Solutions protecting pereference and the core of the processing center data in various cases of use.
FortiGate 4200F, powered by a 7th generation processor (NP7), radically increases the speed, scalability and performance of large enterprise data centers, according to Fortinet. 4200F delivers high performance and scalability to safely innovate digitally and meet the high capacity and performance requirements of critical business operations across a wide range of vertically integrated and large enterprises operating in areas such as financial services, healthcare, education, advanced research, and high-speed e-commerce.
Examples of using FortiGate 4200F:
- Financial Scalable Remote Access Organizations: In this ever-changing world, customers across industries are increasingly allowing remote workers to connect quickly - speed is the same as performance. FortiGate 4200F offers Security Compute Rating - 10x for performance, encrypted by, and to the protocol IPsec allows organizations to ensure business continuity while maintaining current operations.
- Large manufacturing and energy companies managing homeland security risks: Reducing the scope of attacks, especially in today's dynamic environment, is necessary to protect critical applications and infrastructure. Ensuring reliable access and achieving compliance requires large-scale segmentation for businesses. FortiGate 4200F has a Security Compute Rating of 5x for SSL validation (including TLS 1.3) and provides optimal price/performance.
- High-speed providers electronic retail and e-commerce event-based connection bursts: Managing previously unseen bandwidth levels and supporting up to tens of millions of user connections per second are virtual business-critical. FortiGate 4200F with Security Compute Rating 15x for connections per second provides high-performance protection to meet growing business needs without compromising user experience. With 8x security computing, FortiGate 4200F provides the necessary firewall for a wide range of online companies.
- Cutting-edge pharmaceutical research, oil and gas and government organizations in need of supporting huge data streams: Modern data centers find it difficult to secure the transmission files of huge data sets (e.g., 1 TB) for activities such as modeling/used AIML as part of cutting-edge scientific research. FortiGate 4200F allows fast transmission, large datasets supporting numerous elephant flows at a speed of 100 Gbps.
- Cloud providers and large enterprises that need to segment massively scalable virtual networks: Typical security products using Virtual Extension LAN (VXLAN) software solutions have low performance and high latency, increasing maintenance time. FortiGate 4200F offers VXLAN hardware acceleration for secure and ultra-fast communications without affecting performance.
FortiGate 1800F
On March 16, 2020, the company Fortinet unveiled firewall FortiGate 1800F Next-Generation (Firewall NGFW) based on the company's NP7, seventh-generation network processor that will enable businesses to achieve true internal segmentation as well as scale, performance, discovery and enforcement capabilities.
FortiGate 1800F based on NP7 has a Security Compute Rating ranging from 3 to 20 times faster than similar products from our competitors. This enables our customers to deploy FortiGate 1800F as an internal segmentation firewall and effectively strengthen their security posture, " |
As noted in Fortinet, digital innovation destroys established corporate structures, creating new services and business opportunities, as well as increasing risk in all industries. industries The explosive introduction IoT of both mobile devices applications and services from many clouds pushes the surface beyond attacks traditional networks. An expanding and fragmented attack surface undermines network security leaders' ability to maintain network performance, security, reliability, and availability.
In modern data centers , many enterprise architectures are built on high-performance to infrastructure routing and switching without integration security. To provide flexibility and mobility in such an environment, networks are increasingly flat and open, which means that security within the internal network is in most cases provided at the basic level and is limited to virtual LANs and Layer 4 lists access. Thus, in the event of a security breach, by going beyond the security perimeter, they can hackers easily move and freely access credentials, to data resources and data. The lack of security infrastructure in the internal network also significantly limits the ability of the organization to track suspicious traffic and data flows, which prevents the possibility of detecting a hack.
Enterprises trying to successfully segment their network have encountered a problem - security performance. Today's companies have unprecedented requirements for the performance of their infrastructure, which often cannot be compared with existing security solutions. For most enterprises, traditional security devices built with off-the-shelf processors and security traffic processing equipment have become a weak point in the infrastructure, resulting in poor user experience and application performance. Yesterday's performance figures are no longer enough to ensure security and allow businesses to keep pace with innovation, Fortinet stressed.
According to the manufacturer, FortiGate 1800F is equipped with a NP7, a specialized seventh generation Fortinet network processor specially designed to allow large enterprises to cope with unprecedented levels of data and application requirements. NP7 offers the ability to segment and run services, manage internal and external risks, and preserve the quality of user experience.
According to Fortinet for March 2020, FortiGate 1800F is an integral part of Fortinet Security Fabric and provides several of the highest computing security ratings:
According to the manufacturer's statement, FortiGate 1800F NGFW is designed for large enterprises to rapidly and securely implement digital innovation, offering opportunities to meet the high capacity and performance requirements of critical business operations such as:
- Managing internal security risks: Most firewalls simply cannot work fast enough to provide internal segmentation. With many high-speed 40G interfaces and high-performance security-rated threat protection 3x, FortiGate 1800F enables enterprises to segment their network correctly to manage internal security risks. In addition, FortiGate 1800F intelligently adapts to segmented users, devices, and applications, regardless of location, whether locally or across multiple clouds, providing automated threat detection and protection.
- Cloud acceleration: storage enciphering IPsec Must be high-performance to enable and accelerate cloud storage in organizations that use multiple clouds for services and. IaaS SaaS FortiGate 1800F offers a high 14x security computing rating for enciphering IPsec, providing the speed, scale, and availability organizations need when moving to the cloud.
- Blind spot removal: With 60 percent of encrypted traffic containing malware, the effectiveness of SSL validation has become critical to proper network protection. FortiGate 1800F offers high performance SSL validation with a 20x security computation rating, as well as support for the TLS 1.3 industry standard for network blind spots, providing full visibility of plaintext and encrypted network flows.
- Providing service security in hybrid architectures: Traditional security software solutions have low performance and high latency, which increases service time and degrades user experience. The FortiGate 1800F Virtual LAN Extension (VXLAN) feature provides scalable, adaptable internal segmentation and ultra-fast communication between extremely scalable services such as computing, storage, and applications that reside on physical and virtual platforms. This enables organizations using a highly scalable virtual service architecture to run services and applications in the most flexible way to improve performance and revenue opportunities.
- Incorporating safe advanced research: Organizations often translate their research into AI and machine learning simulations to detect their targets faster. For example, pharmaceuticals can measure the effectiveness of new drugs or develop drugs faster with less risk and possibly less cost. AI/ML modeling requires the transfer of huge datasets (e.g., 1 TB files) called elephant flow, which modern data centers struggle to provide secure transmission, resulting in slower research and collaboration. The powerful capabilities of FortiGate 1800F allow research organizations to perform big data analysis and natural language processing at a high rate, when one stream of elephants can reach a transfer rate of 40 Gb/s. Equally important is that with NGFW FortiGate 1800F these streams are protected by high-performance encryption for privacy and compliance.
With its scalability, performance, acceleration and internal segmentation capabilities, Fortinet believes that the speed and dynamism that NP7 offers provides large organizations with the ability to develop and segment services, manage internal and external risk, and retain user experience. NP7 will also provide future FortiGate devices with flexible and high-performance security for superscale data centers.
Adding Fortinet FortiGate Secure SD-WAN to Equinix Network Edge Structure
On February 12, 2020, Fortinet announced a partnership with Equinix. The goal of the project is to accelerate the connection to cloud networks by adding the Fortinet Secure SD-WAN solution to the Equinix's Network Edge structure.
Business is increasingly turning to SD-WAN to improve user experience, reduce costs, and optimize connectivity to multiple cloud platforms from a variety of branches and departments.
As of February 2020, more than 21,000 customers have opted for Fortinet Secure SD-WAN, with many opting to deploy the solution directly to branch offices to accelerate cloud adoption and improve ease of use for business applications. For enterprises that implement the Cloud First strategy, or hybrid multi-cloud strategy, using multiple open clouds to connect faster from WAN boundaries, Fortinet Secure SD-WAN is now available as a virtual network service through Network Edge on the Equinix platform.
Connecting Fortinet Secure SD-WAN to Network Edge enables Equinix to provide enterprise customers with a cloud-based solution in a variety of open clouds with a full-featured SD-WAN scalable from midsize to large distributed enterprises. With this, enterprise customers will be able to solve problems related to delays in accessing multi-cloud applications and optimize their cloud connections without compromising security. It also expands the capabilities of Fortinet Secure SD-WAN by adding the colocation option, which is available through a hardware device, as an NFV for local deployment, as well as as a virtual device for all major cloud providers. Fortinet Secure SD-WAN provides faster throughput for workloads available from any public cloud service provider around the world, with full support for multiple and hybrid clouds.
With integration firewall Next Generation (NGFW), Fortinet Secure SD-WAN, now available through Edgeix Network Edge, enables organizations to not only accelerate cloud connectivity through public clouds and applications, SaaS but also provide sustainable security. Simplified operations with centralized management and analytics enable enterprise customers to initialize a zero-touch system for faster deployment. A flexible licensing model based on the bring-your-own-license or subscription-based pay-as-you-go approach allows customers to choose the licensing model that best meets their needs.
Most of our customers use multiple cloud providers, so it's very important for them to be able to choose where they deploy services. Partnering with Equinix and offering Fortinet Secure SD-WAN through Network Edge gives our customers additional deployment flexibility, enabling them to place services outside of branches and accelerate cloud operations. said John Maddison, First Vice President of Product and Solutions Marketing at Fortinet
|
{{quote 'author = noted Bill Long, Senior Vice President, Core Product Management, Equinix' Equinix's Network Edge services accelerate digital transformation for global businesses, allowing companies to virtually upgrade networks. By using Fortinet Secure SD-WAN as a virtual network service on Network Edge, customers can potentially reduce capital costs while seamlessly deploying simplified WAN Edge operations closer to end users, clouds, and valuable ecosystems in broader locations. }}
Integration with Office Control and DLP Safetica
Safetica introduced an updated version of the Office Control and DLP Safetica solution. This was announced on January 28, 2020 by ESET. One of the most important updates is integration with Fortinet using the Fortigate API. By integrating Safetica with Fortinet (FortiGate, FortiMail, and FortiSIEM), you can easily recognize information, protect sensitive information, or create a comprehensive threat management system with minimal time and resources. Read more here.
2019: Integration of FortiGate Next-Generation Firewall with Switches and Routers for Ruggedcom Multi-Service Platform
Fortinet, a company specializing in global integrated and automated security architectures, on November 25, 2019 announced the creation of a technological partnership within the framework of an existing alliance with Siemens. In addition, the release of the first joint integrated product and its global availability for customers of industrial networks (PS) has been announced.
Recognizing the growing requirements cyber security construction for PS and the market's need for specially designed products, Siemens decided to join the Fortinet Fabric-Ready Technology Alliance partner program to participate in the challenges posed by PS-network convergence IT. Building a broad, ecosystem-wide technology partnership is a key element in building an infrastructure Fortinet Security Fabric that uses Fortinet and partner products to ensure full collaboration security.
The first joint solution between Fortinet and Siemens under the Fabric-Ready partnership was the integration of the FortiGate Next-Generation Firewall with the Ruggedcom Multi-Service Platform family of switches and routers. It improves security in critical infrastructure locations, such as power plants, while simplifying management and reducing footprint and power requirements.
The solution provides a separate integrated device for PC. By simplifying the deployment of only one unit, it eliminates the difficulties associated with providing power, choice of location, physical security and availability, which are characteristic of deploying a solution from several devices. The application of remote management simplifies the task of deployment and subsequent management. In addition to this product, Siemens is preparing to offer the market a FortiGate Next-Generation Firewall VM virtual machine developed at Fortinet. It will be supplied with APE 1808, expanding the horizons for the use of advanced protective equipment for IR.
In general, this announcement and the accession of Siemens to the Fabric-Ready partner program lead to an increase in the list of integrated security solutions available to PS customers through the Fortinet Security Fabric infrastructure.
2018: Solar Dozor Integration
The solution for protection from data breaches Solar Dozor Solar Security firewalls and the next generation FortiGate next-generation firewall virtual appliances from the company Fortinet has been tested for compatibility. This was reported on May 7, 2018 by Solar Security. More. here
2017
Oracle Cloud Marketplace Placement
On October 10, 2017, Fortinet announced the deployment of the FortiGate Virtual Machine (VM) on the Oracle Cloud Marketplace.
The firewall for the FortiGate virtual machine is available to Oracle Cloud customers as part of the Native License Usage Model (BYOL). The solution supports secure migration of enterprise workloads and applications to the public cloud, network-to-network connections, inter-cloud segmentation, and consistent enforcement of security policies.
Oracle Cloud Marketplace is equipped with an intuitive user interface for finding available applications and services. Customers can choose the business solutions that best suit their organizations. Automated application installation simplifies the deployment of vendor business applications to client infrastructures through a centralized cloud interface.
Oracle Cloud supports scalability across multiple availability domains (ADs) and demonstrates low latency at high throughput. FortiGate technology complements cloud services with security features that provide tiered high-availability protection, which is relevant for migrating important workloads at the interregional level.
FSTEC Certificate of Conformity
Fortinet announced in March the completion of certification of FortiGate Enterprise Firewall for compliance with the requirements of the Federal Service for Technical and Export Control (FSTEC). FSTEC Certificate of Conformity No. 3720 was issued on March 16, 2017.
The certificate confirms that FortiGate Enterprise Firewall, operating under the FortiOS operating system with software version 5.4.1, is a software and hardware means of protecting against unauthorized access to information that does not contain information constituting a state secret and meets the requirements of guiding documents: "Requirements for firewalls" (FSTEC of Russia, 2016); "Type A firewall protection profile of the fourth protection class. IT.ME.A4.P3 "(FSTEC of Russia, 2016); "Firewall Type B security profile of the fourth protection class. IT.ME.B4.PZ "(FSTEC of Russia, 2016); "Requirements for intrusion detection systems" (FSTEC of Russia, 2011); "Class 4 Network Intrusion Detection Protection Profile. IT.SOV.S4.P3 "(FSTEC of Russia, 2012).
Compliance with the specified security classes ensures compliance with the requirements for monitoring the initial state of the software, as well as monitoring the completeness and absence of redundancy of source texts at the file level and at the level of functional objects (procedures). Which, in turn, ensures compliance with the requirements of the guidance document "Protection against unauthorized access to information. Part 1. Information security software. Classification by the level of control of the absence of undeclared opportunities "(State Technical Commission of Russia, 1999) - by the 4th level of control, the company emphasized.
FortiGate Enterprise Firewall can be used in government information systems up to and including security class 1, as well as in information systems up to and including personal data security level 1.
FortiGate Enterprise Firewall solutions are part of Fortinet Security Fabric, which provides infrastructure tracking, integration, management, and scaling capabilities to protect against today's sophisticated threats. FortiGate Enterprise Firewall end-to-end network security devices provide unmatched performance and protection while simplifying your network infrastructure.
Fortinet offers a wide range of solutions suitable for a wide variety of customers, from small businesses and offices to large companies and providers. FortiGate uses FortiOS with FortiASIC processors and other hardware to provide comprehensive and high-performance network security.
FortiGate Enterprise Firewall provides high protection against today's network and application-level threats. FortiGate Enterprise Firewall has broad network functionality, including clustering (active/active, active/passive) and virtual domains (VDOM).
FortiGate 3980E и FortiGate 7060E
On February 9, 2017, Fortinet announced the release of the FortiGate 3980E firewall, a firewall for corporate networks, data centers and telecom service providers. The throughput of the device ~ 1 Tb/s. At the same time, the FortiGate firewall was announced 7060E a bandwidth of ~ 100 Gb/s.
Both enterprise firewalls use Fortinet Security Processors (SPUs) to provide high levels of performance, scalability, and efficiency for adaptive network security. Large organizations get the ability to organize a security loop without reducing network bandwidth[3]
Cloud computing, IoT, and an ultra-high-demand-focused virtual economy place significant strain on enterprise IT resources and rapidly increase the performance requirements of today's security tools. With increasing competition and emerging threats, organizations cannot afford to sacrifice network performance or security efficiency. Fortinet regularly launches innovative high-performance and reliable solutions that enable our customers to take full advantage of their technology infrastructures without any doubt about user and data security. Ken Xie, Founder, Chairman and CEO of Fortinet |
FortiGate 3980E Enterprise Firewall is a network security tool that reaches terabits per second. Network bandwidth VPN - 470 Gb/s at performance of 1,12 Tbit/s. FortiGate performance 3980E confirmed during a security test conducted by the company Ixia using the BreakingPoint download module and the CloudStorm 100GE download module.
FortiGate 3980E created as a firewall for the data center, maintaining the security of connections between data centers, using internal segmentation of the data center network as a firewall.
The security suite is suitable for enterprise networks with high bandwidth and comes in a compact form factor, which helps reduce the footprint of the infrastructure and reduce operating costs. The tool is equipped with 32 separate security processors that speed up security procedures and network operations, while reducing power consumption.
Equipment FortiGate 3980E:
- two GE RJ45 ports,
- Sixteen 1/10 GE SFP/SFP + ports
- ten 100 Gigabit QSFP28 ports.
Fortinet 7060E is a state-of-the-art enterprise firewall that is suitable for deployment across large enterprise networks, data centers, and service provider networks. This tool is designed for customers who need the highest throughput and scalability and advanced security features.
FortiGate 7060E Enterprise Firewall is a modular, high-bandwidth, flexible firewall. The device supports up to four security cards, providing high performance NGFW and SSL, two I/O modules, this allows you to achieve maximum interface density and increase network bandwidth.
FortiGate 7060E has also been tested using the Ixia BreakingPoint and CloudStorm 100GE download modules. According to the results of the test, the proven performance of the NGFW is 100 Gbps, the bandwidth in the process of managing applications separately is 160 Gbps, during the prevention of intrusions - 120 Gbps.
The device supports up to eight 100 GE (Gigabit Ethernet) ports, sixteen 40 GE ports, or forty-six 10 GE ports.
With NGFW's modular structure, flexibility, and high throughput, 7060E supports a variety of deployment options, covering the entire network from the perimeter to the core of the data center, including the complex configuration of the internal segmentation firewall.
The FortiGate 7060E Enterprise Firewall is available as a simplified package with centralized payment and licensing linkage to the entire chassis rather than individual boards, simplifying the structure and improving the cost/performance ratio.
Today's increasingly sophisticated threats pose a particular challenge for organizations planning to develop and implement the most effective security tools. Ixia assists customers in the selection process by conducting real-world safety tests. Before purchasing a solution, customers can familiarize themselves with the results of these tests, which give an idea of the real effectiveness of the solutions. Through our tests, organizations and operators can quickly make an informed decision to deploy the tools that best suit their needs. Dennis Cox, Director of Product Control at Ixia |
FortiGate 7060E and 3980E will go on sale by the end of the first quarter of 2017.
2016: FortiGate 6040E
The FortiGate 6040E firewall is the first product in the 6000 series to include other high-performance enterprise firewalls. This next-generation firewall delivers unprecedented performance, scalability, and protection at the highest level, enabling large organizations to leverage security without compromising network bandwidth.
Security serves as a gateway for cloud access
The proliferation of cloud services and the ease of remote access to the network have created a catastrophic situation for large organizations due to a significant increase in the external load on IT networks and an explosive increase in the number of attack directions. This means that next-generation corporate firewalls have become a kind of gateway that opens up access to the cloud.
In addition to these challenges, security technology market leaders face the challenge of overcoming the limitations of most of the next-generation firewalls currently available. Vendors are forced to choose between implementing security features and maintaining network performance.
FortiASIC hardware acceleration fixes vulnerabilities
The features of the FortiGate 6040E firewall are significantly superior to traditional next-generation firewalls due to the new data processing architecture using content processing processors and FortiASIC network processors. Processors help to offload and speed up the operation of the general-purpose central processor. With secure data processing, intelligent management, and high-speed connectivity, FortiGate 6040E provides unprecedented protection while maintaining high network performance in a compact form factor.
FortiGate 6040E Specifications:
- 320Gb/s Enterprise Firewall throughput
- Next-generation firewall bandwidth with full functionality - 80 Gb/s.
- The FortiASIC CP9 processor provides better SSL decryption performance, reducing the number of attack directions.
- Intelligent network support, security, data processing and management functions are based on a compact chassis.
- Six different options for configuring interfaces that adapt to individual client requirements:
The performance of the new Fortinet FortiASIC CP9 processor allows you to handle huge amounts of traffic, which meets the needs of the largest organizations and provides support for various firewall deployment modes, including the installation of next-generation firewalls and the implementation of an internal segmentation strategy. This enables security to be deployed as needed without compromising network functionality.
2015
Fortinet FortiGate для Splunk Enterprise
Cyber attacks are becoming more sophisticated, so companies must be aware that their systems are already in danger to varying degrees. Isolated security features are not effective enough. Proper security of the corporate network can only be provided by a combined security model that will increase efficiency and expand the capabilities of isolated solutions.
The Fortinet FortiGate application for Splunk Enterprise queries the system in real time for threats to confidential company data based on various parameters, and also records cases of abnormal behavior in the system. Visual visualization of these processes is available to users. Fortinet uses Splunk solutions to develop large and complex IT environments that enable enterprise security to more quickly and efficiently identify threats that pose the greatest risk to an organization's networks. The solution interacts with Splunk's combined security model, making it even more efficient and enabling security personnel to automate and accelerate protection against critical threats.
FortiGate-5000
The new Foritgate-5001B is a high-performance "blade" that combines a wide range of security services and 10GB Ethernet support for platforms based on the FortiGate-5000 chassis. Designed for the ATCA (Advanced Architecture for Telecommunications Solutions) form factor, the Fortigate-5001B combines key security features, including 40 Gb/s interconnection and up to 17 Gb/s VPN connectivity. The device features a corporate firewall, VPN, application control, intrusion protection system (IPS), anti-virus and anti-malware protection, anti-spam protection, and web filtering. To optimize the performance of these functions, the device uses the latest quad-core processor released by Intel and two FortiASIC NP4 network processors.
This solution is the fourth generation of ATCA-compatible solutions, the first of which, built on the basis of FortiGate-5001SX and FortiSwitch-5003, was proposed to the market in 2004. The second generation of ATCA-compatible Fortinet solutions was released in 2006, based on FortiGate-5005FA2 and FortiController-5208, and the third generation, based on FortiGate-5001A and FortiSwitch-5003A, was introduced in 2008. In addition to these innovative solutions for the telecommunications industry, FortiGate has achieved NEBS Level 3 - the regulatory requirement for central office telecommunications equipment of major telecommunications companies.
The new 10-GbE "blade" switchboard FortiSwitch-5003B for the FortiGate-5000 series chassis works with extremely minimal delays, which is necessary for data centers with a large amount of data transferred. The new Fortinet products designed for very large corporations, service providers and ISPs are a network security solution and part of a network infrastructure that combines significantly increased performance, improved comprehensive protection and significantly reduced operating costs.
Combining Foritgate-5001B with a FortiGate-5140B chassis, telecommunications corporations and providers can get performance up to 500 Gb/s on a firewall, which is the fastest in the industry of firewalls built using blades. -5000 with a new FortiGate-5001B security "blade" and optional FortiSwitch-5003B switching "blade," customers have access to a modular security solution with reliability and scalability appropriate to the networks of large providers using 10-GigE infrastructure. Due to its modularity, the FortiGate-5000 series, complemented by new FortiGate-5001B and FortiSwitch-5003B blades, can integrate with Fortinet's centralized management and reporting solutions, providing extensive control capabilities across large networks.
Among other things, the FortiGate-5000 series of devices offers the following advantages:
- Optional hot swappers, power supplies, and fans, reducing the number of components that can be a single point of failure.
- Use active/active and active/passive backup modes to provide continuous services.
- Integrates with centralized management and reporting solutions such as FortiManger and FortiAnalyzer to simplify and reduce the cost of managing security, reporting, and analysis. Availability of FortiGuard subscription services to automatically receive (in real time) updates to threat protection mechanisms.
- Deployment flexibility that includes segmentation of networks based on users, organizational units, or any other logical units is provided through virtual domains. This platform is also ideal for virtualized environments.
- Complements or modernizes the existing security infrastructure by including the necessary services on the "blades" that provide security functions.
- Provides the necessary set of security, load balancing, and high-performance data transfers to meet the security needs of companies.
2014
FortiGate-1500D
On April 24, 2014, Fortinet announced the launch of a new high-performance firewall.
The solution provides an unprecedented level of threat prevention, high performance, and utilization-focused for large enterprises.
Performance indicators
- Firewall with connection status monitoring - provides bandwidth up to 80 Gb/s, sets a new standard for the cost per Gb/s of protected traffic
- Next Generation Threat Prevention Performance -
provides 11 Gb/s performance in intrusion prevention and application control, five times faster than any other next-generation firewall regardless of price segment
- Unmatched processing power - With the latest FortiASIC NP6 network processor and a dedicated CP8 processor that speeds up traffic processing, the device can detect malicious content at several Gigabits without reducing network availability and performance, with low latency - up to 3 microseconds.
Advanced Threat Prevention
The FortiGate-1500D solution supports FortiGuard Subscription Services, which provides automated real-time protection against the latest threats.
Features
FortiGate-1500D includes eight 10 GbE (SFP +) and 32 GbE high density ports, a compact (2U) chassis size. Since enterprises are increasingly reconstructing or modernizing the structure of their networks, the division into separate segments occupies an increasingly important role in the network architecture. Segmentation can be based on architecture perimeter, services, functions, or regulatory requirements, and separate networks physically or virtually to better ensure service-level agreements in IT security. The high density of the FortiGate-1500D port allows enterprises with flexibility to meet the changing requirements of their architecture. FortiGate 1500D can also provide high scalability with virtual domains (VDOMs) that support multiple virtual firewalls within a single chassis.
Fortinet secures VPN access to Microsoft Azure Cloud Platform
As businesses increasingly place critical data in the cloud, secure access to sensitive information and applications is a critical task. With the comprehensive use of various network security technologies from Fortinet that protect the network, applications and transmitted data, customers can take advantage of secure access to a virtual private network (VPN) on Microsoft Azure.
"TheMicrosoft Azure cloud platform provides high scalability, performance, and real economic benefits. It is an excellent alternative for customers who want to place data in the cloud, while maintaining a classic infrastructure, "said Venkat Gattamneni, senior product manager at Microsoft Azure, Microsoft. "These clients need secure VPN access from office and branch networks to the cloud. Fortinet's next-generation firewalls simultaneously provide security for both data centers and enterprise cloud infrastructure. "
Fortinet's FortiGate security devices provide complete access protection VPN to the Microsoft Azure Virtual Network, enabling customers to create fast and seamless secure VPN tunnels connecting classic and cloud infrastructures. Plus, all FortiGate solutions enable you to centrally manage your enterprise's virtual and physical infrastructure with a single, unique management system.
Fortinet supports Microsoft Azure and Windows Server with Hyper-V and provides the broadest range of security solutions for virtual infrastructures.
"As we help customers expand their existing infrastructure with the cloud using Microsoft Azure, we need to simultaneously provide high levels of security and seamless access to data in multiple environments at once," commented Microsoft Xie, Founder, CTO and President of Fortinet. "Regardless of the combination of cloud, network, or virtual environment, Fortinet provides powerful threat prevention for your network, email, web, and data."
With 57% of Fortune 500 companies among its customers, Microsoft Azure is rapidly gaining oboroty.¹. Azure currently accounts for more than 20% of the cloud computing market for enterprises. According to the article "Microsoft challenges Amazon - Microsoft Azure sales exceeded $1 billion," an analyst at Forrester Research, Inc. James Staten (April 2013), this figure will rise to 35% in 2014. ²
"Microsoft Azure is certainly an attractive solution for businesses that want to improve and expand the availability of their IT services," said John Madison, vice president of marketing at Fortinet. "We are excited to work closely with Microsoft and try to provide the same broad and highly efficient level of security in the cloud as traditional private networks."
2013
FortiGate-3700D (NP6 ASIC)
Fortinet announced in October 2013 the launch of a firewall for data centers, service providers, cloud service providers and carriers. The new FortiGate-3700D platform includes four 40 GbE (QSFP +) and 28 10GbE (SFP +) ports and is capable of developing throughput up to 160 gigabits per second. By using the NP6 processor, ASIC FortiGate-3700D provides performance, low application latency, and fast packet processing, both when using the IPv4 protocol stack and IPv6 on the network.
The FortiGate-3700D platform includes a FortiASIC NP6 processor that was created by experts inside Fortinet.
The IPv6 protocol stack is increasingly used in networks around the world. For network edge firewalls, it is very important to provide packet processing at the same rate when using both IPv4 and IPv6 protocol stacks on the network. In addition, customers often need to translate network addresses (NAT46, NAT64, NAT66), which requires additional data processing capabilities. The FortiASIC network processor provides comparable performance characteristics for IPv6 and IPv4 stack address translation functions, removing bottlenecks from the network, which distinguishes Fortinet products in the market from other similar solutions.
The new FortiGate-3700D platform is based on FortiOS 5. FortiOS is at the heart of all integrated FortiGate security platforms and has a wide range of features for both small and large networks.
FortiOS 5 provides an elastic implementation in the data center of a basic firewall with ultra-low application latency, which can be used for internal and external communities that require different levels of trust and firewall functions, for example: firewall + VPN, firewall + IPS, next-generation firewall, protection against advanced threats, etc.
At the time of creation or reconstruction of the data center, customers are trying to segment the network. Segmentation can be carried out according to the chosen network architecture, services, functions or regulatory requirements. Physical or virtual network separation improves the level of security services. Fortinet offers customers both physical and virtual network segmentation capabilities through the use of Virtual Domain Technology (VDOM).
FortiGate-200B и FortiGate-620B
The FortiGate-200B and FortiGate-620B UTM devices, as well as the FortiOS 4.0 operating system, meet the Common Criteria with an Evaluation Assurance Level of 4 +. Certification conducted by third-party expert services demonstrates a high degree of reliability of security products, which is fundamentally important for corporate customers and government agencies.
Common Criteria certification includes rigorous research and testing that examines the products or systems under test in detail in terms of safety aspects. Extensive multi-stage testing is carried out to verify the degree of compliance with the safety features declared by the manufacturer. Particular attention is paid during testing to possible security flaws and potential vulnerabilities.
FortiGate's multifunctional end-to-end security (UTM) devices provide comprehensive, high-performance and flexible protection for all areas of the business, from small remote offices to large corporations and service providers. The FortiGate platform is based on FortiOS, a specialized highly reliable operating system that uses hardware acceleration of FortiASIC processors, which provide a wide range of network services in a single device.
Common safety assessment criteria, also known as the ISO-15408 standard, have been developed by national security organizations in the United States, Canada, the United Kingdom, France, Germany and the Netherlands. This standard provides a wide range of criteria for evaluating safety products for use in commercial and government organizations.
2012
FortiGate-60xx
Fortinet introduced new products at the NRF American National Retailers Federation Conference, which was held January 13-15, 2012 at the Jacob K. Javits Convention Center in New York City.
6 new products introduced by Fortinet include 4 new devices of the FortiGate family: FortiGate-60D, FortiWiFi-60D, FortiGate-60C-POE and FortiGate-60CM-3G4G-B. As well as 2 new FortiSwitch platforms: FortiSwitch-124B-POE and FortiSwitch-224B-POE. Thus, Fortinet provides a comprehensive solution for distributed networks, the protection of which previously required solutions from several vendors. In turn, the company's partners have the opportunity to purchase solutions of one vendor for comprehensive network protection, which distinguish high quality, unique price offer, low cost of ownership and which provide the ability to centrally manage a geographically distributed network. The announced products are part of Fortinet's new architecture for distributed enterprise networks.
This architecture consists of the following components:
- Management level. Given the fact that corporate networks of most retailers are today geographically distributed, the ability to quickly change device configurations and manage them is of fundamental importance. Fortinet's FortiManager and FortiAnalyzer families help retailers manage geographically distributed networks.
- Level of information collection. As a rule, all information goes to the retailer's head office. At this level, key security solutions such as firewalls, application control, and VPN tunnels are applied.
- Level of individual stores. The level of individual stores requires security and networking capabilities for a wide range of functions, including WiFi, efficient communication between voice and telecommunications networks. Also, for effective user interaction, each store must provide control over the applications used and protection against malware. Fortinet products, including FortiGate, FortiWiFi and FortiVoice, include all the necessary features to ensure the security of next-generation retail stores.
- The level of access to the corporate network. As stores begin to give access to the corporate network to their employees using tablets and customers using mobile devices, the problem of ensuring secure access becomes extremely important. Fortinet products provide secure access control by identifying enemy access points, authentication, guest WiFi access services, traffic rate limitation, and load balancing.
The new FortiGate-60D and FortiWiFi-60D solutions are next-generation network security devices using Fortinet's new technology, which includes the SoC II (system-on-chip II) architecture and specialized ASIC coprocessors. This is the first time that technology has been used to deliver 2x performance in unified threat management for entry-level devices. In addition to featuring better pricing and better performance, lower power consumption, and higher port density, the two FortiGate devices include features such as high-performance firewall, IPS, and malware protection. ON
FortiGate-60C-POE combines security features with 24 gigabit PoE ports that can support access points, routers, and wireless repeaters to simplify network security infrastructure at remote sites. It also protects enterprise devices and data with a wide range of information security technologies to protect the distributed corporate networks of retailers and remote offices. With a built-in router designed to protect a corporate network of up to 3,000 m ², the solution protects employee communications in wireless networks and the interaction of guest access points.
The products of the FortiGate-60CM-3G4G family have a built-in WAN 3G/4G wireless modem to provide interaction with wireless providers. This flexible platform can be supplemented with a specialized modem, as well as certified for various communication networks. This highly integrated security device provides a high degree of availability by simultaneously using high-speed 4G wireless traffic and local area network, as well as the V.90 protocol as support, eliminating the need for external USB WAN modems. This ability also makes this device ideal for mobile kiosks in places that do not provide wired Internet access services.
FortiGate-60C
The FortiGate-60C device, with a performance of 1 GB/s, was the first product in a wide range of Fortinet solutions to receive FSTEC certification .
The certificate of the Federal Service for Technical and Export Control (FSTEC) confirms the compliance of the device with the FortiGate-60C requirements of the guiding document "Computer equipment. Firewalls. Protection against unauthorized access. Indicators of protection against unauthorized access to information "according to the 4th class of protection for firewalls (RD ME-4). A certified hardware firewall can FortiGate-60C be used to create automated systems up to and including 1G security class and when creating personal data information systems up to and including class 2 (ISDS K2).
Certification was carried out according to the production certification scheme. The obtained certificate is sufficient to protect confidential information and personal data in most personal data information systems.
Obtaining an FSTEC certificate for a FortiGate-60S device confirms the high reliability and security of Fortinet solutions, and is also a critical requirement when considering the use of this device in the construction or modernization and expansion of IT infrastructures in government organizations. About the device
FortiGate-60S is a high-performance (1 Gb/s) solution for protecting networks of small and medium-sized offices, as well as remote branches. The device combines hardware acceleration of network security features, internal storage, and broadband wireless connectivity.
"We have been waiting for this for a long time, because Fortinet is the world leader in the field of integrated security solutions (UTM devices) and in addition to the recognized international certificates such as Common Criteria Evaluation Assurance Level 2 (EAL 2 +), ICSA Labs and NSS Labs, the solution has finally received a Russian certificate of compliance with the Technical Specifications. The presence of the FSTEC certificate allows you to use the hardware firewall FortiGate-60C in information systems that require confirmation of the compliance of the security tools used, including in systems that process personal data, "says Skasyrsky Yan, head of the Russian office of Fortinet in Russia. - And the availability of a certificate of conformity allows you to use the FortiGate-60C hardware firewall in those companies that must use certified software products. These usually include government agencies of various fields of activity, and a number of commercial enterprises working with limited distribution information. Certification of the FortiGate-60C was initiated by the Russian representative office of Fortinet on a voluntary basis in order to increase the level of user confidence in this device."
2011
FortiGate-3140B
The end-to-end FortiGate-3140B security appliance is designed for large companies and data centers that require maximum performance from the firewall, virtual private network (VPN) server, and intrusion prevention system (IPS ) needed to optimize protection against complex threats, malware, and ever-evolving security practices across high-speed networks.
Using proprietary FortiASIC processors, the FortiGate-3140B device provides large companies with 58 Gb/s firewall performance, IPS performance is 10 Gb/s, VPN - up to 22 Gb/s. At the same time, the device has compact dimensions (2RU), which allows you to save space in switching cabinets. The new device comes standard with ten 10-GbE interfaces. To provide the most flexible protection of different network environments, the device is equipped with only 22 ports, making it ideal for data centers and other applications with high bandwidth consumption. Unparalleled port density allows FortiGate-3140B to be used as a high-performance firewall or as an end-to-end security appliance that can be easily configured to support VPN, IPS, application control, anti-spam and anti-virus features without sacrificing performance. Equipped with the third release of the FortiOS 4.0 MR3 operating system, the FortiGate-3140B device provides additional policy strengthening and streaming inspection for Web filtering and traffic shading.
Fortigate-3950B
On May 17, 2011, the Russian representative office of Fortinet announced that the enterprise-level information security solution Fortigate-3950B received a score of 95/100 in the BreakingPoint Resilience Score test, which was the highest result in history. BreakingPoint Resilience Score automated tests are based on industrial standards for performance, protection, and stability of network and security solutions.
The BreakingPoint Resilience Score is a tool for measuring the performance of network and network security devices. It includes automated and standardized methods for determining the flexibility of network infrastructure, network equipment, and data centers.
BreakingPoint Cyber Tomography Machines (CTM) defines the performance, security and stability of networks and data centers operating with real traffic in online attack mode, as well as in extreme user loads and random input data for applications. The BreakingPoint Resilience Score has a scale of 1 to 100.
Fortinet provided a test solution based on the FortiGate-3950B platform with the FortiOS 4.0 MR3 operating system installed and using two built-in 10 Gigabit Ethernet interfaces that allow you to increase the performance of both the firewall itself and IPSec VPN. Measurements were made using a BreakingPoint Storm CTM device containing one 4-port 10-Gb Ethernet network card .
Fortinet's comprehensive FortiGate security solutions are hardware-accelerated security devices with firewall functionality - VPN tunnels SSL and IPSec, application control, intrusion prevention system, web content filtering, antispam, leak and malware protection, SSL traffic verification and WAN connectivity optimization. The uniqueness of FortiGate platforms lies in the proprietary chipset - FortiASIC, which, together with a general-purpose processor, reduce packet latency without reducing the quality of data verification for the latest threats.
FortiGate-100D
The new product provides comprehensive protection against network threats, has high performance and deployment flexibility, which is very important for small and medium enterprises, as well as for branches of large companies.
The new device FortiGate-100D combines a wide range of technologies for recognizing and preventing attacks in a single platform, which helps small networks successfully protect users, data and systems from targeted attacks by cybercriminals aimed at penetrating the network and stealing valuable information.
The FortiGate-100D device allows you to ensure the high reliability of the network, which is so necessary for customers. Firstly, bandwidth requirements are growing every year due to the processing of a large amount of data, as well as the use of applications that often contain high-quality video. Secondly, users actively use mobile devices, including smartphones and tablets, to access information and applications. These mobile devices transmit smaller packets, so the firewall needs to handle a large number of connections per second. And thirdly, most of the complex modern threats are implemented at the application level, so it is necessary to detect and prevent attacks built into thousands of different applications. As a result, companies face significant challenges in securing, controlling, and managing their enterprise infrastructure, which is constantly changing and productivity requirements are growing.
Significant potential and high performance of the new FortiGate-100D enable network growth and branch expansion. The device combines firewall, application control, IP Sec and SSL VPN, intrusion prevention system, antivirus, malware protection, anti-spam and web filtering, allowing companies to provide reliable protection against new viruses, network vulnerabilities, worms, spam and phishing attacks.
The device has built-in 16GB memory for archiving data, generating SQL reports or using WAN optimization. The WAN optimization feature is especially needed due to high performance requirements. Constant data exchange can significantly reduce the speed of data transfer between branches and the central office, using optimization increases performance by reducing the number of communications transmitted between applications and servers over the global network. WAN optimization will help organizations cope with application performance issues and information availability.
Given the limited resources in small companies or branch offices of large companies, FortiGate-100D is an attractive solution that can be installed in a few minutes using the FortiExplorer configuration wizard, and all FortiGuard subscriptions are regularly updated automatically, which allows you to provide modern protection against network threats without having to staff a security engineer.
Like other devices in the FortiGate-100D line, it has the FortiOS operating system, which uses specialized high-performance FortiASIC processors, Benefits of FortiGate-100D
- The FortiGate-100D has improved the remote access capabilities of a large number of users, increased the performance of the intrusion prevention system (IPS) and the speed of streaming antivirus.
- 2.5 Gb/s firewall bandwidth, and 950 Mbps IPS system performance, the device supports up to 2.5 million simultaneous sessions.
- Due to the constant increase in the number of mobile users who need to transfer confidential information to the central office, the FortiGate-100D device supports up to 5,000 IPSec VPN client gateways and up to 200 simultaneous SSL VPN sessions.
- Compared to the previous model FortiGate-110C the bandwidth of the antivirus has been increased by 4.5 times: the maximum bandwidth of the streaming antivirus is 700 Mbps and 300 Mbps in proxy mode.
To facilitate the deployment of network infrastructures of any complexity, the FortiGate-100D has the largest number of ports among devices in its price range. The device is equipped with 22 gigabit ports that allow you to divide the network into independent zones, 2 WAN ports for maximum reliability, as well as a specialized DMZ port that allows you to provide an additional level of protection for Web servers. In addition, the device has a USB port for external control and configuration.
2010: Functionality of FortiGate devices
The FortiGate series is based on the ASIC family of microprocessors and provides unprecedented performance in the UTM class of devices, providing comprehensive protection of local area networks, systems and complexes against many types of modern mixed threats: unauthorized access, intrusion attempts, viruses, worms, Trojan horses, spyware, phishing attempts, spam and other types of content and network-based security threats.
The FortiGate line is a hardware-accelerated device with the following functionality: firewall, organization of secure VPN connections (SSL and IPSec), antivirus, intrusion prevention, web filter, antispam, application control, information leakage protection, analysis of encrypted SSL traffic and WAN optimization. The technology used in FortiGate combines specialized FortiScan coprocessors with the main processors of the latest generation, which minimizes the processing time of each package, while conducting a thorough check for threats. FortiASIC coprocessors allow you to detect malicious code and other types of threats at gigabit speeds.
All FortiGate products perform the following information security functions:
- antivirus
- firewall
- Network Attack Detection and Prevention System
- spam filter
- web filter
- traffic shaping system (traffic shaping)
With the release of the new firmware, FortiOS 4.0, the standard functionality of FortiGate has been supplemented with a number of fundamentally new (moreover, not only for Fortinet, but also for the entire UTM segment as a whole) features:
- Combating Confidential Information Leaks (DLP) - text information prohibited from transmission is searched, including in Microsoft Office files, PDF files and archives. Illegal transfer of binary data (for example, graphic files) is detected;
- analysis and control of encrypted traffic - now data transmitted over SSL connections (HTTPS, FTPS, STMPS, etc.) can be monitored in the same way as data transmitted over "open" channels (in particular, antivirus, IPS, as well as DLP functions are now applicable to them );
- intelligent application control - you can control the traffic of specified applications (including Skype, torrent, web applications), regardless of which TCP and UDP ports they use;
- traffic compression and optimization - increases the speed of distributed applications and reduces bandwidth use.