Professional Documents
Culture Documents
Secure Wireless
2
Emerging threats and Security Fabric with
FortiOS 5.4.1
FortiGate core part of Security Fabric
4
Ransomware - User prompted to pay bitcoins
5
Advanced Threat Protection
Anti-spam
Spam
Spam Malicious
Email
Malicious
Malicious Web Filtering
Link
Link
Sandbox
Exploit Exploit Malicious
Intrusion Prevention Web Site
Malware
Malware Command &
Antivirus
Control Center
Bot Commands Bot Commands
& Stolen Data & Stolen Data
App Control/
IP Reputation
6
Fortinet Security Fabric Integrated Security Architecture
FortiGate
Next Generation Firewall
FortiSandbox
Advanced Threat Protection
FortiMail
Email Security Gateway
FortiClient
Endpoint Threat Prevention Fortinet Security Fabric
7
What is Security Fabric?
What is it?
Global
Where did it come from? Intelligence
Whats next?
IoT Cloud Security
Fortinet
Security
Fabric
Application
Secure LAN Security
Access
Local
Intelligence
Secure WLAN
Access Network Security
8
What is it?
Challenges Today
Multiple vendors
No central visibility Client
Security
Alliance
Partners
Cloud adoption
Big data
Zero day growth Fortinet
Security
Fabric
Application
Secure LAN Security
Access
Local
Intelligence
Secure WLAN
Access Network Security
9
What is it?
Security Fabric
10
What does it include today?
Available in 5.4.1
Integration
FGT + FAZ + AP + Switch + EMS + FCT
Network Visibility
Logical View
Physical View
Endpoint View
Segmentation
Identifying segments
Building policies between segments
11
What does it include today?
Available in 5.4.1
Telemetry
FortiGate full visibility downstream
FortiClient endpoint host details, applications, vulnerabilities,
controls
Reporting
FortiView short-term on FortiOS, long-term on FortiAnalyer
Endpoint logging & reporting
Single CSF object for report
12
Whats Next?
Coming Soon
Visibility
More granular maps
Server detection
APs, HA clusters, Mail, Web, etc.
Controls
More segment granularity for policy and reporting
Recommendations to improve visibility or security
Unifying management of the fabric elements
13
Application Protection WCCP
integration with Fortigate
Introducing FortiSandbox
Advanced Threat Protection solution designed to identify and
thwart the highly targeted and tailored attacks
15
Introducing FortiMail
Advanced anti-spam and antivirus filtering solution, with
extensive quarantine and archiving capabilities.
FortiMail
Flexible deployment options
Transparent, Gateway, and Server modes that
adapts to organizational needs and budget
Email archiving
On-box archiving facilitates policy and
regulatory compliance requirements
16
FortiMail
Targeted customers
- Any company size for gateway and transparent mode.
- Mainly SMBs to simplify deployment and combine user mailboxes and
filtering services in a single device.
- For mail encryption services: banks, health care, e-government and
departments such as Accounting, Finance, Legal, HR, IT.
17
Introducing FortiWeb
Web application firewall to protect, balance, and accelerate web
applications.
18
Fortiweb
19
Introducing FortiADC
Optimize the availability, performance and scalability of mobile,
cloud and enterprise application delivery
Application Availability
Layer 2/3/4 and 7 load balancing techniques
Application session persistence
Proxy and transparent modes
Global Server Load Balancing (GSLB) for
geographic resilience
Link Load Balancing Web Application
Servers
Application Acceleration
TCP Optimization
Memory based content caching
Data compression
SSL Offload and acceleration
Application Interoperability
Implementation Guides for Microsoft
Exchange, Lync, SAP etc.
20
FortiADC
21
Introducing FortiCache
Reduce the cost and impact of downloaded content, while
increasing performance by improving the speed of access
22
FortiCache
Feature FortiGate FortiCache
Content Caching Video Caching
High throughput caching
Reduce network utilization and Video uses large
amounts of
latency
High volume storage network bandwidthand can be
Reduce costs viral causing repeatedly viewing
NAT Optimize network
Improve user satisfaction use by
Intrusion Prevention rebroadcasting locally
Application Control
AV
Web Filtering
Transparent proxy
Explicit proxy
WAN Optimization Web Security
WAN Optimization
Improve organization Prevent users from accessing
WCCP L2 & GRE, WCCP Server & L2 & GRE, WCCP Client
communications Client
offensive content
Avoid expensive
caching bandwidth
Protect organisation from
Video malicious content
upgrades
Protect business communications
Microsoft Updates
23
Introducing FortiDDoS not WCCP
integrated
Hardware Accelerated DDoS Intent Based Defense
Web Hosting
Self Learning Baseline ISP Center
Ease Maintenance FortiDDo
Maintain appropriate protection dynamically 1 S
24
FortiDDoS
25
User authentication and 2 FA
Introducing FortiAuthenticator
Authentication Server
Identity Management, User Access Control and multi-factor
identification
Certificate Management
X.509 Certificate Signing, Certificate FortiToken
Revocation
Remote Device / Unattended Issuing CA
Authentication
27
FortiAuthenticator
28
Introducing FortiToken
Authentication Platforms
FortiGate (FOS4.3 and later)
FortiAuthenticator (FAC 1.4 and later)
29
FTK220 Features
New Form Factor for Time Based OTP Token
Operates same as the same as the FTK200 ; activation via FortiGuard, same
as FTK200
Flexible, Durable, Light
Fits in wallet like any other card. No need for clunky tokens that crowd your
keychain and bulge in your pocket.
Efficient Logistics
The FTK220 tokens slim form makes it quick, easy and cheap to ship to end-
users anywhere in the world using simple postal letter envelopes.
Tap & Program*
Like FTK200 OTP tokens, the FTK220 is OATH compatible and designed to
integrate with FortiGate and FortiAuthenticator out of the box. For use with
third party authentication servers, you can tap and program the FTK220 on
your own anytime using just your NFC-enabled smart phone or tablet and our
FTK220 Programmer app.
Tap & Read*
Typing into a little password field on your phone or tablet can be a headache.
That's why we've developed an easy way for you to paste your OTP code
directly into a password field. Just tap the card on your mobile device to read it
and select the code. Then copy and paste it into the field to sign in. There's no
need to type anything ever again.
* Requires NFC-enabled device using and FTK220-Edge Programmer app. App is available but not 30
officially supported yet
FTK-220 Specifications
Authentication Standard
IETF RFC6238 time-based OTP
Algorithm
SHA-1 (optional SHA-256 or SHA-512)
OTP Code
6 digits with time indicator
Time Interval
60 (optional 30 seconds on request)
Dimension
66 mm x 42 mm (2.6 x 1.7)
Weight
4 grams (0.14 oz.)
31
FortiToken Mobile - Simplicity Without Compromising
Security
32
How it works
Browser
End-
user
ExampleWebsite.
Mobile Device with
com
FTM
33
Secure Wireless
Fortinet Delivers The Only Full and Comprehensive Secure WLAN
FortiGate FortiAP
Security Mgt + Secure Wireless
FortiAuthenticator
Wireless Controller
Centralized Identity
Management
FortiAnalyzer
Centralized FortiSwitch
Reporting System Secure Wired
access
FortiManager
Centralized
Management
35
Building the Secure WLAN
Infrastructure Security
Secure Wireless Secure WLAN
with Integrated
Access Points Features
Wireless Controller
36
The Secure WLAN Features
37
Secure Wireless
38