AntiSpam
Fortinet's FortiMail systems are optimized for enterprise customers, delivering a wealth of reliable and high performance features to detect, tag, quarantine and block spam messages and their malicious attachments. Quick installation with low maintenance overhead combined with Fortinet's award winning administration interface guarantees ease-of-use with a low cost of ownership making FortiMail appliances the most powerful and affordable enterprise-class email security systems available today.
Antispam Accelerated:
- High Performance, hardened appliance with configurable RAID storage
- FortiGuard Antispam utilizes multiples spam detection methods
- Cost-effective per device Antivirus and Antispam subscription
- FortiGuard Antispam offers simple setup
- Full-featured email server capabilities
- Tri-mode functionality, Gateway, Transparent, Server
- Integrated industry-leading antivirus scanning
- Detailed logging and customized reporting
Medium Enterprise
Utilizing the FortiMail integrated Antispam and Antivirus security features, small-sized organizations can cost effectively fight spam without the need to deploy additional servers. All that is needed for organizations to take advantages of FortiGuard's™ in-the-cloud service along with six additional Antispam features is to enable the corresponding options on the FortiMail appliance. Fortinet's per device Antispam and Antivirus subscription services are much lower than competitive offerings which license their services on per user basis.
Large Enterprises with Multiple Mail Relays
FortiMail appliances deliver advanced antispam protection for large enterprises with multiple mail servers. Deploying multiple FortiMail appliances as mail transfer agents scales email performance for busy enterprises. Utilizing DNS MX weighted queuing provides redundancy allowing for fail over and load balancing of spam and antivirus scanning when running in gateway mode.
MSSP Managed Security Services
Service providers can take advantage of FortiMail integrated Antispam and Antivirus protection to create a two-tiered, layered security design. Authentication servers (LDAP, RADIUS, IDAP, POP3, SMTP, IMAP) are deployed for user and domain authentication. Each email domain managed by the MSSP flows through the FortiMail which has unique policies per domain. Performance scales by adding additional FortiMail units in gateway mode/transparent mode.
Small / Home Office Antispam Solution
Fortinet's SOHO models provide a cost effective Antispam security solution offering the same key security features found on the high end enterprise class systems. The FortiMail's ease of installation and management delivers set-and-go installations.
AntiVirus
Fortinet's Advanced Antivirus technology uses a combination of both signature and heuristic detection engines to provide multi-layered, real-time protection against a multitude of attacks at the desktop and the network gateway. Ultra-high system performance is achieved using the integrated FortiASIC processor together with Fortinet's patent-pending technology known as CPRL or Content Pattern Recognition Language to accelerate both virus scanning and anomaly recognition.
Antivirus Accelerated:
- Scalable performance and models from SOHO to multi-gigabit antivirus protection
- ASIC-based hardware design
- Automatic updates of antivirus signatures
- Inspects SMTP, POP3, IMAP, FTP and HTTP
- Inspection of VPN (IPSec and SSL) content
- Bi-direction content filtering
- Compressed file format support: tar, gzip, rar, lzh, iha, cab, arj, zip
- Centralized management and reporting of thousands of FortiGate systems
- Transparent, NAT and Route modes
MSSP Core Network Security
Deployed at the core of large enterprise or service provider to block viruses attached to email, web and FTP traffic from entering or leaving the network. Utilizing policy-based routing or content-switching can deliver scalable, multi-gigabit performance by redirecting specific traffic to a FortiGate security appliance for advanced scanning. This deployment configuration also eliminates many of the inline deployment concerns.
Outbreak Containment
Deployed as part of a layered security design, FortiGate best-of-breed security systems provide application-layer protection against content-based threats that may bypass the gateway firewall.
DMZ Protection
Deployed to protect public facing web, FTP and Email servers deployed on DMZ segments of your existing firewall. Fortinet Advanced Antivirus technology detects and blocks virus infections at a fraction of the cost of traditional server software without impacting server performance by offloading virus scanning overhead.
Edge Protection
Deployed as the network security gateway, a single FortiGate security system can secure multiple DMZ's along with the corporate network from viruses and other content-based attacks. Fortinet's security zone and virtual domain features offer a lower total cost of ownership to enterprises needing to secure multiple networks.
Content Filtering
Surfing the Internet has become a critical part of conducting business, however inappropriate Internet usage has led to lower productivity, inappropriate use of company resources, harassment, legal liability, and human resource issues. Fortinet's FortiGuard Web Filtering Service regulates and provides valuable insight into all Web activities allowing customers to meet new Government Regulations, HR Policies & Corporate Internet Usage Policies. Fortinet's Web Filtering Solutions are also CIPA certified. The Children's Internet Protection Act (CIPA) is a federal law enacted by Congress in December 2000 to address concerns about access in schools and libraries to the Internet and other information.
Web Filtering Simplified
- Industry-leading ratings database
- Extensive and granular ratings database
- Cost effective per-device subscription
- URL database is updated constantly
- CIPA certified
- Simple setup, fully-integrated with all FortiGate security systems
- Integrated industry-leading antivirus scanning
- Scalable and stable high-speed database infrastructure
Enterprise Web Filtering
Fortinet's industry-leading FortiGuard™ Web Filtering Service offers enterprises of all sizes an easy to deploy and cost effective solution to control access to inappropriate web sites that may expose businesses to potentially liable material, jeopardize network security and consume valuable bandwidth. FortiGuard-hosted web filtering maintains the largest URL database in tech industry with over 25 million rated web sites, 76 categorized, and 6 classes ratings.
As part of the database, FortiGuard can block access to security risk sites such as P2P, phishing and spyware web sites. In addition, Fortinet's per device subscription model offers significantly lower costs than competing vendors who offer per-user licensing for web filtering.
K-12 CIPA Certified Web Filtering
School districts deploy FortiGuard Web Filtering to meet federally mandated CIPA requirements to filter Internet usage. FortiGuard's industry leading Web Filtering database and very granular categorized ratings are ideal in allowing administrators to apply very specific web access policies to groups of users.
Managed Security Service Providers
Today, many Small Medium Enterprises (SME's) are looking forward MSSP's to provide a one-stop solution for their networking security needs. MSSP's can deploy Fortinets Web Filtering technologies to provide web filtering capabilities for SME's wishing to control access to inappropriate web sites that may expose businesses to potentially liable material, jeopardize network security and consume valuable bandwidth.
CIPA Certified Web Filtering for Libraries
To meet the Internet filtering requirements of CIPA, libraries can leverage Fortinet's industry leading CIPA compliant FortiGuard Web Filtering service. Unlike competing web filtering products which require a standalone server to be installed, enabling FortiGuard Web Filtering is as simple as enabling the feature on the FortiGate system.
Firewall
Fortinet's industry-leading FortiGate security systems delivers unmatched integrated security capabilities, ease of use and price/performance. Along with the stateful firewall, FortiGate system's use an arsenal of integrated application security engines to quickly identify and block today's blended attacks such as SoBig and Netsky from infecting the networks it protects.
In addition, Fortinet's scalable product line offers FortiGate models to fit any network size with key security features such Stateful Firewall, VPN, Antivirus, IPS, Web Content Filtering, Antispam and Traffic Shaping available on all models. Fortinet's FortiManager™ and FortiAnalyzer™ turn-key appliances provide centralized management of thousands of FortiGate systems and detailed reporting capabilities for internal auditing and event correlation.
Firewall Accelerated:
- ASIC-accelerated hardware and purpose-built secure OS
- Application-level security
- Virtual security domains and security zones
- Enterprise-tested high availability
- Security zones and policy-based configuration
- VoIP aware gateways
- Dynamic routing protocols, RIP, OSPF, BGP
- Detailed logging and reporting
Enterprise and Branch Office Firewall
Fortinet's industry-tested FortiGate Firewalls meet enterprise requirements for scalability, performance and reliability. Advanced security capabilities such as integrated Antivirus, IPS Antispam and URL filtering along with high-availability, wire-speed performance, and security zones are available on all FortiGate Models. In addition, Fortinet's wide breadth of FortiGate models offers a device to fit into any sized network while Fortinet's FortiManager™ system provides a single interface to centrally manage and easily deploy thousands of FortiGate systems.
Multi-Store Retail Deployments
FortiGate security systems offer retail customers a cost-effective solution to meet their unique business needs by securing applications such as POS (Point of Sale), inventory applications and online financial transactions, while Fortinet's ASIC-based, purpose built design delivers the reliability and application security needed by retailers to avoid costly network downtime. In addition, the FortiGate system's ease of deployment, accompanied by the full set of security features offered by every FortiGate system make managing and protecting multiple retail locations a turn key solution.
MSSP Managed Firewall Service
MSSP's are increasingly turning to Fortinet's industry leading FortiGate security systems to deliver integrated security services to customers in an efficient and cost effective manner. Fortinet's Security zones and Virtual Domains provide a perfect platform on which to build a managed security service. Also with Fortinet's FortiManager centralized management and FortiAnalyzer™ centralized reporting server, MSSPs can now lower their maintenance and provisioning overhead by using a single console to manage and ease deployment of thousands of FortiGate systems.
SoHo DSL/Cable Deployment
Fortinet's easy-to-deploy and easy-to-manage security systems deliver exceptional value and performance for securing a home office and small business network. FortiGate installation wizards enable installations to be up and running within minutes.
If you have questions or concerns about deploying Fortinet products in your environment, please feel welcome to contact us toll free: 877-386-3763.
IPS
Fortinet offer a scalable and easy to deploy line of FortiGate IPS security systems that can be installed seamlessly at the network edge or as an IPS solution deployed at the network core to protect critical business applications from external as well as internal originating attacks. In addition, with Fortinet's SOHO and SME FortiGate models, security administrators are now able to cost-effectively deploy the same level of IPS protection at branch offices that in the past was only available for the corporate headquarters.
By tightly integrating industry leading security technologies IPS, Antivirus, Antispam and Stateful Firewall, Fortinet delivers the best-in-class security available for enterprises and service providers to combat the complex blended threats that use multiple methods to infect hosts and self-propagate.
IPS Accelerated:
- ASIC-based hardware design
- Automatic updates of IPS signatures
- User-defined custom IPS signatures
- Inspection of VPN (IPSec and SSL) content
- Bi-directional IPS content filtering
- Signature and protocol anomaly engines
- Detailed logging and reporting
- Support for 50+ protocols and applications
IPS Deployment
Deployed in conjunction with an existing firewall, the FortiGate™ IPS system is deployed in the traffic path inspecting incoming and outgoing packets for malicious and malformed content. The FortiGate system's highly accurate IPS engine and high availability (HA) configuration ensures maximum availability of network resources.
Network Core and Branch Office IPS
Fortinet's flexible architecture and scalable product line allows for network core deployments to protect against external and internal attacks while the FortiGate system's extensive product line allows security administrators to cost effectively deploy IPS protection to smaller branch offices. FortiManager™ centralized management delivers a single console interface to manage thousands of FortiGate systems.
Enterprise with IPS Bypass
Fortinet's FortiBridge™ option offers enterprises fail-open protection for FortiGate systems deployed inline in transparent mode. The FortiBridge device's zero-power fail open technology means that the FortiBridge unit will also fail open in the event of a complete power failure.
IDS Deployment
For traditional IDS deployments, the FortiGate system's flexible architecture supports monitoring of traffic from a network tap or mirrored interfaces from the core switch. The FortiGate system can generate detailed traffic logs and alerts for analysis and auditing.
If you have questions or concerns about deploying Fortinet products in your environment, please feel welcome to contact us toll free: 877-386-3763.
VoIP
The market for Voice Over IP (VoIP) equipment sold to corporations and other enterprises, including phones, hardware and software, grew 78 percent to $3.07 billion in 2004, according to Synergy Research Group, and is seen rising to $4.42 billion this year. By 2009, it should represent nearly $11 billion in sales.
With the growing deployment of VoIP, both enterprise and service providers face a network security challenge in dynamically allowing VoIP traffic through a range of firewall ports permanently left open for real-time connectivity. Leaving a range of firewall ports wide open for VoIP traffic is also an invitation to malicious network traffic and an unguarded door against hackers.
The best way to solve this issue is with Fortinet's solution featuring the FortiOS™ Operating System. Its advanced method of content inspection and pattern recognition dynamically opens up a single port, and then closes it after the call is completed. It inspects both H.323 and Session Initiation Protocol (SIP) call-signaling protocols used by VoIP traffic.
Traditional VoIP Security Solution with Firewall Configurations
Problem: Traditional firewalls require a permanent range of vulnerable ports be opened to support latency-sensitive Voice over IP traffic - they are always open and provide a door for unsecured and unauthorized access. This leaves the VoIP switch and entire IP infrastructure vulnerable to damaging attacks and costly downtime.
Fortinet's Secure VoIP Solution
Solution: Fortinet's VoIP-savvy firewalls work with the industry widest range of VoIP offerings and understand both H.323 and Session Initiation Protocol (SIP) signaling and communications protocols to dynamically open only the ports needed for the duration of the call. Only the traffic for that session is allowed since the Fortinet firewall is session-aware at all times. Once the call completes the ports automatically close for maximum security.
If you have questions or concerns about deploying Fortinet products in your environment, please feel welcome to contact us toll free: 877-386-3763.
VPN
Fortinet's advanced VPN solutions meet the price/performance requirements of any-sized enterprise. Fortinet's VPN offers secure and cost-effective alternatives to expensive, low-bandwidth Frame Relay circuits to connect multiple offices across the public Internet. FortiManager™ centralized VPN management appliance provides the ability to mange thousands of FortiGate systems from a single console. Tightly integrated with Fortinet's application security protection, Firewall, Antivirus, and IPS, Fortinet provides the most secure VPN solution available in the market today.
VPN Accelerated:
- ASIC accelerated VPN
- IKE: Pre-shared Key, Certs, Manual Keys
- Extensive user authentication, RADIUS, LDAP, Local Database, SecureID, X-Auth support for IPSec Clients
- IPSec, SSL, L2TP, and PPTP
- VPN content inspection - Antivirus, IPS, URL Filtering
- Hub-and-spoke configuration
- FIPS 140-2 certified
- Traffic shaping prioritizes traffic across VPNs
Enterprise Remote Office and partner Extranet VPN
Deployed in parallel with an existing firewall, a FortiGate VPN gateway terminates VPNs from branch offices and extranet partners that require limited access to DMZ servers. With the FortiGate systems integrated security features, the administrator can configure granular security policies to control access to resources on the corporate LAN and DMZ.
Enterprise Hub-and-Spoke VPN
Hub-and-Spoke VPN configurations allow multiple remote sites to connect together without having dedicated tunnels to each site. An ideal application for this design is to transport VoIP traffic across the VPN's to reduce long-distance toll charges. Fortinet's traffic shaping features ensures VoIP traffic receives priority even through a VPN tunnel.
MSSP: Virus-Free managed VPN Service
Taking advantage of Fortinet's integrated antivirus protection, managed service providers can deliver the industry's most secure VPN service by enabling Fortinet's advanced antivirus engine to block incoming and outgoing VPN traffic that contains viruses, worms, trojans, spyware and other malicious content to prevent virus outbreaks from spreading from office to office. As an added benefit, Fortinet's flexible VPN architecture allows for interoperability with most IPSec VPN gateways. Regardless of the VPN CPE the customer has in place, the FortiGate system deployed at the core will ensure virus-free VPN traffic.
Enterprise Remote Access (IPSec and SSL)
Ideal for roaming users such as a remote salespeople needing secure access to resources on the corporate LAN such as email and intranet resources. Fortinet offers both a secure IPSec client (FortiClient™) and clientless SSL VPN for hotspot access in areas where IPSec may be blocked by a firewall. Strong authentication is enforced users can establish VPN session.
If you have questions or concerns about deploying Fortinet products in your environment, please feel welcome to contact us toll free: 877-386-3763.
Wireless
FortiGate security systems offer a comprehensive set of capabilities that address the key challenges to deploying secure wireless LANs. FortiGate systems can be deployed in conjunction with wireless access points from any vendor, and used to detect and eliminate content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance. In addition to providing application-level protection, the FortiGate systems deliver a full range of network-level services — firewall, VPN, intrusion detection and traffic shaping — delivering a complete network protection services in dedicated, easily managed platforms.
In particular, the VPN encryption, user authentication and directory integration capabilities of FortiGate systems make it possible to mitigate the security weaknesses of current generation WLAN products and to retrofit complete, high-performance security into any WLAN deployment.
The FortiGate platform uniquely solves key issues and concerns currently holding back rapid adoption of wireless LANs in the enterprise, including:
Security Problem with WLAN Deployment |
|
Addressed by the FortiGate Platform |
|
No native support to enable a wireless access point to distinguish an employee's WLAN NIC from that of a friendly visitor or malicious rogue |
|
User-level authentication and user/group policies that enable, for example, employees to have access to specific data resources and services, provides Internet access to guests for mail and Web access only, and denies service to rogues |
|
Limited support for directory integration |
|
User authentication through internal database, Radius server or LDAP directory |
|
No native support for terminal device authentication |
|
IP/MAC binding to enable physical authentication of access terminals |
|
Weakness of WEP encryption |
|
Strong encryption and authentication of wireless links using IPSec VPN with a choice of triple-DES and AES encryption, and SHA1 or MD5 for packet-level authentication |
|
Content-based attacks such as virus scanning, script filtering and intrusion detection/prevention |
|
Intrusion detection/prevention and content filtering |
|
No native support for QoS to ensure appropriate allocation of shared wireless bandwidth |
|
Policy-based traffic shaping to allocate bandwidth based on user identity and type of application |
|
Wireless LANs provide a tremendous amount of freedom and flexibility and support the increasing desire for always-on, always-available connectivity. However, wireless LANs also break down the notion of a definable "network edge," and bring significant new challenges for maintaining network security. With proper augmentation, the security deficiencies of wireless LANs can be mitigated, enabling the benefits of untethered connectivity without compromising security.
Fortinet's FortiGate family add a critical layer of protection to wireless LANs, extending the life and improving the security of existing systems and providing a foundation for expanded implementations even as wireless standards evolve and mature.
If you have questions or concerns about deploying Fortinet products in your environment, please feel welcome to contact us toll free: 877-386-3763.