fortios_bro forti os 4.0

7/31/2019 Fortios_bro Forti Os 4.0

http://slidepdf.com/reader/full/fortiosbro-forti-os-40 1/4

BROCHURE

FortiOSTM 4.0 SoftwareRedefning Network Security



FortiOS 4.0—Redefning Network Security

Improved ValueFortiOS 4.0 sotware provides you with access tosecurity services that you may have consideredcost-prohibitive or overly complex to deployindividually. Moreover, the new eatures o FortiOS4.0 sotware are available at no additional costor every eligible FortiGate device with an activemaintenance contract.

Enhanced SecurityFortinet designed FortiOS 4.0 security services romthe ground up to deliver integrated perormanceand eectiveness that standalone products simplycannot match. The services work together as a

system, acting in tandem to provide you with bettervisibility and the ability to stop threats against yournetwork and applications as early as possible,beore damage can occur.

Simplifed ManagementFortiOS 4.0 sotware consolidates your securityinrastructure and simplies your managementrequirements, lowering your costs and reducingthe workload o your IT sta. It dramaticallyreduces the complexity o deploying deense-in-depth compared with stand-alone products.

You have the fexibility o a unied policy at thedevice level and an appliance-based centralizedmanagement platorm or large deployments.Fortinet even oers a service-based managementsolution or smaller organizations to urther simpliysecurity management, ully integrated with FortiOS4.0 sotware.

FortiOS is a security-hardened, purpose-built operating system that is the sotware oundation o FortiGatemulti-threat network security platorms. FortiOS enables high perormance multi-threat security by leveragingthe hardware acceleration provided by FortiASIC™ content and network processors. This combination o customhardware and sotware gives you some o the highest levels o security and perormance possible rom a singledevice. FortiOS helps you stop the latest, most sophisticated, and dynamic threats acing your network todaywith dynamic threat intelligence delivered via FortiGuard® Security Subscription Services.

FortiOS 4.0 sotware redenes network security by extending the scope o integrated security and networking

capabilities within the FortiGate multi-threat network security platorm. Regardless o the size o your organization,you can benet rom the most comprehensive suite o security and networking services within a single deviceon the market today. FortiOS 4.0 sotware includes a wide range o eatures that increase your content andnetwork security while reducing your operating and capital costs. FortiGate platorms combine enterprise-classrewall, IPSec VPN, SSL-VPN, intrusion prevention, antivirus, web ltering, antispam, and Layer 2/3 routingservices. It also includes Data Loss Prevention (DLP), WAN optimization, application control, SSL-encryptedtrac inspection, and endpoint Network Access Control (NAC). FortiOS 4.0 sotware delivers on its mission toenable secure business communications while oering the best perormance and lowest cost o ownership.

“Changing business processes and threats are driving

new requirements for network security. Increasing

bandwidth and new application communication (such

as Web 2.0) are changing how protocols are used and

how data is presented. Software as a service is moving

critical data off-site, and an increasing reliance on

critical IT is pushing security in new directions.”

Greg Young and John Pescatore, Gartner, Magic Quadrant for Enterprise Firewalls, November 2008.



FortiOS 4.0 Sotware—Raising The Bar

Data Loss Prevention (DLP)It is imperative or you to control the vast amount o condential, regulated, and proprietary

data traversing your network, and keep it within dened network boundaries. Workingacross multiple applications (including those encrypting their communications), DLP usesa sophisticated pattern-matching engine to identiy and then prevent the communicationo sensitive inormation outside the network perimeter. In addition to protecting yourorganization’s critical inormation, DLP also provides audit trails or data and les to aidin policy compliance. You can use the wide range o congurable actions to log, block,and archive data, as well as ban or quarantine users.

WAN OptimizationWith WAN Optimization, you can accelerate applications over your wide area links whileensuring multi-threat security enorcement. FortiOS 4.0 sotware not only eliminates

unnecessary and malicious trac as one o its core capabilities, it also optimizeslegitimate trac by reducing the amount o communication and data transmittedbetween applications and servers across the WAN. This results in improved perormanceo applications and network services, as well as helping to avoid additional higher-bandwidth provisioning requirements.

Application Control Application control enables you to dene and enorce policies or thousands o applications running on your endpoints, regardless o the port or the protocol usedor communication. Application classication and control is essential to managethe explosion o new web-based applications bombarding networks today, as mostapplication trac looks like normal web trac to traditional rewalls. Fortinet’s application

control technology identies application trac and then applies security policies easilydened by the administrator. The end result is more fexible and granular policy control,with deeper visibility into your network trac.

SSL-Encrypted Trafc InspectionSSL-Encrypted Trac Inspection protects clients and web and application servers rommalicious SSL-encrypted trac, to which most security devices are oten blind. SSLInspection intercepts encrypted trac and inspects it or threats, prior to routing it toits nal destination. SSL Inspection applies to both client-oriented SSL trac (such asusers connecting to an SSL-encrypted hosted CRM site) and inbound trac destinedan organization’s own web and application servers. You now have the ability to enorce

appropriate use policies on inappropriate encrypted web content, and protect serversrom encrypted intrusion attempts and other encrypted attacks.

Fortinet continues to increase the breadth and depth o security and networking services included in the FortiOSpurpose-built operating system. By adding new unctionality and enhancing the perormance o existing services,FortiOS sotware continues to demonstrate why it remains the gold standard or multi-threat security. In thepast, the only way organizations could deploy these technologies was by adding more stand-alone products,which also increased deployment, conguration, and management costs.

Endpoint Network Access Control (NAC)Endpoint NAC enorces the use o the FortiClient Endpoint Security application (eitherStandard or Premium editions) on your network. It veries the installation o the mostrecent version o the FortiClient application, up-to-date antivirus signatures, and enabledrewall beore allowing the trac rom that endpoint to pass through the FortiGateplatorm. You also have the option to quarantine endpoints running applications thatviolate policies and require remediation.



ANTIVIRUSICSA Labs Certied (Gateway Antivirus)Includes Antispyware and Worm Prevention

HTTP/HTTPS SMTP/SMTPSPOP3/POP3S IMAP/IMAPSFTP IM Protocols

Automatic “Push” Content Updates rom FortiGuardNetwork File Quarantine SupportBlock by File Size or TypeIPv6 Support

WEB FILTERING76 Unique Categories Provided by the FortiGuard Web

Filtering Service Categorizes over 2 Billion Web pagesHTTP/HTTPS FilteringURL/Keyword/Phrase Block URL Exempt ListContent ProlesBlocks Java Applet, Cookies, Active XMIME Content Header FilteringIPv6 Support

APPLICATION CONTROLIdentiy and Control Over 1000 ApplicationsControl Popular IM/P2P Apps Regardless o Port/Protocol: AOL-IM Yahoo MSN KaZaaICQ Gnutella BitTorrent MySpaceWinNY Skype eDonkey Facebook

FIREWALLICSA Labs Certied (Enterprise Firewall)NAT, PAT, Transparent (Bridge)Routing Mode (RIP, OSPF, BGP, Multicast)Policy-Based NAT Virtual Domains (NAT/Transparent mode) VLAN Tagging (802.1Q)User Group-Based Authentication & SchedulingSIP/H.323 /SCCP NAT TraversalWINS SupportGranular Per-Policy Protection Proles

Explicit Proxy Support

VIRTUAL PRIVATE NETWORK (VPN)ICSA Labs Certied (IPSec)PPTP, IPSec, and SSLDedicated TunnelsDES, 3DES, and AES Encryption SupportSHA-1/MD5 AuthenticationPPTP, L2TP, VPN Client Pass ThroughHub and Spoke VPN SupportIKE Certicate Authentication (v1 & v2)IPSec NAT Traversal Automatic IPSec CongurationDead Peer DetectionRSA SecurID SupportSSL Single Sign-On BookmarksSSL Two-Factor AuthenticationLDAP Group Authentication (SSL)

NETWORKING/ROUTINGMultiple WAN Link SupportPPPoE SupportDHCP Client/ServerPolicy-Based RoutingDynamic Routing or IPv4 and IPv6 (RIP, OSPF, BGP, &Multicast or IPv4)Multi-Zone SupportRoute Between ZonesRoute Between Virtual LANs (VDOMS)Multi-Link Aggregation (802.3ad)IPv6 Support (Firewall, DNS, Transparent Mode, SIP,Dynamic Routing, Administrative Access, Manage-ment)

TRAFFIC SHAPINGPolicy-based Trac ShapingDierentiated Services (DiServ) SupportGuarantee/Max/Priority BandwidthShaping via Accounting, Trac Quotas, and Per-IP

VIRTUAL DOMAINS (VDOMs)Separate Firewall/Routing DomainsSeparate Administrative DomainsSeparate VLAN Interaces10 VDOM License Standard, Upgradable to More

DATA CENTER OPTIMIZATIONWeb Server Caching TCP MultiplexingHTTPS Ofoading

HIGH AVAILABILITY (HA) Active-Active, Active-PassiveStateul Failover (FW and VPN)Device Failure Detection and NoticationLink Status MonitorLink ailoverServer Load Balancing

WAN OPTIMIZATIONBi-Directional / Gateway to Client/GatewayIntegrated Caching and Protocol Optimization Accelerates CIFS/FTP/MAPI/HTTP/HTTPS/GenericTCPRequires a FortiGate device with Hard Drive

MANAGEMENT/ADMINISTRATION OPTIONSConsole Interace (RS-232)WebUI (HTTP/HTTPS)Telnet / Secure Command Shell (SSH)Command Line InteraceRole-Based AdministrationMulti-language Support: English, Japanese, Korean,Spanish, Chinese (Simplied & Traditional), FrenchMultiple Administrators and User LevelsUpgrades and Changes via TFTP and WebUISystem Sotware Rollback Congurable Password PolicyCentral Management via FortiManager (optional)

LOGGING/MONITORINGInternal LoggingLog to Remote Syslog/WELF serverGraphical Real-Time and Historical MonitoringSNMPEmail Notication o Viruses And Attacks VPN Tunnel MonitorOptional FortiAnalyzer Logging (including per-VDOM)Optional FortiGuard Analysis and ManagementService

FIREWALL USER AUTHENTICATION OPTIONSLocal DatabaseWindows Active Directory (AD) IntegrationExternal RADIUS/LDAP/TACACS+ IntegrationIP/MAC Address BindingXauth over RADIUS or IPSEC VPNRSA SecurID SupportLDAP Group Support

FortiOS Security Services

FortiOS Management Services

FortiOS Networking Services

Copyright© 2009 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, and FortiGuard®, are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be trademarks of Fortinet. All other product or company names may be trademarks of

their respective owners. Performance metrics contained herein were attained in internal lab tests under ideal conditions. Network variables, different network environments and other conditions may affect performance results, and Fortinet disclaims all warranties,

whether express or implied, except to the extent Fortinet enters a binding contract with a purchaser that expressly warrants that the identified product will perform according to the performance metrics herein. For absolute clarity, any such warranty will be limited

to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any guarantees. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the

publication shall be applicable. Certain Fortinet products are licensed under U.S. Patent No. 5,623,600.

GLOBAL HEADQUARTERS

Fortinet Incorporated

1090 Kifer Road, Sunnyvale, CA 94086 USA

Tel +1.408.235.7700

Fax +1.408.235.7737

www.fortinet.com/sales

EMEA SALES OFFICE – FRANCE


120 rue Albert Caquot

06560, Sophia Antipolis, France

Tel +33.4.8987.0510

Fax +33.4.8987.0501

APAC SALES OFFICE – SINGAPORE


61 Robinson Road, #09-04 Robinson Centre

Singapore 068893

Tel +65-6513-3730

Fax +65-6223-6784

FortiGuard® Security Subscription Services deliver dynamic, automated updates for Fortinet products. The Fortinet Global Security

Research Team creates these updates to ensure up-to-date protection against sophisticated threats. Subscriptions include antivirus, intrusion

prevention, web filtering, antispam, vulnerability control, and database security services.

FortiCare™ Support Services provide global support for all Fortinet products and services. FortiCare support enables your Fortinet products

to perform optimally. Support plans start with 8x5 Enhanced Support with “return and repair” hardware replacement or 24x7 Comprehensive

Support with advanced replacement. Options include Premium Support, Premium RMA, and Professional Services. All hardware products

include a 1-year limited hardware warranty and 90-day limited software warranty.

FORTIOS-41-BRO-1009-R2

fortios_bro forti os 4.0

Documents