fortinet ecosystem overview

7/25/2019 Fortinet Ecosystem Overview

http://slidepdf.com/reader/full/fortinet-ecosystem-overview 1/68

© Copyright Fortinet Inc. All rights reserved.

Security for a New WorldPeter Smetny, Bill Park, Derek Holmes, Mike Bailey

May 5th, 2016



Agenda

Fortinet Overview

Fortinet EcoSystem Overview

Fortinet Advanced Threat Prevention

Fortinet SDN Framework

FortiGuard Threat Intelligence

Questions



Fortinet Facts

#1In Network Se

$1.17BCASH

FOUNDED

2000

OVE

2 MIDEVICE

40%GROWTH

EMPLOYEES3,900+

255,000+CUSTOMERS

MARKE

TECH257 PAT228 PE280+ 0-

D

100+OFFICESWORLDWIDE

SUNNYVALE, CA

HQ

IPO

2009



SECURITY HAS CHANGE

3.2 BILLIONINTERNETUSERS 1.3

BILLIONSMARTPHONESSHIPPEDWORLDWIDE

INCREASE IN CYBER THREATS

10,000xPUBLIC CLOUD MARKET IS E

$191B



TODAY’S STANDARD APPROACHES

NO LONGER WORK

TOO MUCH FOCUSON COMPLIANCE

Enterprises spend too much on checking

boxes down a list.

TOO RISK BASED

Taking a reactive approach only

addresses known threats, not the new

unknowns.

TOO MASOLUTIO

Too many differen

products do not co

another.



AdvancedSecurity

NetworkPerformance

Our customers can have both

SECURITY FOR A NEW WORLD ISSECURITY WITHOUT COMPROMISE



SEAMLESS

Consistent threat posture

end

-

to

-

end, across the

expanding attack surface

Security Without CompromiseSeamless Security Across the Entire Attack Surface

PO

Unriv

performan

the pow

INTELLIGENT

Threat intelligence and advanced threat

protection from the inside out for full

visibility and control

Secure Access

Network Security ApplicationSecurity

FortiGuard Threat Intelligence & Services

FortiGate

ClientSecurity

CloudSecurity



Global Intelligence & Control

FortiGuardLabs

FortiGuaSensor

FortiGuardServices

Global Threat Intelligence

Full Visibility

Single Pane of Glass

2M+

200+





Full Visibil ity





Full Visibility





Agenda

Fortinet Overview





Questions



Broad Complementary Solution PortfolioFurther Simplify Your Network

FortiDBDatabaseProtection

FortiClientEndpoint Protection, VPN

FortiTokTwo Facto Authentica

FortiSandbox Advanced ThreatProtection

FortiClientEndpoint Protection

FortiGateNGFW

Forti Auth enti cator User Identity Management

FortiManager Centralized Management

Forti Analy zer Logging, Analysis,Reporting

Forti ADC ApplicationDeliveryController FortiWeb

Web ApplicationFirewall

FortiGateDCFW FortiGate

Internal NGFW

FortiDDoSDDoS Protection

FortiMailEmail Secu

FortiGateVMXSDN, VirtualFirewall

Forti APSecure AccessPoint

DATA CENTER

BRANCHOFFICE

CAMPUS

FortiGateCloud

FortiWiFiUTM

FortiGateTop-of-Rack

FortiCameraIP Video Security

FortiVoiceIP PBX Phone System

FortiGateNext GenIPS

FortiExtender LTE Extension

FortiSwitchSwitching

Product List

Fo rt iADC App li cat io n Del iver y Co ntr ol ler

Fo rt iAn al yzer Lo g An al ysi s

FortiAP Secure Wireless

For t iAuthent icator Authent icat ion

Fo rt iCamer a IP Vi deo Secu ri ty

FortiClient Endpoint S ecurity

Fo rt iCl oud Cl ou d Lo gg ing an d Pr ovi si on in g

FortiDB Database Security

FortiDDoS DDoS Protection

F or ti Ex tender Ce ll ul ar LTE E xt ensi on

FortiGate Core Firewall Platform

FortiMail Email Security

F or ti Manage r Cent ra li zed M anagem en t

F or ti Sandbox A dv anced T hr ea t P ro tect ion

Fo rt iSw itch Access & Dat a Swi tch in g

FortiToken 2FA Token

FortiVoice IP PBX Phone Systems

FortiWeb Web Application Firewall

FortiWiFi UTM with Wireless Access



Solution-Based Ecosystem

Appl ication & Access Secur ity

Data Center SECURITY ATP FRAMEWORK

CLOUD SECURITYSECURE ACCESS ARCHITECTURE

EnterpriseFirewall

CONNECTED UTM

ENTERPRISENextGen FIREWALL

Secur ity Rese

App

I

WFilt

MobileSecurity

Anti-Botnet

Reputation



ENTERPRISE FIREWALL

SDN

VF

IPS

SWG

5.4

FortiOSFortiGuardFortiASIC

FortiAuthenticator

FortiManager

FortiAnalyzer FortiGate

Rugged

Cloud

Virtual

Physical



CONNECTED UTM (Branch)

FortiCloudFortiManager

5.4


FortiPrivateCloud

FortiMail

Cloud

Physical

FortiWiFi

FortiGate

FortiClientFortiAP

FortiWAN

FortiSwitch

FortiExtender

FortiVoice



FORTIGATE UTM, HIGH-END DATA CENTER FIREWALLS AND NEXT-GENERATION SECURITY APPLIANCES

FortiGate1000-2000 SERIES

Data Center Firewall andNext-Generation Security

• Ultra-high 1/10 GE port density enablesbroad connectivity and visibility closer toassets.

• Multi-gigabit throughput (up to 80 Gbps)inspects traffic while keeping up withhigher internal network speeds.

HighFire

• High-speed 4future-proofinnetwork fabric

• Up to Terabit tinspects traffichigher interna

• ASIC-based Optimal Path Processing (OPP) ensures high-security and high-performance• FortiOS 5.4 provides feature rich Networking, Security and Management functions• IPv6 hardware acceleration provides IPv4-to-IPv6 performance parity.• Extensible management platform enables automation and orchestration with cloud management and

• Features also include compact, power-efficient appliance form factors.• Ensures continuous protection from the latest threats with dynamic updates from FortiGua

• Simplifies config and troubleshooting via single-pane-of-glass management.

FortiGate

50-900 SERIESUNIFIED THREATMANAGEMENT

• Multiple form-factors and port optionsincluding wifi, PoE & rugged for variedoptions.

• Manages wireless APs, switches & 4GLTE wireless WAN extenders directly.



SECURITY MANAGEMENT

FortiManager CENTRALIZED DEVICE

MANAGEMENT

• Combines analytics, reporting andlogging functions.

• Supports a high number ofmanaged devices (up to 10,000).

• Optimizes policy pushes for largeenterprises/MSPs.

• Multiple concurrency and lockingoptions.

• Manages the security policyapprovals process with WorkflowMode.

• Full API support for orchestrationintegration, as well as scripting

support using CLI or TCL.

FortiAnalyzer CENTRALIZED LOGGING

AND REPORTING

• Delivers high-performance logrates for large enterprises/MSSPs.

• Provides interoperability with third-party devices using Syslog.

• Enables forensics for post-breachdiscovery and future risk

prevention.

• Offers more application, user andWeb insights with new reporttemplates.

• Provides Forensics with centralFortiviews.

• Fully customizeable using SQL

queries, charts and macros

HYPEENTER

• Ability to cFortiManamass scale

• Immediateproblematimanageme

• Holistic viepolicy packresiding on

• Enables minstantanedevices/domanageme



FIREWALL CONVERSION

FortiConverter CONFIGURATION AND

MIGRATION TOOL

• Provides a single tool for multipleinstallations allowing for cross vendorinstallation conversion.

• Supports automated configurationconversion.

• Significantly reduces the possibility ofhuman error in the conversion process.

• Identifies and eliminates errors in existingconfigurations.



DATA CENTER SECURITY

V i r t u al

P h y s i c a l

FortiGuard (IP Rep, WAF, AV)

FortiADC

V i r t u al

P h y s i c a l

FortiWeb

V i r t u al

P h y s i c a l

FortiMail

FortiDB

P h y s i c a l

FortiDDoS

P h y s i c a l



APPLICATION SECURITY AND DELIVERY PRODUCTS

FortiWebWEB APPLICATION

FIREWALLS

• Protect custom and commercialapplications with automatic usageprofiling and anomaly scanning.

• Meet PCI Compliance (5.5 and6.6) with behavior-based attackdetection and mitigation.

• Identify Web application security

weaknesses with vulnerabilityscanning.

• Publish websites with Single SignOn/Authentication.

FortiADC APPLICATION DELIVERY

CONTROLLERS

• Scale applications with ServerLoad Balancing.

• Improve secure application/serverperformance with SSL Offloading / Acceleration.

• Reduce bandwidth needs withHTTP Compression.

• Provide disaster recovery thatspans multiple data centers withincluded Global Server LoadBalancing.

MIT

• Detect DD100% ASICdetection a

• Protect agawith 100% detection.

• Get compl

with 100%

• Delivers thdetection r Attack Ree



FortiWeb – Web Application Firewall

Protects web-based applications fromcode-based attacks

» SQL Injection or other injection types

» Cross Site Scripting and Request Forgery» Layer 7 DoS/DDoS attacks

» Cookie poisoning

Protects against applicationvulnerabilities in custom codeand commercial platforms

Understands/learns “normal”behaviors and stops anomalies

» URL parameters, HTTP methods,session IDs, cookies, etc.

Dynamic and adaptive to adjustto new threats

FortiASIC= High performance and low

TCO compared to competition

Can’t a Firewall or IPS do this? Firewalls look for network-based attacks

IPS Signatures detect only known proble

Firewall has no understand of applicatio

FortiWeb has rich feature-set for web-re Vulnerability Scanner (with 3rd party support)

Robust Load-Balancing

Authentication, Site Publishing, SSO

Out-of-Box profiles for common apps – Sharepoint,

FortiWeb WA

Web ApplicationServers

SQL Injectio n, XSS, Defac

INTERNET



FortiWeb – Web Application Firewalls

5 models from 25 Mbps to 20 Gbps HTTP throughput

4 Virtual Models for virtual and cloud deployments (AWS, Azure)

Up to 8x GE and models with 4x 10GE SFP+ ports

Included vulnerability scanning and antivirus

Hardware and VM options

FortiGate and FortiSandbox Integration

Automatic beha

Auto setup/lear

Layer 7 DDoS

FortiGuard anti

signatures Transparent, re

deployment op

Central Manag

REST API

Virtual Patching

Advanced Fals

Advanced real-

SSL offloading

SSO/Authentic

Layer 7 load ba

User Threat Sc

Fastest Web Application Firewall in the Indu



FortiWeb Protection at all Layers

ATTACKS/THREATS

APPLICATION

IP REPUTATIONBOTNETS, MALICIOUS HOSTS,

ANONYMOUS PROXIES, DDOS SOURCES

DDOS PROTECTION APPLICATION LEVEL

DDOS ATTACKS

PROTOCOL VALIDATIONIMPROPERHTTP RFC

ATTACK SIGNATURESKNOWN APPLICATION

ATTACK TYPES

ANTIVIRUS/DLPVIRUSES, MALWARE,

LOSS OF DATA

BEHAVIORAL VALIDATIONUNKNOWN APPLICATION

ATTACKS

ADVANCED PROTECTIONSCANNERS, CRAWLERS,

SCRAPERS

INTEGRATIONFORTIGATE AND FORTISANDBOX

APT DETECTION



FortiWeb Recommended by NSS Labs

Test Categories» Security: URL Parameter manipulation, form/hidden field

manipulation, cookie/session poisoning, cross-site scripting,directory traversal, SQL injection and padding Oracle attacks

» Evasions: packet fragmentation reassembly, streamsegmentation, URL obfuscation

» Performance: stability, reliability andconnections per second

Fortinet FortiWeb-1000D earned a Recommendedrating

Strong performance with 99.85% block rate and15,865 connections/second

Passed all tests for evasion techniques and forstability and reliability

0.366% false positive detection rate

SVM Published on Se



FortiAnalyzer FortiManager

FortiCore FortiGate VMX

FortiGate

DATA CENTER SECURITY

VMX

VirtualPhysical VirtualPhysical

VirtualPhysical

5.4




FortiAnalyzer FortiManager

FortiSandbox FortiWeb

FortiGate

VirtualCloud VirtualCloud

VirtualCloud

5.4

FortiOSFortiGuard

CLOUD SECURITY



FortiGuard FortiOS

FortiClient FortiManager

FortiWeb FortiAnalyzer

FortiMail FortiMonitor

FortiGateFortiSandbox

ADVANCED THREATPROTECTION FRAMEWORK

5.4

CloudVirtualPhysical



A Picture of the ATP Framework in Action

Internet

Known threats on web/messaging trafficblocked on the NGFW, WAF and SEG.

Unkown URLs and Filessubmission to FortiSandbox

FortiSandbox AV DB updatesuspicious de

EPinfeFor

FortiSandbox

FortiGateNGFW

FortiWeb

FortiMail

FortiClient



ATP Integration

FortiGate FortiSandbox Int

Status Reporting, Signatures, U

DetailedStatus Report

Analysis reportFortiView FortiSandbox viewer

By Source (with Threat Scoring) , by File

Signatures,URL lists

Status Summary on dashboard



ICSA Labs Advanced Threat Defense – Report-at-a-GlanceFortinet, Inc.

ATD-FORTINET-2016-0330-01

Executive Summar y

• Ran by ICSA Labs for 33 days, with close to 600 runs.• Periodic launch of innocuous apps and constant valid

of logs and alerts• Fortinet ATP framework obtained great results.

Test Length 33 days

597

Malicious Samples

% Detected

279

99.6%

Innocuous Apps

% False Positives

318

1.6%Test Runs

Fig.2 – Detected278of 279 New & Little-Known Malicious SamplesFig. 3 – Few Aler

ICSA Labs AdvancedThreat Defense

Certified

Test Period:

Certified Since:

Q1 2016

12/ 2015

Advanced ThreatProtection Framework

Fig1 – High Detection Effectiveness & Few False Positives



Main Offices

Sample Stand Alone FireEye Sandboxing- Conceptual Level30 Dedicated Sandbox Appliances, $5.7m

Datacenters

FireEye(NX2400)

FireEye(AX5400)

Branch Offices

Satellite Offices

FireEye(NX900)

FireEye

(NX4400)

FireEye(CM9400)

FireEye(NX10000)

FireEye(CM9400)

FireEye(EX8400)

FireEye(AX5400)

FireEye(FX8400)

En? 30

Sandboxing - Integrated vs. Standalone

Mobile UsersInternet



Main Offices

Advanced

Threat Protection(ATP)

Sample Integrated Fortinet NGFW + ATP Full Coverage Detail44 NGFWs, $3.2m + 12 Sandboxes, $1.5M

Mobile Users

Datacenters

NGFW & ATP (Opt .)

Aut henti cati on,Management &

Reporting

NGFW & ATP (op t.)

Branch Offices

Remote AccessFirewalls

Partner AccessFirewalls

Perimeter

Firewalls

Core Firewalls

Satellite Offices

Next Generation

Firewall(NGFW)

Sandboxing - Integrated vs. Standalone

Secure MailGateways

Web Appl icat ionFirewalls

Internet



Fort iPresence Fort iAuthent icator

FortiManager FortiWLM

FortiClient FortiWiFi

FortiWLC

FortiAP

FortiGate Controller

FortiSwitch (POE)

SECURE ACCESS ARCHITECTURE

N



InfrastructureInfrastructure WLAN solution to provide scale and flexibility

Why Infrastructure? Mobile: Fit for highly mobile and scalable deployments where low latency and Channel Flexibility: Channel planning flexibility to shorten site survey and dep Stand-alone: Able to separate access infrastructure purchase decision from se

Security

Mobilit y / Roaming / Scale• Supports highly mobile environments• Lowest latencies for video and voice

traffic

• “Network in control” optimizes access

Channel Planning Flexibility• Reduce site survey planning• Reduce deployment times

Stand-alon• Security • Ability to



IntegratedIntegrated WLAN solution to provide security and wireless control in one box

Why Integrated? Integrated: Industry’s most integrated secure access offering Unified Management: Single pane of glass to manage both security and acces Scalable: Scalable to support enterprises of all different sizes

Branch Office

Central Location

FortiCloud

Remote

Fully Security Integrated• Full integration of FortiGuard and FortiOS

threat intelligences and securty• Includes Wireless Security: WIDS, Rogues

Single Pane Management/Report ing• Integrates into FMG & FAZ• Can be managed directly for FGT• Leverage central authentication &

identity management

Sizing Sca• From 5 A• Managem

Security AccessControl



Integrated Wireless Deployment Diagram

FortiGateNGFW/UTM

Security

FortiSwitchPOE

AccessPoints

AccessPoints

WLANController



CloudCloud WLAN solution to provide simplified management

Why Cloud? Secure: Industry’s only UTM + AP solution Cloud: Roll out remote sites in minutes - not hours and days Controller-less: Wi-Fi without the complexity of on premise controllers

CloudManagement

Fortinet UTM Built -In Contr



Agenda

Fortinet Overview


Fortinet Central Management



Questions



Single Pane-of-Glass Management

Consistent Policies and Posture Across the Hybrid Cloud

Public Cloud Physical Networks Virtualization

Centralized Management and Polic y

VM VM VM

VMware

VM

Management & Policy Logging & Analysis SaaS-Based Portal



Fortinet Security Management Lineup

FortiMoMHyperscale security management(manager of managers) for FMG/FAZ

Fortinet Developer NetworkSubscription-based web portal fordevelopers using management APIs

FortiCloudSubscription-based provisioning,

management & analytics in the cloud

FortiPrivateCloudCloud-based security management thatMSSPs can whitelabel for their clientele

FortiDeployCloud-based device provisioning and

bootstrapping from the cloud

FortiMonitor Unified risk management , big datalogging and event correlation

C o r e M a n a g e m e n t

P r o d u c t s FortiAnalyzer

Aggregated logging, event management,reporting and analytics

FortiManager Centralized management of security

policies, firmware and content updates



FortiManager Enterprise central management



Key Features of FortiManager

Centralized management / Configuration revision contro

Firmware management / local FortiGuard service provis

Administrative domains & Global Policies

Scripting & APIs for integration with external tools

Logging and reporting / Alert management

F tiM F t



FortiManager Features

Traditional“FortiManager”

Functions

Tr“For

F

No

F tiM D i M



FortiManager Device Manager

Total Devices

DeviceConnections Device Config

Changes



FortiAnalyzer is an integrated network

logging, analysis, alerting and reporting platform

FortiAnalyzer Overview

FortiClient

FortiGate

FortiCarrier

FortiMail

FortiWeb

FortiCache

FortiSandbox

Syslog

K F t f F tiA l



Key Features of FortiAnalyzer

Device Logs Aggregation and Management

Security Log Analysis / Forensics

Breach Detection & Network Analysis Content Archiving / Quarantine

Alerts Management

Admin Partitions (ADOMS)

Graphical Reporting

F tiA l D ill D D hb d



FortiAnalyzer – Drill-Down Dashboards

Drillable Views• Threat Map

• Top Countries

• Policy Hits

• Top Browsing Users

• Author ized APs

• Author ized SSIDs

• WiFi Clients

• Storage Statistics

• Failed Auth Attempts

• Al l Endpoints

•Etc.

F tiA l D ill D A l ti



FortiAnalyzer – Drill-Down Analytics

FortiAnalyzer Event Management



FortiAnalyzer – Event Management

FortiAnalyzer Threat Detection Service



FortiAnalyzer – Threat Detection Service

FortiAnalyzer historically has reliedon the ratings and static/point-in-time FortiGuard analytics from theFortiGate devices to generateFortiView and Reports .

Breach detection brings freshcorrelation and IOC (indicator ofcompromise) data daily to theFortiAnalyzer itself, and allows it to

re-analyze webfilter logs and real-time events applying today’s newFortiGuard intelligence tounderstand yesterday’s events.




FortiAnalyzer – Threat Detection ServiceReal-Time and Retroactive Log Correlation

New Menu Item “ Breach Detection” in FortiView Threats Section!




What is FortiAnalyzer Breach Detection?

• Threat Analytics/Intelligence from Fortiguard Labs Threat Detection Service• FortiGate detects and logs threats using FortiGuard services as usual (point-in-t• FortiAnalyzer will do further analytics and correlation against WebFilter logs us

Detection data and present the info in FortiView for up to 7 days prior.• Breach Detection Comprehensive Reports may be generated for earlier time pe

FortiAnalyzer – Threat Detection ServiceReal-Time and Retroactive Log Correlation

Scalable Architecture Options



Scalable Architecture Options

Analyt ics Logs(SQL Insertion)

Archived Logs(Compressed 8:1)

F o r t i G

a t e s , e t c .

FortiAnalyzer (Analyzer Mode)

D A T A &

C O M P L I A N C E

P O L I C Y

90 DAYS 365 DAYS

FortiAnalyzers

(Collector Mode)



Scaling beyond single FortiManager: FortiMoM

What is it?

A Manager of Managers (MoM)

Horizontally scalable architecture

Hierarchical add-on to existing Fortinet Products

Multi “Forti-” product management console

FortiManager FortiDDoSFortiAnalyzer

FortiMoM



FortiMoM Features

Manager of Managers

Central policy editor and objects DB

Domain (ADOMS) Manager – ADOM Grouping, Clone, Migrate

Manages multiple products

FMGR FAZ FDOS

FortiManager 1 FortiManager 2 FortiAnalyzer 1

Agenda



Agenda

Fortinet Overview





Questions

Fortinet Solutions for Software Defined Network Se



FortiCloud FortiPrivateCloud

Utility Pricing AWS & AzureMarketplace Integration

VNF Support NFV MANOIntegration

Service Delivery Extensions

SDNS Framework

FortiGate VM FortiGate Cloud VDOM

FortiGate VMX (NSX) Cisco ACI Connector OpenStack Connector FortiCore

FortiManager FortiAnalyzer Splunk Connector

Data Plane Control Plane Mgmt Plane

Fortinet Solutions for Software-Defined Network Se

P l a t f o r m E x t e n s i b i l i t y

Virtual Appliances/

Services

PlatformOrchestration& Automation

SinglePane-of-GlassManagement

ClouEcos

XML

JSON

Other Interfaces

Logging/Event

SCon

PrograSw

C

Mana

CentPo

Ana

OrchePlat

Mgmt API’s

CLI/Scripting

Data Plane Control Plane Management

PlaneSaaS

Multi-TenancyOn-DemandSelf-Service

NetworkFunction

Virtualization

Service Delivery Extensions

Software Defined Network Security Partner Ecosys



Software-Defined Network Security Partner Ecosys

ORCHESTRATION PLATFORMS

PROGRAMMABLE SWITCHING

CENTRALIZED POLICY & ANALY

P l a t f o r m E x t e n s i b i l i t y

S o f t w a r e - D

e f i n e d S e c u r i t y F r a m e w

o r k

SDN / NETWORK VIRTUALIZATION CONTROLLERS

API’s

Platform Orchestration & Automation



Platform Orchestration & Automation

Auto-ScalingFirewall & Rule

Provisioning

SDN FlowVisibility (dynamic

flow control,overlay/

underlay traffic)

Dynamic Policies(follow logical port,

IP, MAC)

Benefits

VM VM VM

VMware

Control Plane

Fortinet Service VM

Control Plane Orchestration

Network Visibility

Elastic provisi oning

Distributed

Object-based policy

Agility Through Control Plane Integration

FortiGate-VMX Solution Interaction / Workflow



FortiGate-VMX Solution Interaction / Workflow

VMware Kernel VMware Kernel

vDistributed Switch

1. Register Fortinet as security service with NSX Manager

2 .

A u t o - d e p l o y

F o r t i G a t e - V M X t o

a l l h o s t s i n s e c u r i t y c l u s t e r

3 .

F o r

t i G a t e - V M X c o n n e c t s w i t h

F o r t i G

a t e - V M X S e r v i c e M a n a g e r

4. License verification and configurationsynchronization with FortiGate-VMX

5 .

R e d i r e c t i o n p o l i c y r u l e s u p d a t e d f o r

e n a b l e m e n t o f F o r t i G a t e - V M X s e c u r i t y

s e r v i c e

6. Real-time updates of object database

FortiGate-VMXManage

FGT-VMX and VMWARE NSX Filter Driver Interac



VMware KerneldvSwitch

FGT-VMX and VMWARE NSX Filter Driver Interac

1 Define NGFW Firewall Poli cies

2FGT-VMX

NetX NSX Filter Driver int

ext

Packet F1. From VM to NSX Filt2. NSX Filter Driver For

party Solution (FGT-3. FGT-VMX applies Sepacket back to NSX

4. NSX Filter Driver canchaining or send pac

FortiGate-VMService Man

Leverages TSO for High Throughput

Integrated FortiGate Solution for Cisco ACI




Spine nodes

Leaf nodes

APIC

VM VM VM

E x t e r n a l

I n t e r n a l

N E T - a

N E T - b

Cisco ACI

Nexus 9000 Leaf/Spine Switches

APIC Controller

Fortinet SDN S

FortiGate Physical or V

Appliances FortiGate Connector fo





Cisco ACI Integration Details



Cisco ACI Integration Details

ACI enables third-party L4-L7 service insertion

» “Application Centric Infrastructure” - Endpoint/Workload-centric policy

FortiGate Connector for Cisco ACI enables Fortinet orchestration in APIC cons

» FortiGate device package contains XML metadata describing Fortinet’s device andsecurity services

» Admininstrator assigns Fortinet security policies to traffic (“Contracts”) betweenapplications (Endpoint Groups)

Use Cases

» Auto-provisioning workload security

» Micro-segmentation

» Secure multi-tenancy» Tenant function segmentation

FortiCore SDN Security Platform



FortiCore – SDN Security Platform

Hype

Scaling NSFs to meet architecture

• Transparent link transection

• Leaf-Spine

Pipeline Security• FortiGuard security intelligence

• Augments partner/open SDN/NFVarchitectures

High Flow-Capacitance for SecurityEnabled SDN

• >1 Tbps switch fabric

• ~200K Flows – REGX (Single-Table)

• ~2M Flows – EXACT MATCH (Multi-Table)

• vs Trident 2+ = 32K flows

Agenda



Agenda

Fortinet Overview




Questions

fortinet ecosystem overview

Documents