Fortigate Firewall Administraion

Topics: E-mail, Virtual private network, Simple Mail Transfer Protocol Pages: 38 (4480 words) Published: February 22, 2013
Fortinet Overview
Richard Cassidy – UK & Ireland SE

Fortinet Company Overview
• • Founded October, 2000 by Ken Xie
– Founder of NetScreen (NASDAQ: NSCN)

Proven, experienced team led by industry visionaries
– Ken Xie, CEO
• Created world’s most successful firewall appliance line

– Michael Xie, R&D
• Senior development roles with Milkyway, NetScreen and ServGate

– Joe Wells, Chief AV Architect
• Senior AV R&D for Symantec, IBM, Trend • Wildlist founder • Globally recognized authority on the virus threat

Fortinet Confidential

World Class Security Credentials
• Worldwide Company
– 400 employees – Headquarters in Sunnyvale, California – Offices throughout Americas, Asia, and EMEA – EMEA Training center, technical support, Lab research in France

Creators of the only ASIC-based content analysis systems – Addressing the need for real-time network protection

Independent certifications
– Quadruple ICSA certification – Antivirus, firewall, VPN, IDS Fortinet Confidential

Features & Functionality Overview

FortiGate Security Features
• • • Firewall - Stateful Inspection ICSA Certified VPN ICSA Certified – IPSec, PPTP, L2TP, Remote Client AntiVirus ICSA Certified – Scanning of HTTP, FTP, SMTP, POP3, IMAP Protocols – Automatic updates via FortiProtect network Network Intrusion Detection / Prevention ICSA Certified – Automatic updates via FortiProtect network Content Filtering – Web

• URL filtering, Web Page content • Managed Web site categorisation service

• •

– Email / Anti-SPAM
• Known SPAM sites (RBL / ORDBL), Email content, Reverse DNS Lookup

Traffic Shaping
– Bandwidth Guarantees; Bandwidth Maximum - per policy

Fortinet Confidential

The Security problem
• Nature of threats has evolved
– Viruses – Intrusions – Web misuse

• Network and Application security required • Blended threats require Blended response

Fortinet Confidential

Conventional Firewalls Do Not Solve the Problem
Hacker Spam

Viruses, worms

Mail Server

Intrusions Banned content

www.find_a new Fortinet Confidential

Firewalls Do Not Examine The Content of Data Packets – Threats Pass Through

Is a Firewall enough protection?
Four score and seven years ago our forefathers brought forth upon this BANNED WORDS a new liberty, and dedicated to the proposition that all…

NETWORK-LEVEL CONTENT (PACKETS) Four score and seven years ago our forefathers brou ght forth upon this BANNED WORDS a new nation, n liberty, and dedicated to the proposition that all


NO! • Most security threats today come from the Application layer, not the Physical, Data Link, and Network layers • Firewalls do not look into the payload of the packet for harmful intent • As long as the traffic properties agree with a Firewall policy, anything can be attached and sent into or out of that network gateway. Fortinet Confidential

Source Mac IP Address

Destination IP




Firewalls Don’t Analyze Contents so they Miss Content Attacks DATA PACKETS

Inspects packet headers only – i.e. looks at the envelope, but not at what’s contained inside

STATEFUL INSPECTION FIREW ALL Four score and BAD CONTENT our forefathers brou ght forth upon this continent a new nation, n liberty, and dedicated to the proposition that all


Not Scanned

Packet “headers” (TO, FROM, TYPE OF DATA, etc.)

Packet “payload” (data)

Fortinet Confidential


Some Firewalls Claim to do “Deep Packet Inspection” – But They Still Miss a Lot

Performs a packet-by-packet inspection of contents – but can easily miss complex attacks that span multiple packets Undetected...
Continue Reading

Please join StudyMode to read the full document

You May Also Find These Documents Helpful

  • firewall Essay
  • Firewalls Essay
  • Firewall Essay
  • Firewall Essay
  • Firewalls Essay
  • Essay on Firewalls
  • Essay about Overview of Firewalls
  • Firewall Security Essay

Become a StudyMode Member

Sign Up - It's Free