The document discusses securing networks in the cloud with FortiGate virtual appliances. It begins with an introduction to Fortinet and an overview of FortiGate 3950 series appliances, which provide scalable performance up to 120Gbps. It then covers features of FortiGate virtual machines, which support all key FortiGate capabilities in a virtual appliance running on hypervisors like VMware. Virtual domains allow dividing a single FortiGate VM into multiple logical units to securely partition networks and workloads in the cloud.
2. Agenda
1 • Introduction
2 • Features and Virtualization
3 • FortiGate 3950 Series
4 • FortiGate VM
Fortinet Confidential
3. Fortinet Corporate Overview
Fortinet Revenue ($MM)
• Founded in 2000
• Global presence with 30+ offices
worldwide & 1,200+ employees
$252
– 5,000+ channel partners
$212
– 100,000+ customers
$155
– Majority of the Fortune Global 100 $123
• IPO Nov 2009 $80
• NASDAQ: FTNT $39
$13
• 2009 revenue of $252 Million
– 19% YoY growth 2003
2005
2007
• World class management team 2009
Fortinet Confidential
4. A Reliable Partner
• Proven Industry Leadership
» Since 2000, Fortinet has received more than 100 product & company awards.
• IDC: Overall leader in UTM factory revenue for all of 2009
• Gartner: Leader in Multi-Function Firewall Magic Quadrant
• Frost & Sullivan: 2010 "Fortinet is the established and undisputed leader" of worldwide UTM market
• SC Magazine: 2009 Readers' Trust Award for "Best Integrated Security Solution"
• Certified security
» Seven ICSA certifications (Firewall, AV, IPS, IPSec VPN, SSL VPN, Anti-Spam, WAF)
» Government Certifications (FIPS-2, Common Criteria EAL4+, JITC IPv6, SCAP)
» ISO 9001 certification
Fortinet Confidential
5. The Need for Complete
Content Protection
• Overlapping, complementary layers of protection
• Comprehensive, integrated inspection
• Allow but don’t trust any application
• Examine all application content & behavior
Fortinet Confidential
6. We Pioneered a New Approach
Traditional Network Security Solutions The Fortinet Solution
• Stand-alone, non-integrated security • Real-time, integrated security intelligence
• Mix of off the shelf systems and applications • ASIC-accelerated performance
• Higher total cost of ownership • Lower total cost of ownership
• Difficult to deploy / manage / use • Easy to deploy / manage / use
Fortinet Confidential
7. UTM Surpassing Traditional
Network Security
$ in billions
$3.2
Firewall & VPN
$2.2
$2.1
UTM
$1.7
2008 2009 2010 2011 2012 2013
Source: IDC “Worldwide Network Security 2008-2012 Forecast and 2007 Vendor Shares: Transitions – Appliances Are More Than Meets the Eye”
Fortinet Confidential
8. Market Leadership Across the Board
Worldwide UTM Market Share Magic Quadrant for UTM Market Competitive
Q2 2010 (1) Multi-Function Firewalls (3) Landscape, 2009(4)
Market
Rank Company
Share (%) (2)
1 16.4 High
2 Cisco 9.8
Ability
3 Juniper 9.0 to
Deliver
4 SonicWALL 8.1
5 Check Point 7.2
6 WatchGuard 4.9
Low
7 McAfee 5.5
Low Market Penetration High
8 Crossbeam 2.6
9 Other 41.4
Contender Market Leader
Total 100.0 Niche Participant
Specialist Challenger
Notes
(1) IDC Worldwide Security Appliances Tracker, September 2010 (market share based on factory revenue)
(2)
(3)
Fortinet Confidential
Gartner, Inc., “Magic Quadrant for SMB Multifunction Firewalls”, June 2009
Frost & Sullivan, “World Unified Threat Management, Products Market 2009”, 2010
8
9. Fortinet – Leader in Enterprise UTM
Enterprise UTM Revenue
Vendor Q2 2010 Market Share
Fortinet $42.02 37%
Juniper $16.36 14%
Check Point $10.92 10%
Cisco $28.73 25%
McAfee $15.33 14%
IDC Worldwide Security Appliances Tracker, September 2010. Data based on $6-$9.9K, $10-$24.K, $25-$49.9K and $50-$99.9K UTM price bands.
9 Fortinet Confidential
10. Agenda
1 • Introduction
2 • Features and Virtualization
3 • FortiGate 3950 Series
4 • FortiGate VM
Fortinet Confidential
11. Evolution of Firewall Security
Complete Protection
Antispam WAN
Optimization
Antivirus/ Evolution of Firewall Security
Antispywar Data Loss SSL VPN
e Prevention ICSA
ICSA VPN(IPSEC Web
) Filtering
ICSA CIPA
Firewall IPS App
ICSA ICSA Control
Load
Wireless Balancing
LAN SSL
IPv6, Inspection
Vulnerability Dynamic& Endpoint
Mgmt Multicast NAC
Routing
Fortinet Confidential
12. Virtual Domains
VDOM 1 VDOM 2 VDOM 3
… VDOM X
• Divide FortiGate unit to operate as multiple separate units
• One FortiGate unit servicing up to 250 separate domains
• Each VDOM has separate administration interface, routing policies, firewall policies …
Fortinet Confidential
13. Virtual Domains
Routed/NAT Transparent
• VDOMs can be in routed or transparent mode
• Transparent VDOMs lack IPSEC and SSL VPN, Load Balancing, Wireless Controller and
routing capabilities
Fortinet Confidential
14. VDOM Resource Limits
• Resource limits configurable globally and per-VDOM
(each VDOM has its own guarantied system resources)
Fortinet Confidential
15. Inter-VDOM Links
VDOM 1 VDOM 2 VDOM 3
• Only Routed/NAT VDOMs can be interconnected
• VDOMs communicate internally
(Free up physical interfaces for external traffic)
• Inter VDOM traffic controlled by complete UTM inspection on both sides of the link
Fortinet Confidential
16. Independent VDOM Configuration
Internet
External interfaces
VDOM 1 VDOM 2 VDOM 3
Internal interfaces
Network 1 Network 2 Network 3
• Multiple VDOMs, completely separate from each other
• No communication between VDOMs
(Treated as if on separate physical device)
Fortinet Confidential
17. Management VDOM Configuration
Internet
External interface
Management VDOM
VDOM 1 VDOM 2 VDOM 3
Internal interfaces
Network 1 Network 2 Network 3
• Root VDOM is management VDOM
(Other VDOMS connected with inter-VDOM links)
• All external traffic routed though management VDOM
Fortinet Confidential
18. Meshed VDOM Configuration
Internet
External interface
Management VDOM
VDOM 1 VDOM 2
Internal interfaces
Network 1 Network 2
• VDOMs interconnected - mesh configuration
(Full access between VDOMS, but handle traffic differently depending on origin)
Fortinet Confidential
19. Agenda
1 • Introduction
2 • Features and Virtualization
3 • FortiGate 3950 Series
4 • FortiGate VM
Fortinet Confidential
21. Enterprise-Class Benefits
• Build the performance your customers need
- Scalable performance with the ability to grow from 20 Gbps up to 120 Gbps »
• Customize the appliance to meet performance requirements
» Gateway, Datacenter
» Pure Firewall / UTM
• Exceed limited features/functions of ‘next generation’ devices
» Highest performing firewall appliance at 120 GB
» Seamless integration of FW, IPS, VPN, Web Filtering, and other FortiOS services
» Complete content protection: Application control + application security
• More than application identification
• Integration of content-based security technologies into the firewall to identify threats within trusted
application content
Fortinet Confidential
22. Specialized Processors within
FMC Modules
• FortiASIC-NP4
» Accelerates security services at the interface level
• Packet size independent , very low latency, wire speed performance for millions of sessions with dynamic
address translation
» IPSec ESP encryption and decryption processing
» Packet anomaly detection, checksum offload and packet defragmentation
» Traffic Shaping and priority queuing
• FortiASIC-SP2
» Multi-core multi-threaded security processing complex
» Builds on the capabilities of the FortiASIC-NP4 to provide additional services, including
• Application control
• IPv6
• IPS Signature analysis
• DOS protection
• Multicast acceleration
Fortinet Confidential
23. Integrated Switch Fabric inside
FG-3950 Series
NP/SP NP/SP NP/SP NP/SP NP/SP NP
I
FMC FMC FMC FMC FMC On S
0 1 2 3 4 Board
F
PHY PHY PHY PHY PHY PHY
4x1G
• Uniquely scalable approach to forwarding and security processing
» Utilizes specialized FortiASIC-NP4 and –SP2 processors to achieve breakthrough acceleration
» Fortinet Mezzanine Card (FMC) delivers additional processing power that can be distributed across
the entire appliance via the ISF
• Fully meshed connectivity between all FMC slots and associated processing modules
Fortinet Confidential
24. Agenda
1 • Introduction
2 • Features and Virtualization
3 • FortiGate 3950 Series
4 • FortiGate VM
Fortinet Confidential
25. FortiGate VM Specifications
Feature FortiGate-VM
Hypervisors Supported VMware ESXi/ESX 3.5/4.0/4.1,
others that can run *.ovf format
Hardened Platform Yes (Using VMware HW version
Open Virtualization Format (OVF) 7)
# of vCPU’s supported 2/4/8/U
Built in VDOMS (upgradeable) 10
Memory and CPU Uses Hypervisor
10/100/1000 Interfaces 10 Max (Uses Hypervisor)
Storage Capacity Uses Hypervisor
High Availability Yes
FortiGate version (Firmware) 4.2
Fortinet Confidential