Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
© Copyright Fortinet Inc. All rights reserved.
Inside FortiOS Firewall
Versione 5.2.4 – Mar 2015
Lan & Wan Solutions – Sol...
2
Overview Firewall
Policy Management
 Section & Global View
 IP, User & Device based Policies
 Policy Objects, Object ...
3
Policy Table Firewall
Section View
Global View
4
Policy Table Firewall
Configurable column
settings
Object Coloring
Policy counters
Smart object search
Drag-and-drop pol...
5
Identity based Policy
User Identity based
Security Policies
 Assign access policy
and profiles to each
User Groups or U...
6
Policy Management
Policy
 Control Traffic when they
transverse through the device
» Interfaces, zones (group of
interfa...
7
Policy Management
Source Types
 Merged policies (IP, User & Device)
 “AND” Operations if more than one type of source ...
8
User Group #1
User #1
User #2
UTM Profile #1
UTM Profile #2
Service Port #1
Service Port #2
DST #1
DST #2
IP #1
IP #1
-
...
9
Policy Objects
FortiGuard GeoIP DB
 Distributed as FortiGuard
Update, Requires Valid FortiCare
Contract
 Manual update...
10
Policy Objects
Intelligent Object Searching
 Initial implement on Firewall Address list
 Search by name, IP, wildcard...
11
H/W Acceleration Firewall
Legacy Security Gateway
Appliances
FortiGate with FortiASIC
CPU offload
Initial session
setup...
12
Contattaci Gratuitamente …
Certified experts in Fortimail and email
security
Certified experts in Fortiweb and web
appl...
Upcoming SlideShare
Loading in …5
×

Firewall

740 views

Published on

Firewall

Published in: Software
  • Be the first to like this

Firewall

  1. 1. © Copyright Fortinet Inc. All rights reserved. Inside FortiOS Firewall Versione 5.2.4 – Mar 2015 Lan & Wan Solutions – Soluzioni Informatiche per Reti Locali e Geografiche
  2. 2. 2 Overview Firewall Policy Management  Section & Global View  IP, User & Device based Policies  Policy Objects, Object tagging & Coloring  Traffic counters NAT  Static NAT, Dynamic NAT Support  Central NAT Table Traffic Support  SCTP, GTP, ICMP  Session helpers & ALGs Hardware Acceleration*  High performance across all packet size  Ultra-low latency  Innovative features that allows accurate and effective policy setup Policy Table *applicable to supported models
  3. 3. 3 Policy Table Firewall Section View Global View
  4. 4. 4 Policy Table Firewall Configurable column settings Object Coloring Policy counters Smart object search Drag-and-drop policy rearrangement or moving objects Direct object/policy edit with right click
  5. 5. 5 Identity based Policy User Identity based Security Policies  Assign access policy and profiles to each User Groups or Users Device Identity based Security Policies  Assign access policy and profiles to each Device Type or Device Group User Group #1 User #1 User #2 UTM Profile #1 UTM Profile #2 Service Port #1 Service Port #2 DST #1 DST #2 Firewall SRC #1 SRC #1 Device Group #1 Device Type #1 Device Type #2 UTM Profile #1 UTM Profile #2 Service Port #1 Service Port #2 DST #1 DST #2 SRC #1 SRC #1
  6. 6. 6 Policy Management Policy  Control Traffic when they transverse through the device » Interfaces, zones (group of interfaces), VLANs and SSIDs segments  Components » Firewall configuration » NAT settings, Traffic shaping settings » Security instructions, eg, scan for viruses, detect attacks, etc » Logging Options Firewall
  7. 7. 7 Policy Management Source Types  Merged policies (IP, User & Device)  “AND” Operations if more than one type of source is used AND AND Firewall
  8. 8. 8 User Group #1 User #1 User #2 UTM Profile #1 UTM Profile #2 Service Port #1 Service Port #2 DST #1 DST #2 IP #1 IP #1 - Device Group #1 ✔ ✔ - -Service Port #2 DST #1 DST #2 IP #1 - ✗ User #1 User #2 -Service Port #2DST #3IP #3 Device Group #2 ✗ User #1 User #2 -Service Port #2DST #3IP #3 - ✔ Policies are matched top-down. The policy table may consist of different policy types. Policy Management Firewall
  9. 9. 9 Policy Objects FortiGuard GeoIP DB  Distributed as FortiGuard Update, Requires Valid FortiCare Contract  Manual update required using CLI Command  GeoIP override is configurable  Supports IPv6 addresses Firewall
  10. 10. 10 Policy Objects Intelligent Object Searching  Initial implement on Firewall Address list  Search by name, IP, wildcards, etc. Firewall
  11. 11. 11 H/W Acceleration Firewall Legacy Security Gateway Appliances FortiGate with FortiASIC CPU offload Initial session setup Instruction download
  12. 12. 12 Contattaci Gratuitamente … Certified experts in Fortimail and email security Certified experts in Fortiweb and web application firewall protection Certified experts in FortiAp, FortiWifi and wireless security CONTACTS Tel. +39 049 8843198 DIGIT (5) contacts@lanewan.it www.lanewan.it In questi anni di partnership con la casa madre, Lan & Wan Solutions ha ottenuto tutte le specializzazioni previste nei vari iter di certifica- zione, raggiungendo la qualifica di Partner Of Excellence.

×