SlideShare a Scribd company logo

PLNOG19 - Michał Taterka - FortiGate-VMX - integracja z VMware NSX

PROIDEA
PROIDEA

Celem sesji jest pokazanie sposobu integracji rozwiązania FortiGate VMX z infrastrukturą VMware NSX oraz jego możliwości zabezpieczenia wirtualnego środowiska. W ciągu kilkudziesięciu minut przeprowadzimy pełną instalację rozwiązania wraz z jego przykładową konfiguracją i uruchomieniem w środowisku produkcyjnym.

Software
1 of 31
Download to read offline
© Copyright Fortinet Inc. All rights reserved. FortiGate-VMX integracja z VMware NSX Michał Taterka Systems Engineer 25 września 2017
2 Vmware NSX What is Fortinet VMX? Why Fortigate VMX with NSX? The Recipe Deployment Options How to Design a Cost Effective VMX Solution FortiGate-VMX Logs to FortiAnalyzer FortiGate-VMX License Model Key Differentiators Agenda
Vmware NSX
4 Vmware NSX • SDN Solution • Option of Controller based SDN + NFV + Centralized Management • DFW and Edge Firewalling in NSX
What is Fortinet VMX?
6 What is Fortinet VMX? VMware KernelVMware Kernel vDistributed SwitchvDistributed Switch Kernel Agent Kernel Agent Kernel Agent VMCI socket sync vNIC FortiOS EngineFortiOS Engine Session DB vmif0vmif0 vsif0vsif0 Data Agent Packet DispatchersData Agent Packet Dispatchers dvfilterklibdvfilterklib Kernel User FortiGate-VMX FortiGate-VMX Service Manager Transport Table Session ID 001 00:00:xx1 002 00:00:xx2 003 00:00:xx3 004 00:00:xx4 005 00:00:xx5 Kernel Agent • Distributed NGFW and UTM solution for NSX Zero Trust Model • Automation & Orchestration
Why Fortigate VMX with NSX?
8 Why Fortigate VMX with NSX? Not just firewall, but advanced featuresNot just firewall, but advanced features Micro-Segmentation and Zero TrustMicro-Segmentation and Zero Trust Control of ‘east-west’ traffic, Inter Logical Security Zone (multi-tier) Control of ‘east-west’ traffic, Inter Logical Security Zone (multi-tier) Integration, Orchestration and AutomationIntegration, Orchestration and Automation Requirements Solution
The Recipe
10  ESXi servers – all of ’em ;)  NSX Manager – 1 piece  HTTP Server holding images for deployment – 1 piece  FortiGate-VMX Server Manager – 1 ovf file to deploy  VMware Distributed Firewall – 1 piece  FortiGate-VMX Security Nodes – 1 per each ESXi server  Distributed vSwitch – at least one :) The Recipe
11 Fortigate VMX and it’s Components Manage Third Party Solution Service ManagerService Manager Service ApplianceService Appliance ESXi Hosts VMware vCenter Server V5.5 or v6.0 VMware vSphere (Enterprise Plus license v5.5 or v6.0) VMware vSphere (Enterprise Plus license v5.5 or v6.0) REST API Fortinet Solution FortiGate-VMX Service Manager FortiGate-VMX Security Appliance
12 dvSwitchdvSwitch FGT-VMX FGT-VMX Pushpolicysynchronization toallFortiGate-VMX deployedincluster 7 Register Fortinet as security service with NSX Manager1 Auto-deployFortiGate-VMX toallhostsinsecurity cluster 2 FortiGate-VMX connects withFortiGate-VMX ServiceManager 3 License verification & configuration synchronization with FortiGate-VMX 4 NSXSecurityPolicydefinenetwork introspectionrulestoredirecttrafc 5 Real-time updates of object database6 FortiGate-VMX Service Manager FortiGate-VMX and NSX Integration/Interactions
13 VMware Kernel dvSwitch 1 Define NGFW Firewall Policies 2 FGT-VMX NetX NSX Filter Driver int ext Packet Flow 1. From VM to NSX Filter Driver 2. NSX Filter Driver Forward to Third party Solution (FGT-VMX) 3. FGT-VMX applies Security and sends packet back to NSX Filter Driver 4. NSX Filter Driver can do service chaining or send packet to destination FortiGate-VMX Service Manager FGT-VMX and VMWARE NSX Filter Driver Interaction
Deployment Options
15 • Option 1 : DFW + Fortigate VM or FortiOS • More than just stateful Edge firewalling • Option of Statefull firewall at DFW and NGFW/UTM at Edge Deployment Options
16 Deployment Options • Option 2 : DFW + Fortigate VMX + DLR + Edge • Micro segemented NGFW/UTM security
17 Deployment Options • Option 3 : DFW + Fortigate VMX + DLR + Fortigate VM/Forti-OS VM • Divide NGFW/UTM functionality between two layer • Better Performance
18 Deployment Options • Option 4 : DFW + Fortigate VMX + DLR + (+Edge) Physical Fortigate VDOM • Divide NGFW/UTM functionality between two layer • Multi-tenancy end to end • 1:1 Mapping between NSX Edge and VDOM • Better Performance Physical Fortigate VDOM
How to Design a Cost Effective VMX Solution
20 • Categorize the workload • Critical Workload placed on VMX enabled cluster • Catalogue based design – Pay per feature for MSSP’s • Cost optimization - For Enterprises + How to Design a Cost Effective VMX Solution
FortiGate-VMX Logs to FortiAnalyzer
22  Configuration is done on the FortiGate-VMX Service Manager  Logs are relayed from the FortiGate-VMX to the FortiGate-VMX Service Manager  Only the FortiGate-VMX Service Manager serial number is reported on FortiAnalyzer FortiGate-VMX Logs to FortiAnalyzer
FortiGate-VMX License Model
24  Expandable license model  Two product SKUs » FortiGate-VMX Service Manager - FG-VMX-MGMT  Centralized management and license repository for FortiGate-VMX environments » FortiGate-VMX Security Node - FG-VMX-1  One FortiGate-VMX Security Node instance for securing VMware environments  Multiple length Service and Support SKUs  Lab SKUs available for development environments FortiGate-VMX Licensing
25  No limits placed on resources (virtual or hardware), nor number of protected VM workloads.  Instance-based licensing. » Example: 10 ESXi hosts in cluster; 10 x FortiGate-VMX Security Nodes licenses are required.  FortiGate-VMX Service Manager is used as the license repository for FortiGate-VMX Security Nodes  FortiGate-VMX Security Nodes automatically validate to the FortiGate-VMX Service Manager Registration/ Synchronization Securitydbase updates FortiCare / FortiGuard - Service license registration and security database updates FortiGate-VMX Service Manager - License Repository - Centralized synchronization of configuration/policy FortiGate-VMX Security Nodes FortiGate-VMX Licensing
Key Differentiators
27  Real Multi-tenancy (VDOM) support  Per Security Appliance instance Resource monitor Key Differentiators
28  Real Multi-tenancy (VDOM) support  Per Security Appliance instance Resource monitor  Improved throughput for firewall and security functionality using TSO (TCP Segment Offload)  Service Manager to Security Appliance instant security policy update using HA Sync  Automatic creation of NSX Security Groups in FortiGate-VMX Service Manager  Central license server with auto decrement  OVF footprint < 40 MB  License independent from physical or virtual resources  NSX integrated upgrade process  Real-time FortiGuard updates Key Differentiators
Questions ???
FortiGate VMX Demo
PLNOG19 - Michał Taterka - FortiGate-VMX - integracja z VMware NSX

Recommended

Host fencing in oVirt - Fixing the unknown and allowing VMs to be highly avai...
Host fencing in oVirt - Fixing the unknown and allowing VMs to be highly avai...Host fencing in oVirt - Fixing the unknown and allowing VMs to be highly avai...
Host fencing in oVirt - Fixing the unknown and allowing VMs to be highly avai...Martin Peřina
 
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...Michael Man
 
Wirelessconnect
WirelessconnectWirelessconnect
WirelessconnectFirman Indrianto
 
XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, Citrix
XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, CitrixXPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, Citrix
XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, CitrixThe Linux Foundation
 
oVirt 4.3 highlights
oVirt 4.3 highlightsoVirt 4.3 highlights
oVirt 4.3 highlightsDouglas Landgraf
 
Challenges in Positioning OpenStack for NFVi: Are We Biting Off More Than We ...
Challenges in Positioning OpenStack for NFVi: Are We Biting Off More Than We ...Challenges in Positioning OpenStack for NFVi: Are We Biting Off More Than We ...
Challenges in Positioning OpenStack for NFVi: Are We Biting Off More Than We ...Sadique Puthen
 
Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts
Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts
Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts Cohesive Networks
 
Virtualization Management The oVirt Way (August Penguin 2015)
Virtualization Management The oVirt Way (August Penguin 2015)Virtualization Management The oVirt Way (August Penguin 2015)
Virtualization Management The oVirt Way (August Penguin 2015)Allon Mureinik
 

Recommended

Host fencing in oVirt - Fixing the unknown and allowing VMs to be highly avai...
Host fencing in oVirt - Fixing the unknown and allowing VMs to be highly avai...Host fencing in oVirt - Fixing the unknown and allowing VMs to be highly avai...
Host fencing in oVirt - Fixing the unknown and allowing VMs to be highly avai...Martin Peřina
 
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...Michael Man
 
Wirelessconnect
WirelessconnectWirelessconnect
WirelessconnectFirman Indrianto
 
XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, Citrix
XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, CitrixXPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, Citrix
XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, CitrixThe Linux Foundation
 
oVirt 4.3 highlights
oVirt 4.3 highlightsoVirt 4.3 highlights
oVirt 4.3 highlightsDouglas Landgraf
 
Challenges in Positioning OpenStack for NFVi: Are We Biting Off More Than We ...
Challenges in Positioning OpenStack for NFVi: Are We Biting Off More Than We ...Challenges in Positioning OpenStack for NFVi: Are We Biting Off More Than We ...
Challenges in Positioning OpenStack for NFVi: Are We Biting Off More Than We ...Sadique Puthen
 
Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts
Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts
Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts Cohesive Networks
 
Virtualization Management The oVirt Way (August Penguin 2015)
Virtualization Management The oVirt Way (August Penguin 2015)Virtualization Management The oVirt Way (August Penguin 2015)
Virtualization Management The oVirt Way (August Penguin 2015)Allon Mureinik
 
VMUG - NSX Architettura e Design
VMUG - NSX Architettura e DesignVMUG - NSX Architettura e Design
VMUG - NSX Architettura e DesignVMUG IT
 
Resilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security modelsResilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security modelsMilosch Meriac
 
Drive into kvm
Drive into kvmDrive into kvm
Drive into kvmUdayendu Kar
 
[CONFidence 2016]: Alex Plaskett, Georgi Geshev - QNX: 99 Problems but a Micr...
[CONFidence 2016]: Alex Plaskett, Georgi Geshev - QNX: 99 Problems but a Micr...[CONFidence 2016]: Alex Plaskett, Georgi Geshev - QNX: 99 Problems but a Micr...
[CONFidence 2016]: Alex Plaskett, Georgi Geshev - QNX: 99 Problems but a Micr...PROIDEA
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...VMworld
 
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century ThreatsLinux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century ThreatsJames Morris
 
Proxmox for DevOps
Proxmox for DevOpsProxmox for DevOps
Proxmox for DevOpsJorge Moratilla Porras
 
2008-09-09 IBM Interaction Conference, Red Hat Update for System z
2008-09-09 IBM Interaction Conference, Red Hat Update for System z2008-09-09 IBM Interaction Conference, Red Hat Update for System z
2008-09-09 IBM Interaction Conference, Red Hat Update for System zShawn Wells
 
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer OSGiUsers
 
Linux Kernel Security Overview - KCA 2009
Linux Kernel Security Overview - KCA 2009Linux Kernel Security Overview - KCA 2009
Linux Kernel Security Overview - KCA 2009James Morris
 
Practical real-time operating system security for the masses
Practical real-time operating system security for the massesPractical real-time operating system security for the masses
Practical real-time operating system security for the massesMilosch Meriac
 
Proxmox ve-datasheet
Proxmox ve-datasheetProxmox ve-datasheet
Proxmox ve-datasheetMiguel Angel
 
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, IntelXPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, IntelThe Linux Foundation
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationNCS Computech Ltd.
 
D-RTM for Qubes OS VMs
D-RTM for Qubes OS VMsD-RTM for Qubes OS VMs
D-RTM for Qubes OS VMsPiotr Król
 
Integrating kdump into oVirt
Integrating kdump into oVirtIntegrating kdump into oVirt
Integrating kdump into oVirtMartin Peřina
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxSecurity Session
 
Proxmox Talk - Linux Fest Northwest 2018
Proxmox Talk - Linux Fest Northwest 2018Proxmox Talk - Linux Fest Northwest 2018
Proxmox Talk - Linux Fest Northwest 2018Richard Clark
 
PIX vs ASA_firewall
PIX vs ASA_firewallPIX vs ASA_firewall
PIX vs ASA_firewallRajesh Porwal
 
NET4933_vDS_Best_Practices_For_NSX_Francois_Tallet_Shahzad_Ali
NET4933_vDS_Best_Practices_For_NSX_Francois_Tallet_Shahzad_AliNET4933_vDS_Best_Practices_For_NSX_Francois_Tallet_Shahzad_Ali
NET4933_vDS_Best_Practices_For_NSX_Francois_Tallet_Shahzad_Alishezy22
 
Fortinet & VMware integration
Fortinet & VMware integrationFortinet & VMware integration
Fortinet & VMware integrationVMUG IT
 
07 - VMUGIT - Lecce 2018 - Antonio Gentile, Fortinet
07 - VMUGIT - Lecce 2018 - Antonio Gentile, Fortinet07 - VMUGIT - Lecce 2018 - Antonio Gentile, Fortinet
07 - VMUGIT - Lecce 2018 - Antonio Gentile, FortinetVMUG IT
 

More Related Content

What's hot

VMUG - NSX Architettura e Design
VMUG - NSX Architettura e DesignVMUG - NSX Architettura e Design
VMUG - NSX Architettura e DesignVMUG IT
 
Resilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security modelsResilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security modelsMilosch Meriac
 
[CONFidence 2016]: Alex Plaskett, Georgi Geshev - QNX: 99 Problems but a Micr...
[CONFidence 2016]: Alex Plaskett, Georgi Geshev - QNX: 99 Problems but a Micr...[CONFidence 2016]: Alex Plaskett, Georgi Geshev - QNX: 99 Problems but a Micr...
[CONFidence 2016]: Alex Plaskett, Georgi Geshev - QNX: 99 Problems but a Micr...PROIDEA
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...VMworld
 
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century ThreatsLinux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century ThreatsJames Morris
 
2008-09-09 IBM Interaction Conference, Red Hat Update for System z
2008-09-09 IBM Interaction Conference, Red Hat Update for System z2008-09-09 IBM Interaction Conference, Red Hat Update for System z
2008-09-09 IBM Interaction Conference, Red Hat Update for System zShawn Wells
 
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer OSGiUsers
 
Linux Kernel Security Overview - KCA 2009
Linux Kernel Security Overview - KCA 2009Linux Kernel Security Overview - KCA 2009
Linux Kernel Security Overview - KCA 2009James Morris
 
Practical real-time operating system security for the masses
Practical real-time operating system security for the massesPractical real-time operating system security for the masses
Practical real-time operating system security for the massesMilosch Meriac
 
Proxmox ve-datasheet
Proxmox ve-datasheetProxmox ve-datasheet
Proxmox ve-datasheetMiguel Angel
 
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, IntelXPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, IntelThe Linux Foundation
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationNCS Computech Ltd.
 
D-RTM for Qubes OS VMs
D-RTM for Qubes OS VMsD-RTM for Qubes OS VMs
D-RTM for Qubes OS VMsPiotr Król
 
Integrating kdump into oVirt
Integrating kdump into oVirtIntegrating kdump into oVirt
Integrating kdump into oVirtMartin Peřina
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxSecurity Session
 
Proxmox Talk - Linux Fest Northwest 2018
Proxmox Talk - Linux Fest Northwest 2018Proxmox Talk - Linux Fest Northwest 2018
Proxmox Talk - Linux Fest Northwest 2018Richard Clark
 
NET4933_vDS_Best_Practices_For_NSX_Francois_Tallet_Shahzad_Ali
NET4933_vDS_Best_Practices_For_NSX_Francois_Tallet_Shahzad_AliNET4933_vDS_Best_Practices_For_NSX_Francois_Tallet_Shahzad_Ali
NET4933_vDS_Best_Practices_For_NSX_Francois_Tallet_Shahzad_Alishezy22
 

What's hot (20)

VMUG - NSX Architettura e Design
VMUG - NSX Architettura e DesignVMUG - NSX Architettura e Design
VMUG - NSX Architettura e Design
 
Resilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security modelsResilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security models
 
Drive into kvm
Drive into kvmDrive into kvm
Drive into kvm
 
[CONFidence 2016]: Alex Plaskett, Georgi Geshev - QNX: 99 Problems but a Micr...
[CONFidence 2016]: Alex Plaskett, Georgi Geshev - QNX: 99 Problems but a Micr...[CONFidence 2016]: Alex Plaskett, Georgi Geshev - QNX: 99 Problems but a Micr...
[CONFidence 2016]: Alex Plaskett, Georgi Geshev - QNX: 99 Problems but a Micr...
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
 
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century ThreatsLinux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
 
Proxmox for DevOps
Proxmox for DevOpsProxmox for DevOps
Proxmox for DevOps
 
2008-09-09 IBM Interaction Conference, Red Hat Update for System z
2008-09-09 IBM Interaction Conference, Red Hat Update for System z2008-09-09 IBM Interaction Conference, Red Hat Update for System z
2008-09-09 IBM Interaction Conference, Red Hat Update for System z
 
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
 
Linux Kernel Security Overview - KCA 2009
Linux Kernel Security Overview - KCA 2009Linux Kernel Security Overview - KCA 2009
Linux Kernel Security Overview - KCA 2009
 
Practical real-time operating system security for the masses
Practical real-time operating system security for the massesPractical real-time operating system security for the masses
Practical real-time operating system security for the masses
 
Proxmox ve-datasheet
Proxmox ve-datasheetProxmox ve-datasheet
Proxmox ve-datasheet
 
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, IntelXPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 Presentation
 
D-RTM for Qubes OS VMs
D-RTM for Qubes OS VMsD-RTM for Qubes OS VMs
D-RTM for Qubes OS VMs
 
Integrating kdump into oVirt
Integrating kdump into oVirtIntegrating kdump into oVirt
Integrating kdump into oVirt
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix Linux
 
Proxmox Talk - Linux Fest Northwest 2018
Proxmox Talk - Linux Fest Northwest 2018Proxmox Talk - Linux Fest Northwest 2018
Proxmox Talk - Linux Fest Northwest 2018
 
PIX vs ASA_firewall
PIX vs ASA_firewallPIX vs ASA_firewall
PIX vs ASA_firewall
 
NET4933_vDS_Best_Practices_For_NSX_Francois_Tallet_Shahzad_Ali
NET4933_vDS_Best_Practices_For_NSX_Francois_Tallet_Shahzad_AliNET4933_vDS_Best_Practices_For_NSX_Francois_Tallet_Shahzad_Ali
NET4933_vDS_Best_Practices_For_NSX_Francois_Tallet_Shahzad_Ali
 

Similar to PLNOG19 - Michał Taterka - FortiGate-VMX - integracja z VMware NSX

Fortinet & VMware integration
Fortinet & VMware integrationFortinet & VMware integration
Fortinet & VMware integrationVMUG IT
 
07 - VMUGIT - Lecce 2018 - Antonio Gentile, Fortinet
07 - VMUGIT - Lecce 2018 - Antonio Gentile, Fortinet07 - VMUGIT - Lecce 2018 - Antonio Gentile, Fortinet
07 - VMUGIT - Lecce 2018 - Antonio Gentile, FortinetVMUG IT
 
Software defined security-framework_final
Software defined security-framework_finalSoftware defined security-framework_final
Software defined security-framework_finalLan & Wan Solutions
 
Vsphere 4-partner-training180
Vsphere 4-partner-training180Vsphere 4-partner-training180
Vsphere 4-partner-training180Juan Ulacia
 
vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...
vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...
vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...VMworld
 
SEC8022_Securing_SDDC_NSX_Hammad_Shahzad
SEC8022_Securing_SDDC_NSX_Hammad_ShahzadSEC8022_Securing_SDDC_NSX_Hammad_Shahzad
SEC8022_Securing_SDDC_NSX_Hammad_Shahzadshezy22
 
Vsphere 4-partner-training180
Vsphere 4-partner-training180Vsphere 4-partner-training180
Vsphere 4-partner-training180Suresh Kumar
 
Forti Gate Virtual Appliances Sales 201010
Forti Gate Virtual Appliances Sales 201010Forti Gate Virtual Appliances Sales 201010
Forti Gate Virtual Appliances Sales 201010Alvaro Roldan Peral
 
VMworld 2013: How to Exchange Status Message Between Guest and Host Using RPC
VMworld 2013: How to Exchange Status Message Between Guest and Host Using RPC VMworld 2013: How to Exchange Status Message Between Guest and Host Using RPC
VMworld 2013: How to Exchange Status Message Between Guest and Host Using RPC VMworld
 
VMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptx
VMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptxVMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptx
VMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptxHythamsaadeh
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - SegmentationVMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - SegmentationVMworld
 
FortiProxy sales presentation-02022020_Vee.pptx
FortiProxy sales presentation-02022020_Vee.pptxFortiProxy sales presentation-02022020_Vee.pptx
FortiProxy sales presentation-02022020_Vee.pptxNuttapolMix
 
Citrix Cloud Master Class June 2014
Citrix Cloud Master Class June 2014Citrix Cloud Master Class June 2014
Citrix Cloud Master Class June 2014Citrix
 
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSXOVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSXOVHcloud
 
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...NETSCOUT
 
VMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectVMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectDavid Pasek
 
GAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO a.s.
 

Similar to PLNOG19 - Michał Taterka - FortiGate-VMX - integracja z VMware NSX (20)

Fortinet & VMware integration
Fortinet & VMware integrationFortinet & VMware integration
Fortinet & VMware integration
 
07 - VMUGIT - Lecce 2018 - Antonio Gentile, Fortinet
07 - VMUGIT - Lecce 2018 - Antonio Gentile, Fortinet07 - VMUGIT - Lecce 2018 - Antonio Gentile, Fortinet
07 - VMUGIT - Lecce 2018 - Antonio Gentile, Fortinet
 
Software defined security-framework_final
Software defined security-framework_finalSoftware defined security-framework_final
Software defined security-framework_final
 
04 vsx power-r65
04 vsx power-r6504 vsx power-r65
04 vsx power-r65
 
Vsphere 4-partner-training180
Vsphere 4-partner-training180Vsphere 4-partner-training180
Vsphere 4-partner-training180
 
vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...
vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...
vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...
 
SEC8022_Securing_SDDC_NSX_Hammad_Shahzad
SEC8022_Securing_SDDC_NSX_Hammad_ShahzadSEC8022_Securing_SDDC_NSX_Hammad_Shahzad
SEC8022_Securing_SDDC_NSX_Hammad_Shahzad
 
Vsphere 4-partner-training180
Vsphere 4-partner-training180Vsphere 4-partner-training180
Vsphere 4-partner-training180
 
Forti Gate Virtual Appliances Sales 201010
Forti Gate Virtual Appliances Sales 201010Forti Gate Virtual Appliances Sales 201010
Forti Gate Virtual Appliances Sales 201010
 
VMworld 2013: How to Exchange Status Message Between Guest and Host Using RPC
VMworld 2013: How to Exchange Status Message Between Guest and Host Using RPC VMworld 2013: How to Exchange Status Message Between Guest and Host Using RPC
VMworld 2013: How to Exchange Status Message Between Guest and Host Using RPC
 
VMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptx
VMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptxVMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptx
VMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptx
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep Dive
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep Dive
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - SegmentationVMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
 
FortiProxy sales presentation-02022020_Vee.pptx
FortiProxy sales presentation-02022020_Vee.pptxFortiProxy sales presentation-02022020_Vee.pptx
FortiProxy sales presentation-02022020_Vee.pptx
 
Citrix Cloud Master Class June 2014
Citrix Cloud Master Class June 2014Citrix Cloud Master Class June 2014
Citrix Cloud Master Class June 2014
 
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSXOVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
 
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
 
VMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectVMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real project
 
GAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO VMware vCloud Air
GAMO VMware vCloud Air
 

Recently uploaded

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...aditisharan08
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 

Recently uploaded (20)

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The Ugly
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 

PLNOG19 - Michał Taterka - FortiGate-VMX - integracja z VMware NSX

  • 1. © Copyright Fortinet Inc. All rights reserved. FortiGate-VMX integracja z VMware NSX Michał Taterka Systems Engineer 25 września 2017
  • 2. 2 Vmware NSX What is Fortinet VMX? Why Fortigate VMX with NSX? The Recipe Deployment Options How to Design a Cost Effective VMX Solution FortiGate-VMX Logs to FortiAnalyzer FortiGate-VMX License Model Key Differentiators Agenda
  • 4. 4 Vmware NSX • SDN Solution • Option of Controller based SDN + NFV + Centralized Management • DFW and Edge Firewalling in NSX
  • 6. 6 What is Fortinet VMX? VMware KernelVMware Kernel vDistributed SwitchvDistributed Switch Kernel Agent Kernel Agent Kernel Agent VMCI socket sync vNIC FortiOS EngineFortiOS Engine Session DB vmif0vmif0 vsif0vsif0 Data Agent Packet DispatchersData Agent Packet Dispatchers dvfilterklibdvfilterklib Kernel User FortiGate-VMX FortiGate-VMX Service Manager Transport Table Session ID 001 00:00:xx1 002 00:00:xx2 003 00:00:xx3 004 00:00:xx4 005 00:00:xx5 Kernel Agent • Distributed NGFW and UTM solution for NSX Zero Trust Model • Automation & Orchestration
  • 7. Why Fortigate VMX with NSX?
  • 8. 8 Why Fortigate VMX with NSX? Not just firewall, but advanced featuresNot just firewall, but advanced features Micro-Segmentation and Zero TrustMicro-Segmentation and Zero Trust Control of ‘east-west’ traffic, Inter Logical Security Zone (multi-tier) Control of ‘east-west’ traffic, Inter Logical Security Zone (multi-tier) Integration, Orchestration and AutomationIntegration, Orchestration and Automation Requirements Solution
  • 10. 10  ESXi servers – all of ’em ;)  NSX Manager – 1 piece  HTTP Server holding images for deployment – 1 piece  FortiGate-VMX Server Manager – 1 ovf file to deploy  VMware Distributed Firewall – 1 piece  FortiGate-VMX Security Nodes – 1 per each ESXi server  Distributed vSwitch – at least one :) The Recipe
  • 11. 11 Fortigate VMX and it’s Components Manage Third Party Solution Service ManagerService Manager Service ApplianceService Appliance ESXi Hosts VMware vCenter Server V5.5 or v6.0 VMware vSphere (Enterprise Plus license v5.5 or v6.0) VMware vSphere (Enterprise Plus license v5.5 or v6.0) REST API Fortinet Solution FortiGate-VMX Service Manager FortiGate-VMX Security Appliance
  • 12. 12 dvSwitchdvSwitch FGT-VMX FGT-VMX Pushpolicysynchronization toallFortiGate-VMX deployedincluster 7 Register Fortinet as security service with NSX Manager1 Auto-deployFortiGate-VMX toallhostsinsecurity cluster 2 FortiGate-VMX connects withFortiGate-VMX ServiceManager 3 License verification & configuration synchronization with FortiGate-VMX 4 NSXSecurityPolicydefinenetwork introspectionrulestoredirecttrafc 5 Real-time updates of object database6 FortiGate-VMX Service Manager FortiGate-VMX and NSX Integration/Interactions
  • 13. 13 VMware Kernel dvSwitch 1 Define NGFW Firewall Policies 2 FGT-VMX NetX NSX Filter Driver int ext Packet Flow 1. From VM to NSX Filter Driver 2. NSX Filter Driver Forward to Third party Solution (FGT-VMX) 3. FGT-VMX applies Security and sends packet back to NSX Filter Driver 4. NSX Filter Driver can do service chaining or send packet to destination FortiGate-VMX Service Manager FGT-VMX and VMWARE NSX Filter Driver Interaction
  • 15. 15 • Option 1 : DFW + Fortigate VM or FortiOS • More than just stateful Edge firewalling • Option of Statefull firewall at DFW and NGFW/UTM at Edge Deployment Options
  • 16. 16 Deployment Options • Option 2 : DFW + Fortigate VMX + DLR + Edge • Micro segemented NGFW/UTM security
  • 17. 17 Deployment Options • Option 3 : DFW + Fortigate VMX + DLR + Fortigate VM/Forti-OS VM • Divide NGFW/UTM functionality between two layer • Better Performance
  • 18. 18 Deployment Options • Option 4 : DFW + Fortigate VMX + DLR + (+Edge) Physical Fortigate VDOM • Divide NGFW/UTM functionality between two layer • Multi-tenancy end to end • 1:1 Mapping between NSX Edge and VDOM • Better Performance Physical Fortigate VDOM
  • 19. How to Design a Cost Effective VMX Solution
  • 20. 20 • Categorize the workload • Critical Workload placed on VMX enabled cluster • Catalogue based design – Pay per feature for MSSP’s • Cost optimization - For Enterprises + How to Design a Cost Effective VMX Solution
  • 21. FortiGate-VMX Logs to FortiAnalyzer
  • 22. 22  Configuration is done on the FortiGate-VMX Service Manager  Logs are relayed from the FortiGate-VMX to the FortiGate-VMX Service Manager  Only the FortiGate-VMX Service Manager serial number is reported on FortiAnalyzer FortiGate-VMX Logs to FortiAnalyzer
  • 24. 24  Expandable license model  Two product SKUs » FortiGate-VMX Service Manager - FG-VMX-MGMT  Centralized management and license repository for FortiGate-VMX environments » FortiGate-VMX Security Node - FG-VMX-1  One FortiGate-VMX Security Node instance for securing VMware environments  Multiple length Service and Support SKUs  Lab SKUs available for development environments FortiGate-VMX Licensing
  • 25. 25  No limits placed on resources (virtual or hardware), nor number of protected VM workloads.  Instance-based licensing. » Example: 10 ESXi hosts in cluster; 10 x FortiGate-VMX Security Nodes licenses are required.  FortiGate-VMX Service Manager is used as the license repository for FortiGate-VMX Security Nodes  FortiGate-VMX Security Nodes automatically validate to the FortiGate-VMX Service Manager Registration/ Synchronization Securitydbase updates FortiCare / FortiGuard - Service license registration and security database updates FortiGate-VMX Service Manager - License Repository - Centralized synchronization of configuration/policy FortiGate-VMX Security Nodes FortiGate-VMX Licensing
  • 27. 27  Real Multi-tenancy (VDOM) support  Per Security Appliance instance Resource monitor Key Differentiators
  • 28. 28  Real Multi-tenancy (VDOM) support  Per Security Appliance instance Resource monitor  Improved throughput for firewall and security functionality using TSO (TCP Segment Offload)  Service Manager to Security Appliance instant security policy update using HA Sync  Automatic creation of NSX Security Groups in FortiGate-VMX Service Manager  Central license server with auto decrement  OVF footprint < 40 MB  License independent from physical or virtual resources  NSX integrated upgrade process  Real-time FortiGuard updates Key Differentiators