SlideShare a Scribd company logo

Fortinet Network Security Appliance - Case Study, CARE USA

Download as PPTX, PDF
N
nicholas njoroge

- CARE USA implemented Fortinet network security appliances across its offices globally to simplify and centralize its previously convoluted and localized ICT systems. - The Fortinet appliances provide capabilities such as network segmentation, centralized threat management, application control and web filtering to improve security. They also enable remote management, dynamic reporting and VPN access. - The solution deployed Fortigate appliances tailored to office sizes, with models for medium/enterprise and small offices. This provided standardized setups for firewall policies, QoS, UTM security services and WIFI access across CARE USA's network.

1 of 23
Fortinet Network Security Appliance CASE STUDY OF CARE USA
Introduction CARE USA has a presence in over 50 countries across LAC,MENA,WA,ECSA
NOW LATER Convoluted system design Simple system design Undocumented ICT capabilities Repeatable capabilities Localized ICT leadership and support Centralized ICT leadership Localized ICT governance Centralized ICT governance
ICT challenges on the ground
The plan…
Alpha Office- (35+ users) Fortinet Fortigate 200E ASA Firewall 5525 Edge Router 2911 0/0 WAN1 0/1 0/9 0/2 EDGE 0/1 0/24 SW-13 0/3 Internet 0/20 0/0 0/1 0/4 0/8 0/11 0/8 0/12 0/7 0/19-20 0/19 slave 2-sw4 slave 1-sw3 Master-sw2 0/19-20 0/3-15 0/9-10 0/16-17 0/21-22 0/16-17 0/21-22 0/21-22 0/1-3 0/1-2 sw5 IDF 0/230/24 0/2-18 0/19-20 0/21-23 0/1 0/1-15 Edge Switch 3750
Small Office (9-35 users) Fortinet Fortigate 100D WAN1 0/2 VSAT MODEM SW-13 Internet 0/24 0/19 Master -sw1 0/3-15 0/9-10 0/22-23 Slave -sw2
Why fortinet? • Intelligent network segmentation • Centralized administration and threat management • Flexible WIFI deployment options
Ctd.. • Current day security defense and detention. • Multi-browser compatible dash-boarding. • Dynamic reporting and drill down in connections settings. • Multifunctional device with a small footprint. • Enhanced Bandwidth/QOS traffic prioritization and shaping services for offices with Internet speed issues. • Dynamic & detailed reporting information:- on bandwidth usage, security events, and system changes
Solution Adapted • Medium to Enterprise Solution • Basic security monitor and lockdown • Application control and throttling • Web filtering and control • VPN/SSL service for both Medium to Large Enterprise • Report capture on source and destination • Subscription base UTM updates giving the most current security updates
Introduction - Dashboard
QOS • Available to both network or application category to provide control of network saturated offices. • Priority to business critical services e.g. email, skype for business, financial management app • Load balancing with VIP’s
UTM’s
VDOM’s Standardized setup to provide the following support structure on the system:- • Care-SSL = Will be configured as a primary SSLVPN network for making resources available to supported users. • CARE-UTM = This is a L2 network pass through for allowing wired country offices application control and filtering of security breaches. • Root = Default environment used as a control point.
WIFI • Multiband wifi solution 2.4GHz and 5GHz comes with the system ability to scale with the network environment. • All FortiGate come with the ability to be a wireless controller • The option of network bridging or tunneling can be deployed to accommodate small to large Enterprise network.
Firewall Policies • Deploy filters • Manage the types of devices connecting on the network • Manage what each device has access to
Monitoring • Traffic logs • Generate reports
Troubleshooting • ICMP tests • Ping/clone a ping from a different end-point • Tracert • Traffic Logs
Licensing • Bundled annual subscription ($33k) service managed from FortiManager and enables CARE to • Upgrade IOS • Manage patches – IPS/AV • Monitor remotely • Forti UTM bundle with every equipment purchase
Challenges/Overcoming them • Remote deployment • Adaptation in CO’s • Equipment purchase from HQ in US To overcome these:- • Continuous research to customize solution • Training sessions national local IT leads/team • Identify local vendor
What has worked well • WIFI deployment • UTM through VDOM’s • Software VLAN’s • Second layer of security with IPS and AV • Bandwidth throttling with traffic shaping
We are now able to • Enforce firewall policies • Implement QOS; traffic shaping • Intelligent reporting • Enforce WIFI segmentation
Q&A

Recommended

STATE OF ALABAMA Information Technology Guideline
STATE OF ALABAMA Information Technology GuidelineSTATE OF ALABAMA Information Technology Guideline
STATE OF ALABAMA Information Technology Guideline
Videoguy
 
Secure your network - Segmentation and segregation
Secure your network - Segmentation and segregationSecure your network - Segmentation and segregation
Secure your network - Segmentation and segregation
Magnus Jansson
 
OwnYIT CSAT + SIEM
OwnYIT CSAT + SIEMOwnYIT CSAT + SIEM
OwnYIT CSAT + SIEM
NCS Computech Ltd.
 
Identify and mitigate high risk port vulnerabilities
Identify and mitigate high risk port vulnerabilitiesIdentify and mitigate high risk port vulnerabilities
Identify and mitigate high risk port vulnerabilities
GENIANS, INC.
 
Genian NAC Datasheet
Genian NAC Datasheet Genian NAC Datasheet
Genian NAC Datasheet
GENIANS, INC.
 
Security Design Considerations Module 3 - Training Sample
Security Design Considerations Module 3 - Training SampleSecurity Design Considerations Module 3 - Training Sample
Security Design Considerations Module 3 - Training Sample
Content Rules, Inc.
 
UTM Basic Rev 1.2 (Modified)
UTM Basic Rev 1.2 (Modified)UTM Basic Rev 1.2 (Modified)
UTM Basic Rev 1.2 (Modified)
NCS Computech Ltd.
 
Seminar
SeminarSeminar
Seminar
Abhinav Kushwah
 

Recommended

STATE OF ALABAMA Information Technology Guideline
STATE OF ALABAMA Information Technology GuidelineSTATE OF ALABAMA Information Technology Guideline
STATE OF ALABAMA Information Technology Guideline
Videoguy
 
Secure your network - Segmentation and segregation
Secure your network - Segmentation and segregationSecure your network - Segmentation and segregation
Secure your network - Segmentation and segregation
Magnus Jansson
 
OwnYIT CSAT + SIEM
OwnYIT CSAT + SIEMOwnYIT CSAT + SIEM
OwnYIT CSAT + SIEM
NCS Computech Ltd.
 
Identify and mitigate high risk port vulnerabilities
Identify and mitigate high risk port vulnerabilitiesIdentify and mitigate high risk port vulnerabilities
Identify and mitigate high risk port vulnerabilities
GENIANS, INC.
 
Genian NAC Datasheet
Genian NAC Datasheet Genian NAC Datasheet
Genian NAC Datasheet
GENIANS, INC.
 
Security Design Considerations Module 3 - Training Sample
Security Design Considerations Module 3 - Training SampleSecurity Design Considerations Module 3 - Training Sample
Security Design Considerations Module 3 - Training Sample
Content Rules, Inc.
 
UTM Basic Rev 1.2 (Modified)
UTM Basic Rev 1.2 (Modified)UTM Basic Rev 1.2 (Modified)
UTM Basic Rev 1.2 (Modified)
NCS Computech Ltd.
 
Seminar
SeminarSeminar
Seminar
Abhinav Kushwah
 
CNIT 123: Ch 13: Network Protection Systems
CNIT 123: Ch 13: Network Protection SystemsCNIT 123: Ch 13: Network Protection Systems
CNIT 123: Ch 13: Network Protection Systems
Sam Bowne
 
Information Security Lesson 5 - Network Infrastructure - Eric Vanderburg
Information Security Lesson 5 - Network Infrastructure - Eric VanderburgInformation Security Lesson 5 - Network Infrastructure - Eric Vanderburg
Information Security Lesson 5 - Network Infrastructure - Eric Vanderburg
Eric Vanderburg
 
Fortigate Training
Fortigate TrainingFortigate Training
Fortigate Training
NCS Computech Ltd.
 
FortiWLC
FortiWLC FortiWLC
FortiWLC
Ahmed Hashem El Fiky
 
Fortinet
FortinetFortinet
Fortinet
ABEP123
 
Service providers presentation
Service providers presentationService providers presentation
Service providers presentation
Communications Devices Inc.
 
SECURE Out-of-Band Management
SECURE Out-of-Band ManagementSECURE Out-of-Band Management
SECURE Out-of-Band Management
Communications Devices Inc.
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 Presentation
NCS Computech Ltd.
 
Fortinet sandboxing
Fortinet sandboxingFortinet sandboxing
Fortinet sandboxing
Nick Straughan
 
DSS ITSEC Conference 2012 - Forescout NAC #1
DSS ITSEC Conference 2012 - Forescout NAC #1DSS ITSEC Conference 2012 - Forescout NAC #1
DSS ITSEC Conference 2012 - Forescout NAC #1
Andris Soroka
 
Mesh Surveillance Camera | EnGenius
Mesh Surveillance Camera | EnGeniusMesh Surveillance Camera | EnGenius
Mesh Surveillance Camera | EnGenius
Engi Admi
 
DSS ITSEC 2012 ForeScout Technical RIGA
DSS ITSEC 2012 ForeScout Technical RIGADSS ITSEC 2012 ForeScout Technical RIGA
DSS ITSEC 2012 ForeScout Technical RIGA
Andris Soroka
 
Fore scout nac-datasheet
Fore scout nac-datasheetFore scout nac-datasheet
Fore scout nac-datasheet
Khoa Nguyen Hong Nguyen
 
Dmitry Kurbatov. Five Nightmares for a Telecom
Dmitry Kurbatov. Five Nightmares for a TelecomDmitry Kurbatov. Five Nightmares for a Telecom
Dmitry Kurbatov. Five Nightmares for a Telecom
Positive Hack Days
 
10 Reasons to use the Renesas Remote IO solution kit
10 Reasons to use the Renesas Remote IO solution kit10 Reasons to use the Renesas Remote IO solution kit
10 Reasons to use the Renesas Remote IO solution kit
Renesas Electronics Corporation
 
USB-Lock-RP Technical Datasheet version 11.9
USB-Lock-RP Technical Datasheet version 11.9USB-Lock-RP Technical Datasheet version 11.9
USB-Lock-RP Technical Datasheet version 11.9
Javier Arrospide
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended
Larry Vandenaweele
 
ATM Compromise with and without Whitelisting
ATM Compromise with and without WhitelistingATM Compromise with and without Whitelisting
ATM Compromise with and without Whitelisting
Alexandru Gherman
 
Industrial protocols for pentesters
Industrial protocols for pentestersIndustrial protocols for pentesters
Industrial protocols for pentesters
Positive Hack Days
 
Ce hv6 module 56 hacking global positioning system
Ce hv6 module 56 hacking global positioning systemCe hv6 module 56 hacking global positioning system
Ce hv6 module 56 hacking global positioning system
Vi Tính Hoàng Nam
 
Wireless Overview Customer Deck_Mar21_bdbcommented.pptx
Wireless Overview Customer Deck_Mar21_bdbcommented.pptxWireless Overview Customer Deck_Mar21_bdbcommented.pptx
Wireless Overview Customer Deck_Mar21_bdbcommented.pptx
brianbrowne13
 
FortiGate-60C
FortiGate-60CFortiGate-60C
FortiGate-60C
Компания ИНТРО
 

More Related Content

What's hot

CNIT 123: Ch 13: Network Protection Systems
CNIT 123: Ch 13: Network Protection SystemsCNIT 123: Ch 13: Network Protection Systems
CNIT 123: Ch 13: Network Protection Systems
Sam Bowne
 
Information Security Lesson 5 - Network Infrastructure - Eric Vanderburg
Information Security Lesson 5 - Network Infrastructure - Eric VanderburgInformation Security Lesson 5 - Network Infrastructure - Eric Vanderburg
Information Security Lesson 5 - Network Infrastructure - Eric Vanderburg
Eric Vanderburg
 
Fortigate Training
Fortigate TrainingFortigate Training
Fortigate Training
NCS Computech Ltd.
 
FortiWLC
FortiWLC FortiWLC
FortiWLC
Ahmed Hashem El Fiky
 
Fortinet
FortinetFortinet
Fortinet
ABEP123
 
Service providers presentation
Service providers presentationService providers presentation
Service providers presentation
Communications Devices Inc.
 
SECURE Out-of-Band Management
SECURE Out-of-Band ManagementSECURE Out-of-Band Management
SECURE Out-of-Band Management
Communications Devices Inc.
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 Presentation
NCS Computech Ltd.
 
Fortinet sandboxing
Fortinet sandboxingFortinet sandboxing
Fortinet sandboxing
Nick Straughan
 
DSS ITSEC Conference 2012 - Forescout NAC #1
DSS ITSEC Conference 2012 - Forescout NAC #1DSS ITSEC Conference 2012 - Forescout NAC #1
DSS ITSEC Conference 2012 - Forescout NAC #1
Andris Soroka
 
Mesh Surveillance Camera | EnGenius
Mesh Surveillance Camera | EnGeniusMesh Surveillance Camera | EnGenius
Mesh Surveillance Camera | EnGenius
Engi Admi
 
DSS ITSEC 2012 ForeScout Technical RIGA
DSS ITSEC 2012 ForeScout Technical RIGADSS ITSEC 2012 ForeScout Technical RIGA
DSS ITSEC 2012 ForeScout Technical RIGA
Andris Soroka
 
Fore scout nac-datasheet
Fore scout nac-datasheetFore scout nac-datasheet
Fore scout nac-datasheet
Khoa Nguyen Hong Nguyen
 
Dmitry Kurbatov. Five Nightmares for a Telecom
Dmitry Kurbatov. Five Nightmares for a TelecomDmitry Kurbatov. Five Nightmares for a Telecom
Dmitry Kurbatov. Five Nightmares for a Telecom
Positive Hack Days
 
10 Reasons to use the Renesas Remote IO solution kit
10 Reasons to use the Renesas Remote IO solution kit10 Reasons to use the Renesas Remote IO solution kit
10 Reasons to use the Renesas Remote IO solution kit
Renesas Electronics Corporation
 
USB-Lock-RP Technical Datasheet version 11.9
USB-Lock-RP Technical Datasheet version 11.9USB-Lock-RP Technical Datasheet version 11.9
USB-Lock-RP Technical Datasheet version 11.9
Javier Arrospide
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended
Larry Vandenaweele
 
ATM Compromise with and without Whitelisting
ATM Compromise with and without WhitelistingATM Compromise with and without Whitelisting
ATM Compromise with and without Whitelisting
Alexandru Gherman
 
Industrial protocols for pentesters
Industrial protocols for pentestersIndustrial protocols for pentesters
Industrial protocols for pentesters
Positive Hack Days
 
Ce hv6 module 56 hacking global positioning system
Ce hv6 module 56 hacking global positioning systemCe hv6 module 56 hacking global positioning system
Ce hv6 module 56 hacking global positioning system
Vi Tính Hoàng Nam
 

What's hot (20)

CNIT 123: Ch 13: Network Protection Systems
CNIT 123: Ch 13: Network Protection SystemsCNIT 123: Ch 13: Network Protection Systems
CNIT 123: Ch 13: Network Protection Systems
 
Information Security Lesson 5 - Network Infrastructure - Eric Vanderburg
Information Security Lesson 5 - Network Infrastructure - Eric VanderburgInformation Security Lesson 5 - Network Infrastructure - Eric Vanderburg
Information Security Lesson 5 - Network Infrastructure - Eric Vanderburg
 
Fortigate Training
Fortigate TrainingFortigate Training
Fortigate Training
 
FortiWLC
FortiWLC FortiWLC
FortiWLC
 
Fortinet
FortinetFortinet
Fortinet
 
Service providers presentation
Service providers presentationService providers presentation
Service providers presentation
 
SECURE Out-of-Band Management
SECURE Out-of-Band ManagementSECURE Out-of-Band Management
SECURE Out-of-Band Management
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 Presentation
 
Fortinet sandboxing
Fortinet sandboxingFortinet sandboxing
Fortinet sandboxing
 
DSS ITSEC Conference 2012 - Forescout NAC #1
DSS ITSEC Conference 2012 - Forescout NAC #1DSS ITSEC Conference 2012 - Forescout NAC #1
DSS ITSEC Conference 2012 - Forescout NAC #1
 
Mesh Surveillance Camera | EnGenius
Mesh Surveillance Camera | EnGeniusMesh Surveillance Camera | EnGenius
Mesh Surveillance Camera | EnGenius
 
DSS ITSEC 2012 ForeScout Technical RIGA
DSS ITSEC 2012 ForeScout Technical RIGADSS ITSEC 2012 ForeScout Technical RIGA
DSS ITSEC 2012 ForeScout Technical RIGA
 
Fore scout nac-datasheet
Fore scout nac-datasheetFore scout nac-datasheet
Fore scout nac-datasheet
 
Dmitry Kurbatov. Five Nightmares for a Telecom
Dmitry Kurbatov. Five Nightmares for a TelecomDmitry Kurbatov. Five Nightmares for a Telecom
Dmitry Kurbatov. Five Nightmares for a Telecom
 
10 Reasons to use the Renesas Remote IO solution kit
10 Reasons to use the Renesas Remote IO solution kit10 Reasons to use the Renesas Remote IO solution kit
10 Reasons to use the Renesas Remote IO solution kit
 
USB-Lock-RP Technical Datasheet version 11.9
USB-Lock-RP Technical Datasheet version 11.9USB-Lock-RP Technical Datasheet version 11.9
USB-Lock-RP Technical Datasheet version 11.9
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended
 
ATM Compromise with and without Whitelisting
ATM Compromise with and without WhitelistingATM Compromise with and without Whitelisting
ATM Compromise with and without Whitelisting
 
Industrial protocols for pentesters
Industrial protocols for pentestersIndustrial protocols for pentesters
Industrial protocols for pentesters
 
Ce hv6 module 56 hacking global positioning system
Ce hv6 module 56 hacking global positioning systemCe hv6 module 56 hacking global positioning system
Ce hv6 module 56 hacking global positioning system
 

Similar to Fortinet Network Security Appliance - Case Study, CARE USA

Wireless Overview Customer Deck_Mar21_bdbcommented.pptx
Wireless Overview Customer Deck_Mar21_bdbcommented.pptxWireless Overview Customer Deck_Mar21_bdbcommented.pptx
Wireless Overview Customer Deck_Mar21_bdbcommented.pptx
brianbrowne13
 
FortiGate-60C
FortiGate-60CFortiGate-60C
FortiGate-60C
Компания ИНТРО
 
Forti gate 90d
Forti gate 90dForti gate 90d
Forti gate 90d
Erick Celada
 
Forti gate 90d
Forti gate 90dForti gate 90d
Forti gate 90d
hape01
 
FortiGate-200B
FortiGate-200BFortiGate-200B
FortiGate-200B
Компания ИНТРО
 
BRKIOT-2108.pdf
BRKIOT-2108.pdfBRKIOT-2108.pdf
BRKIOT-2108.pdf
JokaTek
 
FortiGate-40C
FortiGate-40CFortiGate-40C
FortiGate-40C
Компания ИНТРО
 
Changes to Priority 2 E-Rate: How Pine Cove Consulting and Sophos Can Help
Changes to Priority 2 E-Rate: How Pine Cove Consulting and Sophos Can HelpChanges to Priority 2 E-Rate: How Pine Cove Consulting and Sophos Can Help
Changes to Priority 2 E-Rate: How Pine Cove Consulting and Sophos Can Help
Pine Cove Consulting
 
Forti gate 280d-poe
Forti gate 280d-poeForti gate 280d-poe
Forti gate 280d-poe
Nicolas su
 
Allied Telesis X510 Series
Allied Telesis X510 SeriesAllied Telesis X510 Series
Allied Telesis X510 Series
alliedtelesisnetwork
 
Routeco cyber security and secure remote access 1 01
Routeco cyber security and secure remote access 1 01Routeco cyber security and secure remote access 1 01
Routeco cyber security and secure remote access 1 01
RoutecoMarketing
 
Здоровье важнее - Fortinet решения для удаленных сотрудников
Здоровье важнее - Fortinet решения для удаленных сотрудниковЗдоровье важнее - Fortinet решения для удаленных сотрудников
Здоровье важнее - Fortinet решения для удаленных сотрудников
MUK Extreme
 
Fortigate Modelo 90d
Fortigate Modelo 90dFortigate Modelo 90d
Fortigate Modelo 90d
robertogarciargh
 
Fortinet - Hk Product Overview Short V 1 6
Fortinet - Hk Product Overview Short V 1 6Fortinet - Hk Product Overview Short V 1 6
Fortinet - Hk Product Overview Short V 1 6
Haris Khan
 
Effective Network Security Against Cyber Threats - Network Segmentation Techn...
Effective Network Security Against Cyber Threats - Network Segmentation Techn...Effective Network Security Against Cyber Threats - Network Segmentation Techn...
Effective Network Security Against Cyber Threats - Network Segmentation Techn...
Jiunn-Jer Sun
 
Security assignment (copy)
Security assignment (copy)Security assignment (copy)
Security assignment (copy)
Amare Kassa
 
Allied Telesis IE510-28GSX
Allied Telesis IE510-28GSXAllied Telesis IE510-28GSX
Allied Telesis IE510-28GSX
alliedtelesisnetwork
 
2017 - LISA - LinkedIn's Distributed Firewall (DFW)
2017 - LISA - LinkedIn's Distributed Firewall (DFW)2017 - LISA - LinkedIn's Distributed Firewall (DFW)
2017 - LISA - LinkedIn's Distributed Firewall (DFW)
Mike Svoboda
 
Defense Presentation Julian Alejandro Torres Ruiz.pptx
Defense Presentation Julian Alejandro Torres Ruiz.pptxDefense Presentation Julian Alejandro Torres Ruiz.pptx
Defense Presentation Julian Alejandro Torres Ruiz.pptx
JulianAlejandroTorre
 
Forti gate 200b poe
Forti gate 200b poeForti gate 200b poe
Forti gate 200b poe
Huu Hieu
 

Similar to Fortinet Network Security Appliance - Case Study, CARE USA (20)

Wireless Overview Customer Deck_Mar21_bdbcommented.pptx
Wireless Overview Customer Deck_Mar21_bdbcommented.pptxWireless Overview Customer Deck_Mar21_bdbcommented.pptx
Wireless Overview Customer Deck_Mar21_bdbcommented.pptx
 
FortiGate-60C
FortiGate-60CFortiGate-60C
FortiGate-60C
 
Forti gate 90d
Forti gate 90dForti gate 90d
Forti gate 90d
 
Forti gate 90d
Forti gate 90dForti gate 90d
Forti gate 90d
 
FortiGate-200B
FortiGate-200BFortiGate-200B
FortiGate-200B
 
BRKIOT-2108.pdf
BRKIOT-2108.pdfBRKIOT-2108.pdf
BRKIOT-2108.pdf
 
FortiGate-40C
FortiGate-40CFortiGate-40C
FortiGate-40C
 
Changes to Priority 2 E-Rate: How Pine Cove Consulting and Sophos Can Help
Changes to Priority 2 E-Rate: How Pine Cove Consulting and Sophos Can HelpChanges to Priority 2 E-Rate: How Pine Cove Consulting and Sophos Can Help
Changes to Priority 2 E-Rate: How Pine Cove Consulting and Sophos Can Help
 
Forti gate 280d-poe
Forti gate 280d-poeForti gate 280d-poe
Forti gate 280d-poe
 
Allied Telesis X510 Series
Allied Telesis X510 SeriesAllied Telesis X510 Series
Allied Telesis X510 Series
 
Routeco cyber security and secure remote access 1 01
Routeco cyber security and secure remote access 1 01Routeco cyber security and secure remote access 1 01
Routeco cyber security and secure remote access 1 01
 
Здоровье важнее - Fortinet решения для удаленных сотрудников
Здоровье важнее - Fortinet решения для удаленных сотрудниковЗдоровье важнее - Fortinet решения для удаленных сотрудников
Здоровье важнее - Fortinet решения для удаленных сотрудников
 
Fortigate Modelo 90d
Fortigate Modelo 90dFortigate Modelo 90d
Fortigate Modelo 90d
 
Fortinet - Hk Product Overview Short V 1 6
Fortinet - Hk Product Overview Short V 1 6Fortinet - Hk Product Overview Short V 1 6
Fortinet - Hk Product Overview Short V 1 6
 
Effective Network Security Against Cyber Threats - Network Segmentation Techn...
Effective Network Security Against Cyber Threats - Network Segmentation Techn...Effective Network Security Against Cyber Threats - Network Segmentation Techn...
Effective Network Security Against Cyber Threats - Network Segmentation Techn...
 
Security assignment (copy)
Security assignment (copy)Security assignment (copy)
Security assignment (copy)
 
Allied Telesis IE510-28GSX
Allied Telesis IE510-28GSXAllied Telesis IE510-28GSX
Allied Telesis IE510-28GSX
 
2017 - LISA - LinkedIn's Distributed Firewall (DFW)
2017 - LISA - LinkedIn's Distributed Firewall (DFW)2017 - LISA - LinkedIn's Distributed Firewall (DFW)
2017 - LISA - LinkedIn's Distributed Firewall (DFW)
 
Defense Presentation Julian Alejandro Torres Ruiz.pptx
Defense Presentation Julian Alejandro Torres Ruiz.pptxDefense Presentation Julian Alejandro Torres Ruiz.pptx
Defense Presentation Julian Alejandro Torres Ruiz.pptx
 
Forti gate 200b poe
Forti gate 200b poeForti gate 200b poe
Forti gate 200b poe
 

More from nicholas njoroge

Sustainable Connectivity after the Emergency Response Phase
Sustainable Connectivity after the Emergency Response PhaseSustainable Connectivity after the Emergency Response Phase
Sustainable Connectivity after the Emergency Response Phase
nicholas njoroge
 
Humanitarian ICT Road-Map and Standardisation
Humanitarian ICT Road-Map and StandardisationHumanitarian ICT Road-Map and Standardisation
Humanitarian ICT Road-Map and Standardisation
nicholas njoroge
 
Business Relationship Management in IRC
Business Relationship Management in IRCBusiness Relationship Management in IRC
Business Relationship Management in IRC
nicholas njoroge
 
Best practices for data centers
Best practices for data centersBest practices for data centers
Best practices for data centers
nicholas njoroge
 
Best practices in networks and infrastructure
Best practices in networks and infrastructureBest practices in networks and infrastructure
Best practices in networks and infrastructure
nicholas njoroge
 
Women and ICT - UNOCHA (ROSEA)
Women and ICT - UNOCHA (ROSEA)Women and ICT - UNOCHA (ROSEA)
Women and ICT - UNOCHA (ROSEA)
nicholas njoroge
 
Meraki - Case Study, PATH International - Part 2
Meraki - Case Study, PATH International - Part 2Meraki - Case Study, PATH International - Part 2
Meraki - Case Study, PATH International - Part 2
nicholas njoroge
 
Meraki - Case Study, PATH International
Meraki - Case Study, PATH International Meraki - Case Study, PATH International
Meraki - Case Study, PATH International
nicholas njoroge
 
ICT for Development (ICT4D) in Plan International
ICT for Development (ICT4D) in Plan InternationalICT for Development (ICT4D) in Plan International
ICT for Development (ICT4D) in Plan International
nicholas njoroge
 
ICT4D in Catholic Relief Services (CRS)
ICT4D in Catholic Relief Services (CRS) ICT4D in Catholic Relief Services (CRS)
ICT4D in Catholic Relief Services (CRS)
nicholas njoroge
 
Cisco Standard Network Platform (SNP) - Catholic Relief Services Case Study
Cisco Standard Network Platform (SNP) - Catholic Relief Services Case StudyCisco Standard Network Platform (SNP) - Catholic Relief Services Case Study
Cisco Standard Network Platform (SNP) - Catholic Relief Services Case Study
nicholas njoroge
 
ICT in Emergencies - Nethope
ICT in Emergencies - Nethope ICT in Emergencies - Nethope
ICT in Emergencies - Nethope
nicholas njoroge
 
Cloud adoption strategies for non profits - DAI
Cloud adoption strategies for non profits - DAICloud adoption strategies for non profits - DAI
Cloud adoption strategies for non profits - DAI
nicholas njoroge
 
Business Relations and Engage - Save the Children
Business Relations and Engage - Save the ChildrenBusiness Relations and Engage - Save the Children
Business Relations and Engage - Save the Children
nicholas njoroge
 
IT Strategy and Governance - SOS Children's Villages
IT Strategy and Governance - SOS Children's VillagesIT Strategy and Governance - SOS Children's Villages
IT Strategy and Governance - SOS Children's Villages
nicholas njoroge
 

More from nicholas njoroge (15)

Sustainable Connectivity after the Emergency Response Phase
Sustainable Connectivity after the Emergency Response PhaseSustainable Connectivity after the Emergency Response Phase
Sustainable Connectivity after the Emergency Response Phase
 
Humanitarian ICT Road-Map and Standardisation
Humanitarian ICT Road-Map and StandardisationHumanitarian ICT Road-Map and Standardisation
Humanitarian ICT Road-Map and Standardisation
 
Business Relationship Management in IRC
Business Relationship Management in IRCBusiness Relationship Management in IRC
Business Relationship Management in IRC
 
Best practices for data centers
Best practices for data centersBest practices for data centers
Best practices for data centers
 
Best practices in networks and infrastructure
Best practices in networks and infrastructureBest practices in networks and infrastructure
Best practices in networks and infrastructure
 
Women and ICT - UNOCHA (ROSEA)
Women and ICT - UNOCHA (ROSEA)Women and ICT - UNOCHA (ROSEA)
Women and ICT - UNOCHA (ROSEA)
 
Meraki - Case Study, PATH International - Part 2
Meraki - Case Study, PATH International - Part 2Meraki - Case Study, PATH International - Part 2
Meraki - Case Study, PATH International - Part 2
 
Meraki - Case Study, PATH International
Meraki - Case Study, PATH International Meraki - Case Study, PATH International
Meraki - Case Study, PATH International
 
ICT for Development (ICT4D) in Plan International
ICT for Development (ICT4D) in Plan InternationalICT for Development (ICT4D) in Plan International
ICT for Development (ICT4D) in Plan International
 
ICT4D in Catholic Relief Services (CRS)
ICT4D in Catholic Relief Services (CRS) ICT4D in Catholic Relief Services (CRS)
ICT4D in Catholic Relief Services (CRS)
 
Cisco Standard Network Platform (SNP) - Catholic Relief Services Case Study
Cisco Standard Network Platform (SNP) - Catholic Relief Services Case StudyCisco Standard Network Platform (SNP) - Catholic Relief Services Case Study
Cisco Standard Network Platform (SNP) - Catholic Relief Services Case Study
 
ICT in Emergencies - Nethope
ICT in Emergencies - Nethope ICT in Emergencies - Nethope
ICT in Emergencies - Nethope
 
Cloud adoption strategies for non profits - DAI
Cloud adoption strategies for non profits - DAICloud adoption strategies for non profits - DAI
Cloud adoption strategies for non profits - DAI
 
Business Relations and Engage - Save the Children
Business Relations and Engage - Save the ChildrenBusiness Relations and Engage - Save the Children
Business Relations and Engage - Save the Children
 
IT Strategy and Governance - SOS Children's Villages
IT Strategy and Governance - SOS Children's VillagesIT Strategy and Governance - SOS Children's Villages
IT Strategy and Governance - SOS Children's Villages
 

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
Zilliz
 

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
 

Fortinet Network Security Appliance - Case Study, CARE USA

  • 1. Fortinet Network Security Appliance CASE STUDY OF CARE USA
  • 2. Introduction CARE USA has a presence in over 50 countries across LAC,MENA,WA,ECSA
  • 3. NOW LATER Convoluted system design Simple system design Undocumented ICT capabilities Repeatable capabilities Localized ICT leadership and support Centralized ICT leadership Localized ICT governance Centralized ICT governance
  • 4. ICT challenges on the ground
  • 6. Alpha Office- (35+ users) Fortinet Fortigate 200E ASA Firewall 5525 Edge Router 2911 0/0 WAN1 0/1 0/9 0/2 EDGE 0/1 0/24 SW-13 0/3 Internet 0/20 0/0 0/1 0/4 0/8 0/11 0/8 0/12 0/7 0/19-20 0/19 slave 2-sw4 slave 1-sw3 Master-sw2 0/19-20 0/3-15 0/9-10 0/16-17 0/21-22 0/16-17 0/21-22 0/21-22 0/1-3 0/1-2 sw5 IDF 0/230/24 0/2-18 0/19-20 0/21-23 0/1 0/1-15 Edge Switch 3750
  • 7. Small Office (9-35 users) Fortinet Fortigate 100D WAN1 0/2 VSAT MODEM SW-13 Internet 0/24 0/19 Master -sw1 0/3-15 0/9-10 0/22-23 Slave -sw2
  • 8. Why fortinet? • Intelligent network segmentation • Centralized administration and threat management • Flexible WIFI deployment options
  • 9. Ctd.. • Current day security defense and detention. • Multi-browser compatible dash-boarding. • Dynamic reporting and drill down in connections settings. • Multifunctional device with a small footprint. • Enhanced Bandwidth/QOS traffic prioritization and shaping services for offices with Internet speed issues. • Dynamic & detailed reporting information:- on bandwidth usage, security events, and system changes
  • 10. Solution Adapted • Medium to Enterprise Solution • Basic security monitor and lockdown • Application control and throttling • Web filtering and control • VPN/SSL service for both Medium to Large Enterprise • Report capture on source and destination • Subscription base UTM updates giving the most current security updates
  • 12. QOS • Available to both network or application category to provide control of network saturated offices. • Priority to business critical services e.g. email, skype for business, financial management app • Load balancing with VIP’s
  • 14. VDOM’s Standardized setup to provide the following support structure on the system:- • Care-SSL = Will be configured as a primary SSLVPN network for making resources available to supported users. • CARE-UTM = This is a L2 network pass through for allowing wired country offices application control and filtering of security breaches. • Root = Default environment used as a control point.
  • 15. WIFI • Multiband wifi solution 2.4GHz and 5GHz comes with the system ability to scale with the network environment. • All FortiGate come with the ability to be a wireless controller • The option of network bridging or tunneling can be deployed to accommodate small to large Enterprise network.
  • 16. Firewall Policies • Deploy filters • Manage the types of devices connecting on the network • Manage what each device has access to
  • 18. Troubleshooting • ICMP tests • Ping/clone a ping from a different end-point • Tracert • Traffic Logs
  • 19. Licensing • Bundled annual subscription ($33k) service managed from FortiManager and enables CARE to • Upgrade IOS • Manage patches – IPS/AV • Monitor remotely • Forti UTM bundle with every equipment purchase
  • 20. Challenges/Overcoming them • Remote deployment • Adaptation in CO’s • Equipment purchase from HQ in US To overcome these:- • Continuous research to customize solution • Training sessions national local IT leads/team • Identify local vendor
  • 21. What has worked well • WIFI deployment • UTM through VDOM’s • Software VLAN’s • Second layer of security with IPS and AV • Bandwidth throttling with traffic shaping
  • 22. We are now able to • Enforce firewall policies • Implement QOS; traffic shaping • Intelligent reporting • Enforce WIFI segmentation
  • 23. Q&A

Editor's Notes

  1. Intelligent network segmentation – AP’s have an OS Supports on-prem and cloud based deployments
  2. Forti OS 5.4
  3. Traffic haping – shared and reverse shaper Per policy shaping e.g like to the general internet access policy #set-per policy enable #end High priority applies to all
  4. Netwrok bridging Tunneling
  5. Can edit ping-options to appear as if pinging from a server despite being on the forti
  6. Bundled subscription service Fortigate 400C manages for all CO’s – upgraded IOS, manages, patches and monitors and can send reports, takes daily backups; capacity of 50-100GB HDD, virtual RAM- minimum 4-8GB – licensing 20% of cost $33k No support on AP $33K- fortigate unit with UTM and support
  7. Can block bots, web filtering, Can block ads, videos, applets
  8. Efficiently manage bandwidth Through QOS- Better management of secure resources by OS filters