NN
Uploaded bynicholas njoroge
PPTX, PDF499 views

Fortinet Network Security Appliance - Case Study, CARE USA

- CARE USA implemented Fortinet network security appliances across its offices globally to simplify and centralize its previously convoluted and localized ICT systems. - The Fortinet appliances provide capabilities such as network segmentation, centralized threat management, application control and web filtering to improve security. They also enable remote management, dynamic reporting and VPN access. - The solution deployed Fortigate appliances tailored to office sizes, with models for medium/enterprise and small offices. This provided standardized setups for firewall policies, QoS, UTM security services and WIFI access across CARE USA's network.

Technology
Related topics:
Information Security

Embed presentation

Downloaded 14 times
Fortinet Network Security Appliance CASE STUDY OF CARE USA
Introduction CARE USA has a presence in over 50 countries across LAC,MENA,WA,ECSA
NOW LATER Convoluted system design Simple system design Undocumented ICT capabilities Repeatable capabilities Localized ICT leadership and support Centralized ICT leadership Localized ICT governance Centralized ICT governance
ICT challenges on the ground
The plan…
Alpha Office- (35+ users) Fortinet Fortigate 200E ASA Firewall 5525 Edge Router 2911 0/0 WAN1 0/1 0/9 0/2 EDGE 0/1 0/24 SW-13 0/3 Internet 0/20 0/0 0/1 0/4 0/8 0/11 0/8 0/12 0/7 0/19-20 0/19 slave 2-sw4 slave 1-sw3 Master-sw2 0/19-20 0/3-15 0/9-10 0/16-17 0/21-22 0/16-17 0/21-22 0/21-22 0/1-3 0/1-2 sw5 IDF 0/230/24 0/2-18 0/19-20 0/21-23 0/1 0/1-15 Edge Switch 3750
Small Office (9-35 users) Fortinet Fortigate 100D WAN1 0/2 VSAT MODEM SW-13 Internet 0/24 0/19 Master -sw1 0/3-15 0/9-10 0/22-23 Slave -sw2
Why fortinet? • Intelligent network segmentation • Centralized administration and threat management • Flexible WIFI deployment options
Ctd.. • Current day security defense and detention. • Multi-browser compatible dash-boarding. • Dynamic reporting and drill down in connections settings. • Multifunctional device with a small footprint. • Enhanced Bandwidth/QOS traffic prioritization and shaping services for offices with Internet speed issues. • Dynamic & detailed reporting information:- on bandwidth usage, security events, and system changes
Solution Adapted • Medium to Enterprise Solution • Basic security monitor and lockdown • Application control and throttling • Web filtering and control • VPN/SSL service for both Medium to Large Enterprise • Report capture on source and destination • Subscription base UTM updates giving the most current security updates
Introduction - Dashboard
QOS • Available to both network or application category to provide control of network saturated offices. • Priority to business critical services e.g. email, skype for business, financial management app • Load balancing with VIP’s
UTM’s
VDOM’s Standardized setup to provide the following support structure on the system:- • Care-SSL = Will be configured as a primary SSLVPN network for making resources available to supported users. • CARE-UTM = This is a L2 network pass through for allowing wired country offices application control and filtering of security breaches. • Root = Default environment used as a control point.
WIFI • Multiband wifi solution 2.4GHz and 5GHz comes with the system ability to scale with the network environment. • All FortiGate come with the ability to be a wireless controller • The option of network bridging or tunneling can be deployed to accommodate small to large Enterprise network.
Firewall Policies • Deploy filters • Manage the types of devices connecting on the network • Manage what each device has access to
Monitoring • Traffic logs • Generate reports
Troubleshooting • ICMP tests • Ping/clone a ping from a different end-point • Tracert • Traffic Logs
Licensing • Bundled annual subscription ($33k) service managed from FortiManager and enables CARE to • Upgrade IOS • Manage patches – IPS/AV • Monitor remotely • Forti UTM bundle with every equipment purchase
Challenges/Overcoming them • Remote deployment • Adaptation in CO’s • Equipment purchase from HQ in US To overcome these:- • Continuous research to customize solution • Training sessions national local IT leads/team • Identify local vendor
What has worked well • WIFI deployment • UTM through VDOM’s • Software VLAN’s • Second layer of security with IPS and AV • Bandwidth throttling with traffic shaping
We are now able to • Enforce firewall policies • Implement QOS; traffic shaping • Intelligent reporting • Enforce WIFI segmentation
Q&A

More Related Content

PPTX
Seminar
byAbhinav Kushwah
 
PPT
UTM Basic Rev 1.2 (Modified)
byNCS Computech Ltd.
 
PPTX
OwnYIT CSAT + SIEM
byNCS Computech Ltd.
 
PDF
Secure your network - Segmentation and segregation
byMagnus Jansson
 
PDF
Genian NAC Datasheet
byGENIANS, INC.
 
PPTX
Identify and mitigate high risk port vulnerabilities
byGENIANS, INC.
 
PDF
STATE OF ALABAMA Information Technology Guideline
byVideoguy
 
PPT
Security Design Considerations Module 3 - Training Sample
byContent Rules, Inc.
 
Seminar
byAbhinav Kushwah
 
UTM Basic Rev 1.2 (Modified)
byNCS Computech Ltd.
 
OwnYIT CSAT + SIEM
byNCS Computech Ltd.
 
Secure your network - Segmentation and segregation
byMagnus Jansson
 
Genian NAC Datasheet
byGENIANS, INC.
 
Identify and mitigate high risk port vulnerabilities
byGENIANS, INC.
 
STATE OF ALABAMA Information Technology Guideline
byVideoguy
 
Security Design Considerations Module 3 - Training Sample
byContent Rules, Inc.
 

What's hot

PPTX
Fortinet sandboxing
byNick Straughan
 
PPT
Fortinet FortiOS 5 Presentation
byNCS Computech Ltd.
 
PPT
Fortigate Training
byNCS Computech Ltd.
 
PPTX
Fortinet
byABEP123
 
PPTX
Industrial protocols for pentesters
byPositive Hack Days
 
PPTX
SECURE Out-of-Band Management
byCommunications Devices Inc.
 
PDF
CNIT 123: Ch 13: Network Protection Systems
bySam Bowne
 
PDF
FortiWLC
byAhmed Hashem El Fiky
 
PDF
Fore scout nac-datasheet
byKhoa Nguyen Hong Nguyen
 
PDF
DSS ITSEC Conference 2012 - Forescout NAC #1
byAndris Soroka
 
PPTX
Mesh Surveillance Camera | EnGenius
byEngi Admi
 
PPT
Information Security Lesson 5 - Network Infrastructure - Eric Vanderburg
byEric Vanderburg
 
PPTX
Service providers presentation
byCommunications Devices Inc.
 
PDF
USB-Lock-RP Technical Datasheet version 11.9
byJavier Arrospide
 
PDF
The journey to ICS - Extended
byLarry Vandenaweele
 
PDF
Dmitry Kurbatov. Five Nightmares for a Telecom
byPositive Hack Days
 
PDF
10 Reasons to use the Renesas Remote IO solution kit
byRenesas Electronics Corporation
 
PDF
ATM Compromise with and without Whitelisting
byAlexandru Gherman
 
PDF
DSS ITSEC 2012 ForeScout Technical RIGA
byAndris Soroka
 
PDF
Ce hv6 module 56 hacking global positioning system
byVi Tính Hoàng Nam
 
Fortinet sandboxing
byNick Straughan
 
Fortinet FortiOS 5 Presentation
byNCS Computech Ltd.
 
Fortigate Training
byNCS Computech Ltd.
 
Fortinet
byABEP123
 
Industrial protocols for pentesters
byPositive Hack Days
 
SECURE Out-of-Band Management
byCommunications Devices Inc.
 
CNIT 123: Ch 13: Network Protection Systems
bySam Bowne
 
FortiWLC
byAhmed Hashem El Fiky
 
Fore scout nac-datasheet
byKhoa Nguyen Hong Nguyen
 
DSS ITSEC Conference 2012 - Forescout NAC #1
byAndris Soroka
 
Mesh Surveillance Camera | EnGenius
byEngi Admi
 
Information Security Lesson 5 - Network Infrastructure - Eric Vanderburg
byEric Vanderburg
 
Service providers presentation
byCommunications Devices Inc.
 
USB-Lock-RP Technical Datasheet version 11.9
byJavier Arrospide
 
The journey to ICS - Extended
byLarry Vandenaweele
 
Dmitry Kurbatov. Five Nightmares for a Telecom
byPositive Hack Days
 
10 Reasons to use the Renesas Remote IO solution kit
byRenesas Electronics Corporation
 
ATM Compromise with and without Whitelisting
byAlexandru Gherman
 
DSS ITSEC 2012 ForeScout Technical RIGA
byAndris Soroka
 
Ce hv6 module 56 hacking global positioning system
byVi Tính Hoàng Nam
 

Similar to Fortinet Network Security Appliance - Case Study, CARE USA

PDF
Fortinet Fortigate Security Study Guide V70 Fortinet
byryvantibell
 
PPTX
Fortinet Switch - Sales Pitch Deck FortiSwitch.pptx
byewerton5221
 
PPTX
Fortinet k
bymrehan2k2
 
PPTX
Fortinet Corporate Overview Deck 11.pptx
byflawrence2
 
PPTX
FortiGate Presentation - Jump Solutions.pptx
byReinierKyleGabriel
 
PPTX
Fortinet Tanıtım
byGüney Bilişim
 
PDF
Fortinet_Starter_Training Firewall concepts
bySudhakarPrabhu7
 
PPTX
Wireless Overview Customer Deck_Mar21_bdbcommented.pptx
bybrianbrowne13
 
PPTX
Network Security - Fortinet, Dublin June 2017
byNovosco
 
PPT
Fortinet - Hk Product Overview Short V 1 6
byHaris Khan
 
PDF
firewall fortigate-200g-series- para grandes empresas
byAdaoPascoal
 
PDF
fortigate-200f-series (1).pdffortigate-200f-series (1).pdf
byChristianSilva166877
 
PDF
Fortinet Broşür
byGüney Bilişim
 
PDF
Fortinet brochure by GTEC CxA
byGTEC CxA
 
PDF
PLNOG16: When and Why use Fortinet Infrastructure Wireless solution, Brian An...
byPROIDEA
 
PDF
Threat Landscape for Education
byColloqueRISQ
 
PDF
Solution Guide Secure Access Architecture
byExclusive Networks ME
 
PPTX
Fortinet Perspectiva Coporativa
bySuministros Obras y Sistemas
 
PPTX
NetSafe - 11nov2011
byAgora Group
 
PDF
Industrial Networking Systems Secure Integration | Cisco & Polestar Case Study
byPolestar IIoT
 
Fortinet Fortigate Security Study Guide V70 Fortinet
byryvantibell
 
Fortinet Switch - Sales Pitch Deck FortiSwitch.pptx
byewerton5221
 
Fortinet k
bymrehan2k2
 
Fortinet Corporate Overview Deck 11.pptx
byflawrence2
 
FortiGate Presentation - Jump Solutions.pptx
byReinierKyleGabriel
 
Fortinet Tanıtım
byGüney Bilişim
 
Fortinet_Starter_Training Firewall concepts
bySudhakarPrabhu7
 
Wireless Overview Customer Deck_Mar21_bdbcommented.pptx
bybrianbrowne13
 
Network Security - Fortinet, Dublin June 2017
byNovosco
 
Fortinet - Hk Product Overview Short V 1 6
byHaris Khan
 
firewall fortigate-200g-series- para grandes empresas
byAdaoPascoal
 
fortigate-200f-series (1).pdffortigate-200f-series (1).pdf
byChristianSilva166877
 
Fortinet Broşür
byGüney Bilişim
 
Fortinet brochure by GTEC CxA
byGTEC CxA
 
PLNOG16: When and Why use Fortinet Infrastructure Wireless solution, Brian An...
byPROIDEA
 
Threat Landscape for Education
byColloqueRISQ
 
Solution Guide Secure Access Architecture
byExclusive Networks ME
 
Fortinet Perspectiva Coporativa
bySuministros Obras y Sistemas
 
NetSafe - 11nov2011
byAgora Group
 
Industrial Networking Systems Secure Integration | Cisco & Polestar Case Study
byPolestar IIoT
 

More from nicholas njoroge

PPTX
Meraki - Case Study, PATH International
bynicholas njoroge
 
PPTX
Cisco Standard Network Platform (SNP) - Catholic Relief Services Case Study
bynicholas njoroge
 
PPTX
Best practices for data centers
bynicholas njoroge
 
PPTX
Best practices in networks and infrastructure
bynicholas njoroge
 
PPTX
ICT4D in Catholic Relief Services (CRS)
bynicholas njoroge
 
PPTX
Business Relationship Management in IRC
bynicholas njoroge
 
PPTX
IT Strategy and Governance - SOS Children's Villages
bynicholas njoroge
 
PPTX
Business Relations and Engage - Save the Children
bynicholas njoroge
 
PPTX
Women and ICT - UNOCHA (ROSEA)
bynicholas njoroge
 
PPTX
Meraki - Case Study, PATH International - Part 2
bynicholas njoroge
 
PDF
ICT in Emergencies - Nethope
bynicholas njoroge
 
PPTX
Cloud adoption strategies for non profits - DAI
bynicholas njoroge
 
PPTX
Humanitarian ICT Road-Map and Standardisation
bynicholas njoroge
 
PPTX
ICT for Development (ICT4D) in Plan International
bynicholas njoroge
 
PPTX
Sustainable Connectivity after the Emergency Response Phase
bynicholas njoroge
 
Meraki - Case Study, PATH International
bynicholas njoroge
 
Cisco Standard Network Platform (SNP) - Catholic Relief Services Case Study
bynicholas njoroge
 
Best practices for data centers
bynicholas njoroge
 
Best practices in networks and infrastructure
bynicholas njoroge
 
ICT4D in Catholic Relief Services (CRS)
bynicholas njoroge
 
Business Relationship Management in IRC
bynicholas njoroge
 
IT Strategy and Governance - SOS Children's Villages
bynicholas njoroge
 
Business Relations and Engage - Save the Children
bynicholas njoroge
 
Women and ICT - UNOCHA (ROSEA)
bynicholas njoroge
 
Meraki - Case Study, PATH International - Part 2
bynicholas njoroge
 
ICT in Emergencies - Nethope
bynicholas njoroge
 
Cloud adoption strategies for non profits - DAI
bynicholas njoroge
 
Humanitarian ICT Road-Map and Standardisation
bynicholas njoroge
 
ICT for Development (ICT4D) in Plan International
bynicholas njoroge
 
Sustainable Connectivity after the Emergency Response Phase
bynicholas njoroge
 

Recently uploaded

PPTX
Storage-and-HCI-Positioning-update-sales.pptx
byhungungphu123
 
PDF
Getting the Best of TrueDEM – January News & Updates
bypanagenda
 
PPTX
Dell poweredge-customer-presentation.pptx
byhungungphu123
 
PDF
Safer’s Picks: Recent FME Enhancements with Big Everyday Impact
bySafe Software
 
PPTX
Achieve enterprise automation with SAP BTP solutions and SAP Signavio
bydarrellkiwi
 
PDF
apidays Australia 2025 | The Strategic Role of APIs in Digital Transformation
byapidays
 
PPTX
apidays Australia 2025 | Building AI RAG Applications with No Code.pptx
byapidays
 
PPTX
AI in Marine Insurance Future of Smarter Risk, Faster Claims & Safer Shipping...
byAutomationEdge Technologies
 
PPTX
Advance Computer Architecture Lecture 4.pptx
byBottshikanBottshikan
 
PDF
Computer Science Conferences 2026 | Research by SAI Conference
byHealth Conference 2026
 
PDF
CISO_2027_Playbook: Sovereign AI Resilience & Quantum-Proof Identity
bySaraDavis91
 
PPTX
CRM for the Insurance Industry Lessons for Insurance CIOs and Digital Leaders...
byKerry Millar
 
PDF
How to Design Premium Health (Public Health) PPT Using AI? Top Strategies
byPublic Health Concern Nepal
 
PDF
Deploying Windows Clients & Managing Identities
byVICTOR MAESTRE RAMIREZ
 
PDF
10 Best AI Tools for Fashion Brands in 2026
bymockitseo
 
PDF
Transcript: What ONIX can do: Leveraging metadata to support the discoverabil...
byBookNet Canada
 
DOCX
Best Web to Learn About Buying Verified Skrill Accounts (Los Angeles).docx
byhttps://topsellerit.com/product/buy-verified-binance-accounts/
 
PDF
Agentic AI Roadmap 2026: Mastering Autonomous AI Workflows and Systems
byAeafat Ahmed Mubin
 
PDF
What ONIX can do: Leveraging metadata to support the discoverability of First...
byBookNet Canada
 
PPTX
Strategic Shelf Planning for the New Year Turning Resolutions into Revenue .pptx
byAnoop Ashok
 
Storage-and-HCI-Positioning-update-sales.pptx
byhungungphu123
 
Getting the Best of TrueDEM – January News & Updates
bypanagenda
 
Dell poweredge-customer-presentation.pptx
byhungungphu123
 
Safer’s Picks: Recent FME Enhancements with Big Everyday Impact
bySafe Software
 
Achieve enterprise automation with SAP BTP solutions and SAP Signavio
bydarrellkiwi
 
apidays Australia 2025 | The Strategic Role of APIs in Digital Transformation
byapidays
 
apidays Australia 2025 | Building AI RAG Applications with No Code.pptx
byapidays
 
AI in Marine Insurance Future of Smarter Risk, Faster Claims & Safer Shipping...
byAutomationEdge Technologies
 
Advance Computer Architecture Lecture 4.pptx
byBottshikanBottshikan
 
Computer Science Conferences 2026 | Research by SAI Conference
byHealth Conference 2026
 
CISO_2027_Playbook: Sovereign AI Resilience & Quantum-Proof Identity
bySaraDavis91
 
CRM for the Insurance Industry Lessons for Insurance CIOs and Digital Leaders...
byKerry Millar
 
How to Design Premium Health (Public Health) PPT Using AI? Top Strategies
byPublic Health Concern Nepal
 
Deploying Windows Clients & Managing Identities
byVICTOR MAESTRE RAMIREZ
 
10 Best AI Tools for Fashion Brands in 2026
bymockitseo
 
Transcript: What ONIX can do: Leveraging metadata to support the discoverabil...
byBookNet Canada
 
Best Web to Learn About Buying Verified Skrill Accounts (Los Angeles).docx
byhttps://topsellerit.com/product/buy-verified-binance-accounts/
 
Agentic AI Roadmap 2026: Mastering Autonomous AI Workflows and Systems
byAeafat Ahmed Mubin
 
What ONIX can do: Leveraging metadata to support the discoverability of First...
byBookNet Canada
 
Strategic Shelf Planning for the New Year Turning Resolutions into Revenue .pptx
byAnoop Ashok
 

Fortinet Network Security Appliance - Case Study, CARE USA

  • 1.
    Fortinet Network SecurityAppliance CASE STUDY OF CARE USA
  • 2.
    Introduction CARE USA hasa presence in over 50 countries across LAC,MENA,WA,ECSA
  • 3.
    NOW LATER Convoluted systemdesign Simple system design Undocumented ICT capabilities Repeatable capabilities Localized ICT leadership and support Centralized ICT leadership Localized ICT governance Centralized ICT governance
  • 4.
  • 5.
  • 6.
    Alpha Office- (35+users) Fortinet Fortigate 200E ASA Firewall 5525 Edge Router 2911 0/0 WAN1 0/1 0/9 0/2 EDGE 0/1 0/24 SW-13 0/3 Internet 0/20 0/0 0/1 0/4 0/8 0/11 0/8 0/12 0/7 0/19-20 0/19 slave 2-sw4 slave 1-sw3 Master-sw2 0/19-20 0/3-15 0/9-10 0/16-17 0/21-22 0/16-17 0/21-22 0/21-22 0/1-3 0/1-2 sw5 IDF 0/230/24 0/2-18 0/19-20 0/21-23 0/1 0/1-15 Edge Switch 3750
  • 7.
    Small Office (9-35users) Fortinet Fortigate 100D WAN1 0/2 VSAT MODEM SW-13 Internet 0/24 0/19 Master -sw1 0/3-15 0/9-10 0/22-23 Slave -sw2
  • 8.
    Why fortinet? • Intelligentnetwork segmentation • Centralized administration and threat management • Flexible WIFI deployment options
  • 9.
    Ctd.. • Current daysecurity defense and detention. • Multi-browser compatible dash-boarding. • Dynamic reporting and drill down in connections settings. • Multifunctional device with a small footprint. • Enhanced Bandwidth/QOS traffic prioritization and shaping services for offices with Internet speed issues. • Dynamic & detailed reporting information:- on bandwidth usage, security events, and system changes
  • 10.
    Solution Adapted • Mediumto Enterprise Solution • Basic security monitor and lockdown • Application control and throttling • Web filtering and control • VPN/SSL service for both Medium to Large Enterprise • Report capture on source and destination • Subscription base UTM updates giving the most current security updates
  • 11.
  • 12.
    QOS • Available toboth network or application category to provide control of network saturated offices. • Priority to business critical services e.g. email, skype for business, financial management app • Load balancing with VIP’s
  • 13.
  • 14.
    VDOM’s Standardized setup toprovide the following support structure on the system:- • Care-SSL = Will be configured as a primary SSLVPN network for making resources available to supported users. • CARE-UTM = This is a L2 network pass through for allowing wired country offices application control and filtering of security breaches. • Root = Default environment used as a control point.
  • 15.
    WIFI • Multiband wifisolution 2.4GHz and 5GHz comes with the system ability to scale with the network environment. • All FortiGate come with the ability to be a wireless controller • The option of network bridging or tunneling can be deployed to accommodate small to large Enterprise network.
  • 16.
    Firewall Policies • Deployfilters • Manage the types of devices connecting on the network • Manage what each device has access to
  • 17.
  • 18.
    Troubleshooting • ICMP tests •Ping/clone a ping from a different end-point • Tracert • Traffic Logs
  • 19.
    Licensing • Bundled annualsubscription ($33k) service managed from FortiManager and enables CARE to • Upgrade IOS • Manage patches – IPS/AV • Monitor remotely • Forti UTM bundle with every equipment purchase
  • 20.
    Challenges/Overcoming them • Remotedeployment • Adaptation in CO’s • Equipment purchase from HQ in US To overcome these:- • Continuous research to customize solution • Training sessions national local IT leads/team • Identify local vendor
  • 21.
    What has workedwell • WIFI deployment • UTM through VDOM’s • Software VLAN’s • Second layer of security with IPS and AV • Bandwidth throttling with traffic shaping
  • 22.
    We are nowable to • Enforce firewall policies • Implement QOS; traffic shaping • Intelligent reporting • Enforce WIFI segmentation
  • 23.

Editor's Notes

  • #9 Intelligent network segmentation – AP’s have an OS Supports on-prem and cloud based deployments
  • #12 Forti OS 5.4
  • #13 Traffic haping – shared and reverse shaper Per policy shaping e.g like to the general internet access policy #set-per policy enable #end High priority applies to all
  • #16 Netwrok bridging Tunneling
  • #19 Can edit ping-options to appear as if pinging from a server despite being on the forti
  • #20 Bundled subscription service Fortigate 400C manages for all CO’s – upgraded IOS, manages, patches and monitors and can send reports, takes daily backups; capacity of 50-100GB HDD, virtual RAM- minimum 4-8GB – licensing 20% of cost $33k No support on AP $33K- fortigate unit with UTM and support
  • #22 Can block bots, web filtering, Can block ads, videos, applets
  • #23 Efficiently manage bandwidth Through QOS- Better management of secure resources by OS filters