2. 2
Secure Web Gateway market
Protect users against internet threats
Web Application
Servers
FortiProxy
FortiGate
FortiWeb
Internal User
External User
Secure web gateways (SWG) utilize URL filtering, advanced
threat defense and legacy malware protection to defend
users from internet-borne threats, and to help enterprises
enforce internet policy compliance
SWGs today are implemented primarily because of their
security functionality. Vendors that are focused on providing
strong anti-malware and advanced threat detection
functionality that are best positioned to win in this market
3. 3
• Defend users from internet-borne threats
• Filters unwanted software/malware from user-initiated
• Enforce Internet Policy Compliance
• Provide visibility into encrypted traffic/websites
• Deployment flexibility to secure any user
• Insure an instant, fast internet access using WAN-
Optimization and Web-Caching
Secure Web Gateway Role
4. 4
SWG WAF NGFW
• Only HTTP/S traffic
• Protect web applications against
a variety of attacks
• Protection from the OWASP Top
Ten application attacks
• Proxy Mode Application
• Protect users from internet-borne
threats with:
• URL filtering
• Anti-malware protection
• IPS
• Application control capabilities
• SSL Inspection
• Optimizing user experience
Web Application
Servers
FORTIPROXY
FortiGate
Internal User
External User
Protects Internal Web Application Servers
Protects Employees from internet threats
Web Application
Servers
FortiProxy
FortiGate
Internal User
External User
FORTIWEB
Protects Internal Network/Application
Web Application
Servers
FortiProxy
FORTIGATE
Internal User
External User
• Flow/Proxy Traffic
• Protect against External/Internal
threats with:
• Anti-Virus and Malware
• IPS
• SSL Inspection/Offloading
• Application rules
FortiWeb
FortiWeb
5. 5
SWG Complement NGFW for complete protection !
Web Application
Servers
FORTIPROXY
Internal User
External User
FORTIGATE
6. 6
• Email (92.3%) and Web (6.3%) are
the two main primary vectors for
malware entering an organization.*
• 4% of people will click on a phishing
email which is often used to gain a
foothold in the network via malware
or credential phishing.*
• Malware laden scripts and adverts
mean malware can show up on the
most popular and trusted websites
Advanced Web BasedAttacks
* Source: Verizon Data Breach Report 2018
8. 8
High Performance and Scalability Proxy
Dedicated Secure Web Gateway Solution
Pay As You Grow License
Multi-Layered Detection to prevent threats
Authenticated Web Application Control
Wan Optimization and Advanced Caching
FortiProxy Secure Web Gateway
AUTHENTICATED ACCESS
Granular application control policies
Activity monitoring
Restricts access to social websites
using user or group identity
SSL INSPECTION
Powerful hardware
Removes blind spots in
encrypted traffic
Multiple inspection methods
MULTI-LAYERED PROTECTION
Integration with proven
FortiGuard Threat
Intelligence
Integration with FortiSandbox
9. 9
FortiProxy Key Differentiators
Backup
FortiProxy is a purpose-
built forward SWG proxy
with industry-rated
FortiGuard services.
Price-Competitiveness
Seat licensing is incredibly
attractive compared to the
market. This translates to
LOWER TCO for clients.
Effectiveness
FortiProxy licensing provides you
double the amount of proxied-
sessions compared to competitors
(Broadcom/Symantec/Blue Coat) –
This price advantage is especially key
for clients thinking of replacing their
Proxy with FortiProxy.
On-Box AI
New AI helps intelligently rate on
the fly and on-box the images to
reduce Weapons, Alcohol, Gore,
Porn, Extremism,
Swim/Underwear. This AI looks
at actual content itself on a per
image level.
Flexibility
Flexible Transparent and
Explicit mode deployment
options available via L2, L3,
inline and out-of-path
topologies. Even more
flexible than Symantec Proxy
deployment mode.
High availability
through clustering and
single cache storage
through case
collaboration. Hence no
external LB needed.
Maximum Performance
No performance degradation for
SSL inspection. We all know once
Symantec Proxy runs SSL,
performance will drop
significantly.
Visibility
With FortiView, clients can
see what is happening on
their networks in order to
future refine policy
Seamless Integration
with air gap isolation
solution (FortiIsolator) to
provide content to users in
the most secure manner
Direct integration
with FortiSandbox. For
Symantec, they need CAS
before they can connect to
their Sandbox.
10. 10
FortiProxy Form Factors
Multiple options for maximum deployment flexibility
Appliances
• 3 models
• From 500 to 50K users
• Support for 10GE
• Dual Power Supply
• Bypass ports
Public Cloud
• 4 VM models
• BYOL
• AWS and Azure Cloud
Virtual Machines
• 6 VM models
• Caching/WAN Opt and SWG Features
• CPU-based
• Perpetual licensing
• VMware, Hyper-V, and KVM
Centralized Management
• Perpetual licensing
• Full visibility and control for all FortiProxy form Factors
• Support VMware and KVM Hypervisors
13. 13
FortiProxyAppliance Lineup
Specification FPX400G FPX2000G FPX4000E
Base
Features
Advanced Caching and WAN Optimization
User License 500-6000 Users 500-20,000 Users 5,000-60,000 Users
Service License
(All-Inclusive) Web Filtering, DNS Filtering, Application Control, DLP, AV, IPS, Botnet (IP/Domain) and FortiSandbox Cloud
Ports 4 x 10/100/1000 RJ45 2 x 10/100/1000 RJ45
2 x 10/100/1000 RJ45 bypass
2 x 1GbE SFP
2 x 10GbE SFP+
4 x 10/100/1000 RJ45
2 x 10/100/1000 RJ45 bypass
2 x 1GbE SFP
4 x 10GbE SFP+
Memory 8GB 128GB 256GB
Storage 4TB (2 x 2TB HDD) 8TB (4 x 2TB HDD) 8TB (4 x 2TB HDD)
SSL Hardware 2 x CP9 2 x CP9 2 x CP9
Power Supply AC power supply (Optional Dual( Dual AC power supply Dual AC power supply
All platforms support FIPS 140-2 and Common Criteria
14. 15
FortiProxy VM Lineup (VM01-VMUL)
Specification VM01 VM02 VM04 VM08 VM16 VMUL
Base
Features Advanced Caching and WAN Optimization
User
License
100 Users 100 - 500 Users 100 -2,500 Users 100 - 10,000 Users 100 -25,000 Users 100 - 50,000 Users
Hypervisor
Support VMware ESX/ESXi, KVM Platform and Microsoft HyperV
Service
License SWG Protection Bundle:
Web Filtering, DNS Filtering, Application Control, DLP, Antivirus, IPS, Botnet (IP/Domain) and FortiSandbox Cloud
CPU 2x vCPU 4x vCPU 8x vCPU 16x vCPU 32x vCPU Unlimited vCPU
Memory
Unlimited (G) x RAM
Storage 1 Disk 2 Disks 2 Disks 4 Disks 8 Disks 16 Disks
Ports Up to 10 Interface
16. 17
FortiProxy License Offering
FortiProxy offers PAYG License (per “seat/user”) which allows the customer to scale
according to his needs.
Benefits:
• Scalable performance without the need for hardware replacement
• Customers pay only for the exact capacity currently required, which prevents over-
spending on the initial solution
• Overcomes capacity planning challenges
• Reduces the risk associated with data center growth for best investment protection
17. 18
Licensing Model
PAYG User Based Licensing – Minimum users required
Hardware / Virtual
(Include Advanced Caching and WAN Optimization + DNS Protection)
SWG Protection Bundle*
Web Filtering, DNS Filtering,
Application Control, DLP, AV, Botnet
IP/Domain and Sandbox Cloud
Content Analysis (Optional) * *
Support (FortiCare 24x7)
User-based
Pricing
Fixed Price
* Scale up to 50K users depend on HW/VM Model
* * Equal to SWG Protection Bundle amount
1
2
3
18. 19
Licensing Scenario 1
10
Orders
UNIT SKU Description
FortiProxy-2000E FPX-2000E FortiProxy2000E, 2xRJ45 GbE, 2xRJ45 GbE Bypass, 2xSFP GbE, 2xSFP+ 10GbE
FC-10-XY2KE-620-02-DD
SWG Protection - Web Filtering, DNS Filtering, Application Control, DLP, AV, Botnet
(IP/Domain), IPS, Sandbox Cloud. 500 User license with SWG Protection (Minimum
order 5 and up to 30)
FC-10-XY2KE-160-02-DD Content Analysis Service. 500 User license (Minimum order 5 and up to 30)
Number of seats: 5,000
Appliance Type: Hardware
Services and Support: SWG Protection Bundle, Content Analysis Service and 24x7 FortiCare Contract
Content Analysis: Required
10
Orders
1
2
3
19. 20
Licensing Scenario 2
30 Orders
UNIT SKU Description
FortiProxy-VM LIC-FPRXY-VM08
FortiProxy-VM08 software virtual appliance designed for VMware ESX/ ESXi,
Microsoft HyperV and KVM platform. 16 x vCPU core, 32GB RAM and 4TB Disk.
FC-10-XYVM8-621-02-DD
SWG Protection - Web Filtering, DNS Filtering, Application Control, DLP, AV, Botnet
(IP/Domain), IPS, Sandbox Cloud. 100 User license with SWG Protection license
with 24x7 support (Minimum order 1 and up to 10)
FC-10-XYVM8-160-02-DD Content Analysis Service. 100 User license (Minimum order 1 and up to 10)
Number of seats: 3,000
Appliance Type: Virtual
Services and Support: SWG Protection Bundle, Content Analysis Service and 24x7 FortiCare Contract
Content Analysis: Not Required
1
2
21. 22
FortiProxy Full Protection
User accessing
web
Website Reputation
Analysis
Antivirus
• Legacy Malware
Protection
• DNS Enforcement
• Web Filtering
Sandboxing
• Static Analysis
• Dynamic Analysis
DLP
FortiGuard Threat
Intelligence and research
FortiView FortiSandbox
• In-Build
• ICAP
FortiAnalyzer FortiCloud
Content Analyzer
(3rd party solution)
CP9 Bypass Interfaces High Storage Caching
FortiProxy OS
FortiGate Integration
(Version 6.0)
PAYG License
22. 23
FortiProxy Integration with Browser Isolation (FortiIsolator)
• Provide full Browser isolation based on Web categories
• FortiProxy policy integration with FortiIsolator with Several deployment modes:
• Explicit Proxy
• Transparent Proxy
• Mitigate against web based threats whilst retaining productivity
23. 24
• Content Analysis is able to detect NSFW
images and videos
• Near zero false negatives or near zero false
positives achievable
• Accomplished with Neural Network based
Image recognition technology
• Enforce for end user very sensitive to of illicit
images & videos
“ On BoxAI” - ContentAnalysis
Videos
Image
Text
24. 25
Credential Phishing Prevention
Domain Controller
Phishing Website
• Provide full protection against credential phishing
• Detect and Block known credentials sent to Phishing websites
• Incorporate with FortiGuard Web-Filtering categories
• Integration with organization Domain Controller
• Granular policy based web categories and URLs
25. 26
Acceptable Use Policy Enforcement
FortiProxy Build-In Authentication Methods
• FSSO
• LDAP/Radius
• Kerberos
• Single Sign On – SAML
• FortiToken
Authentication
User accessing web
Web Filtering
• Integration with threat intelligence
• Upload external blacklists
• Web Application Control
• Static web filtering
• Warning Page to user
FortiProxy
FortiAuthenticator
SSL
Inspection
26. 27
SSL-VPN & IPsec VPN
FEATURES
Provide full IPSEC VPN support
Support Wizard configuration
Support following methods:
»Site to Site (FPX, FGT and Cisco)
»Remote Access (FortiClient, MAC, Android,
Windows)
»Custom
Provide several Tunnel Templates
FEATURES
Provide full SSL VPN support
Support the following modes:
»Tunnel mode configuration
»Web Mode configuration
Provide a custom login page to SSL VPN
connections
Full FortiClient Support
27. 28
Content Caching & Video Caching
Content Caching
» FortiProxy is your network “memory”, remembering
content and returning it locally rather than wasting
precious internet bandwidth
Streaming Media Caching
» 30+ CDNs and growing
» Detects same video ID when content comes from
different CDN hosts
» Seek forward/backward in video
» Adverts cached separately
RTMP Stream Splitting and HTTP Live Streaming
» Download live video streams once, serve to many
clients
» Useful for live video events (sporting events,
corporate presentations etc)
» Optimise the network during high bandwidth
corporate events
Most Popular Supported CDNs
Youtube
Google Video
Metacafe
Foxnews
DailyMotion
Break
MSN
Yahoo
Myspace
28. 29
Caching Features
CACHE
COLLABORATION
CACHEPRELOAD
SUPPORT
CHUNKEDCACHE
SUPPORT
Pre-load cache content based on
manually defined URL pattern with
scheduled crawling function
Useful for schools and hotels where
popular content can be predicted
Cache content sharing and
clustering protocol
Support for caching of chunked
and ranged requests
Commonly seen in video
downloads
29. 30
Reverse Cache Prefetch
PREFETCH
FEATURES
You can now configure a user agent(such as
Wget) for prefetch URLs
You can ignore robots.txt rules when creating
prefetch URLs and reverse cache prefetch
URLs
Benefits
More accurate prefetch based on user agent
31. 32
Provides a real-time and historical traffic data from log
devices by source, domain, destination, threat map,
RTT, and Application Service.
Application Service:
» HTTP/S Traffic Statistics
» User Analytics
» Cloud Applications
» Caching and Optimization
» Top Sources, Destination and Sessions
Security:
» Threat map
» Top attacks, Geo IP, Quarantine
System:
» System logs
» Traffic logs
FortiView - Real time Monitoring
32. 33
Provides a real-time and historical data and security
logs from security profiles.
» Forward Traffic
» AntiVirus
» Web Filtering
» Application Control
» IPS and more…
Attack, Traffic, & Event Logging
Traffic monitor per application
Attack Event history per application
Latest Alerts
Logging and Monitoring
35. 36
Deployment Modes
Inline (L2/L3) Deployment
Explicit Deployment
Transparent/WCCP Deployment
• FortiProxy appliance acts as a transparent bridge in the
network and analyze client content traversing the device
• FortiProxy acts as an explicit proxy for clients in the network.
• Client browsers must be configured to redirect traffic to the
FortiProxy. Supports PAC files.
• FortiProxy appliance acts as a transparent bridge in the
network and analyze client content traversing the device.
• WCCP can be used to integrate with an existing network
architecture and deliver scalability and load balancing.
Supports WCCP client and Mask assignment.
36. 37
• Clientless remote browser isolation
• Works with any modern HTML5 capable browser
• Mitigate against web based threats whilst retaining productivity
• No third party code ever runs on the local machine
• Browser session runs in clean remote container
• Rendered page image displayed to client
• Supports web page interactivity e.g. links, forms, video, audio
Browser Isolation - Zero Trust Web Browsing
37. 38
High availability and scaling with FortiADC/FortiProxy
New in 4.0 MR3s
• FortiProxy and FortiADC for high availability and performance scaling
• Highly redundant solution that avoids complicated policy based routing/WCCP
• Delivers 99.999% uptime with intelligent server load balancing
• Scalable performance without the need for hardware replacement
• Increase Performance and Improve user QoE (quality of experience)
• Unparalleled deployment flexibility (transparent proxy, explicated proxy)
FortiProxy
39. 41
Best of Class Threat Intelligence & Protection - FortiGuard
• Fortinet has combining third party feeds and our own threat intelligence to provide
maximum protection.
• Big Data, Machine Learning, Automation, our own research and analysis
• Fortinet has shipped over 2.2 million appliances and has over 250,000 customers.
• Feedback from these appliances is used to provide world class Threat intelligence
• Best protection against known and unknown threats
41. 43
Value Proposition
$
Best Price/Performance
Security Processors (SPU( enable parallel path processing and delivers industry’s best threat
protection and SSL inspection performance
Lower Total Cost of Ownership providing great value to customers
Integration with Security Fabric
Fortinet’s security fabric delivers broad protection and visibility across multiple attack vectors and
multiple form factors
Integrated with key security fabric components such as FortiSandbox, FortiAnalyzer and third party
security devices for better security visibility and detection
Industry Proven Security Effectiveness
FortiGuard Web Filtering is the only VBWeb certified web filtering service in the industry
Integration with Top-rated FortiSandbox recommended by NSS Labs to combat advanced threats