SlideShare a Scribd company logo

PLNOG19 - Michał Taterka - FortiGate-VMX - integracja z VMware NSX

PROIDEA
PROIDEA

Celem sesji jest pokazanie sposobu integracji rozwiązania FortiGate VMX z infrastrukturą VMware NSX oraz jego możliwości zabezpieczenia wirtualnego środowiska. W ciągu kilkudziesięciu minut przeprowadzimy pełną instalację rozwiązania wraz z jego przykładową konfiguracją i uruchomieniem w środowisku produkcyjnym.

Software
1 of 31
Download to read offline
© Copyright Fortinet Inc. All rights reserved. FortiGate-VMX integracja z VMware NSX Michał Taterka Systems Engineer 25 września 2017
2 Vmware NSX What is Fortinet VMX? Why Fortigate VMX with NSX? The Recipe Deployment Options How to Design a Cost Effective VMX Solution FortiGate-VMX Logs to FortiAnalyzer FortiGate-VMX License Model Key Differentiators Agenda
Vmware NSX
4 Vmware NSX • SDN Solution • Option of Controller based SDN + NFV + Centralized Management • DFW and Edge Firewalling in NSX
What is Fortinet VMX?
6 What is Fortinet VMX? VMware KernelVMware Kernel vDistributed SwitchvDistributed Switch Kernel Agent Kernel Agent Kernel Agent VMCI socket sync vNIC FortiOS EngineFortiOS Engine Session DB vmif0vmif0 vsif0vsif0 Data Agent Packet DispatchersData Agent Packet Dispatchers dvfilterklibdvfilterklib Kernel User FortiGate-VMX FortiGate-VMX Service Manager Transport Table Session ID 001 00:00:xx1 002 00:00:xx2 003 00:00:xx3 004 00:00:xx4 005 00:00:xx5 Kernel Agent • Distributed NGFW and UTM solution for NSX Zero Trust Model • Automation & Orchestration
Why Fortigate VMX with NSX?
8 Why Fortigate VMX with NSX? Not just firewall, but advanced featuresNot just firewall, but advanced features Micro-Segmentation and Zero TrustMicro-Segmentation and Zero Trust Control of ‘east-west’ traffic, Inter Logical Security Zone (multi-tier) Control of ‘east-west’ traffic, Inter Logical Security Zone (multi-tier) Integration, Orchestration and AutomationIntegration, Orchestration and Automation Requirements Solution
The Recipe
10  ESXi servers – all of ’em ;)  NSX Manager – 1 piece  HTTP Server holding images for deployment – 1 piece  FortiGate-VMX Server Manager – 1 ovf file to deploy  VMware Distributed Firewall – 1 piece  FortiGate-VMX Security Nodes – 1 per each ESXi server  Distributed vSwitch – at least one :) The Recipe
11 Fortigate VMX and it’s Components Manage Third Party Solution Service ManagerService Manager Service ApplianceService Appliance ESXi Hosts VMware vCenter Server V5.5 or v6.0 VMware vSphere (Enterprise Plus license v5.5 or v6.0) VMware vSphere (Enterprise Plus license v5.5 or v6.0) REST API Fortinet Solution FortiGate-VMX Service Manager FortiGate-VMX Security Appliance
12 dvSwitchdvSwitch FGT-VMX FGT-VMX Pushpolicysynchronization toallFortiGate-VMX deployedincluster 7 Register Fortinet as security service with NSX Manager1 Auto-deployFortiGate-VMX toallhostsinsecurity cluster 2 FortiGate-VMX connects withFortiGate-VMX ServiceManager 3 License verification & configuration synchronization with FortiGate-VMX 4 NSXSecurityPolicydefinenetwork introspectionrulestoredirecttrafc 5 Real-time updates of object database6 FortiGate-VMX Service Manager FortiGate-VMX and NSX Integration/Interactions
13 VMware Kernel dvSwitch 1 Define NGFW Firewall Policies 2 FGT-VMX NetX NSX Filter Driver int ext Packet Flow 1. From VM to NSX Filter Driver 2. NSX Filter Driver Forward to Third party Solution (FGT-VMX) 3. FGT-VMX applies Security and sends packet back to NSX Filter Driver 4. NSX Filter Driver can do service chaining or send packet to destination FortiGate-VMX Service Manager FGT-VMX and VMWARE NSX Filter Driver Interaction
Deployment Options
15 • Option 1 : DFW + Fortigate VM or FortiOS • More than just stateful Edge firewalling • Option of Statefull firewall at DFW and NGFW/UTM at Edge Deployment Options
16 Deployment Options • Option 2 : DFW + Fortigate VMX + DLR + Edge • Micro segemented NGFW/UTM security
17 Deployment Options • Option 3 : DFW + Fortigate VMX + DLR + Fortigate VM/Forti-OS VM • Divide NGFW/UTM functionality between two layer • Better Performance
18 Deployment Options • Option 4 : DFW + Fortigate VMX + DLR + (+Edge) Physical Fortigate VDOM • Divide NGFW/UTM functionality between two layer • Multi-tenancy end to end • 1:1 Mapping between NSX Edge and VDOM • Better Performance Physical Fortigate VDOM
How to Design a Cost Effective VMX Solution
20 • Categorize the workload • Critical Workload placed on VMX enabled cluster • Catalogue based design – Pay per feature for MSSP’s • Cost optimization - For Enterprises + How to Design a Cost Effective VMX Solution
FortiGate-VMX Logs to FortiAnalyzer
22  Configuration is done on the FortiGate-VMX Service Manager  Logs are relayed from the FortiGate-VMX to the FortiGate-VMX Service Manager  Only the FortiGate-VMX Service Manager serial number is reported on FortiAnalyzer FortiGate-VMX Logs to FortiAnalyzer
FortiGate-VMX License Model
24  Expandable license model  Two product SKUs » FortiGate-VMX Service Manager - FG-VMX-MGMT  Centralized management and license repository for FortiGate-VMX environments » FortiGate-VMX Security Node - FG-VMX-1  One FortiGate-VMX Security Node instance for securing VMware environments  Multiple length Service and Support SKUs  Lab SKUs available for development environments FortiGate-VMX Licensing
25  No limits placed on resources (virtual or hardware), nor number of protected VM workloads.  Instance-based licensing. » Example: 10 ESXi hosts in cluster; 10 x FortiGate-VMX Security Nodes licenses are required.  FortiGate-VMX Service Manager is used as the license repository for FortiGate-VMX Security Nodes  FortiGate-VMX Security Nodes automatically validate to the FortiGate-VMX Service Manager Registration/ Synchronization Securitydbase updates FortiCare / FortiGuard - Service license registration and security database updates FortiGate-VMX Service Manager - License Repository - Centralized synchronization of configuration/policy FortiGate-VMX Security Nodes FortiGate-VMX Licensing
Key Differentiators
27  Real Multi-tenancy (VDOM) support  Per Security Appliance instance Resource monitor Key Differentiators
28  Real Multi-tenancy (VDOM) support  Per Security Appliance instance Resource monitor  Improved throughput for firewall and security functionality using TSO (TCP Segment Offload)  Service Manager to Security Appliance instant security policy update using HA Sync  Automatic creation of NSX Security Groups in FortiGate-VMX Service Manager  Central license server with auto decrement  OVF footprint < 40 MB  License independent from physical or virtual resources  NSX integrated upgrade process  Real-time FortiGuard updates Key Differentiators
Questions ???
FortiGate VMX Demo
PLNOG19 - Michał Taterka - FortiGate-VMX - integracja z VMware NSX

Recommended

Host fencing in oVirt - Fixing the unknown and allowing VMs to be highly avai...
Host fencing in oVirt - Fixing the unknown and allowing VMs to be highly avai...Host fencing in oVirt - Fixing the unknown and allowing VMs to be highly avai...
Host fencing in oVirt - Fixing the unknown and allowing VMs to be highly avai...
Martin Peřina
 
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...
Michael Man
 
Wirelessconnect
WirelessconnectWirelessconnect
Wirelessconnect
Firman Indrianto
 
XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, Citrix
XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, CitrixXPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, Citrix
XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, Citrix
The Linux Foundation
 
oVirt 4.3 highlights
oVirt 4.3 highlightsoVirt 4.3 highlights
oVirt 4.3 highlights
Douglas Landgraf
 
Challenges in Positioning OpenStack for NFVi: Are We Biting Off More Than We ...
Challenges in Positioning OpenStack for NFVi: Are We Biting Off More Than We ...Challenges in Positioning OpenStack for NFVi: Are We Biting Off More Than We ...
Challenges in Positioning OpenStack for NFVi: Are We Biting Off More Than We ...
Sadique Puthen
 
Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts
Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts
Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts
Cohesive Networks
 
Virtualization Management The oVirt Way (August Penguin 2015)
Virtualization Management The oVirt Way (August Penguin 2015)Virtualization Management The oVirt Way (August Penguin 2015)
Virtualization Management The oVirt Way (August Penguin 2015)
Allon Mureinik
 

Recommended

Host fencing in oVirt - Fixing the unknown and allowing VMs to be highly avai...
Host fencing in oVirt - Fixing the unknown and allowing VMs to be highly avai...Host fencing in oVirt - Fixing the unknown and allowing VMs to be highly avai...
Host fencing in oVirt - Fixing the unknown and allowing VMs to be highly avai...
Martin Peřina
 
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...
Michael Man
 
Wirelessconnect
WirelessconnectWirelessconnect
Wirelessconnect
Firman Indrianto
 
XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, Citrix
XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, CitrixXPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, Citrix
XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, Citrix
The Linux Foundation
 
oVirt 4.3 highlights
oVirt 4.3 highlightsoVirt 4.3 highlights
oVirt 4.3 highlights
Douglas Landgraf
 
Challenges in Positioning OpenStack for NFVi: Are We Biting Off More Than We ...
Challenges in Positioning OpenStack for NFVi: Are We Biting Off More Than We ...Challenges in Positioning OpenStack for NFVi: Are We Biting Off More Than We ...
Challenges in Positioning OpenStack for NFVi: Are We Biting Off More Than We ...
Sadique Puthen
 
Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts
Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts
Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts
Cohesive Networks
 
Virtualization Management The oVirt Way (August Penguin 2015)
Virtualization Management The oVirt Way (August Penguin 2015)Virtualization Management The oVirt Way (August Penguin 2015)
Virtualization Management The oVirt Way (August Penguin 2015)
Allon Mureinik
 
VMUG - NSX Architettura e Design
VMUG - NSX Architettura e DesignVMUG - NSX Architettura e Design
VMUG - NSX Architettura e Design
VMUG IT
 
Resilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security modelsResilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security models
Milosch Meriac
 
Drive into kvm
Drive into kvmDrive into kvm
Drive into kvm
Udayendu Kar
 
[CONFidence 2016]: Alex Plaskett, Georgi Geshev - QNX: 99 Problems but a Micr...
[CONFidence 2016]: Alex Plaskett, Georgi Geshev - QNX: 99 Problems but a Micr...[CONFidence 2016]: Alex Plaskett, Georgi Geshev - QNX: 99 Problems but a Micr...
[CONFidence 2016]: Alex Plaskett, Georgi Geshev - QNX: 99 Problems but a Micr...
PROIDEA
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld
 
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century ThreatsLinux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
James Morris
 
Proxmox for DevOps
Proxmox for DevOpsProxmox for DevOps
Proxmox for DevOps
Jorge Moratilla Porras
 
2008-09-09 IBM Interaction Conference, Red Hat Update for System z
2008-09-09 IBM Interaction Conference, Red Hat Update for System z2008-09-09 IBM Interaction Conference, Red Hat Update for System z
2008-09-09 IBM Interaction Conference, Red Hat Update for System z
Shawn Wells
 
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
OSGiUsers
 
Linux Kernel Security Overview - KCA 2009
Linux Kernel Security Overview - KCA 2009Linux Kernel Security Overview - KCA 2009
Linux Kernel Security Overview - KCA 2009
James Morris
 
Practical real-time operating system security for the masses
Practical real-time operating system security for the massesPractical real-time operating system security for the masses
Practical real-time operating system security for the masses
Milosch Meriac
 
Proxmox ve-datasheet
Proxmox ve-datasheetProxmox ve-datasheet
Proxmox ve-datasheet
Miguel Angel
 
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, IntelXPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
The Linux Foundation
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 Presentation
NCS Computech Ltd.
 
D-RTM for Qubes OS VMs
D-RTM for Qubes OS VMsD-RTM for Qubes OS VMs
D-RTM for Qubes OS VMs
Piotr Król
 
Integrating kdump into oVirt
Integrating kdump into oVirtIntegrating kdump into oVirt
Integrating kdump into oVirt
Martin Peřina
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix Linux
Security Session
 
Proxmox Talk - Linux Fest Northwest 2018
Proxmox Talk - Linux Fest Northwest 2018Proxmox Talk - Linux Fest Northwest 2018
Proxmox Talk - Linux Fest Northwest 2018
Richard Clark
 
PIX vs ASA_firewall
PIX vs ASA_firewallPIX vs ASA_firewall
PIX vs ASA_firewall
Rajesh Porwal
 
NET4933_vDS_Best_Practices_For_NSX_Francois_Tallet_Shahzad_Ali
NET4933_vDS_Best_Practices_For_NSX_Francois_Tallet_Shahzad_AliNET4933_vDS_Best_Practices_For_NSX_Francois_Tallet_Shahzad_Ali
NET4933_vDS_Best_Practices_For_NSX_Francois_Tallet_Shahzad_Ali
shezy22
 
Fortinet & VMware integration
Fortinet & VMware integrationFortinet & VMware integration
Fortinet & VMware integration
VMUG IT
 
07 - VMUGIT - Lecce 2018 - Antonio Gentile, Fortinet
07 - VMUGIT - Lecce 2018 - Antonio Gentile, Fortinet07 - VMUGIT - Lecce 2018 - Antonio Gentile, Fortinet
07 - VMUGIT - Lecce 2018 - Antonio Gentile, Fortinet
VMUG IT
 

More Related Content

What's hot

VMUG - NSX Architettura e Design
VMUG - NSX Architettura e DesignVMUG - NSX Architettura e Design
VMUG - NSX Architettura e Design
VMUG IT
 
Resilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security modelsResilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security models
Milosch Meriac
 
Drive into kvm
Drive into kvmDrive into kvm
Drive into kvm
Udayendu Kar
 
[CONFidence 2016]: Alex Plaskett, Georgi Geshev - QNX: 99 Problems but a Micr...
[CONFidence 2016]: Alex Plaskett, Georgi Geshev - QNX: 99 Problems but a Micr...[CONFidence 2016]: Alex Plaskett, Georgi Geshev - QNX: 99 Problems but a Micr...
[CONFidence 2016]: Alex Plaskett, Georgi Geshev - QNX: 99 Problems but a Micr...
PROIDEA
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld
 
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century ThreatsLinux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
James Morris
 
Proxmox for DevOps
Proxmox for DevOpsProxmox for DevOps
Proxmox for DevOps
Jorge Moratilla Porras
 
2008-09-09 IBM Interaction Conference, Red Hat Update for System z
2008-09-09 IBM Interaction Conference, Red Hat Update for System z2008-09-09 IBM Interaction Conference, Red Hat Update for System z
2008-09-09 IBM Interaction Conference, Red Hat Update for System z
Shawn Wells
 
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
OSGiUsers
 
Linux Kernel Security Overview - KCA 2009
Linux Kernel Security Overview - KCA 2009Linux Kernel Security Overview - KCA 2009
Linux Kernel Security Overview - KCA 2009
James Morris
 
Practical real-time operating system security for the masses
Practical real-time operating system security for the massesPractical real-time operating system security for the masses
Practical real-time operating system security for the masses
Milosch Meriac
 
Proxmox ve-datasheet
Proxmox ve-datasheetProxmox ve-datasheet
Proxmox ve-datasheet
Miguel Angel
 
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, IntelXPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
The Linux Foundation
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 Presentation
NCS Computech Ltd.
 
D-RTM for Qubes OS VMs
D-RTM for Qubes OS VMsD-RTM for Qubes OS VMs
D-RTM for Qubes OS VMs
Piotr Król
 
Integrating kdump into oVirt
Integrating kdump into oVirtIntegrating kdump into oVirt
Integrating kdump into oVirt
Martin Peřina
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix Linux
Security Session
 
Proxmox Talk - Linux Fest Northwest 2018
Proxmox Talk - Linux Fest Northwest 2018Proxmox Talk - Linux Fest Northwest 2018
Proxmox Talk - Linux Fest Northwest 2018
Richard Clark
 
PIX vs ASA_firewall
PIX vs ASA_firewallPIX vs ASA_firewall
PIX vs ASA_firewall
Rajesh Porwal
 
NET4933_vDS_Best_Practices_For_NSX_Francois_Tallet_Shahzad_Ali
NET4933_vDS_Best_Practices_For_NSX_Francois_Tallet_Shahzad_AliNET4933_vDS_Best_Practices_For_NSX_Francois_Tallet_Shahzad_Ali
NET4933_vDS_Best_Practices_For_NSX_Francois_Tallet_Shahzad_Ali
shezy22
 

What's hot (20)

VMUG - NSX Architettura e Design
VMUG - NSX Architettura e DesignVMUG - NSX Architettura e Design
VMUG - NSX Architettura e Design
 
Resilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security modelsResilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security models
 
Drive into kvm
Drive into kvmDrive into kvm
Drive into kvm
 
[CONFidence 2016]: Alex Plaskett, Georgi Geshev - QNX: 99 Problems but a Micr...
[CONFidence 2016]: Alex Plaskett, Georgi Geshev - QNX: 99 Problems but a Micr...[CONFidence 2016]: Alex Plaskett, Georgi Geshev - QNX: 99 Problems but a Micr...
[CONFidence 2016]: Alex Plaskett, Georgi Geshev - QNX: 99 Problems but a Micr...
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
 
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century ThreatsLinux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
 
Proxmox for DevOps
Proxmox for DevOpsProxmox for DevOps
Proxmox for DevOps
 
2008-09-09 IBM Interaction Conference, Red Hat Update for System z
2008-09-09 IBM Interaction Conference, Red Hat Update for System z2008-09-09 IBM Interaction Conference, Red Hat Update for System z
2008-09-09 IBM Interaction Conference, Red Hat Update for System z
 
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
 
Linux Kernel Security Overview - KCA 2009
Linux Kernel Security Overview - KCA 2009Linux Kernel Security Overview - KCA 2009
Linux Kernel Security Overview - KCA 2009
 
Practical real-time operating system security for the masses
Practical real-time operating system security for the massesPractical real-time operating system security for the masses
Practical real-time operating system security for the masses
 
Proxmox ve-datasheet
Proxmox ve-datasheetProxmox ve-datasheet
Proxmox ve-datasheet
 
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, IntelXPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 Presentation
 
D-RTM for Qubes OS VMs
D-RTM for Qubes OS VMsD-RTM for Qubes OS VMs
D-RTM for Qubes OS VMs
 
Integrating kdump into oVirt
Integrating kdump into oVirtIntegrating kdump into oVirt
Integrating kdump into oVirt
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix Linux
 
Proxmox Talk - Linux Fest Northwest 2018
Proxmox Talk - Linux Fest Northwest 2018Proxmox Talk - Linux Fest Northwest 2018
Proxmox Talk - Linux Fest Northwest 2018
 
PIX vs ASA_firewall
PIX vs ASA_firewallPIX vs ASA_firewall
PIX vs ASA_firewall
 
NET4933_vDS_Best_Practices_For_NSX_Francois_Tallet_Shahzad_Ali
NET4933_vDS_Best_Practices_For_NSX_Francois_Tallet_Shahzad_AliNET4933_vDS_Best_Practices_For_NSX_Francois_Tallet_Shahzad_Ali
NET4933_vDS_Best_Practices_For_NSX_Francois_Tallet_Shahzad_Ali
 

Similar to PLNOG19 - Michał Taterka - FortiGate-VMX - integracja z VMware NSX

Fortinet & VMware integration
Fortinet & VMware integrationFortinet & VMware integration
Fortinet & VMware integration
VMUG IT
 
07 - VMUGIT - Lecce 2018 - Antonio Gentile, Fortinet
07 - VMUGIT - Lecce 2018 - Antonio Gentile, Fortinet07 - VMUGIT - Lecce 2018 - Antonio Gentile, Fortinet
07 - VMUGIT - Lecce 2018 - Antonio Gentile, Fortinet
VMUG IT
 
Software defined security-framework_final
Software defined security-framework_finalSoftware defined security-framework_final
Software defined security-framework_final
Lan & Wan Solutions
 
04 vsx power-r65
04 vsx power-r6504 vsx power-r65
04 vsx power-r65
Richard Cove
 
Vsphere 4-partner-training180
Vsphere 4-partner-training180Vsphere 4-partner-training180
Vsphere 4-partner-training180
Juan Ulacia
 
vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...
vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...
vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...
VMworld
 
SEC8022_Securing_SDDC_NSX_Hammad_Shahzad
SEC8022_Securing_SDDC_NSX_Hammad_ShahzadSEC8022_Securing_SDDC_NSX_Hammad_Shahzad
SEC8022_Securing_SDDC_NSX_Hammad_Shahzad
shezy22
 
Vsphere 4-partner-training180
Vsphere 4-partner-training180Vsphere 4-partner-training180
Vsphere 4-partner-training180
Suresh Kumar
 
Forti Gate Virtual Appliances Sales 201010
Forti Gate Virtual Appliances Sales 201010Forti Gate Virtual Appliances Sales 201010
Forti Gate Virtual Appliances Sales 201010
Alvaro Roldan Peral
 
VMworld 2013: How to Exchange Status Message Between Guest and Host Using RPC
VMworld 2013: How to Exchange Status Message Between Guest and Host Using RPC VMworld 2013: How to Exchange Status Message Between Guest and Host Using RPC
VMworld 2013: How to Exchange Status Message Between Guest and Host Using RPC
VMworld
 
VMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptx
VMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptxVMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptx
VMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptx
Hythamsaadeh
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep Dive
VMworld
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep Dive
VMworld
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - SegmentationVMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld
 
FortiProxy sales presentation-02022020_Vee.pptx
FortiProxy sales presentation-02022020_Vee.pptxFortiProxy sales presentation-02022020_Vee.pptx
FortiProxy sales presentation-02022020_Vee.pptx
NuttapolMix
 
Citrix Cloud Master Class June 2014
Citrix Cloud Master Class June 2014Citrix Cloud Master Class June 2014
Citrix Cloud Master Class June 2014
Citrix
 
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSXOVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud
 
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
NETSCOUT
 
VMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectVMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real project
David Pasek
 
GAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO VMware vCloud Air
GAMO VMware vCloud Air
GAMO a.s.
 

Similar to PLNOG19 - Michał Taterka - FortiGate-VMX - integracja z VMware NSX (20)

Fortinet & VMware integration
Fortinet & VMware integrationFortinet & VMware integration
Fortinet & VMware integration
 
07 - VMUGIT - Lecce 2018 - Antonio Gentile, Fortinet
07 - VMUGIT - Lecce 2018 - Antonio Gentile, Fortinet07 - VMUGIT - Lecce 2018 - Antonio Gentile, Fortinet
07 - VMUGIT - Lecce 2018 - Antonio Gentile, Fortinet
 
Software defined security-framework_final
Software defined security-framework_finalSoftware defined security-framework_final
Software defined security-framework_final
 
04 vsx power-r65
04 vsx power-r6504 vsx power-r65
04 vsx power-r65
 
Vsphere 4-partner-training180
Vsphere 4-partner-training180Vsphere 4-partner-training180
Vsphere 4-partner-training180
 
vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...
vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...
vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...
 
SEC8022_Securing_SDDC_NSX_Hammad_Shahzad
SEC8022_Securing_SDDC_NSX_Hammad_ShahzadSEC8022_Securing_SDDC_NSX_Hammad_Shahzad
SEC8022_Securing_SDDC_NSX_Hammad_Shahzad
 
Vsphere 4-partner-training180
Vsphere 4-partner-training180Vsphere 4-partner-training180
Vsphere 4-partner-training180
 
Forti Gate Virtual Appliances Sales 201010
Forti Gate Virtual Appliances Sales 201010Forti Gate Virtual Appliances Sales 201010
Forti Gate Virtual Appliances Sales 201010
 
VMworld 2013: How to Exchange Status Message Between Guest and Host Using RPC
VMworld 2013: How to Exchange Status Message Between Guest and Host Using RPC VMworld 2013: How to Exchange Status Message Between Guest and Host Using RPC
VMworld 2013: How to Exchange Status Message Between Guest and Host Using RPC
 
VMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptx
VMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptxVMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptx
VMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptx
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep Dive
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep Dive
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - SegmentationVMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
 
FortiProxy sales presentation-02022020_Vee.pptx
FortiProxy sales presentation-02022020_Vee.pptxFortiProxy sales presentation-02022020_Vee.pptx
FortiProxy sales presentation-02022020_Vee.pptx
 
Citrix Cloud Master Class June 2014
Citrix Cloud Master Class June 2014Citrix Cloud Master Class June 2014
Citrix Cloud Master Class June 2014
 
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSXOVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
 
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
 
VMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectVMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real project
 
GAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO VMware vCloud Air
GAMO VMware vCloud Air
 

Recently uploaded

What is Master Data Management by PiLog Group
What is Master Data Management by PiLog GroupWhat is Master Data Management by PiLog Group
What is Master Data Management by PiLog Group
aymanquadri279
 
Transform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR SolutionsTransform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR Solutions
TheSMSPoint
 
SMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API ServiceSMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API Service
Yara Milbes
 
E-commerce Development Services- Hornet Dynamics
E-commerce Development Services- Hornet DynamicsE-commerce Development Services- Hornet Dynamics
E-commerce Development Services- Hornet Dynamics
Hornet Dynamics
 
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesE-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
Quickdice ERP
 
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j
 
Hand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code KataHand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code Kata
Philip Schwarz
 
Empowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - DeugloEmpowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - Deuglo
Deuglo Infosystem Pvt Ltd
 
socradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdfsocradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdf
SOCRadar
 
How to write a program in any programming language
How to write a program in any programming languageHow to write a program in any programming language
How to write a program in any programming language
Rakesh Kumar R
 
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdfAutomated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
timtebeek1
 
Odoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
Odoo ERP Vs. Traditional ERP Systems – A Comparative AnalysisOdoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
Odoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
Envertis Software Solutions
 
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOMLORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
lorraineandreiamcidl
 
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata
 
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
mz5nrf0n
 
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j
 
Oracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptxOracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptx
Remote DBA Services
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Łukasz Chruściel
 
Microservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we workMicroservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we work
Sven Peters
 
GreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-JurisicGreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-Jurisic
Green Software Development
 

Recently uploaded (20)

What is Master Data Management by PiLog Group
What is Master Data Management by PiLog GroupWhat is Master Data Management by PiLog Group
What is Master Data Management by PiLog Group
 
Transform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR SolutionsTransform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR Solutions
 
SMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API ServiceSMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API Service
 
E-commerce Development Services- Hornet Dynamics
E-commerce Development Services- Hornet DynamicsE-commerce Development Services- Hornet Dynamics
E-commerce Development Services- Hornet Dynamics
 
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesE-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
 
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
 
Hand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code KataHand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code Kata
 
Empowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - DeugloEmpowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - Deuglo
 
socradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdfsocradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdf
 
How to write a program in any programming language
How to write a program in any programming languageHow to write a program in any programming language
How to write a program in any programming language
 
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdfAutomated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
 
Odoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
Odoo ERP Vs. Traditional ERP Systems – A Comparative AnalysisOdoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
Odoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
 
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOMLORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
 
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024
 
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
 
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
 
Oracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptxOracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptx
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
 
Microservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we workMicroservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we work
 
GreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-JurisicGreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-Jurisic
 

PLNOG19 - Michał Taterka - FortiGate-VMX - integracja z VMware NSX

  • 1. © Copyright Fortinet Inc. All rights reserved. FortiGate-VMX integracja z VMware NSX Michał Taterka Systems Engineer 25 września 2017
  • 2. 2 Vmware NSX What is Fortinet VMX? Why Fortigate VMX with NSX? The Recipe Deployment Options How to Design a Cost Effective VMX Solution FortiGate-VMX Logs to FortiAnalyzer FortiGate-VMX License Model Key Differentiators Agenda
  • 4. 4 Vmware NSX • SDN Solution • Option of Controller based SDN + NFV + Centralized Management • DFW and Edge Firewalling in NSX
  • 6. 6 What is Fortinet VMX? VMware KernelVMware Kernel vDistributed SwitchvDistributed Switch Kernel Agent Kernel Agent Kernel Agent VMCI socket sync vNIC FortiOS EngineFortiOS Engine Session DB vmif0vmif0 vsif0vsif0 Data Agent Packet DispatchersData Agent Packet Dispatchers dvfilterklibdvfilterklib Kernel User FortiGate-VMX FortiGate-VMX Service Manager Transport Table Session ID 001 00:00:xx1 002 00:00:xx2 003 00:00:xx3 004 00:00:xx4 005 00:00:xx5 Kernel Agent • Distributed NGFW and UTM solution for NSX Zero Trust Model • Automation & Orchestration
  • 7. Why Fortigate VMX with NSX?
  • 8. 8 Why Fortigate VMX with NSX? Not just firewall, but advanced featuresNot just firewall, but advanced features Micro-Segmentation and Zero TrustMicro-Segmentation and Zero Trust Control of ‘east-west’ traffic, Inter Logical Security Zone (multi-tier) Control of ‘east-west’ traffic, Inter Logical Security Zone (multi-tier) Integration, Orchestration and AutomationIntegration, Orchestration and Automation Requirements Solution
  • 10. 10  ESXi servers – all of ’em ;)  NSX Manager – 1 piece  HTTP Server holding images for deployment – 1 piece  FortiGate-VMX Server Manager – 1 ovf file to deploy  VMware Distributed Firewall – 1 piece  FortiGate-VMX Security Nodes – 1 per each ESXi server  Distributed vSwitch – at least one :) The Recipe
  • 11. 11 Fortigate VMX and it’s Components Manage Third Party Solution Service ManagerService Manager Service ApplianceService Appliance ESXi Hosts VMware vCenter Server V5.5 or v6.0 VMware vSphere (Enterprise Plus license v5.5 or v6.0) VMware vSphere (Enterprise Plus license v5.5 or v6.0) REST API Fortinet Solution FortiGate-VMX Service Manager FortiGate-VMX Security Appliance
  • 12. 12 dvSwitchdvSwitch FGT-VMX FGT-VMX Pushpolicysynchronization toallFortiGate-VMX deployedincluster 7 Register Fortinet as security service with NSX Manager1 Auto-deployFortiGate-VMX toallhostsinsecurity cluster 2 FortiGate-VMX connects withFortiGate-VMX ServiceManager 3 License verification & configuration synchronization with FortiGate-VMX 4 NSXSecurityPolicydefinenetwork introspectionrulestoredirecttrafc 5 Real-time updates of object database6 FortiGate-VMX Service Manager FortiGate-VMX and NSX Integration/Interactions
  • 13. 13 VMware Kernel dvSwitch 1 Define NGFW Firewall Policies 2 FGT-VMX NetX NSX Filter Driver int ext Packet Flow 1. From VM to NSX Filter Driver 2. NSX Filter Driver Forward to Third party Solution (FGT-VMX) 3. FGT-VMX applies Security and sends packet back to NSX Filter Driver 4. NSX Filter Driver can do service chaining or send packet to destination FortiGate-VMX Service Manager FGT-VMX and VMWARE NSX Filter Driver Interaction
  • 15. 15 • Option 1 : DFW + Fortigate VM or FortiOS • More than just stateful Edge firewalling • Option of Statefull firewall at DFW and NGFW/UTM at Edge Deployment Options
  • 16. 16 Deployment Options • Option 2 : DFW + Fortigate VMX + DLR + Edge • Micro segemented NGFW/UTM security
  • 17. 17 Deployment Options • Option 3 : DFW + Fortigate VMX + DLR + Fortigate VM/Forti-OS VM • Divide NGFW/UTM functionality between two layer • Better Performance
  • 18. 18 Deployment Options • Option 4 : DFW + Fortigate VMX + DLR + (+Edge) Physical Fortigate VDOM • Divide NGFW/UTM functionality between two layer • Multi-tenancy end to end • 1:1 Mapping between NSX Edge and VDOM • Better Performance Physical Fortigate VDOM
  • 19. How to Design a Cost Effective VMX Solution
  • 20. 20 • Categorize the workload • Critical Workload placed on VMX enabled cluster • Catalogue based design – Pay per feature for MSSP’s • Cost optimization - For Enterprises + How to Design a Cost Effective VMX Solution
  • 21. FortiGate-VMX Logs to FortiAnalyzer
  • 22. 22  Configuration is done on the FortiGate-VMX Service Manager  Logs are relayed from the FortiGate-VMX to the FortiGate-VMX Service Manager  Only the FortiGate-VMX Service Manager serial number is reported on FortiAnalyzer FortiGate-VMX Logs to FortiAnalyzer
  • 24. 24  Expandable license model  Two product SKUs » FortiGate-VMX Service Manager - FG-VMX-MGMT  Centralized management and license repository for FortiGate-VMX environments » FortiGate-VMX Security Node - FG-VMX-1  One FortiGate-VMX Security Node instance for securing VMware environments  Multiple length Service and Support SKUs  Lab SKUs available for development environments FortiGate-VMX Licensing
  • 25. 25  No limits placed on resources (virtual or hardware), nor number of protected VM workloads.  Instance-based licensing. » Example: 10 ESXi hosts in cluster; 10 x FortiGate-VMX Security Nodes licenses are required.  FortiGate-VMX Service Manager is used as the license repository for FortiGate-VMX Security Nodes  FortiGate-VMX Security Nodes automatically validate to the FortiGate-VMX Service Manager Registration/ Synchronization Securitydbase updates FortiCare / FortiGuard - Service license registration and security database updates FortiGate-VMX Service Manager - License Repository - Centralized synchronization of configuration/policy FortiGate-VMX Security Nodes FortiGate-VMX Licensing
  • 27. 27  Real Multi-tenancy (VDOM) support  Per Security Appliance instance Resource monitor Key Differentiators
  • 28. 28  Real Multi-tenancy (VDOM) support  Per Security Appliance instance Resource monitor  Improved throughput for firewall and security functionality using TSO (TCP Segment Offload)  Service Manager to Security Appliance instant security policy update using HA Sync  Automatic creation of NSX Security Groups in FortiGate-VMX Service Manager  Central license server with auto decrement  OVF footprint < 40 MB  License independent from physical or virtual resources  NSX integrated upgrade process  Real-time FortiGuard updates Key Differentiators