Preview only show first 10 pages with watermark. For full document please download

Fortigate Security Series

   EMBED

Share

Transcript

FortiGate Security Series Comprehensive Solutions for Real Time Network Protection Threats Have Changed Spam Threats to corporate networks have evolved beyond the capabilities of Banned Content traditional network defenses. Email messages, file transfers, Web-pages Speed, Damage ($) Worms Contentbased Connection-based 1980 inappropriate content into data networks. Traditional firewalls are Viruses powerless against most of these “content-based” threats — they simply Intrusions Hardware Theft Physical 1970 and VPN links are now used to introduce damaging viruses, worms and Trojans 1990 2000 weren’t designed to analyze and process the application-level contents of network traffic. And software-based solutions are complex, costly, and too slow for today’s real time communications. Today’s content-based threats, which bypass conventional “Firewalls must provide a wide range of intrusion prevention capabilities, or face extinction ... ” – Gartner firewalls, spread faster and do more damage. Conventional solutions rely on a complex, costly collection of independent systems that don't stop today's content-based attacks. FortiGate Takes Real-Time Network Protection to the Edge We went back to the drawing board and developed a new type of platform that can deal with today’s and tomorrow’s threats at the network edge, without slowing your critical network applications. We assembled a team of the world’s leading networking and security experts — including the creator of the world’s most successful network security appliance and one of the world’s most respected antivirus experts — and created the award-winning FortiGate™ line of Antivirus Firewalls — the next generation in real-time network protection. The unique, ASIC-based architecture of FortiGate platforms avoid the limitations of conventional firewalls, VPN gateways, and softwareFortiGate Antivirus Firewalls provide complete, realtime protection at the network edge. based antivirus and content filtering systems. They provide better protection, and faster processing, at a lower cost. The World’s First Hardware-Based Antivirus Firewalls—and More Software-based antivirus systems, which are designed for scanning non real-time email messages, are too slow to be used to scan Web traffic or other real-time network applications. And that leaves your network dangerously exposed. FortiGate platforms use the revolutionary FortiASIC™ Content Processor chip to enable real-time antivirus protection at network speeds. With continuous, automatic updates of the latest threats from the FortiProtect Network, all of your critical communications — including Web, email, file transfer and even VPN traffic — can now be scanned and Virus and worm infections increasingly come from Web pages and other real-time applications, but few systems have the power to scan Web traffic cleared of viruses, worms, and malicious code before they can enter your network — without compromising performance. without bringing performance to a crawl. In fact, the FortiGate family is the world’s first line of ASIC-based systems to be certified by the International Computer Security Association (ICSA) for antivirus protection. And that’s just the beginning. > 2 A L C AT E L FortiGate Security Series Complete Network Protection Increases Security, Lowers Costs FortiGate Antivirus Firewalls protect you against threats to your security and productivity, and offer an unmatched array of integrated, policy-based capabilities. FortiGate units integrate seamlessly into your network, and provide antivirus and content filtering services “transparently” in conjunction with your existing firewall. FortiGate network protection systems have earned an unprecedented four certifications from ICSA for firewall, IPSec, antivirus, and intrusion detection. A Complete Family of Integrated Products and Services FortiGate offers a complete range of products and services that work together to provide the most comprehensive, cost-effective and manageable solutions available for protecting Capabilities supported by all FortiGate Antivirus Firewalls. networks of all sizes. FortiGate systems are kept up-to-date automatically via the global FortiProtect™ Network, providing realtime protection against the latest threats. “ FortiGate has demonstrated its investment in powerful network processing technology by filtering FortiLog systems provide reliable, centralized data collection for multiple FortiGate systems and enable consolidated reporting and analysis. viruses in-line, which requires an unprecedented level of packet ” assembly and filtering. – Gartner “ We were extremely impressed with the FortiGate unit’s ability to detect and eliminate viruses ” and worms in real time. The ASIC-accelerated FortiGate Antivirus Firewalls provide complete network protection, with real time performance, at the lowest total cost for both wired and wireless networks. – Miercom FortiManager Systems enable enterprises and service providers to efficiently manage, monitor and control dozens, hundreds or thousands of FortiGate systems from a central location. A L C AT E L 3 > FortiGate Systems Scale from SOHO to Service Provider All FortiGate models run the powerful, secure FortiOS™ real-time operating system and provide the full range of security functions. With systems designed for SOHO and telecommuters, small and mediumsized businesses, enterprises and service providers, there’s a FortiGate model to fit every application. FortiGate Systems for Enterprises address the flexibility and performance requirements for large businesses and enterprise branch offices. They support zones with independent security policies, and also support high-availability configurations that virtually eliminate downtime, even in the event of a system failure. FortiGate-200A FortiGate-3600 FortiGate-60 FortiGate-60 FortiGate Systems for large enterprise and service providers establish a new level of price/performance for gigabit-speed network protection. High-uptime features such as redundant, hot-swappable power supplies and fan assemblies, and sophisticated networking capabilities make these units ideal for large, complex networks and for managed security service offerings. The easy to deploy and administer FortiGate Systems for SOHO and SMB enable smaller organizations to implement enterprise-class security. “ The FortiGate 400 sets the benchmarks for ” appliance-based firewall devices. – Internet Telephony > 4 A L C AT E L “ The FortiGate 3600 would be an excellent choice in ” the enterprise/carrier-class arena — Best Buy. – SC Magazine FortiGate Security Series Respond to New Threats in Real Time FortiGate’s FortiProtect services provide up-to-date protection FortiGate’s Threat Protect Team operates around the world, around the clock to identify new threats and develop new detection and prevention “signatures.” The FortiProtect™ Distribution Network operates 24x7 to automatically deliver updated signature databases to FortiGate units around the world — and can even “push” updates to all FortiGate units in minutes in the event of a fastspreading outbreak. FortiProtect distribution servers are located worldwide to ensure fast, reliable updates to stop new attacks. The FortiProtect Center portal provides comprehensive, searchable information regarding viruses and system vulnerabilities, and provides a wealth of information resources that keep customers up to speed on the latest vulnerabilities and how to protect against them, including FortiProtect Bulletins delivered to customer inboxes to provide instant alerts and daily summaries of new threats. A L C AT E L 5 > FORTIGATE FAMILY OVERVIEW – SOHO / Branch Office / SMB Feature List SOHO/ Branch Office Small / Medium Business FortiGate 60 FortiGate 200A Interfaces 10/100 Ethernet ports 10/100 Switch ports USB ports 3 4 2 4 4 2 50K 2K 70 20 • 500 256 400K 4K 150 70 • 2K 256 System Performance Concurrent sessions New sessions/second Firewall throughput (Mbps) 168-bit Triple-DES throughput (Mbps) Unlimited concurrent users Policies Schedules Antivirus / Worm Detection & Removal (ICSA Certified) Scans HTTP, SMTP, POP3, IMAP, FTP and encrypted VPN tunnels Automatic “push” virus database update Block by file size • • • • • • • • • • 32 • • • • • 32 40 • • • • • 80 • • • • • • • • • • • • • • • Firewall (ICSA Certified) NAT, PAT, transparent (bridge) Routing mode (RIP v1, v2) 802.1Q VLAN Support User group-based authentication H.323 NAT traversal Protection profiles VPN (ICSA Certified) Dedicated tunnels Encryption (DES, 3DES, AES) PPTP, L2TP, VPN client pass though Hub and spoke architecture IKE certificate authentication (X.509) IPSec NAT traversal Content Filtering URL block, keyword block, exempt List Java applet, cookies, Active X Email filtering (keyword, exempt list) RBL/ORDB support Mime header check Feature List 6 A L C AT E L Small / Medium Business FortiGate 60 FortiGate 200A • • • • • • • • • • • Dynamic Intrusion Detection/Prevention (ICSA Certified) Prevention for over 1,300 attacks Customizable dynamic detection signature list Automatic attack database update Logging / Monitoring Internal HDD Email notification of viruses and attacks Syslog, SNMP High Availability (HA) Active-active, active-passive Stateful failover (FW and VPN) Device failure detection and notification Link status monitor A-P • • • • • • • • • • • • • • • • • • • Multiple administrators and user levels • Upgrades and changes via TFTP and WebUI • System software rollback • • • • Networking Multiple WAN link support PPPoE DHCP client/server Policy-based routing System Management Console interface (RS-232) WebUI (HTTPS), multi-language support Command line interface, Secure Command Shell (SSH) FortiManager system Administration User Authentication Internal database External RADIUS/LDAP database IP/MAC address binding Xauth over RADIUS for IPSEC VPN RSA SecurID • • • • • • • • • • • • • • • • Traffic Shaping Policy-based traffic shaping DiffServ setting Guarantee/max/priority bandwidth > SOHO/ Branch Office FortiGate Security Series FORTIGATE FAMILY OVERVIEW – Enterprise / Service Provider Feature List Enterprise Large Enterprise/ Service Provider FortiGate 400 800 FortiGate 3000 3600 Interfaces 10/100 Ethernet ports Gigabit Ethernet ports (copper/fiber) High availability port USB Ports 4 4 4C • • 1 3 1 1C/2F 2C/4F • • System Performance Concurrent sessions New sessions/second Firewall throughput (Mbps) 168-bit Triple-DES throughput (Mbps) Unlimited concurrent users Policies Schedules 400K 400K 10K 10K 280 600 975K 20K 2.25 1M 25K 4 Gbps Gbps 80 • 5K 256 200 • 20K 256 530 • 50K 256 600 • 50K 256 • • • • • • • • • • • • • • • • • • • 2/10 • • • 2/10 • • 32 • • 32 • • • up to 250 • • 32 • • • up to 250 • • 32 2K • • • • • 2K • • • • • 5K • • • • • 5K • • • • • • • • • • • • • • • • • • • • • • • • • Antivirus / Worm Scans Detection & Removal HTTP, SMTP, POP3, IMAP, FTP and encrypted VPN tunnels Automatic “push” virus database update Quarantine infected messages Block by file size User group-based authentication H.323 NAT traversal Protection profiles VPN (ICSA Certified) Dedicated tunnels Encryption (DES, 3DES, AES) PPTP, L2TP, VPN client pass though Hub and spoke architecture IKE certificate authentication (X.509) IPSec NAT traversal Content Filtering URL block, keyword block, exempt list Java applet, cookies, Active X Email filtering (keyword, exempt list) RBL/ORDB support Mime header check Enterprise FortiGate 400 800 Large Enterprise/ Service Provider FortiGate 3000 3600 Dynamic Intrusion Detection/Prevention (ICSA Certified) Prevention for over 1,300 attacks Customizable dynamic detection signature list Automatic attack database update • • • • • • • • • • • • 20G 20G 20G 20G • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Logging / Monitoring Internal logging capacity Email notification of viruses and attacks Syslog, SNMP High Availability (HA) Active-active, active-passive Stateful failover (FW and VPN) Device failure detection and notification Redundant power supplies Link status monitor Networking Firewall (ICSA Certified) NAT, PAT, transparent (bridge) Routing mode (RIP v1, v2) 802.1Q VLAN support Virtual domains (NAT/transparent) Feature List Multiple WAN link support PPPoE DHCP client/server Policy-based routing System Management Console Interface (RS-232) WebUI (HTTPS), multi-language support Command line interface, SSH FortiManager System Administration Multiple administrators and user levels Upgrades and changes via TFTP and WebUI System software rollback User authentication Internal database External RADIUS/LDAP database IP/MAC address binding Xauth over RADIUS for IPSEC VPM RSA SecurID Traffic Shaping Policy-based traffic shaping DiffServ setting Guarantee/max/priority bandwidth A L C AT E L 7 > www.alcatel.com/enterprise Alcatel 26801 West Agoura Road Calabasas, CA 91301 USA Contact Center (800) 995-2612 US/Canada (818) 880-3500 Outside US www.alcatel.com/enterprise Product specifications contained in this document are subject to change without notice. Contact your local Alcatel representative for the most current information. Copyright © 2004 Alcatel Internetworking, Inc. All rights reserved. This document may not be reproduced in whole or in part without the expressed written permission of Alcatel Internetworking, Inc. Alcatel® and the Alcatel logo are registered trademarks of Alcatel. All other trademarks are the property of their respective owners. P/N 031532-00 10/04