Transcript
FortiOS Carrier
Carrier-Grade Security Solutions
Securing Carrier Networks ••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••
Multi-Threat Security and Content Protection FortiOS™ Carrier security solutions utilize a combination of signature, anomaly, behavioral and heuristic detection engines to provide real-time multi-layered security. Fortinet’s FortiOS Carrier provides a high-performance, scalable solution to detect and eliminate a wide spectrum of attacks including blended threats, intrusion attempts, viruses, trojans, worms, spyware, grayware, adware and denials-of-service. Core Network Protection
MMS / IMS Protection
Client Protection
Carrier-grade GTP Firewall: - GTP Profile associated with Firewall policy - 3GPP 29.060 version 6.9.0
MMS Antivirus / Antispam: - MM1, MM3, MM4, MM7 interfaces - Reporting based on MSISDN and user agent
Transparent mode MPLS: - Intrusion Protection System (IPS) scanning of MPLS encapsulated traffic
Secure Next Generation networks: - SIP Signalling firewall for NGN/IMS networks - Supports SIP/SDP and ALG driven NAT/NAPT
Cyber crime and network attacks pose serious threats to subscribers that can lead to service outages, customer dissatisfaction and increased support costs. FortiOS Carrier provides protection for client devices such as PC’s, basic wireless handsets and Windows Mobile and Symbian OS based smartphones.
Protection Profiles
Parental Control Application Antivirus Protection Profile
Associated on a per MISDN / per user basis.
Associated on a per MISDN / per user basis. Antispam Protection Profile
The protection profile provides: - Antivirus / Antispam - URL Categorization - Intrusion Protection (IPS) - Instant Messenger control
The parental control application provides: - Filter Web URL categories - Content Rating / Blocking - Opt-in / Opt-out depending on the default protection profile settings
FortiOS Carrier Security Platforms Fortinet’s FortiOS Carrier security platforms provide end-to-end mobile network and device protection. FortiGate network-based ASIC-accelerated hardware platforms, available as integrated platforms or modular ATCA based platforms scale to meet the capacity and performance requirements of the largest networks. FortiOS Carrier security engines can be used separately or together to enable a comprehensive security solution based on the network and service requirements. Also available is FortiClient endpoint protection software that utilizes the power of Fortinet’s sophisticated security engines to protect mobile and personal computing devices and to protect the network from malware propagated by client devices.
FortiClient Mobile / PC Software
FortiGate Integrated Security Platforms Powered by FortiOS Carrier
FortiGate Modular ATCA Security Platforms Powered by FortiOS Carrier
FortiGate-3600A F iG 3600A
FortiGate-3810A FortiGate-3810A AMC Expansion Modules ADM-XB2 2-Port 10-Gigabit Ethernet
ASM-FB4 4-Port Gigabit Ethernet
FortiGate-5020
FortiGate-5050
FortiGate-5140
FortiOS Carrier Security Solutions FortiOS Carrier provided a fully integrated and complete solution securing the Application, Control, Transport and Access layers of the IP infrastructure network. GTP Firewall Protocol Anomaly Detection and Prevention CENTRALIZED MANAGEMENT
Multiple Filter Options Message, APN, IE removal, etc.)
SUBSCRIPTION SERVICES
CENTRALIZED REPORTING
Sanity Checking Stateful Inspection Gn
Over Billing Protection
INTERNET
Gi
Gn
SGSN
GGSN Gp
High Availability
FORIEGN OPERATORS
Virtual Domain Support
Secure Multimedia Messaging Service (MMS) MMS Content Scanning / Keyword Blocking
CENTRALIZED MANAGEMENT CENTRALIZED REPORTING
SUBSCRIPTION SERVICES
Antivirus Scanning / File Type Blocking Antispam Detection
WAP Gateway
INTERNET
MM3
MM1 MM4 MM7
MMSC & FORIEGN OPERATORS
Per user services, such as URL filtering and logging. Reporting based on MSISDN and user agent. Notifications can be sent to the handset (sender/recipient) Scanning of all MMS interfaces
VALUE-ADDED SERVICES
VLAN and High Availability Support
SIP / IMS Signalling Firewall SIP Statistics / Logging CENTRALIZED MANAGEMENT
Direct / Proxy SIP Calling
IMS INFRASTRUCTURE
SIP/SDP NAT/NAPT Context Based NAT
HSS
CENTRALIZED REPORTING
SUBSCRIPTION SERVICES
P-CSCF
SIP / DIAMETER
Message Rate Limiting Redundant Proxy Path SIP ALG Stateful Failover NAT Support for Call Detail Record (CDR)
INTERNET Applications S-CSCF I-CSCF
Media Gateway
FORIEGN OPERATORS PSTN / NGN
Fortinet Means Carrier-Grade Security FortiOS Carrier Security Solutions deliver the performance, reliability and scalability to protect next-generation IP based networks and services. Carrier Network Internet Protocol (IP) Services
Threat Evolution
Carrier networks are evolving to an all-IP infrastructure capable of delivering a vast array of new multimedia services to drive revenue growth. IP infrastructure also allows carriers to reduce capital costs, speed time-to-market and gain competitive advantage. However IP networks also present new challenges. Maintaining qualityof-service, reliability and security equivalent to circuit-switched networks is critical to the success and profitability of new IP-based services.
Viruses
Processing Power Required
Complete Content Level Inspection
IP networks are inherently open and therefore a target of hackers and criminals. Theft of services, identity fraud, and denial-of-service attacks are common. Spam, spyware, grayware, adware and inappropriate content clog networks and impact customer satisfaction. Subscribers expect carrier IP-based services to be reliable and secure. Managing service quality, support costs and revenue assurance is critical.
MMS Malware Email Spam Spyware Phishing / Pharming Inapprpriate Web Content
CONTENT LEVEL NETWORK LEVEL
IPS (Intrusion Protection)
Sophisticated Worms Basic Worms Intrusions
Firewall Inspection / VPN 1990
1995
2000
2005
Network Eavesdropping DOS / DDOS
2007+
Fortinet FortiOS™ Carrier Fortinet FortiOS Carrier platforms provide a fully integrated and complete solution to detect and eliminate a wide spectrum of attacks at all layers of the IP infrastructure. Patented ASIC-accelerated hardware platforms powered by Fortinet’s award winning FortiOS, enable an integrated portfolio of UTM (Unified Threat Management) security services that deliver the highest level of multi-threat protection with industry-leading performance and scalability. Fortinet solutions are fully IPv6 compatible and support “dual-stack” and “IPv4 tunneling” for seamless transition to IPv6. The fully integrated FortiManager/ FortiAnalyzer unified management, logging and reporting systems make deployment, maintenance and operation easy and cost-effective.
FortiOS Multi-Layered Security
MANAGEABLE Integrated
RELIABLE Field Proven
Traffic Shaping Antispam Web Filtering Antivirus / Antispyware IDS / IPS Firewall IPsec / SSL VPN Network / Content Security
Carrier-Grade Security Solutions
Protection Across OSI Stack
FLEXIBILITY Modular
Complete Content Protection
COST-EFFECTIVE CAPEX / OPEX
Fortinet Unique Intelectual Proptery
Integrated Management, Logging & Reporting Multi-Layered Security
PERFORMANCE Wire-Speed
Management, FortiASIC Hardware LoggingAcceleration & Reporting
Network Processor
FortiASICTM - CP
FortiASICTM - NP
Content Processor
Industry Leading Performance
SECURITY Multi-Layered
Network / Content Processing
FortiGuard™ Distribution Network / Update Manager FortiGuard is a global network of redundant high speed database servers that deliver real-time signature updates. FortiGuard is configurable in a hierarchical architecture where signature updates are cached in real-time from the Fortinet global database to a locally hosted service provider database. This enables service providers to flexibly customize their protection configuration while maximizing performance, ensuring security, and sustaining service levels. FortiGuard provides real-time ‘push / pull’ update services for Antivirus, Content Filtering, Antispam, System Software Updates and Intrusion Prevention Services.
Global Virus Research Team Fortinet’s Antivirus security services are created, updated and managed by a global team of Fortinet security professionals working around-theclock, seven days-a-week to ensure that the latest attacks are detected and blocked before they can harm your corporate resources or infect your end-user computing devices. Fortinet provides the fastest Antivirus signature response times in the industry.
GLOBAL HEADQUARTERS Fortinet Incorporated 1090 Kifer Road, Sunnyvale, CA 94086 USA Tel +1-408-235-7700 Fax +1-408-235-7737 www.fortinet.com/sales
[email protected]
EMEA SALES OFFICE-FRANCE Fortinet Incorporated 120 rue Albert Caquot 06560, Sophia Antipolis, France Tel +33-4-8987-0510 Fax +33-1-5858-0025
APAC SALES OFFICE-HONG KONG Fortinet Incorporated Room 2429-2431, 24/F Sun Hung Kai Centre No.30 Harbour Road, WanChai, Hong Kong Tel +852-3171-3000 Fax +852-3171-3008
©2006-2007 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiOS, FortiAnalyzer, FortiASIC, FortiLog, FortiCare, FortiManager, FortiWiFi, FortiGuard, FortiClient, and FortiReporter are trademarks or registered trademarks of the Fortinet Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Licensed under U.S. Patent No. 5,623,600. Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. Please note that no Fortinet statements herein constitute or contain any guarantee, warranty or legally binding representation. All materials contained in this publication are subject to change without notice, and Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice. SOL123 1207 R2
