Infromacion Ciberseguridad El Orbe

CIBERSEGURIDAD
EL ORBE
REAS
DE SOLUCIN
Valoracin de Situacin
Actual en Ciberseguridad.
Anlisis de Vulnerabilidades
y Pruebas de Penetracin.
Identificacin de Infraestructura
Crtica y Anlisis de Riesgo.
Consultora, capacitaciones
y planes de concientizacin.
Instalacin y Configuracin
Cualquier tipo de empresa sin de NGIPS y NGFW.
importar su mercado o industria,
no se encuentra exenta de los
Ciberataques, por lo que se
deben tomar medidas para no Soluciones de Cifrado
verse envuelto en un incidente de
seguridad de informacin. Esto
conlleva a alinear los recursos
limitados con los que se cuenta y Soluciones de HSM
orientarlos a proteger la infra-
estructura crtica que realmente
soporta la operacin de las orga-
nizaciones, como parte funda- Anlisis y Valoracin de Trfico
mental para la continuidad de los Malicioso (Assessment)
servicios.
Hardening (Endurecimiento
de configuraciones)
www.elorbe.la
SOLUTION GUIDE
Application Security for the Data Center

Securing Applications from Threats Requires a Complete,
Integrated Solution that Enhances Enterprise Firewall and
Intrusion Prevention Technologies
SOLUTION GUIDE: APPLICATION SECURITY FOR THE DATA CENTER
Introduction Web Application Attacks
Most organizations focus their limited resources on locking down Verizons 2015 Data Breach Investigations Report revealed that over
access and controlling their networks to protect their data centers 38 percent of all data breaches were caused by web application
from external threats. The latest generation of enterprise firewalls and vulnerabilities. The Open Web Application Security Project (OWASP)
intrusion prevention systems (IPS) primarily focus on securing the has consistently reported since 2010 that almost every web-based
network and controlling access to it. These are great technologies, application has one or more vulnerabilities listed in their Top 10 list of
however there are limits to what they can offer to provide complete application security risks. They have also reported that 95 percent
protection against threats that target applications, application of all websites are attacked annually using cross-site scripting and
services, and users. injection techniques. Gartner stated in its 2015 Web Application
Firewall Magic Quadrant that they expect more than 80 percent of
As soon as an application is opened to the Internet, it is a target.
all enterprises will have a web application firewall (WAF) in place by
All that stands between an attacker and an organizations sensitive
2018 to protect against web application attacks.
data is an unassuming login screen. No matter how many layers of
network security are in place, this entry point could expose Application Layer DDoS Attacks
customer data, proprietary information, or sensitive financial
Distributed denial of service (DDoS) attacks are one of the oldest
information if the application hasnt been hardened or protected by
security threat types, however they have evolved over the past
some other means.
decade to target application-level services. Large scale bulk
In this solution guide well explore the top challenges organizations volumetric attacks still grab the large headlines, however the fastest
face when it comes to securing applications and the data they host, growing category of these attack types are layer 7 events that only
including web application vulnerabilities, application layer DDoS take a few megabits of packets to do as much harm as an attack
attacks, advanced persistent threats (APTs), scaling application in the hundreds of gigabits. DDoS attacks are still ranked as the
encryption, and protecting users from email-borne threats. top threat by data center managers compared to other events like
infrastructure outages and bandwidth saturation.
Applications are Easy Targets
Email: The Backdoor to Your Security Fortress
There is no question that a firewall is your first line of defense for
network security. Todays latest firewall technologies are almost Network security professionals spend the better part of their
bulletproof, at least at the layer 2 and 3 levels. Attackers and cyber careers designing, implementing, and maintaining the latest and
criminals know this and have had to adapt their techniques. Not that best defenses for their organizations. Even with the most advanced
they wont try to look for firewall vulnerabilities, rather they know that firewall security systems in place, all it takes is one click by a user on
high-value targets like financial institutions, retailers, and government a link in a malicious email to bypass your carefully crafted network
agencies have tightened their security policies and the days of easy protections. Cyber criminals are getting much more sophisticated
data breaches at the firewall are over. in their tactics. Many spam and phishing emails they send can fool
even the most cautious of users with communications that appear to
The fastest growing categories of attacks and data breaches
come from reliable sources or even your own IT department.
are those that target applications, application layer services, and
inexperienced users. These represent most of the remaining Email is also one of the key attack vectors for social engineering.
weak spots and there are countless possibilities to exploit code Clever attackers can now easily access connections on Facebook,
vulnerabilities, application modules, and trusting users who think that LinkedIn, and other social media sites to easily obtain contact
the email they just received was a legitimate request to reset their information. Then they craft emails that look like theyre being sent
account credentials. by legitimate friends and colleagues in an attempt to trick users
into downloading malicious attachments or direct them to websites
where malware can be installed.
2
Protecting Applications from APTs
APTs are custom-developed, targeted attacks. They can evade volume increase to 30 percent in 2015 and expects 50 percent
straightforward detection, using previously unseen (or zero-day) growth in 2016. Combined with this explosive expansion in traffic,
malware, exploit vulnerabilities (unpatched security holes), and come the complexity of moving to more advanced encryption keys as the
from brand-new or seemingly innocent hosting URLs and IPs. Their technology expands from 1,024 keys to 2,048 and now 4,096, is
goal is to compromise their target system with advanced code doubling and even quadrupling secure packet sizes. Servers and
techniques that attempt to circumvent security barriers and stay load balancers are struggling to keep up with this demand using
under the radar as long as possible. todays current crop of secure application delivery solutions.
Applications and email are two top vectors in APTs. Many web
Complete Application Security Extends Past
applications allow the uploading of files and many emails contain
the Firewall
attached files that could be risks. Antivirus scans can check for
previously identified risks, however APTs generally are tailored to Each of the areas presented in the previous section provide unique
circumvent traditional AV detection and many slip past this first line challenges that need more than a firewall or an IPS to completely
of defense. address. Most firewall and IPS systems today, including our
FortiGate product line, have features that can solve many of these
Secure Application Traffic Growth new problems. However, in general they are limited to signature
detection and need additional solutions to provide complete
Although not a threat, many enterprises are aggressively expanding
protection for unknown and zero-day attacks. FortiGate has many
SSL to all their web-facing applications. Even seemingly benign
services that can be enabled such as deep packet inspection
applications are getting the secure treatment in order to patch
and data loss prevention (DLP), but even with those, there are
known or unknown vulnerabilities to other more important systems.
still loopholes and there are performance impacts that need to be
Sandvines Encrypted Traffic Report 2015 saw encrypted traffic
considered in enterprise deployments.
3
The most used application-level protection features of FortiGate offers many advanced services that come close, but still, no
and other firewalls are IP reputation and signature detection. one product can do everything. We discussed deep packet
Usually subscription-based services, IP reputation and attack inspection earlier. Most enterprise data center managers do not
signatures are very effective measures that block attacks before turn this service on as it can be very processor-intensive and can
any processing is applied by the firewall. If an attack is from a impact overall firewall throughput. In these cases, the FortiGate is
known source or it matches a predefined signature, it is blocked streamlined to basic capabilities for maximum performance, where
automatically without the firewall having to perform any further other devices manage the additional layers of security needed.
inspection. FortiGate offers these services through our award- Small to mid-size organizations enable many of the advanced
winning FortiGuard Labs. FortiGate NGFW features for Unified Threat Management (UTM),
where a single box can handle the throughputs and make things
Although signature services are very effective to block attacks
easier to manage to help when IT resources are limited.
from known sources and previous attack patterns, zero-day and
APTs bypass these detection systems. In some cases APTs are So, as a data center manager youre most likely going to need to
so customized, that malicious code is developed specifically at a look beyond the capabilities of your firewall to provide the complete
single target with no forewarning until the malware is deployed. network and application protection to meet the challenges your
Signatures and IP reputation also cant fully protect web organization faces.
applications from attacks as many code-based vulnerabilities have
For large organizations, one of the most difficult decision points is
almost unlimited ways to bypass any predefined signatures.
whether or not to consolidate to one vendor or opt for best-of-
In the face of these threats, Fortinet has risen to the occasion with breed point solutions. There are many arguments on both sides
purpose-built solutions to supplement the protections in firewalls of this debate ranging from single vendors are easier to deal
and IPS platforms. These include web application firewalls for with all the way to point solutions will offer the best in security
application security, DDoS attack mitigation appliances for DDoS and features. When you sit down and weigh the options, you
protection, advanced application delivery controllers (ADCs) to should look at what is critical to your organization such as features,
meet the demands of secure application traffic, sandboxing to interoperability, integration, management, and support to select a
isolate malicious code for inspection, and email security gateways vendor that can meet as many of those to provide a complete end-
that can detect and prevent email-borne threats from getting to to-end solution for your data center.
your users.
The remainder of this document discusses the major challenges
In a perfect world all of these security measures would be in a and provides you information on how Fortinet can help you solve
single appliance. However, even with the best hardware available these problems as a complete single vendor for your advanced
today, the performance impacts of these services put an all- network and application security needs.
inclusive super firewall out of reach for enterprises. FortiGate
4
PCI Compliance, Firewalls, and WAFs Application Threats: The OWASP Top 10
Weve done our best to highlight the case that youre going to need Threat Firewall WAF
more than a firewall to completely protect your applications and 1 Injection (SQL, OS, and LDAP) No Yes
data. If youre in one of the many industries that deal in e-commerce
Broken Authentication and
and banking, you need to consider PCI compliance for your network 2 No Yes
Session Management
and application security. 3 Cross-Site Scripting No Yes
4 Insecure Direct Object References No Yes
Although PCI DSS standards are not mandated by law, many laws,
5 Security Misconfiguration No Yes
especially at the state and local level, specifically mention PCI
6 Sensitive Data Exposure Yes Yes
compliance to meet legal requirements. A firewall alone is not going
7 Missing Function Level Access Control No Yes
to be enough. To pass PCI DSS 6 compliance, youre going to need
8 Cross-site Request Forgery (CSRF) No Yes
a web application firewall to meet all the OWASP Top 10 Application
9 Using Components with Known Vulnerabilities No Yes
Threats that are referred to in that section. Below is a list of the
10 Unvalidated Redirects and Forwards No Yes
OWASP Top 10 and how a WAF stacks up against a firewall.
Application Security Solutions

Fortinet is much more than our enterprise-class FortiGate firewalls. We offer many solutions that provide complete network and application
security for a data center. The following section covers many of the advanced threats and challenges that data centers face today along
with the solutions offered by Fortinet. For more details on the products presented, white papers, case studies and other useful information,
please visit Fortinet.com.
Fortinets Integrated Application Security Solution

Fortinet s application security solution delivers a complete end-to-end high-performance solution that protects an organizations valuable
information throughout the data center by using a combination of Fortinet products. These include web application firewalls, email security
gateways, application delivery controllers, DDoS mitigation, and database security.
5
Web Application Security

Web applications are attractive targets to hackers as they are public-facing applications that
Web Application
require being open to the Internet. As many provide major e-commerce and business-driving
Security Threats
tools, they can contain cardholder, company, and other sensitive data.
nnPublic facing applications are
Perimeter security technologies such as IPS and firewalls have focused on network and attractive targets
transport layer attacks. Many vendors, including Fortinet have added application layer
nnSensitive customer and
enhancements, usually referred to as Deep Packet Inspection (DPI) to extend signature
proprietary data exposed
detection to the application layer. Although DPI is useful in protecting against attacks on the
nnAlmost every web application
web server infrastructure (IIS, Apache, etc.), it cannot protect against attacks on custom web
has vulnerabilities
application code such as HTML and SQL.
nnFirewalls can only detect
Web Application Firewalls (WAFs) known threats
Securing web applications requires a completely different approach than signature detection nn95 percent of all websites
alone. Only a web application firewall can provide complete application protection by have experienced cross-site
understanding application logic and what elements exist on the web application such as URLs, scripting and SQL injection
parameters, and what cookies it uses. Using behavioral monitoring of application usage, the attacks
WAF can deeply inspect every application in your data center to build a baseline of normal
behaviors and trigger actions to protect your applications when anomalies arise from attacks.
FortiWeb Web Application Firewalls
FortiWeb Web Application Firewalls provide specialized, layered web application threat
protection for medium/large enterprises, application service providers, and SaaS providers.
FortiWeb Web Application Firewalls protect web-based applications and Internet-facing data
from attacks and breaches. Using advanced techniques it provides bidirectional protection
against malicious sources, DoS attacks, and sophisticated threats such as SQL injection,
cross-site scripting, buffer overflows, file inclusion, cookie poisoning, and numerous other
attack types.
nnWAF throughputs ranging from 25 Mbps to 20 Gbps
nnMultiple, correlated threat detection methods include protocol validation, behavioral

identification, FortiGate quarantined IP polling, and subscription-based FortiGuard IP
reputation, antivirus and web attack signatures
nnIncluded vulnerability scanner and support for virtual patching with third-party scanner
integration
nnLayer 7 content-based server load balancing and hardware-based SSL acceleration
nnSimplified deployment with automatic setup tools and integration with FortiGate
nnCentralized Management and administrative domains (ADOMs)
6
Fortinet Virtual and Hardware Appliances

Fortinet offers many of its products in both hardware and virtual appliance versions. Most products fully support the major virtualization
platforms including VMware, Microsoft Hyper-V, Citrix XenServer, Amazon Web Services, and Microsoft Azure. See the chart below for
virtual versions and platforms supported for products mentioned in this document.
Virtual Product VMware Hyper-V XenServer AWS Azure
FortiGate VM Yes Yes Yes Yes Yes
FortiWeb VM Yes Yes Yes Yes Yes

FortiADC Yes Yes Yes No No
FortiMail VM Yes Yes Yes No No
FortiSandbox VM Yes No No No No
DDoS Protection
DDoS attacks were one of the first data center threats and as Application layer attacks can be very effective using small traffic
theyve evolved, they continue to be the top threat that data center volumes, and may appear to be completely normal to most
managers face today. New DDoS attacks target layer 7 application traditional DDoS detection methods. This makes application layer
services and can do as much damage as high-volume multi-gigabit attacks much harder to detect than other basic DDoS attack types.
bulk-volumetric attacks. Rather than simply flooding a network with Most ISPs use basic methods to protect you from large-scale
traffic or sessions, these attack types target specific applications attacks, however they dont have the sophisticated detection tools
and services to slowly exhaust resources at the application level. to intercept these smaller application-level threats and normally
pass them through to your network.
Advanced DDoS Threats

nnOldest but fastest evolving threat type
nnRemains #1 threat to data centers
nnLayer 7 threats fastest growing category
nnFirewalls can only detect known DDoS threats
nnSmall layer 7 attacks under 50 Mbps can do as much damage as attacks in the hundreds of gigabits
DDoS Attack Mitigation Solutions

There are many options available for DDoS attack mitigation DDoS attack mitigation appliances are dedicated in-line devices
ranging from simple DIY server configurations to advanced data that block layer 3, 4 and layer 7 attacks that come in carrier- and
center-based hardware solutions. Most ISPs offer layer 3 and 4 enterprise-grade options. Most organizations that want to protect
DDoS protection to keep your links from becoming flooded during their private data centers usually look at the enterprise models
bulk volumetric events, however they dont have the capability to provide cost-effective DDoS detection and mitigation. Todays
to detect the much smaller layer 7-based attacks. Data centers offerings provide capacities that can handle large-scale volumetric
cannot rely on their ISPs alone to provide a complete DDoS attacks for 100 percent layer 3, 4, and 7 protection or can be
solution that includes application layer protection. used to supplement basic ISP-based bulk DDoS protection with
advanced layer 7 detection and mitigation.
7
FortiDDoS DDoS Attack Mitigation Appliances
The FortiDDoS family of purpose-built appliances provides real-time network visibility in addition to detection and prevention of DDoS
attacks. FortiDDoS helps protect Internet-facing infrastructure from threats and service disruptions by surgically removing network and
application-layer DDoS attacks. It defends critical on-premises and cloud infrastructure from attacks while relying on sophisticated filtering
technologies to allow legitimate traffic to continue to flow. These scalable, high-performance appliances deliver proven DDoS defenses, and
are completely interoperable with existing security technologies and network infrastructure.
nnUp to 48 Gbps of total bi-directional throughput
nnInline, transparent mitigation for layer 3, 4, and 7 DDoS attack types
nn100 percent behavioral-based DDoS detection and mitigation using ASIC technology
nnFortiASIC TP2 processor delivers less than 5-second attack response and mitigation times
nnIP reputation scoring system and continuous attack re-evaluation reduce risks of false positive detections
nnCentralized alerts, bandwidth management, role-based management, and self-service portals for MSSP environments
Email Protection
Email is a critical business service that no organization can survive without, but it is one of
the greatest vulnerabilities when it comes to security. It has become the primary target that Email Remains a
criminals use to take advantage of poor security policies and unsophisticated users. Top Target
nnEven sophisticated users
Email threats come in two primary forms, inbound and outbound. Inbound are the traditional
are falling prey to advanced
threats like spam and phishing attacks that attempt to lure users into providing sensitive
phishing schemes
information such as login credentials or credit card information. Outbound threats arent
nnData loss of sensitive
really attacks, rather they are risks to your organizations sensitive information. Employees,
contractors, and consultants have the ability to send proprietary information to anyone, materials is a major risk to
anywhere. Sometimes its by mistake; other times its not. organizations
nnEmails with links to websites

Secure Mail Gateway easily open security threats to
Secure mail gateways are dedicated hardware or virtual devices that provide protection from your network
email spam and malware, and also provide outbound email content inspection and encryption. nnFirewalls cant stop users
Through the use of reputation filtering, most email is filtered out and using advanced spam and from making mistakes
phishing detection emails are scanned that pass through the network to determine if they are
nnNeed a solution that can
threats. Suspicious emails can be blocked or quarantined for later review depending on how
scan for spam, phishing, and
the gateway is configured.
suspicious links to prevent
Data center managers can set detailed business rules to scan all outgoing email for sensitive users from attacks
data. If any sensitive data is discovered, it can be blocked or automatically encrypted
depending on how the policies are configured.
8
FortiMail Secure Application Delivery

Users have come to expect applications to be there when they
need them and to respond immediately. It is a given now that they
also expect that you are protecting their and your organizations
sensitive data. In order to provide the security that almost every
application needs, data center managers are deploying SSL on
FortiMail is a complete secure email gateway offering suitable for
almost every application, however this comes at a cost in user
any size organization. It provides a single solution to protect against
capacities, speed, and latency.
inbound attacks, including advanced malware, as well as outbound
threats and data loss with a wide range of top-rated security As mentioned previously, the trend in secure traffic growth will
capabilities. These capabilities cover: antispam, antiphishing, anti- strain even the best-architected data centers to keep up with this
malware, sandboxing, data loss prevention (DLP), identity based demand. Coupled with this is that SSL encryption keys are getting
encryption (IBE), and message archiving. more complicated as they expand from the older 1,024-bit keys to
2,048, and now 4,096.
FortiMails inbound filtering engines block spam and malware
before they can clog your network or compromise your systems.
Its outbound inspection technology (including 3G mobile traffic)
ADCs with SSL offloading
reduces the loss of sensitive information, maintains compliance, Application Delivery Controllers (ADCs) offer the feature to offload
and prevents your organization and users from being blacklisted. SSL traffic from servers to the ADC itself. Most manufacturers
When integrated with Fortinets NSS Labs Recommended can do this using software encryption and decryption, however
FortiSandbox, FortiMail helps stop the most advanced threats only hardware-accelerated appliances have the dedicated ASIC
before they reach end users. processors to handle the speeds of a modern data center. Most
software-based devices can handle a few hundred to a few
nnHighly effective email security: 37 consecutive VBSpam
thousand transactions per second vs. hardware-based
Platinum awards, 40 VB100 awards including high marks in
appliances that can manage tens-of-thousands of secure
their Reactive and Proactive (RAP) testing, AV Comparatives
transactions per second.
Advanced+ designation for Antiphishing, and NSS Labs
Recommendation for Breach Detection (integrated By offloading this processor-intensive traffic from the servers to the
FortiSandbox). ADC, secure applications can scale up to 100 times while at the
nnProtection for sensitive information and compliance: same time reducing response rates for end users.
Integrated DLP and email encryption, including predefined yet
customizable dictionaries and Identity Based Encryption (IBE),
plus email archiving. Secure Application Traffic Growth
nnPart of Fortinets Advanced Threat Protection Framework: nnMost organizations rapidly deploying SSL to protect
Secured by FortiGuard Security Services. Integrating with all applications
FortiSandbox, FortiMail is an integral part of a cohesive
nnSecure traffic growing at rapid rate
approach to close off a critical, early-stage element of the
targeted attack kill chain. nnApplication delivery infrastructure strained to keep up
nnHighest performance: The unique architecture of FortiMail has nnFirewalls usually have limited application delivery
been proven to meet the requirements many of the worlds functionality
largest carriers and is the highest-performing messaging nnExpansion of complex encryption keys (2,048 and 4,096)
security solution in the industry, delivering message protection
put increased demands on data center resources
for over 28 million messages per hour in a single appliance.
nnUnparalleled deployment flexibility: Gateway, inline and server

modes, plus physical, virtual, and cloud form factors ensure a
seamless fit for all environments.
9
FortiADC and allowed to do what it was intended to do. Since the sandbox is
completely isolated from your network and applications, if the code
is malware, its not going to do any harm to your real environment.
Once the code is extracted and installed in the sandbox, its easy
to examine the changes it makes to do the damage it was intended
to do. If it is assessed to be a threat, the malware is quarantined
FortiADC hardware and virtual ADCs provide unmatched server and blocked from entering your network.
load balancing performance whether scaling an application across
a few servers in a single data center or serving multiple applications FortiSandbox Advanced Threat Detection
to millions of users around the globe. With included SSL offloading,
HTTP compression, global server load balancing, firewall, and link
load Balancing, they offer the performance, features, and security
needed at a single all-inclusive price.
nnL4 throughput from 2.7 Gbps to 50 Gbps.
nnComplete layer 4 to 7 server load balancing solution with FortiSandbox is a key part of Fortinets integrated and automated
intelligent policy-based routing Advanced Threat Protection solution. Recommended by NSS
nnWeb
Labs, FortiSandbox is designed to detect and analyze advanced
application firewall and IP reputation (subscriptions
required) attacks designed to bypass traditional security defenses. In
independent NSS Labs testing, FortiSandbox demonstrated 97.3
nnScripting for custom load balancing and content rewriting rules
percent breach detection effectiveness and due to Fortinets unique
nnAuthentication offloading speeds user authentication for secure multi-layered sandbox analysis approach, detected the majority of
applications threats within one minute.
nnSSL forward proxy for increased secure traffic inspection with
FortiSandbox, secured by FortiGuard, offers inspection of all
FortiGate firewalls
protocols and functions in one appliance. It can integrate with your
nnQualified for Microsoft Exchange 2010 and 2013
existing Fortinet infrastructure including FortiGate, FortiMail, and
FortiClient, fueling a security ecosystem that automatically protects,
Advanced Threat Protection for Applications
learns, and improves your overall threat protection. It delivers highly
Malware can come in any form and can be one of the most difficult
effective protection against advanced persistent threats that is
threats to detect. Some forms of it can be simple to detect as they
affordable as well as simple and flexible to deploy and manage.
may route a user to a website to download malicious code. Newer
Complement your established defenses with this cutting-edge
methods are much more obfuscated and rely on many different
sandbox capability; analyzing files in a contained environment
vectors to infect users or data center infrastructure elements.
to identify previously unknown threats and uncovering the full
This complexity, combined with the almost limitless options for attack lifecycle.
zero-day malware attacks can make it almost impossible for nnProtects against advanced threats: Scans files on the network,
firewalls and IPS systems to detect all these threats. Additionally,
in emails, in URLs, in network file share locations, and
many of them may be buried in seemingly harmless code that in
on-demand. Protects against advanced email threats,
some cases may take years to be fully exposed.
Windows threats, Office threats, zip threats, pdf threats,
mobile threats, and more.
Sandboxing
nnInspects across all Operating Environments: Code emulation
Even with the best threat detection defenses, sometimes its just
examines and runs instruction sets to assess intended
best to let the code explode to see what its going to do. This
activity independent of operating environment for broader
is where a sandbox comes in and acts like a bomb squad. The
security coverage.
suspicious code is isolated in a virtual bomb detonation chamber
10
nnExamines activity, rather than attributes: Executes objects FortiSandbox. Most Appliances offer centralized management and
within a secure virtual runtime environment (sandbox) to are tied to FortiAnalyzer for consolidated reporting and analytics.
analyze activity--system changes, exploit efforts, site visits, Additionally, most products offer user authentication support that
subsequent downloads, botnet communications, and moreto can be tied into FortiGate or other authentication methods.
expose sophisticated threats.
Actionable: This is the Fabric category that focuses on making
nnPre-filters to deliver fast results: Leverages Fortinets sense out of it all to take action quickly, especially when any part of
proactive anti-malware (consistently top-rated in VB100 RAP the network is under attack. All devices can be configured to alert
tests) and extended database as well as additional patented IT staff of suspicious activity, or can take action by themselves to
advanced threat intelligence techniques to detect a large block threats. Centralized management and reporting via the single
percentage of advanced threats without the time and effort of pane of glass helps security managers cut through the clutter to
full sandboxing. act on events in near real time. Automated tools and behavioral
detection can augment human response times with granular
nnProvides rich threat intelligence: Uncovers information related
policies to take actions immediately to minimize damages.
to the full threat lifecycle, not just initial code, to speed
remediation. Trigger automated and manual response in other Scalable: Scalability is defined as both speed and expansion.
Fortinet products to mitigate incidents. Dynamically generate Application Security offers some of Fortinets highest performance
custom threat intelligence and distribute to supporting devices including FortiWeb and FortiMail, with the fastest WAF
Fortinet products. and email security in the industry. We also offer high-performance
nnDelivers Officially Licensed Microsoft Components: Product ASIC-enhanced solutions for DDoS and ADCs with FortiDDoS and
FortiADC. Each Fortinet product line provides models that span
comes with Microsoft Windows, Internet Explorer, and Office
the needs of mid-market organizations all the way to large carriers
embedded licenses, confirmed approved for use in virtual
and MSPs. In addition, FortiADC can be employed to expand
environments unlike other sandbox solutions.
capacities for other Fortinet products such as FortiMail, FortiCache
Cooperative Network Security Across the and FortiGate.
Extended Enterprise Open: Finally, as mentioned above, Application Security is an
The Fortinet Security Fabric enables Fortinet Application Security open platform that integrates many third-party solutions, via their
products and those of third-party vendors to work together to boost native APIs, including those from industry leaders such as IBM, HP
security across core networks, remote devices and the cloud. and Verisign.
Fortinet Application Security productsincluding web

End-to-End, Integrated Application Security
application firewalls, secure email gateways, DDoS mitigation,
and high-performance secure application accelerationare Only Fortinet can offer the security, performance, and integration
all deeply integrated into the Fortinet Security Fabric for direct for a total network and application security platform that can meet
communications. This provides data center managers with an the needs of your data center. Starting with the award-winning
architecture that is secure, aware, actionable, scalable and open. FortiGate NGFW as a foundation along with the Fortinet Security
Fabric for network-wide communications, Fortinet offers the
Secure: Fortinet Application Security products employ various additional products and services you need to provide complete
combinations of FortiGuard Labs threat intelligence services to protection that goes beyond firewalls to protect your applications,
provide the latest protection from viruses, malicious sources, spam, users, and sensitive data.
web application attacks and Advanced Persistent Threats. The
Fortinet Security Fabric distributes threat intelligence across the No matter how complex your needs are, a comprehensive Fortinet
network of security devices. security solution that includes WAF, DDoS, application delivery,
email security, and sandbox integration is easy to setup and
Aware: Fortinet Application Security products are integrated manage. We provide you the tools you need to centrally manage
via the Fabric with other Fortinet solutions to seamlessly share your Fortinet solutions and tools for consolidated threat analysis
information between each other. The devices are deeply integrated and reporting.
with FortiGate appliances and, where applicable, also with
11
Fortinet products are designed to leverage and interoperate organization. As a customer you have options for 24/7 support,
with other Fortinet devices and services via the Fortinet Security on-site consulting, and other enterprise-class services offered by
Fabric. We optimize and test our products to minimize bottlenecks our award-winning FortiCare global customer support.
to increase overall performance between platforms when used
together in an enterprise data center environment. Summary
Only Fortinet offers deep integration between our FortiGate, A firewall is your first line of network defense in your data center,
FortiWeb, FortiMail, and FortiSandbox platforms. Whether its however many new trends that target applications and end
simplifying the setup of traffic routing to advanced ATP scanning users require additional protections that a firewall or an IPS cant
with FortiSandbox, Fortinet makes it easy to deploy advanced provide. Signature-based detection, IP reputation, and deep
application security in your network and closes the gaps common packet inspection can stop some of these advanced threats, but
in point solutions. they are limited in what they can offer. Additional products like
web application firewalls, DDoS attack mitigation appliances,
Most of Fortinets products support single pane of glass sandboxing, email security gateways, and application delivery
management and reporting through our FortiManager and controllers are needed to address these new threats to your data
FortiAnalyzer products. Unified under a single screen, operators center and users.
get a complete picture of their Fortinet products for simplified
management and complete visibility of incidents that span one or Fortinet offers a wide range of products to data center managers
more Fortinet devices. that not only complement our class-leading FortiGate firewalls,
they also are designed to work together seamlessly in a complete
Finally, expertise matters. We are leaders in enterprise security network and application security protection framework. For more
technologies. Our trained pre-sales engineers can provide information on the products presented in this white paper, please
assistance in reviewing your advanced threat requirements visit Fortinet.com.
and design solutions to meet the unique challenges of your
GLOBAL HEADQUARTERS EMEA SALES OFFICE APAC SALES OFFICE LATIN AMERICA SALES OFFICE
Fortinet Inc. 905 rue Albert Einstein 300 Beach Road 20-01 Paseo de la Reforma 412 piso 16
899 Kifer Road Valbonne The Concourse Col. Juarez
Sunnyvale, CA 94086 06560, Alpes-Maritimes, Singapore 199555 C.P. 06600
United States France Tel: +65.6513.3730 Mxico D.F.
Tel: +1.408.235.7700 Tel +33 4 8987 0500 Tel: 011-52-(55) 5524-8428
www.fortinet.com/sales
Copyright 2016 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law
trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other
results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied,
except to the extent Fortinet enters a binding written contract, signed by Fortinets General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in
such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinets internal
lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most
current version of the publication shall be applicable.
May 16, 2016
SOLUTION BRIEF
Fortinets Data Center Solution

High Performance Network Security
Introduction Highlights
nnHigh performance, high capacity,
The data center is the focal point of several trends in computing and and ultra-low latency
networking that are driving rapid change to the overall IT infrastructure
nnCloud-ready multi-tenant support
strategy for many organizations as well as the requirements for data
and virtual domain support for
center security. network segmentation
This guide discusses these trends and demonstrates how Fortinets nnFlexibility
to enable the firewall
data center security solutions can help you meet the corresponding personality you need to match
your environment with edge
security requirements to take advantage of the opportunities presented or core deployment, network
by these trends. segmentation, or integrated
security technologies
Market Trends Affecting the Data Center nnSingle-pane-of-glass management
nnMobility and BYOD Smartphone and tablets are increasingly being used by for unmatched visibility and control
employees, customers and end-users to consume data and services. This explosion of
nnSingle
security platform delivers all
anytime, anywere data consumption has driven the need for greater network speeds
needed data center services
in the data center, but also increased risk exposure of sensitive data to unauthorized
nnLower TCO, improved projection,
access outside of corporate boundaries.
increased performance
nnServer Virtualization and Data Center Consolidation As multiple physical systems
were efficiently combined with server virtualization such as VMware, core network nnUnmatched flexibility of
traffic density increased from first server consolidation and later even consolidation of deployment with appliance,
multiple data centers. As IT efficiency reduced new server provisioning from months to chassis, and virtual
machine options
mere days, it enabled further business productivity driving further increases in network
traffic and utilization.
www.fortinet.com 1
SOLUTION BRIEF: Fortinets Data Center Solution
nnCloud Computing and Software Defined Networking What this Means for Security Requirements
As organizations of all sizes utilize public and private cloud
1. Scalability As networks continue to accelerate, the data
services, data centers have to evolve to support multi-
center is at the forefront of the requirement to support
tenancy, infrastructure orchestration, seamless integration
higher performance and need high-speed, high-capacity,
with third-party application services and greater access
and low latency firewalls.
by external parties. This dynamic environment becomes
even more fluid as control of the networking function is 2. Segmentation As data centers have become more
separated from its physical hardware for greater flexibility dynamic, organizations are embracing increased network
and speed. This enables increased business agility, but also segmentation as a best practice to isolate data based
with operational risk that sensitive data and assets will be on applications, user groups, regulatory requirements,
more exposed to unintended access in shared, external business functions, trust levels, and locations. As a
computing environments. result, firewalls need to provide high port density and
logical abstraction to support both physical and virtual
These trends are driving, if not accelerating an ongoing Moores
segmentation across private and public clouds.
Law effect of core network speeds doubling every 18 months.
This is not just in the refresh of the data center network 3. Simplification As these data centers extend to external
switching and routing fabric, but also in the firewalls and parties of varying trust levels, organizations need to
network security appliances needed, more than ever, to secure consider a Zero-Trust model for data access that drives
data and IT assets in these dynamic, multi-tenant environments multiple security functions from traditionally just the data
spanning on-premise and external cloud resources. center edge more deeply into fine-grained segmentation
throughout the core of the network. This requires a
In fact, Infonetics Research found in a recent survey of decision-
consolidated security platform that can support high
makers of large organizations of over 1,000 employees that
speeds even as many functions are turned out at each
most are looking for:
micro-perimeter.
nnFaster firewalls with 100+ Gbps aggregate throughput
nnHigh-speed ports to interface to their core network fabric
Fortinets Data Center Solution
(40G and 100G) to Fortinet has been a leader in securing data centers for over
nnBetter
10 years. Our high-performance, low-latency chassis and
performance of their multi-function security
appliance-based solutions have protected many of the largest
technologies
data centers in the world. Fortinet customers are focused on
nnThe ability to deploy additional security services without very high throughput and ultra low latency to meet increasing
affecting performance data center core network speeds.
FIGURE 1: 73% of respondents want to upgrade their data center firewalls.
FIGURE 2: Data Center Core Firewall
2
To meet these performance demands, FortiGate platforms The only way for a network security platform to scale is
deliver some of the highest throughputs and lowest latencies via purpose-built ASICs to accelerate specific parts of the
on the market, several with over 100 Gbps aggregated packet processing and content scanning function. FortiGate
performance and sub-5 s latency. technology utilizes optimum path processing (OPP) to optimize
This high performance enables organizations to implement the the different resources available in packet flow.
network segmentation discussed earlier to support regulatory The FortiASIC can scale to 500 Gbps of firewall throughput
compliance, function, location or trust level. independent of packet size while maintaining a high number of
sessions and extremely low latency. The FortiASIC utilized by
The Fortinet Difference Purpose-built the FortiGate Firewall models are:
Appliances, Custom ASICs nnContent Processor (FortiASIC CP8) - Accelerated content
At the heart of the FortiGate data center firewalls are purpose- security such as antimalware, VPN encryption/decryption
built FortiASIC processors that enable this extremely high level and authentication processing
of performance. These custom content and network processors nnNetwork Processor (FortiASIC NP6) Accelerated network
provide near-wire speed switching, routing, and stateful
security tasks such as Firewall, VPN and IPv6 translation
firewalling.
The network processors eliminate the need for legacy Scale-Up and Scale-Out for Virtual and Cloud
L2 switches and routers within the datacenter. Instead, Environments
FortiGate takes over and performs network segmentation, FortiGate hardware solutions provide scale-up performance
switching, routing, and network security, all while reducing for data centers of all sizes with a range of appliance and
network complexity. chassis form factors ranging from 20 Gbps up to an industry-
Furthermore, our integrated architecture provides extremely leading 560 Gbps blade-in-chassis. These provide attractive
high throughput and exceptionally low latency, minimizing performance, TCO and flexibility in a single unit for organizations
packet processing while accurately scanning the data for ranging from mid-sized to larger enterprises, and to telco/carrier
threats. Custom FortiASIC processors deliver content segments.
inspection at multi-Gigabit speeds. The root of the problem with private cloud security comes
from the fact that its not a static architecture environment.
Clouds are built and aggregated through pools of resources
that must be elastic to scale with organizational demand. This
changes how security is designed and implemented. Fortinet
Cloud Security (including FortiGate, FortiWeb, FortiManager,
FortiAnalyzer) enables enterprises to automatically scale and
intelligently segment their private cloud infrastructure and
applications with elastic and agile protection.
In addition to providing efficient scale-up performance in
compact appliance and chassis options, FortiGate also provides
equally critical scale-out performance through FortiGate-VM
FIGURE 3: Dedicated ASICs versus CPU Architectures
virtual appliances that provide agile capacity that can deploy
elastically with virtualization hosts or cloud infrastructure to
Traditional security appliances that use multi-purpose CPU-
provide unlimited scalability through a distributed approach with
based architectures becomes an infrastructure bottleneck. Even
dozens if not hundreds of virtual security appliances across
when using multiple multi-core general purpose processors,
both private and public clouds.
network security devices cannot deliver the high performance
and low latency required in data center deployments.
3
policies and to aggregate and analyze logs and events,

FortiManager and FortiAnalyzer ensure a consistent security
posture across the hybrid cloud regardless of where workloads
instantiate, migrate, or fail over.
FortiManager and FortiAnalyzer themselves can even run as
virtual appliances in a private or public cloud, leveraging the
benefits of cloud-based security management, such as for
scale-out log aggregation and analytics capacity or ubiquitous
administrative access.
FIGURE 4: FortiGate Performance Physical and Virtual
FortiGate-VM virtual appliances, along with nearly a dozen

other Fortinet solutions available as virtual machines, support
major enterprise hypervisors from VMware vSphere to Hyper-V,
Xen, and KVM, as well as leading cloud service providers
ranging from Amazon Web Services to major telecom public
cloud offerings.
Unique virtual domain (VDOM) technology along with virtual
LAN (VLAN) support provide ability for both FortiGate FIGURE 5: Single-Pane-of-Glass Management Across Hybrid Cloud
appliances to manageably scale in multi-tenant private or public
cloud environments. Long used in large-scale managed service
environments, VDOMs can divide a single larger physical (or Summary
even virtual) FortiGate appliance into dozens, if not hundreds of The data center is one of the most dynamic aspects of
logical independent instances, to flexibly provide either isolated network security today. As significant trends in computing and
or coordinated firewall policies and security configurations to networking continue to drive changes in many critical business
individual tenants. practices, organizations look for innovative network security
solutions to help them embrace those changes. Fortinets
Single Pane-of-Glass Management Across
FortiGate Network Security Platform can provide the backbone
Physical, Virtual, and Cloud of your data center strategy. Fortinets industry-leading, high
Fortinets complementary management solutions ensure capacity Firewall technologies deliver exceptional throughput
coordinated security policy across hundreds of physical and ultra-low latency, enabling the security, flexibility, scalability
and virtual FortiGate appliances, whether solely within an and manageability you demand across physical, virtual and
internal data center, extending the private cloud to an external cloud environments.
public cloud, or across multiple public clouds. With a single,
centralized platform for defining firewall rules and security
Fortinet Inc. 905 rue Albert Einstein 300 Beach Road 20-01 Paseo de la Reforma 412 piso 16
899 Kifer Road Valbonne The Concourse Col. Juarez
Sunnyvale, CA 94086 06560, Alpes-Maritimes, Singapore 199555 C.P. 06600
United States France Tel: +65.6513.3730 Mxico D.F.
Tel: +1.408.235.7700 Tel: +33.4.8987.0500 Tel: 011-52-(55) 5524-8428
current version of the publication shall be applicable. July 29, 2016
FortiADC
FortiADC 60F, 100F, 200D, 300D, 400D, 1000F, 2000F, 4000F and VM
The FortiADC Application Delivery Controllers

(ADC) optimize the availability, user experience,
performance and scalability of Enterprise
Application Delivery. The FortiADC family of
physical appliances delivers fast, secure and
intelligent acceleration and distribution of
demanding applications in theenterprise.
Acceleration and Performance Highlights

Multi-core processor technology,
combined with hardware-based Comprehensive server load balancing
SSLoffloading to accelerate for 99.999% application uptime
applicationperformance. Server offloading for improved
application acceleration, scale and TCO
Intelligent traffic management for
Application Availability optimized application delivery
andavailability
24x7 application availability through Hardware-based SSL Offloading,
automatic failover, global server load Forward Proxy, and Visibility
balancing, and link load balancing to Authentication Offloading
optimize WAN connectivity.
Included Global Server Load Balancing
Included Link Load Balancing
Web Application Firewall with
Enhanced Protection automaticupdates
Web application firewall to defend Scripting for custom load balancing
against application vulnerabilities. andcontent rewriting
DATA SHEET
FortiADC
HIGHLIGHTS
Hardware-Based SSL Offloading, need to lease expensive WAN links. It aggregates multiple links
SSL Inspection, and Visibility to create a virtual tunnel to a remote data center that ensures
FortiADC offloads server-intensive SSL processing with support for availability especially for applications that are time sensitive and
4096-bit keys, TCP connection management, data compression require large single-session bandwidth such as video conferencing.
and HTTP request processing from servers. This speeds up
response times, reduces load on the backend servers, allowing Optimize Performance with PageSpeed,
them to serve more users. Caching, and Compression
FortiADC provides multiple services that speed the delivery of
SSL Forward Proxy utilizes FortiADCs high-capacity decryption applications to users. The PageSpeed suite of website performance
and encryption to allow other devices, such as a FortiGate firewall, enhancement tools can automatically optimize HTTP, CSS, Javascript
to easily inspect traffic for threats. An inline pair of FortiADCs at the and image delivery to application users. Caching on FortiADC
front end and back end of a firewall remove all encryption so that dynamically stores popular application content such as images,
the firewall isnt taxed with the additional load of SSL processing. videos, HTML files and other file types to alleviate server resources
FortiADC ensures seamless re-encryption with certificates intact and accelerate overall application performance. HTTP Compression
with no user disruptions. employs GZIP and DEFLATE to intelligently compress many content
FortiADCs Transparent HTTP/S and TCP/S Mirroring Capabilities types used by todays latest web-based applications to reduce
decrypt secure traffic for inspection and reporting. Copies of clear bandwidth needs and improve the user application experience.
traffic can be sent for analysis by FortiGate or other third-party
solutions for an indepth view of threats that may be hidden in Web Application Firewall, Web Filtering, and
encrypted traffic while FortiADC continues to perform its application IP Reputation for Enhanced Security
delivery functions. Web applications can be an easy target for hackers. FortiADC
offers you multiple levels of protection to defend against attacks
FortiADC integrates with Gemaltos SafeNet Enterprise Hardware that target your applications. In addition to its stateful firewall
Security Modules (HSMs) to use the advanced security certificates feature, built in to every FortiADC is a Web Application Firewall
managed by the HSM for the encryption and decryption of secure that can detect known threats using FortiGuard WAF Security
application traffic. This lets organizations that use Gemaltos Services for layer 7 attack signatures (subscription required)
SafeNet HSMs deploy a high-performance ADC solution using a and checks that requests havent been tampered with using its
strong, centrally-managed set of certificates and encryption keys. HTTP RFC compliance constraints. FortiGuard Web Filtering
works with FortiADCs SSL Forward Proxy feature to simplify the
Disaster Recovery with Global Server process of managing exceptions for secure traffic inspection.
LoadBalancing Instead of manually configuring single URLs, Web Filtering gives
FortiADCs included Global Server Load Balancing (GSLB) makes
administrators the ability to choose websites by category type
your network reliable and available by scaling applications across
to enable or disable SSL traffic inspection as a group instead of
multiple data centers for disaster recovery or to improve application
on a site by site basis. FortiADC also supports our FortiGuard IP
response times. Administrators can set up rules that direct traffic
Reputation service (subscription required) that protects you from
based on site availability, data center performance and network latency.
sources associated with DoS/ DDoS attacks, phishing schemes,
spammers, malicious software and botnets.
Link Load Balancing
Built-in Link Load Balancing (LLB) gives you the option to connect
Scripting to Extend Built-in Features
your FortiADC to two or more WAN links to reduce the risk of FortiADCs Lua-based scripting language gives you the flexibility to
outages or to add additional bandwidth to relieve traffic congestion. create custom, event-driven rules using predefined commands,
FortiADC supports inbound and outbound Link Load Balancing to variables and operators. Using easy-to-create scripts, you get the
manage traffic leaving or entering the device. Using policy routing, flexibility you need to extend your FortiADC with specialized
FortiADC can support complex NAT and routing requirements to business rules that give you almost unlimited possibilities for
address almost any network LLB architecture. With Tunnel Routing serverload balancing and content rewriting to meet the needs of
you get high-speed, reliable site-to-site connectivity without the your organization.
2 www.fortinet.com
FortiADC
HIGHLIGHTS
Key Features and Benefits
Advanced Layer 7 LoadBalancing Intuitive L7 policy-based routing to dynamically rewrite content to support complex applications and
serverconfigurations.
SSL Offloading, Forward Proxy, Hardware and software-based SSL offloading reduces the performance impact on your server infrastructure.
and Visiblity Also provides SSL visibility, decryption and re-encryption for FortiGate to easily inspect traffic for threats.
Application Optimization Speed up web application delivery with Compression, Caching, HTTP 2.0, and HTTP Page Speed-UP for
improved network and web server utilization.
Global Server Load Balancing Included Global Server Load Balancing distributes traffic across multiple geographical locations for disaster
recovery or to improve user response times.
Link Load Balancing Link Load Balancing distributes traffic over multiple ISPs to increase resilience and reduce the need for
costly bandwidthupgrades.
Web Application Firewall Advanced security features that protect applications with Web Application Attack Signatures, HTTP RFC
and IP Reputation compliance, and botnet/malicious source identification.
FEATURES
Application Availability Layer 7 Application Load Balancing

Easy to use and configure Layer 4/7 policy and HTTP, HTTPS, HTTP 2.0 GW, FTP, SIP, RDP, RADIUS, MySQL,
group management RTMP, RTSP supported
Virtual service definition with inherited persistence, load L7 content switching
balancing method and pool members HTTP Host, HTTP Request URL, HTTP Referrer
Static, default and backup policies and groups Source IP Address
Layer 4/7 application routing policy URL Redirect, HTTP request/response rewrite (includes HTTP body)
Layer 4/7 server persistence Layer 7 DNS load balancing, security, and caching
Application load balancing based on round robin, weighted 403 Forbidden Rewrite
round robin, least connections, shortest response Content rewriting
Granular real server control including warm up rate limiting and Link Load Balancing
maintenance mode with session ramp down Inbound and outbound LLB
Custom Scripting for SLB and Content Rewriting Support for Policy Route and SNAT
Application Templates for Microsoft Applications including Multiple health check target support
SharePoint, Exchange and Windows Remote Desktop Configurable intervals, retries and timeouts
Layer 4 Application Load Balancing Tunnel Routing
TCP, UDP protocols supported Global Server Load Balancing (GSLB)
Round robin, weighted round robin, least connections, shortest Global data center DNS-based failover of web applications
response Delivers local and global load balancing between multi-site SSL
L4 dynamic load balancing based on server parameters VPN deployments
(CPU, Memory and disk) DNSSEC
Persistent IP, has IP/port, hash header, persistent cookie, hash DNS Access Control Lists
cookie, destination IP hash, URI hash, full URI hash, host hash,
host domain hash Deployment Modes
One arm-mode (Proxy with X-forwarded for support)
Router mode
Transparent mode (switch)
High Availability (AA/AP Failover)
3
FortiADC
FEATURES
Application Acceleration Security

SSL Offloading and Acceleration GEO IP security and logs
Offloads HTTPS and TCPS processing while securing Stateful firewall
sensitivedata Web Filtering (subscription required)
Full certificate management features IP Reputation (subscription required)
SSL Forward Proxy for secure traffic inspection IPv4 and 6 firewall rules
HTTP/S Mirroring for traffic analysis and reporting Granular policy-based connection limiting
Syn Cookie Protection
HTTP and TCP Optimization
Connection Limits
100x acceleration by off-loading TCP processing
Connection pooling and multiplexing for HTTP and HTTPS Web Application Firewall
HTTP Page Speed-UP for Web Server Optimization Web Attack Signatures
andAcceleration XML/JSON Validation
TCP buffering SQLi/XSS Injection Detection
HTTP Compression and Decompression Bot Detection
HTTP Caching (static and dynamic objects) URL/File Protection
Bandwidth allocation with Quality of Service (QoS)
HTTP and Layer 4 Rate Limiting Management
Single point of cluster management
Authentication Offloading
CLI Interface for configuration and monitoring
Local
Secure SSH remote network management
LDAP
Secure Web UI access
RADIUS
RESTful API
Kerberos
SNMP with private MIBs with threshold-based traps
SAML 2.0 (SP & Idp)
Real-time Data Analytics
Syslog support
Networking
Role-based administration
NAT for maximum flexibility and scalability
In-build diagnostic utilities
VLAN and port trunking support
Real-time monitoring graphs
BGP and OSPF Support
Built-in reporting
IPv6 Support
Getting Started wizard for first-time login
IPv6 routing
Virtual Domains (VDOMs)
IPv6 firewall rules
4 www.fortinet.com
FortiADC
SPECIFICATIONS
FORTIADC 60F FORTIADC 100F FORTIADC 200D FORTIADC 300D

Hardware Specifications
L4 Throughput 500 Mbps 1.5 Gbps 3 Gbps 6.0 Gbps
L7 RPS 100,000 400,000 580,000 725,000
L7 Throughput 450 Mbps 1.3 Gbps 2.5 Gbps 4.0 Gbps
SSL CPS 2048 Key 55 500 900 1,500
Compression Throughput 400 Mbps 1.0 Gbps 2.1 Gbps 2.6 Gbps
SSL Acceleration Technology Software Software Software Software
Memory 4 GB 4 GB 4 GB 8 GB
Virtual Domains 2 5 10 10
Network Interfaces 5x GE R45 6x GE RJ45 4x GE RJ45 4x GE RJ45, 4x GE SFP
10/100/1000 Management Interface
Storage 64 GB SSD 64 GB SSD 1 TB Hard Disk 128 GB SSD
Management HTTPS, SSH CLI, HTTPS, SSH CLI, HTTPS, SSH CLI, HTTPS, SSH CLI,
Direct ConsoleDB9 CLI, SNMP Direct ConsoleDB9 CLI, SNMP Direct ConsoleDB9 CLI, SNMP Direct ConsoleDB9 CLI, SNMP
Power Supply Single Single Single Single
Environment
Form Factor 1U Appliance 1U Appliance 1U Appliance 1U Appliance
Input Voltage 100240V, 5060Hz 100240V AC, 5060 Hz 90264V AC, 4763 Hz 100240V AC, 5060 Hz
Power Consumption (Average / Maximum) 14.3 W / 11.9 W 40 W / 60 W 60 W / 72 W 96 W / 115 W
Maximum Current 115Vac/0.9A, 230Vac/0.6A 100V/1.5A, 240V/0.6A 115V/6A, 230V/3A 100V/4A, 240V/2A
Heat Dissipation 49 BTU/h 132163 BTU/h 205 BTU/h 392.4 BTU/h
Operating Temperature 32104F (040C) 32104F (040C) 32104F (040C) 32104F (040C)
Storage Temperature -31158F (-3570C) -4167F (-2075C) -13158F (-2570C) -13158F (-2570C)
Humidity 2090% non-condensing 1085% relative humidity, 595% non-condensing 595% non-condensing
non-operating, non-condensing
Compliance
Regulatory Compliance FCC Part 15 Class A, C-Tick, VCCI Class A, CE, UL/c
Safety CSA, C/US, CE, UL
Dimensions
Height x Width x Length (inches) 1.5 x 8.5 x 6.3 1.75 x 17.3 x 10.55 1.75 x 17.05 x 13.86 1.73 x 17.24 x 16.38
Height x Width x Length (mm) 38 x 216 x 160 44 x 440 x 268 45 x 433 x 352 44 x 438 x 416
Weight 2.2 lbs (1 kg) 9.9 lbs (4.5 kg) 17.2 lbs (7.87 kg) 20 lbs (9.07 kg)
FortiADC 60F FortiADC 100F
FortiADC 200D FortiADC 300D
5
FortiADC
SPECIFICATIONS
FORTIADC 400D FORTIADC 1000F FORTIADC 2000F FORTIADC 4000F

L4 Throughput 12.0 Gbps 20.0 Gbps 40.0 Gbps 60.0 Gbps
L7 RPS 1M 1.7 M 2.6 M 4.3 M
L7 Throughput 8.0 Gbps 17.5 Gbps 24 Gbps 35 Gbps
SSL CPS 2048 Key 7,000 20,000 37,000 54,000
Compression Throughput 6.1 Gbps 13.5 Gbps 18.0 Gbps 25.0 Gbps
SSL Acceleration Technology ASIC ASIC ASIC ASIC
Memory 8 GB 16 GB 32 GB 64 GB
Network Interfaces 2x 10 GE SFP+ slots, 4x 10 GE SFP+, 8x GE SFP, 8x 10 GE SFP+, 8x GE SFP, 8x GE SFP, 4x 10 GE SFP+,
4x GE SFP ports, 4x GE ports 8x GE RJ45 8x GE RJ45 2x 40 GE QSFP+
10/100/1000 Management Interface 1 1 1
Storage 128 GB SSD 128 GB SSD 240 GB SSD 480 GB SSD
Management HTTPS, SSH CLI, HTTPS, SSH CLI, HTTPS, SSH CLI, HTTPS, SSH CLI,
Direct ConsoleDB9 CLI, SNMP Direct ConsoleDB9 CLI, SNMP Direct ConsoleDB9 CLI, SNMP Direct ConsoleDB9 CLI, SNMP
Power Supply Single (optional Dual) Dual Dual Dual
Environment
Form Factor 1U Appliance 1U Appliance 1U Appliance 2U Appliance
Input Voltage 100240V AC, 5060 Hz 100240V AC, 6347 Hz 100240V AC, 6347 Hz 100240V AC, 6347 Hz
Power Consumption (Average / Maximum) 109 W / 130.8 W 320 W / 267 W 340 W / 282 W 360 W / 300 W
Maximum Current 100V/5A, 240V/3A 120V/7.1A, 240V/3.4A 120V/7.1A, 240V/3.4A 120V/8A, 240V/4A
Heat Dissipation 446.3 BTU/h 1092 BTU/h 1160 BTU/h 1228 BTU/h
Operating Temperature 32104F (040C) 32104F (040C) 32104F (040C) 32104F (040C)
Storage Temperature -13158F (-2570C) -4158F (-2070C) -4158F (-2070C) -4158F (-2070C)
Humidity 595% non-condensing 590% non-condensing 590% non-condensing 590% non-condensing
Compliance
Regulatory Compliance FCC Part 15 Class A, C-Tick, VCCI Class A, CE, UL/c
Safety CSA, C/US, CE, UL
Dimensions
Height x Width x Length (inches) 1.73 x 17.24 x 16.38 1.7 x 17.24 x 20.87 1.7 x 17.24 x 20.87 3.46 x 17.24 x 20.87
Height x Width x Length (mm) 44 x 438 x 416 44 x 438 x 530 44 x 438 x 530 88 x 438 x 530
Weight 22 lbs (9.97 kg) 22.6 lbs (10.3 kg) 22.6 lbs (10.3 kg) 27 lbs (12.25kg)
FORTIADC-VM01 FORTIADC-VM02 FORTIADC-VM04 FORTIADC-VM08

Hypervisor Support VMware ESX/ESXi, Citrix XenServer, Open Source Xen, Microsoft Hyper-V, KVM. Please see the FortiADC-VM Install Guide for the latest hypervisor versions supported.
L4 Throughput* 1 Gbps 2 Gbps 4 Gbps 10 Gbps
vCPU Support (Maximum) 1 2 4 8
Memory Support (Maximum) 4 GB 4 GB 8 GB 16 GB
Network Interface Support (Maximum) 10 10 10 10
Storage Support (Minimum / Maximum) 50 MB / 1 TB 50 MB / 1 TB 50 MB / 1 TB 50 MB / 1 TB
Throughput Hardware Dependent Hardware Dependent Hardware Dependent Hardware Dependent
Management HTTPS, SSH CLI, Direct Console DB9 CLI, SNMP
* Actual performance values may vary depending on the network traffic and system configuration. Performance results were observed using an appliance with an Intel CPU E5-1650 v2 @ 3.50 GHz running VMware ESXi 5.5.
FortiADC 400D FortiADC 1000F
FortiADC 2000F FortiADC 4000F
6 www.fortinet.com
FortiADC
ORDER INFORMATION
Product SKU Description

FortiADC 60F FAD-60F FortiADC 60F, 5x GE RJ45 ports, 64 GB SSD.
FortiADC 100F FAD-100F FortiADC 100F, 6x GE ports, 1x 64 GB SSD onboard storage.
FortiADC 200D FAD-200D FortiADC 200D, 4x GE ports, 1x 1 TB storage.
FortiADC 300D FAD-300D FortiADC 300D, 8x GE ports, 1x 128 GB SSD onboard storage.
FortiADC 400D FAD-400D FortiADC 400D, 2x 10 GE SFP+ slots, 8x GE ports, 1x 128 GB SSD onboard storage, optional dual AC power supplies.
FortiADC 1000F FAD-1000F FortiADC 1000F, 4x 10 GE SFP+ ports, 8x GE SFP ports, 8x GE RJ45 ports, 1x GE RJ45 management port, 1x 240 G SSD, dual AC power supplies.
FortiADC 2000F FAD-2000F FortiADC 2000F, 8x 10 GE SFP+ ports, 8x GE SFP ports, 8x GE RJ45 ports, 1x GE RJ45 management port, 1x 240 G SSD, dual AC power supplies.
FortiADC 4000F FAD-4000F FortiADC 4000F, 2x 40 GE QSFP, 4x 10 GE SFP+ ports, 8x GE SFP ports, 1x GE RJ45 management port, 1x 480 G SSD, dual AC power supplies.
FortiADC-VM01 FAD-VM01 FortiADC-VM software virtual appliance designed for VMware ESX and ESXi platforms. 1x vCPU core, 2 GB.
Fortinet Inc. 905 rue Albert Einstein 300 Beach Road 20-01 Sawgrass Lakes Center
899 KIFER ROAD 06560 Valbonne The Concourse 13450 W. Sunrise Blvd., Suite 430
Sunnyvale, CA 94086 France Singapore 199555 Sunrise, FL 33323
United States Tel: +33.4.8987.0500 Tel: +65.6395.2788 United States
Tel: +1.408.235.7700 Tel: +1.954.368.9990
Copyright 2017 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc., in the U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other
product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect
performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinets General Counsel, with a purchaser that expressly warrants that the identified product
will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in
Fortinets internal lab tests. In no event does Fortinet make any commitment related to future deliverables, features or development, and circumstances may change such that any forward-looking statements herein are not accurate. Fortinet disclaims in full any covenants, representations, and guarantees pursuant
hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.
FST-PROD-DS-ADC3 FAD-DAT-R23-201707
FortiSandbox
FortiSandbox 1000D, 3000E, 3500D, FortiSandbox-VM, and FortiSandbox Cloud
Fortinets top-rated FortiSandbox is at the core of

theAdvanced Threat Protection (ATP) solution that
integrates with Fortinets Security Fabric to address
thefast moving and more targeted threats across a
broad attack surface. Specifically, it delivers real-time
actionable intelligence through the automation of
zero-day, advanced malwaredetection and mitigation.
Broad Coverage of the Attack Deployment Modes

Surface with Security Fabric Standalone
Integrated
Effective defense against advanced Distributed
targeted attacks through a cohesive
andextensible architecture working to
protect network, application layers and
endpoint devices. FortiGuard Security
Services
Automated Zero-day, Advanced www.fortiguard.com
Malware Detection and Mitigation

FortiCare Worldwide
Native integration and open APIs 24/7 Support
automate the submission of objects support.fortinet.com
from Fortinet and third-party vendor
protection points, and the sharing of
threat intelligence in real time for Third-Party Certifications
immediate threat response.
Certified and Top Rated

Constantly undergoes rigorous,
real-world independent testing and
consistently earns top marks.
DATA SHEET
FortiSandbox
FEATURES
Sandbox Malware Analysis

Complement your established defenses with a two-step
sandboxing approach. Suspicious and at-risk files are
subjected to the first stage of analysis with Fortinets award-
winning AV engine, FortiGuard global intelligence query, and
code emulation. Second stage analysis is done in a contained
environment to uncover the full attack lifecycle using system
activity and callback detection. Figure 1 depicts new threats
discovered in real time.
In addition to supporting FortiGate, FortiMail, FortiWeb, and

FortiClient (ATP Agent) file submission, third-party security
vendor offerings are supported through a well-defined open
API set.
Figure 1: Widget-based real-time threat status dashboard
Reporting and Investigative Tools

Reports with captured packets, original file, tracer log, and screenshot provide rich threat
intelligence and actionable insight after files are examined (see Figure 2). This is to speed
upremediation.
Threat Mitigation
Fortinets ability to uniquely integrate various products with FortiSandbox offers
automatic protection with incredibly simple setup. Once a malicious code is identified,
the FortiSandbox will return risk ratings and the local intelligence is shared in real time
with Fortinet and third-party vendor-registered devices and clients to remediate and
immunize against new advanced threats. The local intelligence can optionally be shared
with Fortinet threat research team, FortiGuard Labs, to help protect organizations
globally. Figure 3 steps through the flow on the automated mitigation process. Figure 2: Detailed malware report with built-in tools
Query
1 File submission for analysis,
results returned
Mitigate
2a Block objects held at mail gateway
2b Quarantine devices, block traffic

by firewall
2c Quarantine file or device by
endpoint protection
2d Further investigate and respond
Update
3a Share IoCs to integrated devices

3b Optionally share analysis with FortiGuard
4 Improve protections for all

customers/devices
Figure 3: FortiSandbox threat mitigation workflow
2 www.fortinet.com
FortiSandbox
DEPLOYMENT OPTIONS
Easy Deployment
FortiSandbox supports inspection of many protocols in one unified solution, thus simplifies network infrastructure and operations. Further, it
integrates within the Security Fabric adding a layer of advanced threat protection to your existing security architecture.
The FortiSandbox is the most flexible threat analysis appliance in the market as it offers various deployment options for customers unique
configurations and requirements. Organizations can choose to combine these deployment options.
Standalone
This FortiSandbox deployment mode accepts inputs as an ICAP the most suitable infrastructure for adding protection capabilities to
server or from spanned switch ports or network taps. It may also existing threat protection systems from various vendors.
include administrators on-demand file uploads using the GUI. It is
Integrated
Fortinet products, such as FortiGate, FortiMail, FortiWeb, FortiClient This integration extends to other FortiSandboxes to allow
(ATP Agent) and third-party security vendors can intercept and instantaneous sharing of real-time intelligence. This benefits large
submit suspicious content to FortiSandbox when they are configured enterprises that deploy multiple FortiSandboxes in different
to interact with FortiSandbox. The integration will alsoprovide geo-locations. This zero-touch automated model is ideal for
timely remediation and reporting capabilities to thosedevices. holisticprotection across different borders and time zones.
3
FortiSandbox
FEATURES SUMMARY
ADMINISTRATION File type support: .7z, .ace, .apk, .arj, .bat, .bz2, .cab, .cmd, .dll, .doc, .docm, .docx, .dot, .dotm, .dotx, .exe,
Supports WebUI and CLI configurations .gz, .htm, html, .jar, .js, .kgb, .lnk, .lzh, .msi, .pdf, .pot, .potm, .potx, .ppam, .pps, .ppsm, .ppsx, .ppt, .pptm,
.pptx, .ps1, .rar, .rtf, .sldm, .sldx, .swf, .tar, .tgz, .upx, url, .vbs, WEBLink, .wsf, .xlam, .xls, .xlsb, .xlsm, .xlsx, .xlt,
Multiple administrator account creation
.xltm, .xltx, .xz, .z, .zip
Configuration file backup and restore
Protocols/applications supported:
Notification email when malicious file is detected Sniffer mode: HTTP, FTP, POP3, IMAP, SMTP, SMB
Weekly report to global email list and FortiGate administrators Integrated mode with FortiGate: HTTP, SMTP, POP3, IMAP, MAPI, FTP, IM and their equivalent
Centralized search page which allows administrators to build customized search conditions SSL-encrypted versions
Integrated mode with FortiMail: SMTP, POP3, IMAP
Frequent signature auto-updates Integrated mode with FortiWeb: HTTP
Automatic check and download new VM images Integrated mode with ICAP Client: HTTP
VM status monitoring Customize VMs for supporting various file types
Radius Authentication for administrators Isolate VM image traffic from system traffic
NETWORKING/DEPLOYMENT Network threat detection in Sniffer Mode: Identify Botnet activities and network attacks, malicious URL visit
Static Routing Support Scan SMB/NFS network share and quarantine suspicious files. Scan can be scheduled
File Input: Offline/sniffer mode, On-demand file upload, file submission from integrated device(s) Scan embedded URLs inside document files
Option to create simulated network for scanned file to access in a closed network environment Integrate option for third-party Yara rules
High-Availability Clustering support Option to auto-submit suspicious files to cloud service for manual analysis and signature creation
Port monitoring for fail-over in a cluster Option to forward files to a network share for further third-party scanning
Files checksum whitelist and blacklist option
SYSTEMS INTEGRATION
URLs submission for scan and query from emails and files
File Submission input: FortiGate, FortiClient (ATP agent), FortiMail, FortiWeb
File Status Feedback and Report: FortiGate, FortiClient, FortiMail, FortiWeb MONITORING AND REPORT
Dynamic Threat DB update: FortiGate, FortiClient, FortiMail Real-Time Monitoring Widgets (viewable by source and time period options): Scanning result statistics,
Periodically push dynamic DB to registered entities scanning activities (over time), top targeted hosts, top malware, top infectious urls, top callback domains
File checksum and malicious URL DB Drilldown Event Viewer: Dynamic table with content of actions, malware name, rating, type, source, destination,
Update Database proxy: FortiManager detection time, and download path
Remote Logging: FortiAnalyzer, syslog server Logging GUI, download RAW log file
JSON API to automate the process of uploading samples and downloading actionable malware indicators Report generation for malicious files: Detailed reports on file characteristics and behaviors file modification,
toremediate process behaviors, registry behaviors, network behaviors, vm snapshot, behavior chronology chart
Certified third-party integration: CarbonBlack, Ziften Further Analysis: Downloadable files sample file, sandbox tracer logs, PCAP capture and indicators in
STIXformat
Inter-sharing of IOCs between FortiSandboxes
ADVANCED THREAT PROTECTION

Virtual OS Sandbox:
Concurrent instances
OS type supported: Windows XP*, Windows 7, Windows 8.1, Windows 10 and Android
Anti-evasion techniques: sleep calls, process, and registry queries
Callback Detection: malicious URL visit, botnet C&C communication, and attacker traffic from activated
malware
Download Capture packets, Original File, Tracer log, and Screenshot
* Supported in a custom VM
4 www.fortinet.com
FortiSandbox
SPECIFICATIONS
FSA-1000D FSA-3000E FSA-3500D

Hardware
Form Factor 2 RU 2 RU 3 RU (with default 5 nodes, up to 8 maximium)
Total Network Interfaces 6x GE RJ45 ports, 4x GE RJ45 ports, 20x GE RJ45 ports,
2x GE SFP slots 2x 10 GE SFP+ slots 10x 10 GE SFP+ slots
(4x GE RJ45 ports, 2x 10 GE SFP+ slots per node)
Storage Capacity 4 TB (max. 8 TB) 8 TB HDD (max. 24 TB) 10 TB (2 TB per node) HDD
Power Supplies 2x Redundant PSU 2x Redundant PSU 2x Redundant PSU
System
VM Sandboxing (Files/Hour) 160 1,120 720* (Upgradable** to 1,200) (160 per node)
AV Scanning (Files/Hour) 6,000 15,000 30,000* (Upgradable** to 48,000) (6,000 per node)
Number of VMs 8 56*** 36* (Upgradable** to 60) (8 per node)
Dimensions
Height x Width x Length (inches) 3.5 x 17.2 x 14.5 3.5 x 17.2 x 25.5 5.2 x 17.5 x 29.5
Height x Width x Length (mm) 89 x 437 x 368 89 x 437 x 647 133 x 445 x 749
Weight 27.60 lbs (12.52 kg) 43 lbs (19.52 kg) 88 lbs (39.92 kg)
Environment
Power Consumption (Average / Maximum) 115 / 138 W 538.6 / 549.6 W 625 / 735.6 W
Maximum Current 100V/5A, 240V/3A 100240V / 9.85A 12A@100V, 8A@240V
Heat Dissipation 471 BTU/h 1,943.82 BTU/h 2,728.9 BTU/h
Power Source 100240V AC, 6050 Hz 100240V AC, 6050 Hz 100240V AC, 6050 Hz
Humidity 595% non-condensing 890% (non-condensing) 890% (non-condensing)
Operation Temperature Range 32104F (040C) 5095F (10 35C 5095F (10 35C)
Storage Temperature Range -13158F (-2570C) -40 158F (-4070C -40 158F (-4070C)
Compliance
Certifications FCC Part 15 Class A, C-Tick, VCCI, CE, BSMI, KC, UL/cUL, CB, GOST
*** Based on the assumption that 1 blade will be used as master in HA-cluster mode.
*** By adding 3 more SAM-3500D nodes to the same chassis.
*** 8 Windows VM licenses included with hardware, remaining 48 sold as an upgrade license.
FortiSandbox 1000D FortiSandbox 3000E FortiSandbox 3500D
FORTISANDBOX-VM FORTISANDBOX CLOUD

Hardware Requirements
Hypervisor Support FortiHypervisor 1.0.2 or later, VMware ESXi version 5.1 or later, Citrix XenServer 6.2 or later, N.A
Linux KVM CentOS 7.2 or later
Virtual CPUs (Minimum / Maximum) 4 / Unlimited N.A
(Fortinet recommends that the number of vCPUs match the number of Windows VM +4.)
Memory Support (Minimum / Maximum) 8 GB / Unlimited N.A
Virtual Storage (Minimum / Maximum) 30 GB / 16 TB N.A
Total Virtual Network Interfaces (Minimum) 6 N.A
System
VM Sandboxing (Files/Hour) Hardware dependent *
AV Scanning (Files/Hour) Hardware dependent *
Number of VMs 1 to 54 (Upgrade via appropriate licenses) *
* Please refer to FortiCloud Sandbox Service Description
5
FortiSandbox
INTEGRATION MATRIX
FORTIGATE FORTICLIENT FORTIMAIL FORTIWEB

FSA Appliance and VM File Submission *FortiOS V5.0.4+ FortiClientfor Windows OS V5.4+ FortiMailOSV5.1+ FortiWebOSV5.4+
File Status Feedback *FortiOS V5.0.4+ FortiClientfor WindowsOS V5.4+ FortiMailOSV5.1+ FortiWebOSV5.4+
File Detailed Report *FortiOS V5.4+ FortiClientfor WindowsOS V5.4+ FortiMailOSV5.1+
Dynamic Threat DB Update *FortiOS V5.4+ FortiClientfor WindowsOS V5.4+ FortiMailOSV5.3+ FortiWebOSV5.4+
FortiSandbox Cloud File Submission *FortiOS V5.2.3+ FortiMailOSV5.3+ FortiWebOS5.5.3+
File Status Feedback *FortiOS V5.2.3+ FortiMailOSV5.3+ FortiWebOS5.5.3+
File Detailed Report *FortiOS V5.2.3+
Dynamic Threat DB Update *FortiOS V5.4+ FortiMailOSV5.3+ FortiWebOS5.5.3+
*some models may require CLI configuration
ORDER INFORMATION
Product SKU Description

FortiSandbox 1000D FSA-1000D Advanced Threat Protection System 6x GE RJ45, 2x GE SFP slots, redundant PSU, 8 VMs with Win7 and (1) MS Office
license included.
FortiSandbox 3000E FSA-3000E Advanced Threat Protection System 4x GE RJ45, 2x 10 GE SFP+ slots, redundant PSU, 8 VMs with Win7, Win8, Win10 and
(1) MS Office license included. Upgradable to a maximum of 56 licensed VMs.
FortiSandbox 3500D FSA-3500D Advanced Threat Protection System 3U 8-slot chassis with redundant PSU, 5x SAM-3500D blades with 20x GE RJ45,
10x 10 GE SFP+ slots, 36 VMs with WIn7, Win8, Win10 and (5) MS Office licenses included. Upgradable to a maximum of 60
licensed VMs.
SandboxModule 3500D SAM-3500D Advanced Threat Protection Blade: 4x GE RJ45, 2x 10 GE SFP+ slots, 8 VMs with WIn7, Win8, Win10 and (1) MS Office license
included.
FortiSandbox-VM FSA-VM-00 FortiSandbox-VM virtual appliance with 0 VMs included and maximum expansion limited to 8 total VMs.
FSA-VM-Base Base license for stackable FortiSandbox-VM. Includes 4 VMs with WinXP, Win7 and (1) MS Office license. FSA-VM maximum
expansion limited to 54 total VMs.
FortiSandbox Cloud Service FC-10-XXXXX-123-02-12 FortiSandbox Cloud Service Subscription (SKU varied by FortiGate/FortiMail/FortiWeb models).
Optional Accessories
1 GE SFP SX Transceiver Module FG-TRAN-SX 1 GE SFP SX transceiver module for all systems with SFP and SFP/SFP+ slots.
1 GE SFP LX Transceiver Module FG-TRAN-LX 1 GE SFP LX transceiver module for all systems with SFP and SFP/SFP+ slots.
10 GE SFP+ Transceiver Module, Short Range FG-TRAN-SFP+SR 10 GE SFP+ transceiver module, short range for all systems with SFP+ and SFP/SFP+ slots.
10 GE SFP+ Transceiver Module, Long Range FG-TRAN-SFP+LR 10 GE SFP+ transceiver module, long range for all systems with SFP+ and SFP/SFP+ slots.
Tel: +1.408.235.7700 Tel: +1.954.368.9990
FST-PROD-DS-FSA FSA-DAT-R21-201704
FortiSIEM
Unified event correlation and risk management for modern networks
Security is no longer just about protecting

information, it is critical to maintaining trust with
customers and protecting the organizations
brandand reputation.
Security and Compliance Made Easy Highlights

Breaches cause customers to take their business elsewhere,
resulting in material and substantially negative impacts to an
organizations bottom line. Attracting new customers is estimated Unified, Real-Time, Network Analytics
at seven times more costly than keeping existing customers. Fines Single IT Pane of Glass
and legal fees can quickly add up. Publicly traded organizations Multi-tenancy
can see negative and lasting impacts to their stock value, supplier
MSP/MSSP Ready
relationships and shareholder perceptions. All these add up to
explain why more boards are getting involved in security decisions. Cross Correlation of SOC &
FortiSIEM provides organizations with a comprehensive, holistic and NOC Analytics
scalable solution, from IoT to the Cloud, with patented analytics that Self Learning Asset Inventory
are actionable to tightly manage network security, performance and
Cloud Scale Architecture
compliance standards, all delivered through a single pane of glass
view of the organization. Security and Compliance out-of-the-box
Unified NOC and SOC Analytics (Patented)

Fortinet has developed an architecture that enables unified and
cross-correlated analytics from diverse information sources
including logs, performance metrics, SNMP Traps, security alerts
and configuration changes. FortiSIEM essentially takes the analytics
traditionally monitored in separate silos from SOC and NOC
and brings that data together for a more holistic view of the threat
data available in the organization. Every piece of information is
converted into an event which is first parsed and then fed into an
event-based analytics engine for handling real-time searches, rules,
dashboards and ad-hoc queries.
DATA SHEET
FortiSIEM

HIGHLIGHTS
External Threat Intelligence (TI) feeds from open source threat Fortinet has developed a dynamic user identity mapping
intelligence feeds, commercial sources and custom data sources methodology. First, users and their roles are discovered from
integrate easily into the FortiSIEM TI framework. This grand on-premises repositories such as Microsoft Active Directory and
unification of diverse sources of data enables organizations to Open LDAP, or from Cloud SSO repositories such as OKTA. This
quickly create comprehensive dashboards and reports to more can be run on-demand or on a schedule to detect new users.
rapidly identify root causes of threats, and take the steps necessary Simultaneously, network identity is identified from important
to remediate and prevent them in the future. network events such as firewall network translation events,
Active Directory logons, VPN logons, WLAN logons, Host Agent
Distributed Real-Time Event Correlation registration logs, etc. Finally, bycombining user identity, network
(Patented) identity and geo-identity in a real-time distributed in-memory
Distributed event correlation is a difficult problem, as multiple nodes database, FortiSIEM is able to form a dynamic user identity
have to share their partial states in real-time to trigger a rule. While audit trail. This makes it possible to create policies or perform
many SIEM vendors have distributed data collection and distributed investigations based on user identity instead of IP addresses
search capabilities, Fortinet is the only vendor with a distributed allowing for rapid problem resolution.
real-time event correlation engine. Complex event patterns in real-
time can be detected with minimal delay. This patented algorithm Flexible and Fast Custom Log Parsing
enables FortiSIEM to handle a large number of rules in real-time at Framework (Patented)
high event rates for greatly increased detection timeframes. Effective log parsing requires custom scripts but those can be slow
to execute, especially for high volume logs like Active Directory,
Real-Time, Automated Infrastructure Discovery firewall logs, etc. Compiled code on the other hand, is fast to
and Application Discovery Engine (CMDB) execute but is not flexible since it needs new releases. Fortinet has
Rapid problem resolution requires infrastructure context. Most log developed an XML-based event parsing language that is functional
analysis and SIEM vendors require administrators to provide the like high level programming languages and easy to modify yet can
context manually, which quickly becomes stale, and is highly prone be compiled during run-time to be highly efficient. All FortiSIEM
to human error. Fortinet has developed an intelligent infrastructure parsers go beyond most competitors offerings using this patented
and application discovery engine that is able to discover and map solution and can be parsed at beyond 10K EPS per node.
the topology of both physical and virtual infrastructure, on-premises
and in public/private clouds simply using credentials without any Hybrid Database Architecture Leveraging
prior knowledge of what the devices or application is. Structured and Unstructured Data Feeds
FortiSIEM takes advantage of two diverse sources of information
Discovery is both wide (covering a large number of Tier 1/2/3
discovered information is structured data suitable for a traditional
vendors) and deep (covering system, hardware, software, running
relational database, while logs, performance metrics etc. are
services, applications, storage, users, network configuration,
unstructured data which needs a NoSQL-type database. Fortinet
topology and device relationships). Discovery can run on-demand
has developed a hybrid approach where the data is stored in
or on schedule to detect (in real-time) infrastructure changes and
optimized databases with unique business layer logic providing a
report on any new devices and applications detected this is
comprehensive, single database abstraction layer.
an essential part of compliance requirement management that
FortiSIEM is uniquely able to meet. An up-to-date (Centralized The user is able to search for events (stored in NoSQL database)
Management Database) CMDB enables sophisticated context using CMDB objects (stored in relational database). This approach
aware event analytics using CMDB Objects in search conditions. harnesses the power and benefits of both databases.
Dynamic User Identity Mapping

Crucial context for log analysis is connecting network identity
(IP address, MAC Address) to user identity (log name, full name,
organization role). This information is constantly changing as users
obtain new addresses via DHCP or VPN.
2 www.fortinet.com
FortiSIEM

HIGHLIGHTS
Large Scale Threat Feed Integration Large Enterprise and Managed Service
There are many sources available for customers to subscribe to Provider Ready Multi-Tenant Architecture
external threat feeds in managing potential threats in their network. Fortinet has developed a highly customizable, multi-tenant
However, threat feed information can be very large, often reaching architecture that enables enterprises and service providers to
millions of IP addresses, malware domains, hashes and URLs, and manage a large number of physical/logical domains and over-
the information can also quickly become stale as malware websites lapping systems and networks from a single console. In this
and domain are taken down and brought up. This provides a environment it is very easy to cross-correlate information across
significant computational challenge to the consumers of threat physical and logical domains, and individual customer networks.
intelligence data. Fortinet has developed proprietary algorithms that Unique reports, rules and dashboards can easily be built for each,
enable this large amount of information to be quickly obtained from with the ability to deploy them across a wide set of reporting
the source, then effectively distributed to various FortiSIEM nodes domains, and customers. Event archiving policies can also be
and evaluated in real-time at higher rates than other providers deployed on a per domain or customer basis.
(exceeding 10K EPS per node).
FEATURES
Real-Time Operational Context for Rapid Storage usage, performance monitoring EMC, NetApp, Isilon,
Security Analytics Nutanix, Nimble, Data Domain
Continually updated and accurate device context Specialized application performance monitoring
configuration, installed software and patches, running services Microsoft Active Directory and Exchange via WMI and
System and application performance analytics along with Powershell
contextual inter-relationship data for rapid triaging of security Databases Oracle, MS SQL, MySQL via JDBC
issues VoIP infrastructure via IPSLA, SNMP, CDR/CMR
User context, in real-time, with audit trails of IP addresses, Flow analysis and application performance Netflow, SFlow,
user identity changes, physical and geo-mapped location Cisco AVC, NBAR
datacontext Ability to add custom metrics
Detect unauthorized network devices and applications, Baseline metrics and detect significant deviations
configuration changes Real-Time Configuration Change Monitoring
Out-of-the-Box Compliance Reports Collect network configuration files, stored in a versioned
Out-of-the-box pre-defined reports supporting a wide range of repository
compliance auditing and management needs including Collect installed software versions, stored it in a versioned
PCI-DSS, HIPAA, SOX, NERC, FISMA, ISO, GLBA, GPG13, repository
SANS Critical Controls Automated detection of changes in network configuration and
installed software
Performance Monitoring Automated detection of file/folder changes Windows and
Monitor basic system/common metrics
Linux who and what details
System level via SNMP, WMI, PowerShell
Automated detection of changes from an approved
Application level via JMX, WMI, PowerShell
configuration file
Virtualization monitoring for VMware, HyperV guest, host,
Automated detection of windows registry changes via FortiSIEM
resource pool and cluster level
windows agent
3
FortiSIEM

FEATURES
Device and Application Context External Threat Intelligence Integrations

Network Devices including Switches, Routers, Wireless LAN APIs for integrating external threat feed intelligence Malware
Security devices Firewalls, Network IPS, Web/Email domains, IPs, URLs, hashes, Tor nodes
Gateways, Malware Protection, Vulnerability Scanners Built-in integration for popular threat intelligence sources
Servers including Windows, Linux, AIX, HP UX ThreatStream, CyberArk, SANS, Zeus
Infrastructure Services including DNS, DHCP, DFS, AAA, Technology for handling large threat feeds incremental
Domain Controllers, VoIP download and sharing within cluster, real-time pattern matching
User-facing Applications including Web Servers, App Servers, with network traffic
Mail, Databases
Powerful and Scalable Analytics
Storage devices including NetApp, EMC, Isilon, Nutanix,
Search events in real without the need for indexing
DataDomain
Keyword-based searches & searches by parsed event attributes
Cloud Apps including AWS, Box.com, Okta, Salesforce.com
Search historical events SQL-like queries with Boolean filter
Cloud infrastructure including AWS
conditions, group by relevant aggregations, time-of-day filters,
Environmental devices including UPS, HVAC, Device Hardware
regular expression matches, calculated expressions GUI & API
Virtualization infrastructure including VMware ESX, Microsoft
Trigger on complex event patterns in real-time
HyperVScalable and Flexible Log Collection
Use discovered CMDB objects and user/identity and location
Scalable and Flexible Log Collection data in searches and rules
Collect, Parse, Normalize, Index and Store security logs at very Schedule reports and deliver results via email to key stakeholders
high speeds (beyond 10K events/sec per node) Search events across the entire organization, or down to a
Out-of-the-box support for a wide variety of security systems physical or logical reporting domain
and vendor APIs both on-premises and cloud Dynamic watch lists for keeping track of critical violators with
Windows Agents provide highly scalable and rich event the ability to use watch lists in any reporting rule
collection including file integrity monitoring, installed software Scale analytics feeds by adding Worker nodes without downtime
changes and registry change monitoring Incident reporting prioritization can be implemented via critical
Linux Agents for file integrity monitoring Business Service
Modify parsers from within the GUI and redeploy on a running
Base-lining and Statistical Anomaly Detection
system without downtime and event loss
Baseline endpoint/server/user behavior hour of day and
Create new parsers (XML templates) via integrated parser
weekday/weekend granularity
development environment and share among users via
Highly flexible any set of keys and metrics can be baselined
export/import function
Built-in and Customizable triggers on statistical anomalies
Securely and reliably collect events for users and devices
located anywhere External Technology Integrations
Integration with any external web site for IP address lookup
Notification and Incident Management
API-based integration for external threat feed intelligence
Policy-based incident notification framework
sources
Ability to trigger a remediation script when a specified
API-based 2-way integration with help desk systems
incidentoccurs
seamless, out-of-the box support for ServiceNow, ConnectWise
API-based integration to external ticketing systems
and Remedy
ServiceNow, ConnectWise, and Remedy
API-based 2-way integration with external CMDB out-of-the
Built-in ticketing system
box support for ServiceNow and ConnectWise
Rich Customizable Dashboards Kafka support for integration with enhanced Analytics Reporting
Configurable real-time dashboards, with Slide-Show scrolling i.e. ELK, Tableau and Hadoop
for showcasing KPIs API for easy integration with provisioning systems
Sharable reports and analytics across organizations and users API for adding organizations, creating credentials, triggering
Color-coded for rapidly identifying critical issues discovery, modifying monitoring events
Fast updated via in-memory computation
Specialized layered dashboards for business services, virtualized
infrastructure, and specialized apps
4 www.fortinet.com
FortiSIEM
FEATURES
Simple and Flexible Administration Threat Intelligence Center via Beaconing

Web-based GUI FortiSIEM instances send health and anonymized incidents to
Rich Role-based Access Control for restricting access to GUI FortiSIEM Cloud
and data at various levels Cross-correlation across multiple FortiSIEM instances identifies
All inter-module communication protected by HTTPS emerging trends and developing malware in the wild
Full audit trail of FortiSIEM user activity
Availability Monitoring
Easy software upgrade with minimal downtime & event loss
System up/down monitoring via Ping, SNMP, WMI, Uptime
Easy way to update FortiSIEM knowledge base updates
Analysis, Critical Interface, Critical Process and Service,
(parsers, rules, reports)
BGP/OSPF/EIGRP status change, Storage port up/down
Policy-based archiving
Service availability modeling via Synthetic Transaction Monitoring
Hashing of logs at time for non-repudiation & integrity verification
Ping, HTTP, HTTPS, DNS, LDAP, SSH, SMTP, IMAP, POP,
Flexible user authentication local, external via Microsoft AD
FTP, JDBC, ICMP, trace route and for generic TCP/UDP ports
and OpenLDAP, Cloud SSO/SAML via Okta
Hardware and environmental monitoring
Ability to log into remote server behind a collector from
Maintenance calendar for scheduling maintenance windows
FortiSIEM GUI via remote SSH tunnel
SLA calculation normal business hours and after-hours
Easily Scale Out Virtualized Architecture considerations
Available as Virtual Machines for on-premises and public/private
cloud deployments on the following hypervisors VMware
ESX, Microsoft HyperV, KVM, Xen, Amazon Web Services AMI,
OpenStack, Azure
Scale data collection by deploying Collector virtual machines
Collectors can buffer events when connection to FortiSIEM
cloud is not available
Scale analytics by deploying Worker virtual machines
Built-in load balanced architecture for collecting events from
remote sites via collectors
SPECIFICATIONS
FortiSIEM Windows Agents

Fortinet has developed a highly efficient agentless technology for collecting information. However some information such as file integrity
monitoring data is expensive to collect remotely. FortiSIEM has combined its agentless technology with newly developed high performance
agents to significantly bolster its data collection.
AGENTLESS ADVANCED AGENTLESS ADVANCED

TECHNOLOGY BASIC AGENT AGENT TECHNOLOGY BASIC AGENT AGENT
Agentless Up to 500 Agents per Agent Manager
Discovery Local Parsing and Time Normalization
Performance Monitoring Installed Software Detection
(Low Performance) Collect System, Registry Change Monitoring

App & Security Logs File Integrity Monitoring
Agents Customer Log File Monitoring
(High Performance) Collect System, WMI Command Output Monitoring

App & Security Logs
PowerShell Command Output Monitoring
Collect DNS, DHCP, DFS, IIS Logs
Up to 1800 events/second/server loss less,

low latency
5
FortiSIEM
ORDER INFORMATION
Licensing Scheme
FortiSIEM licenses provide the core functionality for network device discovery. Devices include switches, routers, firewalls, servers, etc.
Each device that is to be monitored requires a license. Each license supports data capture and correlation, alerting and alarming, reports,
analytics, search and optimized data repository and includes 10 EPS (Events Per Second). EPS is a performance measurement that
defines how many messages or events are generated by each device in a second. Additional EPS can be purchased separately as needed.
Licenses are available in either a Subscription or Perpetual version.
PRODUCT SKU DESCRIPTION

FortiSIEM Base Product
FortiSIEM All-In-One Perpetual License FSM-AIO-BASE Base all-in-one Perpetual License for 50 devices and 500 EPS
FSM-AIO-XX-UG Add XX devices and EPS/device all-in-one Perpetual License for Non-MSP/MSSPs
FortiSIEM All-In-One Perpetual License FC[1-8]-10-FSM98-180-02-DD Per Device Subscription License that manages minimum XX devices, 10 EPS/device
FortiSIEM Additional Products
FortiSIEM End-Point Device Perpetual License FSM-EPD-XX-UG Add XX End-Points and 2 EPS/End-Point for all-in-one Perpetual License
FortiSIEM End-Point Device Subscription License FC[1-8]-10-FSM98-184-02-DD Per End-Point Subscription License for minimum XX End-Points, 2 EPS/End-Point
Add 1 EPS Perpetual License FSM-EPS-100-UG Add 1 EPS Perpetual
Add 1 EPS Subscription License FC[1-10]-FSM98-183-02-DD Add 1 EPS Subscription
FortiSIEM Basic Windows Agent Perpetual License FSM-WIN-XX-UG XX Basic Windows Agents for Perpetual License
FortiSIEM Advanced Windows Agent Perpetual License FSM-WIN-ADV-XX-UG XX Advanced Windows Agents for Perpetual License
FortiSIEM Basic Windows Agent Subscription License FC[1-8]-10-FSM98-181-02-DD Per Agent Subscription License for minimum XX Basic Windows Agents
FortiSIEM Advanced Windows Agent Subscription License FC[1-8]-10-FSM98-182-02-DD Per Agent Subscription License for minimum XX Advanced Windows Agents
IOC Service Subscription License FC[1-G]-10-FSM98-149-02-DD (X Points) FortiSIEM Indicators of Compromise (IOC) Service. 1 device or 2 End-Points or 3 Windows Agents
equals 1 point.
FortiSIEM Support
FortiCare Support for FortiSIEM FC[1-G]-10-FSM97-248-02-DD 24x7 FortiCare Contract (X Points). 1 device or 2 End-Points or 3 Windows Agents equals 1 point.
Tel: +1.408.235.7700 Tel: +1.954.368.9990
FST-PROD-DS-FSIEM FSIEM-DAT-R4-201706
DATA CENTER INTRUSION PREVENTION SYSTEM (DCIPS)
Intrusion Prevention System (IPS) technology protects your network from cyber criminal
attacks by actively seeking and blocking external threats before they can reach potentially
FORTINET DCIPS
vulnerable network devices such as key servers in the data center. Today, sophisticated
HIGHLIGHTS
and high-volume attacks are the challenges that every organization must recognize. These
nnRecommended by NSS Labs
attacks are evolving, infiltrating ever-increasing vectors and complex network environments.
The result is an urgent need for network protection while maintaining the ability to efficiently for security effectiveness and
provide demanding services and applications. performance value
Fortinet FortiOSs IPS functionality is an industry-proven network security solution that nnIndustrysfastest zero-day protection
scales to 120 Gbps and beyond of in-line protection. Powered by purpose-built hardware provided by FortiGuard Labs
and Fortinet Security Processing Unit (SPU), FortiOS is able to achieve attractive total cost
nnOptionaladvanced techniques, such
of ownership (TCO) while meeting performance requirements. IPS is easy to set up, yet
as sandboxing, broaden detection
offers feature-rich capabilities, with contextual visibility and coverage. It is kept up to date by
and expose evasive threats
research teams that work 24 hours a day worldwide, in order to detect and deter the latest
known threats as well as zero-day attacks. nnHigh level of precision and accuracy
DCIPS is designed to be highly tunable to ensure high security, performance, and availability provided by IPS filters
are achieved, especially to protect the key servers in the data center. DCIPS failure can nnHighly flexible deployment options
severely impact the performance and security of a data center. The following capabilities are using IPS sensors
considered essential for DCIPS products:
nnLower TCO and high-performance
nnIntrusion prevention
IPS achieved by purpose-built SPU
nnResistant to known evasion techniques
nnSingle-pane-of-glass management
nnReputation awareness for unmatched visibility and control
nnHighly resilient and stable
nnOperation at Layer 2 (network transparency)
Fortinets FortiGate products meet all these requirements by combining a high-speed, highly
effective IPS engine with evasion techniques, reputation awareness, extensive application
control capabilities, user and device identification, and a performance-optimized platform to
set a higher standard for security, control, and performance.
NSS LABS 2016 DCIPS SVM

NSS Labs Data Center Intrusion Prevention System (DCIPS) report is the industrys most
comprehensive test to date with their Security Value Map revealing that Fortinets FortiGate
3000D earned the highest ratings for Security Effectiveness, blocking 99.9 percent of
exploits, and TCO per protected Mbps (Megabit per second).
nnNSS Labs DCIPS Test Report FortiGate 3000D
https://www.fortinet.com/content/dam/fortinet/assets/analyst-reports/NSS-Labs-
DCIPS-Test-Report-FortiGate-3000D.pdf
nnNSS Labs 2016 DCIPS Security Value Map
https://www.fortinet.com/content/dam/fortinet/assets/certifications/NSS-Labs-2016-
DCIPS-Security-Value-Map.pdf
SOLUTION BRIEF
SOLUTION BRIEF: DATA CENTER INTRUSION PREVENTION SYSTEM (DCIPS)
FORTINETS FORTIGATE PRODUCTS FOR DCIPS KEY FEATURES HIGHLIGHTS
FORTIGATE 3000 SERIES REAL-TIME & ZERO-DAY PROTECTION

The FortiGate 3000 Series gives you the highest performance on the The FortiGuard Intrusion Prevention Service (IPS) provides
market in a compact appliance form factor, now with up to 1 Tbps customers with the latest defenses against stealthy network-
throughput and ultralow latency. FortiGate 3000 models are the level threats through a constantly updated database of known
only non-chassis security appliances on the market to support 40 threats and behavior-based signatures. This update service is
GE and 100 GE connectivityproviding maximum scalability. The
backed by a team of threat experts and a close relationship with
FortiGate 3000 Series can scale 20+ Gbps of in-line IPS throughput.
major application vendors. The best-in-class team also uncovers
significant zero-day vulnerabilities continuously, providing FortiGate
FORTIGATE 7000 SERIES
units with advanced protection ahead of vendor patches.
The FortiGate 7000E Series appliances are Fortinets high-end
enterprise class chassis firewalls. Available in several different UNCOMPROMISED PERFORMANCE
configurations to meet customer needs, the 7000E Series includes
the latest 7030E, 7040E, and 7060E and offers simplicity and The SPU Content Processor (CP) accelerates content processing,
flexibility of deployment, with ultrahigh NGFW and threat protection which is traditionally done completely by the CPU. The CP reduces
performance, capacity, and effortless scale to secure vast amounts the resources required by the CPU when matching an incoming file
of mobile and cloud traffic. The FortiGate 7000 Series can scale 60 against the signature database, thus improving system performance
Gbps to 120 Gbps of in-line IPS throughput. and stability.
THE FORTINET SECURITY FABRIC PROTOCOL DECODERS AND ANOMALY DETECTION

The Fortinet Security Fabric is an intelligent framework connecting Protocol decoders are required to assemble the packets and detect
your security devices together for effective, efficient, and
suspicious, nonconforming sessions that resemble known attacks
comprehensive security. Our DCIPS solution collaborates with
or are noncompliant to RFC or standard implementation. FortiOS
other key solutions in the Fortinet portfolio, while allowing for
offers one of the most comprehensive arrays of protocol decoders
open integrations (via industry-standard APIs). Fortinet is the only
company with security solutions for network, endpoint, application, in the industry, providing customers with significantly wide coverage
data center, cloud, and access designed to work together as an in all kinds of environments.
integrated security fabric to provide true end-to-end protection.
2
PATTERN AND RATE-BASED SIGNATURES CUSTOM SIGNATURES

The pattern signature-matching technique is essential in IPS Custom IPS signatures can be created to further extend protection.
implementation due to its high level of precision and accuracy. For example, you can use custom IPS signatures to protect unusual
FortiOS offers administrators robust pattern signature selection or specialized applications, or even custom platforms, from known
using filters based on severity, target, operating system, application, and unknown attacks. Organizations may use FortiConverter to
and protocol. Each of the signatures has a direct link to its detailed easily convert Snort signatures for FortiOS use.
entry on the threat encyclopedia and CVE-ID references. After
selection, administrators are able to assign associated actions such RESISTANT AGAINST EVASIONS
as monitoring, blocking, or resetting the session. Rate-based IPS Evasion techniques attempt to fool the protocol decoders in IPS
signatures protect networks against application-based DoS and products by crafting exotic network streams that would not be
brute force attacks. Administrators can configure IPS signatures handled or reconstructed by the decoders, yet still be valid enough
and tune them to their needs. Threshold (incidents per minute) and for the target recipient to process. The robust IPS engine is capable
an action to take when the threshold is reached can be assigned to of handling both common evasions and sophisticated advanced
each signature. If the action is set to block, then a timeout period evasion techniques deployed by hackers, such as IP packet
can be set so that the block is removed after a specified duration. fragmentation, TCP stream segmentation, RPC fragmentation,
URL and HTML obfuscation, and other protocol-specific evasion
DOS AND DDOS MITIGATION
techniques.
DoS policies can help protect against DDoS attacks that aim to
overwhelm server resources. In FortiOS, the DoS scans precede INTRUSION DETECTION MODE
the policy engine at the incoming interfaces, thus eliminating In out-of-band sniffer mode (or one-arm IPS mode), IPS operates
unnecessary sessions from the firewall process and state table as an intrusion detection system, detecting attacks and reporting
entry during a surge of attack traffic. This helps to safeguard the them but not taking any action against them. In sniffer mode,
firewall from overloading and allows it to perform optimally. FortiOS the FortiGate unit does not process network traffic but instead is
DoS policies can be configured to detect and block floodings, connected to a spanning or mirrored switch port, or a network tap.
port scans, and sweeps. Administrators can set baselines for the If an attack is detected, log messages can be recorded and alerts
amount of concurrent sessions from sources or to destinations. The sent to system administrators.
settings utilize thresholds and can be applied to UDP, TCP, ICMP, IP,
and SCTP. Network interfaces associated with a port attached to a TRAFFIC BYPASS
network processor can be configured to offload anomaly checking,
Since most IPS deployments are in transparent in-line mode, active
further offloading the CPU for greater performance. Some of the
traffic bypass is often desired until normal operation of the device
anomaly traffic dropped includes LAND attacks, IP protocol with
resumes. Fortinets FortiGate products support external bypass
malformed options, and WinNukes.
devices using FortiBridge. Administrators are also offered with a
software fail-open option to tackle instances where the IPS engine
QUARANTINE ATTACKS
fails. Fortinets FortiBridge family ensures uptime and availability in
FortiOS offers sophisticated automatic attack quarantine capabilities case of device failure. It is very easy to add bypass functionality to
that allow organizations to proactively prevent further attacks FortiGates. It supports remote configuration and monitoring and a
from known attackers over a predefined duration. Quarantining by large range of network configurations including 1 GE, 10 GE, or 40
duration can be used to protect potentially vulnerable servers. GE speeds.
PACKET LOGGING MONITORING, LOGGING, AND REPORTING

Administrators may choose to automatically perform IPS packet FortiOS empowers organizations to implement security best
logging, which saves packets for detailed analysis when an IPS practices that require continuous examination of their threat status
signature is matched. Saved packets can be viewed and analyzed and adaptation to new requirements. The FortiView query widgets
on the FortiGate unit or by using third-party analysis tools. Packet provide useful analysis data with detailed and contextual session
logging is also useful in determining false positives. information, which can be filtered, ranked, and further inspected.
System events can also be archived via logs, which in turn can
generate useful trending and overview reports.
3
ADDITIONAL REFERENCES
For more information on Fortinets Data Center IPS, please go to the following websites:
Data Center IPS:
https://www.fortinet.com/solutions/enterprise-midsize-business/data-center-security-sdn/dcips.html
FortiGate 7000 and 3000 Series Products:
https://www.fortinet.com/products/next-generation-firewall/high-end.html
FortiBridge Products:
https://www.fortinet.com/products/network-visibility/fortibridge.html
GLOBAL HEADQUARTERS EMEA SALES OFFICE APAC SALES OFFICE LATIN AMERICA HEADQUARTERS
899 Kifer Road 06560 Valbonne The Concourse 13450 W. Sunrise Blvd., Suite 430
United States Tel: +33.4.8987.0500 Tel: +65.6513.3730 Tel: +1.954.368.9990
Tel: +1.408.235.7700
current version of the publication shall be applicable. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this
publication without notice, and the most current version of the publication shall be applicable. 92950-0-0-EN June 28, 2017 11:13 AM
Mac:Users:susiehwang:Desktop:Egnyte:Egnyte:Shared:Creative Services:Team:Susie-Hwang:SB-DCIPS:sb-dcips

Infromacion Ciberseguridad El Orbe

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Infromacion Ciberseguridad El Orbe

Transféré par

Droits d'auteur :

Formats disponibles

CIBERSEGURIDAD

Application Security for the Data Center

Introduction Web Application Attacks

Protecting Applications from APTs

Application Security Solutions

Fortinets Integrated Application Security Solution

Web Application Security

FortiWeb Web Application Firewalls

nnWAF throughputs ranging from 25 Mbps to 20 Gbps

nnMultiple, correlated threat detection methods include protocol validation, behavioral

nnLayer 7 content-based server load balancing and hardware-based SSL acceleration

nnCentralized Management and administrative domains (ADOMs)

Fortinet Virtual and Hardware Appliances

Virtual Product VMware Hyper-V XenServer AWS Azure

FortiGate VM Yes Yes Yes Yes Yes

FortiWeb VM Yes Yes Yes Yes Yes

Advanced DDoS Threats

nnRemains #1 threat to data centers

nnLayer 7 threats fastest growing category

nnFirewalls can only detect known DDoS threats

DDoS Attack Mitigation Solutions

FortiDDoS DDoS Attack Mitigation Appliances

nnUp to 48 Gbps of total bi-directional throughput

nnInline, transparent mitigation for layer 3, 4, and 7 DDoS attack types

nnEmails with links to websites

FortiMail Secure Application Delivery

nnUnparalleled deployment flexibility: Gateway, inline and server

nnL4 throughput from 2.7 Gbps to 50 Gbps.

Fortinet Application Security productsincluding web

Fortinets Data Center Solution

FIGURE 1: 73% of respondents want to upgrade their data center firewalls.

FIGURE 2: Data Center Core Firewall

policies and to aggregate and analyze logs and events,

FIGURE 4: FortiGate Performance Physical and Virtual

FortiGate-VM virtual appliances, along with nearly a dozen

The FortiADC Application Delivery Controllers

Acceleration and Performance Highlights

Application Availability Layer 7 Application Load Balancing

Application Acceleration Security

FORTIADC 60F FORTIADC 100F FORTIADC 200D FORTIADC 300D

FortiADC 60F FortiADC 100F

FortiADC 200D FortiADC 300D

FORTIADC 400D FORTIADC 1000F FORTIADC 2000F FORTIADC 4000F

FORTIADC-VM01 FORTIADC-VM02 FORTIADC-VM04 FORTIADC-VM08

FortiADC 400D FortiADC 1000F

FortiADC 2000F FortiADC 4000F

Product SKU Description

Fortinets top-rated FortiSandbox is at the core of

Broad Coverage of the Attack Deployment Modes

Automated Zero-day, Advanced www.fortiguard.com

Malware Detection and Mitigation

Certified and Top Rated

Sandbox Malware Analysis

In addition to supporting FortiGate, FortiMail, FortiWeb, and

Figure 1: Widget-based real-time threat status dashboard

Reporting and Investigative Tools

2a Block objects held at mail gateway

2b Quarantine devices, block traffic

3a Share IoCs to integrated devices

4 Improve protections for all

Figure 3: FortiSandbox threat mitigation workflow

ADVANCED THREAT PROTECTION

FSA-1000D FSA-3000E FSA-3500D

FortiSandbox 1000D FortiSandbox 3000E FortiSandbox 3500D