Network Security, Enterprise and Data-Center Firewall

Next Generation Firewalls (NGFW)

Next Generation Firewall technologies from Fortinet offer integrated, high-performance protection against today's wide range of advanced threats targeting your applications, data, and users. In today’s environment, businesses are realizing that traditional enterprise network security solutions such as firewalls, intrusion detection systems and host-based antivirus are no longer adequate to protect against new, sophisticated attacks. In order to defend networks against the latest threats, NGFW should include, at a minimum, an integrated intrusion prevention system (IPS) with deep packet scanning, the ability to identify and control applications running over a network, and the ability to verify a user’s identity and enforce access policies accordingly. In addition, Fortinet now offers Advanced Threat Protection (ATP) in Fortigate Next Generation Firewalls providing enhanced security tools to combat and mitigate multi-vector persistent attacks.

Integrated Intrusion Prevention System (IPS)

Fortinet IPS offers a wide range of features that can be used to monitor and block malicious network activity including; predefined and custom signatures, protocol decoders, out-of-band mode (or one-arm IPS mode), packet logging, and IPS sensors. Backed by automatic, real-time updates delivered by FortiGuard Global Threat Research Team, FortiGate NGFW technology leverages a database of thousands of unique attack signatures as well as anomaly-based detection techniques that enables the system to stop attacks that might evade conventional firewall defenses and recognize threats for which no signature has yet been developed.

Application Identification and Control

Traditional firewall protection detects and restricts applications by port, protocol and server IP address, and cannot detect malicious content or abnormal behavior in many web-based applications. Next generation firewall technology from Fortinet with Application Control allows you to identify and control applications on networks and endpoints regardless of port, protocol, and IP address used. It gives you unmatched visibility and control over application traffic, even unknown applications from unknown sources and inspects encrypted application traffic. Protocol decoders normalize and discover traffic from applications attempting to evade detection via obfuscation techniques. Following identification and decryption, application traffic is either blocked, or allowed and scanned for malicious payloads. In addition, application control protocol decoders detect and decrypt tunneled IPsec VPN and SSL VPN traffic prior to inspection, ensuring total network visibility. Application control even decrypts and inspects traffic using encrypted communications protocols, such as HTTPS, POP3S, SMTPS and IMAPS.

User Identification

When a user attempts to access network resources, Fortinet Next Generation Firewalls will identify the user from a list of names, IP addresses and Active Directory group memberships that it maintains locally. The connection request will be allowed only if the user belongs to one of the permitted user groups, and the assigned firewall policy will be applied to all traffic to and from that user.

Solution Guides & White Papers

Testimonials


Fortinet has allowed us to bring our network security services in-house rather than spending money for an outsourced vendor to manage the network. A unified security solution works best for us, as we have a relatively small technical team. The FortiGate solution helps us to manage our time, skills and on-going costs more effectively. Because of our Fortinet deployment, we are expecting to save $1.5 million in network security costs over the next three years.

Rosemary Burns
Technical Services Division Manager
Holmesglen Institute