Private Cloud Security

Industry's Best Threat Protection and Performance in a Virtual NGFW

Key Use Cases and Strategies for Private Cloud
Available in:
  • Virtual Machine

Private Cloud Overview

Your virtualized data center assets needs advanced protection from evolving threats, both known and unknown.  FortiGate-VM is a virtualized form factor of our market leading, high performance FortiGate next-generation firewall that delivers advanced protection for north-south and east-west traffic in virtualized data centers and cloud.  FortiGate-VM supports the leading hypervisor technologies, and a range of private and public cloud platforms, including AWS, Azure, Cisco, Google, IBM, Nuage Networks, OpenStack, Oracle, and VMware.  Based on the powerful FortiOS operating system and FortiGuard Threat Intelligence services, FortiGate virtual NGFW delivers industry leading performance and layered threat protection of your virtualized data center traffic, with a single pane-of-glass to manage your physical and virtual network.

 

Private Cloud News

8/23/2018: Fireside Chat with School District of Philadelphia: Securing virtual servers, Chromebooks and student data while saving six figures. The eighth-largest public school district in the United States discusses modernizing their data center to achieve end to end segmentation, higher security and compliance.

 

8/24/2018: How One School District is Blazing the Trail to Digital Transformation: Security up, costs down in a blended data center deployment with physical and virtual FortiGates and VMware NSX.

 

5/22/2018: Fortinet Fabric Connectors: Fortinet expands Fabric-Ready partner program with new Fabric Connectors to automate security for multi-vendor environments.  

 

   

Private Cloud Videos

Transforming Network Security with FortiGate VMX
Fortinet Fabric Connector - FortiGate VMX and VMWare NSX

Private Cloud Product Details

FortiGate-VM next-generation firewall enables rapid service deployment with advanced threat protection for your virtual network and cloud.  FortiGuard services provide layered protection of mission critical applications and data in your virtualized data center, effectively blocking lateral movement of malware.  Out-of-the-box integration and orchestration with leading SDN platforms such as Cisco ACI, Nuage Networks VSP and VMware NSX, enables micro-segmentation with east-west traffic traffic inspection to protect virtual assets. FortiManager provides a single pane-of-glass to manage and secure physical and virtual appliances, simplify deployment, and enable consistent security policies with granular control and visibility.  Fortinet virtual security includes FortiGate-VM, and virtual appliances for many of the security and networking services offered in FortiOS.

 

Features and Benefits

top rate icon

Top-rated layered protection with FortiGuard security services independently tested by NSS Labs, Virus Bulletin, and AV-Comparatives

icon benefits tools

Support for all major hypervisor, SDN and cloud platforms

 

 

visibility icon

Unmatched ROI, flexible licensing and provisioning to support on-demand consumption

 

cloud ready icon

Combination of high performance and advanced threat protection delivers workload agility and elasticity without compromising security

icon benefits secure choice

Segments and protects virtual assets with micro-segmentation and granular control of applications, devices, and users

simple icon

Enhanced multi-tenancy capability, auto-provisioning and auto-scaling of VMs to cost effectively meet demand for new services

 

Learn more about Fabric Connectors

Fabric Connectors:

 

Fortinet Fabric Connectors deliver open integration of Security Fabric with SDN/private cloud, public cloud and multiple partner technology platforms. Easy to download and deploy, Fabric Connectors automate security synchronization across multi-vendor environments, reduce the security management burden, and close security gaps.  

Fabric Connectors for Private Cloud/SDN include: 

 

Security Fabric Use Cases:

Security in the cloud enables the confidence to safely deploy applications in the software-defined data center and private cloud, improving overall organizational agility and ability to respond to market demand. By leveraging Fortinet Security Fabric solutions to deploy use case driven security capabilities, organizations benefit from market-leading security with streamlined management functionality. Following is a set of common deployment scenarios of Fortinet’s Security Fabric in the private cloud.    

 

Inside Out IaaS Security

Intent-Based Segmentation: North-South L7 Advanced Security Protection

Organizations expanding their networks to accommodate the rapid deployment of data center-based services may often discover a strain on the security architecture’s ability to handle a subsequently growing security threat landscape. Implementing a virtual next-generation firewall with FortiGate-VM in the virtualized data center or private cloud provides extensive visibility and control of the infrastructure. FortiGate-VM automatically provisions and scales security, and has broad support for leading hypervisors, software-defined networks (SDNs) and cloud platforms. It provides advanced Layer 7 protection for north-south traffic in virtualized data centers.  

Download the eBook to learn more about the use cases
Cloud Services Hub

Intent-Based Segmentation: North-South L7 Advanced Security Protection

Microsegmentation is a method of creating secure zones in data centers and cloud deployments that allows companies to isolate workloads from one another and secure them individually. Virtualization and SDN increase east-west traffic in software-defined data centers (SDDC), and poor visibility into traffic between VMs increases risk from security breaches. FortiGate-VM provides microsegmentation and control of east-west traffic in the SDDC, for workload isolation and application-aware security policy. It allows granular policy segmentation and isolation across clustered resources to provide visibility across the entire SDDC infrastructure.  

 

Download the eBook to learn more about the use cases
Remote Access VPN

Form Factor Consolidation

Enterprises can scale out or scale up with Fortinet FortiGate-VM virtual appliance offerings—virtualized versions of physical network security elements that deliver the same capabilities as a physical appliance in a virtual form factor. FortiGate virtual firewalls deliver advanced security capabilities in a virtual form factor and are ideally suited to secure virtualized resources in the data center or private cloud. Fortinet Security Fabric elements are all available packages as virtual appliances on a broad range of hypervisors.

The FortiGate-VMs run the same FortiOS operating system and FortiGuard threat intelligence as hardware models. Multiple VM sizes are available for maximizing throughput and performance.

Download the eBook to learn more about the use cases
Hybrid Cloud

Security Virtual Network Function (VNF)

Service providers need to deliver security services as virtual network functions both on-premises and in cloud. VNF handles specific network functions that run on one or more VMs on top of the hardware-networking infrastructure. Individual VNFs can be connected or combined together as building blocks to offer a full-scale networking communication service. Fortinet’s security VNF is deployed as an uCPE on-premises edge, or vCPE hosted in data center/cloud. FortiGate-VM is a small footprint security VNF with consolidated networking and security. It provides full application layer security with next-generation firewall, Intrusion prevention, AV, web filtering, and embedded Secure SD-WAN. VNF orchestration and service chaining is done via partner orchestrators such as Amdocs, Nuage, OpenStack, and others. 

Download the eBook to learn more about the use cases
Advanced application protection

Security for the Mobile Core/Telco Cloud

Mobile carriers need to deliver security services as virtual network functions for LTE and 5G mobile infrastructures. Fortinet VNFs provide a rich set of security functions for the virtual mobile infrastructure, particularly: 4G to 5G, edge cloud, cloud RAN, and telecommunications cloud. FortiOS helps secure critical control plane traffic throughout the telecommunications core. Fortinet VNFs for MEC include edge security and control, user-plane inspection, service chaining, and secure gateways.   VNFs support all modern acceleration technologies such as DPDK, SR-IOV, and AES-NI.  

Download the eBook to learn more about the use cases
Security Management from the Cloud

Compliance and Regulatory Requirements

Achieving regulatory compliance with regulation mandates such as PCI DSS, HIPPA, SOX, and GDPR can be a complex and time-consuming burden. Security or governance issues force organizations into using a private cloud. Certain countries require that application data pertaining to people in a particular locale remain within the country. For a broader view of compliance across cloud platforms, FortiSIEM can create compliance reports at the push of a button. FortiAnalyzer provides a closed-loop compliance-gap mitigation and collects fabric logs, while FortiManager enables customers to audit, review, approve, and implement changes from a central place. The benefits are automated compliance auditing and reporting on-premises, in the data center, and in the cloud. 

Download the eBook to learn more about the use cases

   

FortiGate Virtual Next-generation Firewall Models and Specifications

FortiGate-VM next-generation firewall can be deployed as a virtual appliance in private and public cloud environments, either as a BYOL instance or provisioned on-demand via public cloud marketplaces. 

Download the brief - Performance as a key attribute of Virtual Firewalls. 

Throughput
12 Gbps
vCPU
1x vCPU core, (up to) 2 GB RAM
Throughput
12 Gbps
vCPU
1x vCPU core, (up to) 2 GB RAM
Throughput
15 Gbps
vCPU
2x vCPU cores, (up to) 4 GB RAM
Throughput
28 Gbps
vCPU
4x vCPU cores, (up to) 6 GB RAM
Throughput
33 Gbps
vCPU
8x vCPU cores, (up to) 12 GB RAM
Throughput
36 Gbps
vCPU
16x vCPU cores, (up to) 24 GB RAM
Throughput
50 Gbps
vCPU
32x vCPU cores, (up to) 48 GB RAM
vCPU
Unlimited vCPU cores and RAM

“V” Series VMs do not include VDOM licenses by default.  VDOM licenses can be added separately.

Actual performance may vary depending on the network and system configuration. Performance metrics were observed using a DELL R740 (CPU Intel Xeon Platinum 8168 2.7 GHz, Intel X710 network adapters), running FOS v5.6.3. Tested with VMware vSphere 6.5 Enterprise Plus. SR-IOV is enabled.

FortiGate-VMX for VMware NSX delivers automated deployment of advanced security and micro-segmentation in virtualized environments.   FortiGate-VMX secures workloads in dynamic NSX software-defined data centers to enable protection and close compliance gaps.

vCPU Support
1/Unlimited
Memory Support (minimum/maximum)
1 GB/Unlimited
Virtual Domains (Default/Maximum)
10/250
FW throughput with App Control(1)
3.1 Gbps
Threat protection throughput (2)
1.4 Gbps
New sessions per second
30,000
FW throughput with App Control (1)
5.3 Gbps
Threat protection throughput (2)
2.3 Gbps
New sessions per second
30,000
Note: All performance values are “up to” and vary depending on system configuration. Specification is measured on a Dell PowerEdge R630 server, 14 cores Intel(R) Xeon(R) CPU E5-2630v4 @ 2.60 GHz with VMware ESXi 6.0.0. (1). Application Control performance is measured with 64 Kbytes HTTP traffic. (2). Threat Protection performance is measured with IPS and Application Control and Malware protection enabled, based on Enterprise Traffic Mix.

FortiGuard Services

FortiGuard Services for FortiGate-VM enable you to implement critical security controls and threat remediation within your virtual infrastructure, providing protection for north-south and east-west virtual traffic. 

FG Application Control

Application Control

Improve security and meet compliance with easy enforcement of your acceptable use policy through unmatched, real-time visibility into the applications your users are running. With FortiGuard Application Control, you can quickly create policies to allow, deny, or restrict access to applications or entire categories of applications.

FG Web Filtering

Web Filtering

Protects your organization by blocking access to malicious, hacked, or inappropriate websites.

Icon cloudsandbox

FortiSandbox Cloud

FortiSandbox Cloud Service is an advanced threat detection solution that performs dynamic analysis to identify previously unknown malware. Actionable intelligence generated by FortiCloud Sandbox is fed back into preventive controls within your network—disarming the threat.

FG Antivirus

Antivirus

FortiGuard Antivirus protects against the latest viruses, spyware, and other content-level threats. It uses industry-leading advanced detection engines to prevent both new and evolving threats from gaining a foothold inside your network and accessing its invaluable content.

security audit service icon

Content Disarm & Reconstruction

Content Disarm & Reconstruction (CDR) strips all active content from files in real-time, creating a flat sanitized file. All active content is treated as suspect and removed. CDR processes all incoming files, deconstructs them, and removes all elements that do not match firewall policies.

FG Intrusion Prevention

Intrusion Prevention

FortiGuard IPS protects against the latest network intrusions by detecting and blocking threats before they reach network devices.

Security Rating Service icon

Security Rating Service

Security Audit Update Service is intended to guide customers to design, implement and continually maintain the target Security Fabric security posture suited for their organization. The Security Fabric is fundamentally built on security best practices and by running these audit checks, security teams will be able to identify critical vulnerabilities and configuration weaknesses in their Security Fabric setup, and implement best practice recommendations.

forticasb service icon

FortiCASB

FortiCASB is a cloud-native Cloud Access Security Broker (CASB) subscription service that is designed to provide visibility, compliance, data security, and threat protection for cloud-based services being used by an organization. With support for major SaaS service providers, FortiCASB provides insights into users, behaviors, and data stored in the cloud with comprehensive reporting tools.

FG AntiBotnet

IP Reputation & Anti-botnet Security

The FortiGuard IP Reputation Service aggregates malicious source IP data from the Fortinet distributed network of threat sensors, CERTs, MITRE, cooperative competitors, and other global sources that collaborate to provide up-to-date threat intelligence about hostile sources. Near real-time intelligence from distributed network gateways combined with world-class research from FortiGuard Labs helps organizations stay safer and proactively block attacks.

FG Mobile Security

Mobile Security

Fortinet’s Mobile Security Service provides effective protection against the latest threats targeting mobile devices. It employs industry-leading advanced detection engines to prevent both new and evolving threats from gaining a foothold inside your network and gaining access to its invaluable information.

Industrial Control systems icon

Industrial Control Systems

The FortiGuard Industrial Security Service continuously updates signatures to identify and police most of the common ICS/SCADA (supervisory control and data acquisition) protocols for granular visibility and control. Additional vulnerability protection is provided for applications and devices from the major ICS manufacturers.

FG AntiSpam

AntiSpam

FortiGuard Antispam provides a comprehensive and multi-layered approach to detect and filter spam processed by organizations. Dual-pass detection technology can dramatically reduce spam volume at the perimeter, giving you unmatched control of email attacks and infections.

 

FortiGuard Service Bundles for FortiGate

Enterprise Protection Bundle
Protection to address today's advanced threat landscape. It delivers all FortiGuard security services available for the FortiGate including: NGFW Application Control and IPS, Web Filtering, FortiCloud Sandbox, Antivirus, Mobile Security, IP Reputation & Antibotnet, Antispam, and core FortiCare security services with a choice of 8x5 or 24x7 support.

UTM Protection Bundle
Traditional UTM security services including NGFW Application Control and IPS, Web Filtering, Antivirus, Antispam, and core FortiCare security services with a choice of 8x5 or 24x7 support

Threat Protection Bundle 
Core protection technologies including: Application Control, IPS, AV, Botnet IP/Domain and Mobile Malware Service. FortiCare security services include 24x7 support. 

Product Demo

product demo fortigate vm

FortiGate-VM Demo

FortiGate-VM is a full-featured FortiGate packaged as a virtual appliance. FortiGate-VM virtual appliance is ideal for monitoring and enforcing virtual traffic on leading virtualization, cloud, and SDN platforms including VMware vSphere, Hyper-V, Xen, KVM, and AWS. FortiGate-VM can be orchestrated in software-defined environments to provide agile and elastic network security services to virtual workloads. Through this demo, you can see how to deploy firewall, intrusion prevention, VPN, antivirus, and other consolidated security functions to virtual workloads, as well as evaluate the easy-to-use web interface and contextual displays.

Access the demo

Page doesn't exist

FAQs

How is FortiGate-VM different from the physical FortiGate firewall?

FortiGate-VM is the award-winning physical FortiGate packaged as a virtual appliance.  FortiGate-VM delivers the same FortiOS and FortiGuard real time threat intelligence as the hardware models, in a virtual form factor.  FortiGate-VM offers flexible licensing and provisioning for virtual network deployments. 

What are some advantages of FortiGate virtual appliance compared to other industry solutions?

Fortinet is a market leader in virtual and physical security.  Some standout capabilities include:

  • Leader in Gartner 2018 Magic Quadrant for Enterprise Firewalls. 
  • Delivers many network and security services as virtual appliances. 
  • Integrated with Security Fabric to deliver broad, automated protection from IoT to the cloud.   
  • Virtual Domains (VDOMs) provide enhanced multi-tenancy.
  • Highest performance and scalability of any virtual firewall available today. 
  • Industry’s most comprehensive FortiGuard security services.
  • Fabric Connectors provide automated security in hybrid networks.

What are the different types of virtual appliances available from Fortinet?

Fortinet offers many Fabric network and security services as virtual appliances.  In addition to FortiGate-VM, the following virtual appliances are available:

  • FortiManager-VM
  • FortiAnalyzer-VM
  • FortiSIEM-VM
  • FortiWeb-VM
  • FortiMail-VM
  • FortiSandbox-VM

How do VDOMs (virtual domains) enhance multi-tenancy in a FortiGate-VM?

The VDOM capability in FortiGate-VM enables each VM to split its resources and function as multiple, independent firewalls with separate security policies and controls.  This enables provisioning of multiple tenants into a single VM with granular security policies for each VDOM, and lets you take advantage of the economies of scale and lower costs.

How do I select the right FortiGate-VM for my needs?

FortiGate-VM is available on a range of hypervisors, SDN and cloud technology platforms, and in many different vCPU models with a range of performance specifications to meet virtual network deployment needs.  Please refer to the datasheet for more information. 

Can I test drive the FortiGate-VM?

Yes you can.  we suggest going through the FortiGate-VM demo to see the rich capabilities of FortiGate virtual NGFW, and how to deploy firewall, intrusion prevention, VPN, antivirus, and apply other consolidated security functions to virtual workloads, and experience the easy-to-use web interface and contextual displays.  To download the FortiGate-VM free trial please contact your local Fortinet sales representative.