Passerelle de sécurité web (SWG)

SWG : Protection professionnelle contre les menaces issues d'Internet

Magic Quadrant 2017 de Gartner pour les pare-feux d’entreprise
Disponibles en:
  • Appareil
  • Machine Virtuelle
  • Nuage

Secure Web Gateway (SWG) Overview

Secure Sockets Layer (SSL) adoption is on the rise, with  at least 60% of internet sites using it as of January 2018. While this provides confidentiality, it’s also a great place for cybercriminals to hide malware. Industry reports indicate that 41% of malicious traffic leverages encryption. In addition, administrators lose visibility of data leaving the enterprise and can’t enforce data loss policies.

Fortinet firewalls with Gateway Security protects enterprises against web attacks with URL filtering, visibility and control of encrypted web traffic via SSL inspection, and application of granular web application policies. Fortinet is the first and only gateway security vendor to earn Virus Bulletin’s VBWeb certification for web filtering effectiveness.

 

Secure Web Gateway (SWG) News

Security Services Bridge Gaps Caused by Fragmented Network Environments

5/29/2018: Learn how you can deploy effective security services to reap the maximum benefits from your security devices. Read the blog.

 

FortiOS 6.0

2/27/2018:   FortiOS 6.0 introduces more than 200 features designed to help enterprises embrace cloud adoption without compromising on security. Learn more.

 

Threat Landscape

2/16/2018: Find out about the latest threats trends and what they mean to your organization. Highlights this quarter include analysis on cryptojacking, micro-targeted and personalized malware and zero-day threats on black markets. Find out more

 

Secure Web Gateway (SWG) Videos

Demo of FortiGate SWG Use cases

FortiGate SWG protects against web attacks with URL filtering, visibility and control of encrypted web traffic via SSL inspection, and application of granular web application policies. This demo walks through two key use cases: How to enforce Acceptable Use Policy How to block malicious web pages using FortiGuard Web Filtering

Voir
Reclaim Your Freedom to Safely Surf the Web
FortiGate Cookbook - Transparent Web Proxy (5.6)
FortiOS 6.0 and Security Fabric Q&A with Michael Xie

Secure Web Gateway (SWG) Product Details

Fortinet Secure Web Gateway defends users from internet-borne threats and helps enterprises enforce policy compliance for internet applications.   

With FortiGate SWG, you can deploy industry-leading Fortinet Next Generation Firewalls as a proxy.  FortiGate SWG consolidates NGFW and SWG services, helping enterprises manage their network security solution with ease.  It supports all proxy deployment modes, and uses multiple detection techniques such as web filtering, DNS filtering, data loss prevention, antivirus, intrusion prevention and advanced threat protection to protect employees from internet threats.  FortiGate SWG is best suited for enterprises looking to consolidate network security services and optimize the workload of security teams.

Enterprises can also adopt FortiProxy, a dedicated Secure Web Gateway solution.

 

   

Features and Benefits

integration icon

Feature-rich product that consolidates NGFW and SWG services

high performance icon

Powerful hardware that can perform SSL deep inspection

icon vulnerability

Anti-malware techniques updated with the latest threat intelligence

icon benefits management

Reduce security team’s workload by providing a single pane of glass management for both NGFW and SWG

visibility icon

Effectively remove blind spots in encrypted traffic, without compromising on performance

checkmark icon

Stay protected against the latest known and unknown internet-borne attacks 

Secure Web Gateway(SWG) Models and Specifications



SWG is available in different form factors with many different models to choose from to meet your needs ranging from hardware appliances to VM options that be deployed in your datacenter.

Hardware Appliances
Throughput
5 Gbps
Ports
2x 10 GE SFP+, 10x GE RJ45, 8x GE SFP
SSL Inspection
6.8 Gbps
Throughput
4 Gbps
Ports
2x 10 GE SFP+, 10x GE RJ45, 8x GE SFP
SSL Inspection
6.8 Gbps
Throughput
5 Gbps
Ports
2x 10 GE SFP+, 16x GE SFP, 18x GE RJ45
SSL Inspection
4 Gbps
Throughput
6 Gbps
Ports
4x 10GE SFP+/GE SFP, 16x GE SFP, 18x GE RJ45
SSL Inspection
6 Gbps
Throughput
7 Gbps
Ports
8x 10GE SFP+/GE SFP, 16x GE SFP, 18x GE RJ45
SSL Inspection
10.5 Gbps
Throughput
9 Gbps
Ports
6x 10GE SFP+, 34x GE RJ45
SSL Inspection
12.5 Gbps
Throughput
9 Gbps
Ports
10x 10GE SFP+, 2x 10GE SFP+ bypass, 34x GE RJ45
SSL Inspection
12.5 Gbps
Throughput
22 Gbps
Ports
16x 10GE SFP+/GE SFP, 2x GE RJ45
SSL Inspection
19 Gbps
Throughput
24 Gbps
Ports
48x 10GE SFP+/GE SFP, 2x GE RJ45
SSL Inspection
20 Gbps
Throughput
20 Gbps
Ports
4x 40GE QSFP+, 20x 10GE SFP+/GE SFP, 8x SFP+, 2x GE RJ45
SSL Inspection
24 Gbps
Virtual Machines
FortiGate is supported on VMware, Microsoft Hyper-V, Citrix XenServer, Open Source Xen, KVM, Amazon Web Services (AWS) and Microsoft Azure. Please see the data sheet for more details.

Throughput
2.5 Gbps
Ports
1 / 10 (Minimum/Maximum)
Throughput
4.5 Gbps
Ports
1 / 10 (Minimum/Maximum)
Throughput
9 Gbps
Ports
1 / 10 (Minimum/Maximum)
Throughput
16.5 Gbps
Ports
1 / 10 (Minimum/Maximum)

Actual performance may vary depending on the network and system configuration. Performance metrics were observed using a DELL R740 (CPU Intel Xeon Platinum 8168 2.7 GHz, Intel X710 network adapters), running FOS v5.6.3. Tested with VMware vSphere 6.5 Enterprise Plus. SR-IOV is enabled. 1. IPS performance is measured using 1 Mbyte HTTP and Enterprise Traffic Mix. 2. Application Control performance is measured with 64 Kbytes HTTP traffic. 3. NGFW performance is measured with IPS and Application Control enabled, based on Enterprise Traffic Mix. 4. Threat Protection performance is measured with IPS and Application Control and Malware protection enabled, based on Enterprise Traffic Mix.

Public Cloud
Amazon Web Services (AWS) and Microsoft Azure supported for both BYOL (bring your own license) and On-demand (pay-as-you go). Please see the AWS and Azure Marketplace listings for more information:
Hardware Appliances
Modèle
FortiProxy 400E
License Capacity
500-2,500 Users
Ports
4x GE RJ45
Modèle
FortiProxy 2000E
License Capacity
2,500-25,000 Users
Ports
2x 10 GE SFP+, 2x GE SFP ports, 2x GE RJ45 ports
Modèle
FortiProxy 4000E
License Capacity
15,000-50,000 Users
Ports
4x 10 GE SFP+, 2x GE SFP ports, 4x GE RJ45 ports
Virtual Machines
Modèle
FortiProxy VM
License Capacity
25-25,000 Users
Ports
1 / 10 (Minimum/Maximum)

FortiGuard Security Services for Secure Web Gateway (SWG)

FortiGate SWG employs multiple FortiGuard services to protect users against the latest web threats and to enforce compliance.  One of the key services is FortiGuard Web Filtering, which is the only web filtering service in the industry that is VBWeb certified for security effectiveness by Virus Bulletin.

FG Web Filtering

Web Filtering

Protects your organization by blocking access to malicious, hacked, or inappropriate websites.

Icon cloudsandbox

FortiCloud Sandbox

Advanced threats are getting more sophisticated and easy to propagate. FortiCloud sandbox provides advanced protection even for the smallest location, so that the security posture is consistent across the enterprise. It performs dynamic analysis to identify previously known malware. It has been recommended by both NSS Labs and ICSA Labs.

FG Antivirus

Antivirus

Protects against the latest viruses, spyware, and other content-level threats. It uses industry-leading advanced detection engines to prevent both new and evolving threats from gaining a foothold inside your network and accessing its invaluable content.

FG Application Control

Application Control

Application awareness is a key component of SD-WAN. FortiGuard Application Control service provides visibility into thousands of applications to ensure business critical applications are always given priority. Signatures for applications are added every day, to quickly identify new applications. With the help of FortiGuard application control, you can look at a broad spectrum of applications, define granular polices for sub-applications, as well as identify cloud and homegrown applications.

FG Intrusion Prevention

Intrusion Prevention

FortiGuard IPS protects branches against the latest network intrusions by detecting and blocking threats before they reach network devices. The combination of real-time threat intelligence updates and thousands of existing intrusion prevention rules delivers the industry’s best IPS protection.

Secure Web Gateway (SWG) Demo

product demo secure web gateway

FortiGate Secure Web Gateway Demo

With the increase in SSL web traffic, zero-day malware and growing number of social websites, enterprises are turning to secure web gateway to protect employees from internet-borne attacks. 

This demo lets you explore the key Secure Web Gateway features such as SSL Inspection, DNS and Web Filtering, Web Application Control, Authenticated Web Access and Detailed Reporting. 

Access the demo

Secure Web Gateway (SWG) FAQs

We recently migrated to Office 365 and our proxy can’t handle the traffic.  Can FortiGate SWG be used?

Yes, this is one of our common deployments.  FortiGate SWG has powerful hardware, and custom-built ASICs to provide high performance.  It can also enforce Office365 tenant restrictions and inspect SSL traffic .

Can FortiGate SWG be deployed in explicit proxy mode?

FortiGate SWG can be deployed in all proxy modes. It includes explicit proxy and transparent proxy for large enterprises, and inline proxy mode for smaller enterprises.    

How is FortiGate SWG licensed?

Unlike other SWG vendors, FortiGate SWG is not licensed per user.  You pay for the hardware and security services such as web filtering, antivirus, IPS, sandboxing, CASB and application control.   This significantly reduces the total cost of ownership.

What are the use cases supported by FortiGate SWG?

FortiGate SWG supports all common authentication methods such as RADIUS, Active Directory, LDAP and SAML.

What techniques does FortiGate SWG use for malware prevention?

FortiGate SWG always receives the latest security protection from FortiGuard Threat Intelligence Service, that collects threat data from more than 200,000 live deployments.   Numerous techniques are used for malware prevention such as AV, website reputation analysis, sandboxing and DLP.

Does FortiGate SWG work with other Fortinet products?

FortiGate SWG is part of the Fortinet Security Fabric, integrating with FortiClient for endpoint protection, FortiCASB for protection cloud applications, FortiSandbox for advanced protection, FortiManager and FortiAnalyzer for management.