침입 방지 시스템(IPS)

강력하고 혁신적

FortiGate IPS – NSS Labs에서 다시 한 번 추천받음
구매 형태 :
  • 어플라이언스
  • 가상 머신
  • 클라우드

FortiGate IPS Overview

Whether part of a firewall solution or a separate standalone appliance, Intrusion Prevention Systems (IPS) technology is becoming an increasingly ubiquitous part of network security defenses. Fortinet, well known for its next-generation firewall (NGFW) solution, has built IPS technology for more than ten years. Fortinet customers expect and depend on high performance from FortiGate firewalls and FortiGate IPS benefits from this legacy, delivering pound-for-pound, the best IPS performance available in the market today. FortiGate IPS, following a different evolution path than traditional IPS, innovates in ways that other standalone IPS products do not.

 

FortiGate IPS Webinar and Videos

Breathe New Life Into Your IPS Strategy with Today’s Evolved Options

Breathe New Life Into Your IPS Strategy with Today’s Evolved Options

The true dilemma for most organizations facing today's sophisticated threats is which approach to IPS will meet their unique network needs.

Watch the recorded webinar

FortiGate IPS Product Details

Zero-day, advanced targeted attacks, ransomware, polymorphic malware and distributed denial-of-service attacks all require sophisticated detection engines not available in traditional standalone IPS or in most firewalls. FortiGate IPS includes multiple inspection engines, threat intelligence feeds and advanced threat protection options to defend against these unknown threats. Packaged in powerful FortiGate platforms (hardware, virtual, cloud) with advanced analytics and workflows through FortiAnalyzer, FortiGate IPS is a cost-effective network security solution to feed incident response needs in your SOC.

 

Features and Benefits

 

checkmark icon

World-class Protection

Deep inspection for advanced threats, botnets, zero days and targeted attacks on the network
top rate icon

Industry certification

Independent third-party validation to demonstrate superior detection and best price performance
icon benefits spu

High performance

Innovative security processor (SPU) technology for high-performance network throughput and deep security inspection
icon sandbox

Advanced threat protection

Seamless integration – appliance or cloud service – with world-class sandboxing for advanced threats
Icon security fabric

Security Fabric integration

Integration and automation with Fortinet’s broad product portfolio and partner ecosystem
icon benefits data leakage prevention

Data leak protection

File protection controls to prevent sensitive data exfiltration 

FortiGate IPS Models and Specifications

FortiGate IPS is available in different form factors and models to meet the needs of your environment. All models offer full FortiGate IPS functionality and can be managed across all form factors in a single FortiManager-FortiAnalyzer instance.

Ultra high-end IPS
IPS Throughput
120 Gbps
Ports
Varied
IPS Throughput
60 Gbps
Ports
Varied
IPS Throughput
60 Gbps
Ports
Varied
IPS Throughput
18 Gbps
Ports
2x 40GE QSFP+, 2x 10GE SFP+, 2x GE RJ45
Chassis IPS
IPS Throughput
170 Gbps
Ports
4x 100GE QSFP28, 24x 25GE SFP28, 3x 10GE SFP+,2x GE RJ45
IPS Throughput
110 Gbps
Ports
4x 100GE QSFP28, 24x 25GE SFP28, 3x 10GE SFP+,2x GE RJ45
High-end IPS
IPS Throughput
32 Gbps
Ports
10x 100GE QSFP28,16x 10GE SFP+, 2x GE RJ45
IPS Throughput
30 Gbps
Ports
6x 100GE QSFP28, 16x 10GE SFP+, 2x GE RJ45
IPS Throughput
30 Gbps
Ports
4x 100GE CFP2, 4x 40GE QSFP+ 8x 10GE SFP+, 2x GE RJ45
IPS Throughput
28 Gbps
Ports
4x 40GE QSFP+, 20x 10GE SFP+/GE SFP, 8x SFP+, 2x GE RJ45
IPS Throughput
26 Gbps
Ports
48x 10GE SFP+/GE SFP, 2x GE RJ45
IPS Throughput
22 Gbps
Ports
32x 10GE SFP+/GE SFP, 2x GE RJ45
IPS Throughput
23 Gbps
Ports
16x 10GE SFP+/GE SFP, 2x GE RJ45
IPS Throughput
11.5 Gbps
Ports
10x 10GE SFP+, 2x 10GE SFP+ bypass, 34x GE RJ45
IPS Throughput
11.5 Gbps
Ports
6x 10GE SFP+, 34x GE RJ45
IPS Throughput
13 Gbps
Ports
8x 10GE SFP+/GE SFP, 16x GE SFP, 18x GE RJ45
IPS Throughput
6.8 Gbps
Ports
4x 10GE SFP+/GE SFP, 16x GE SFP, 18x GE RJ45
IPS Throughput
6 Gbps
Ports
2x 10 GE SFP+, 16x GE SFP, 18x GE RJ45
Mid-range IPS
IPS Throughput
4.2 Gbps
Ports
2x 10 GE SFP+, 8x GE SFP, 4x GE RJ45 Bypass, 22x GE RJ45
IPS Throughput
5.2 Gbps
Ports
2x 10 GE SFP+, 10x GE RJ45, 8x GE SFP
IPS Throughput
5 Gbps
Ports
18x GE RJ45, 16x GE SFP
IPS Throughput
2.2 Gbps
Ports
18x GE RJ45, 4x GE SFP
IPS Throughput
500 Mbps
Ports
20x GE RJ45, 2x Shared Port Pairs
FortiAnalyzer
Devices/VDOMs (maximum)
150
GB/Day of Logs
100
Collector Sustained Rate (logs/sec)
4500
Devices/VDOMs (maximum)
200
GB/Day of Logs
200
Collector Sustained Rate (logs/sec)
9000
Devices/VDOMs (maximum)
2000
GB/Day of Logs
600
Collector Sustained Rate (logs/sec)
27000
Devices/VDOMs (maximum)
2000
GB/Day of Logs
1000
Collector Sustained Rate (logs/sec)
45000
Devices/VDOMs (maximum)
4000
GB/Day of Logs
3000
Collector Sustained Rate (logs/sec)
60000
Devices/VDOMs (maximum)
10000
GB/Day of Logs
5000
Collector Sustained Rate (logs/sec)
90000
Devices/VDOMs (maximum)
10000
GB/Day of Logs
8300
Collector Sustained Rate (logs/sec)
150000
FortiManager
Devices/VDOMs (maximum)
30
GB/Day of Logs
2
Storage Capacity
8 TB
Devices/VDOMs (maximum)
100
GB/Day of Logs
2
Storage Capacity
12 TB
Devices/VDOMs (maximum)
300
GB/Day of Logs
2
Storage Capacity
24 TB
Devices/VDOMs (maximum)
1200
GB/Day of Logs
2
Storage Capacity
36 TB
Devices/VDOMs (maximum)
4000
GB/Day of Logs
10
Storage Capacity
48 TB
FortiGate IPS, FortiAnalyzer and FortiManager virtual machines are all supported on VMware vSphere, Citrix Xen Server, Xen, KVM, and Microsoft Hyper-V.

FortiGate IPS
IPS Throughput
1 Gbps
Ports
Up to 10
IPS Throughput
1.5 Gbps
Ports
Up to 10
IPS Throughput
3 Gbps
Ports
Up to 10
IPS Throughput
6 Gbps
Ports
Up to 10
IPS Throughput
12 Gbps
Ports
Up to 10
IPS Throughput
19 Gbps
Ports
Up to 10
FortiAnalyzer IPS
Devices/VDOMs (maximum)
10000
GB/Day of Logs
1
Storage Capacity
500 GB
Devices/VDOMs (maximum)
10000
GB/Day of Logs
+1
Storage Capacity
+500 GB
Devices/VDOMs (maximum)
10000
GB/Day of Logs
+5
Storage Capacity
+3 TB
Devices/VDOMs (maximum)
10000
GB/Day of Logs
+25
Storage Capacity
+10 TB
Devices/VDOMs (maximum)
10000
GB/Day of Logs
+100
Storage Capacity
+24 TB
Devices/VDOMs (maximum)
10000
GB/Day of Logs
+500
Storage Capacity
+48 TB
Devices/VDOMs (maximum)
10000
GB/Day of Logs
+2000
Storage Capacity
+100 TB
FortiManager IPS
Devices/VDOMs (maximum)
10
GB/Day of Logs
1
Storage Capacity
100 GB
Devices/VDOMs (maximum)
+10
GB/Day of Logs
2
Storage Capacity
200 GB
Devices/VDOMs (maximum)
+100
GB/Day of Logs
5
Storage Capacity
1 TB
Devices/VDOMs (maximum)
+1000
GB/Day of Logs
10
Storage Capacity
4 TB
Devices/VDOMs (maximum)
+ 5000
GB/Day of Logs
25
Storage Capacity
8 TB
Devices/VDOMs (maximum)
+ 10000
GB/Day of Logs
50
Storage Capacity
16 TB

FortiGate IPS, FortiAnalyzer and FortiManager virtual machines are all available on Amazon Web Services and Microsoft Azure. In addition, FortiGate IPS is also available on Oracle Cloud, IBM Cloud and Google Cloud Platform.

Amazon Web Service

Microsoft Azure

Oracle Cloud

IBM Cloud

Google Cloud Platform

FortiGuard Service for FortiGate IPS

FortiGate IPS is the primary user of the FortiGuard Intrusion Prevention service, but your detection, control and security posture are greatly improved with any combination of the following FortiGuard services, many of which are included in the FortiGuard bundles.

View FortiGuard Labs Services and Bundles.

 

FG AntiSpam

스팸 방지 기능

FortiGuard 스팸 방지 기능은 조직에서 처리하는 스팸을 탐지, 필터링하는 데 종합적인 다계층 방식을 지원합니다. 듀얼 패스 탐지 기술은 주변부에서 스팸의 양을 현저히 줄여, 이메일 공격과 감염으로부터 누구보다 확실한 보호를 제공합니다.

FG Antivirus

바이러스 백신

FortiGuard 바이러스 백신은 최신 바이러스, 스파이웨어 및 기타 콘텐츠 수준 위협을 방어합니다. 업계 최고의 진보된 탐지 엔진을 사용해 새로운 위협과 지능형 위협이 네트워크 내에서 발판을 마련하고 귀중한 콘텐츠에 액세스하지 못하도록 차단합니다.

FG Application Control

애플리케이션 제어

사용자가 실행하는 애플리케이션에 업계 최고의 실시간 가시성을 제공하여 보안을 개선하고 허용 가능한 사용 정책을 준수합니다. FortiGuard 애플리케이션 제어를 사용하면 애플리케이션 또는 애플리케이션 카테고리에 대한 액세스 허용, 거부 또는 제한 정책을 신속히 설정할 수 있습니다.

Product Category Thumb SS security audit

Content Disarm & Reconstruction

Content Disarm & Reconstruction (CDR) strips all active content from files in real-time, creating a flat sanitized file. All active content is treated as suspect and removed. CDR processes all incoming files, deconstructs them, and removes all elements that do not match firewall policies.

Icon cloudsandbox

FortiSandbox 클라우드

FortiSandbox 클라우드 서비스는 이전에 알려지지 않았던 멀웨어를 동적 분석으로 식별하는 지능형 위협 보호 솔루션입니다. FortiSandbox 클라우드가 생성한 조치 가능한 인텔리전스를 네트워크 내부의 예방적 제어 기능에 입력하여 위협을 무력화합니다.

FG IOCs DK

Indicators of Compromise

The FortiGuard Indicator of Compromise (IOC) service packages recently observed artifacts of host intrusions or compromise, delivering them daily to retroactively identify any host intrusions and proactively protect against the latest targeted attacks.

Industrial Control systems icon

산업 제어 시스템

FortiGuard 산업 보안 서비스는 서명을 연속적으로 업데이트해 일반적인 ICS/SCADA(감독 제어 및 데이터 수집) 프로토콜 대부분을 식별, 감독하고, 섬세한 가시성과 관리 기능을 제공합니다. 주요 ICS 제조사의 애플리케이션과 장치에 추가적인 취약성 보호 기능을 제공합니다.

FG Intrusion Prevention

침입 방지

FortiGuard IPS는 위협이 네트워크 장치에 도달하기 전에 탐지, 차단함으로써 새로운 네트워크 침입으로부터 보호합니다.

FG AntiBotnet

IP 평판 및 안티봇넷 보안

FortiGuard IP 신뢰도 서비스는 위협 센서, CERT, MITRE, 협력사 및 기타 국제적 협업 기관으로 구성된 Fortinet 분산 네트워크에서 악성 소스 IP 데이터를 집계하고 적대적 소스에 대한 최신 위협 인텔리전스를 제공합니다. 분산 네트워크 게이트웨이에서 실시간에 가깝게 인텔리전스를 제공하는 데다, FortiGuard Labs의 세계적인 연구를 결합해 기관이 위협으로부터 안전하고 공격을 미리 차단할 수 있도록 돕습니다.

FG Mobile Security

모바일 보안

Fortinet의 모바일 보안 서비스는 모바일 장치를 노리는 새로운 위협으로부터 보호합니다. 업계 최고의 진보된 탐지 엔진을 사용해 새로운 위협과 진화하는 위협이 네트워크 내부에서 발판을 마련하고 귀중한 정보에 액세스하지 못하도록 차단합니다.

Security Rating Service icon

보안 등급

보안 감사 업데이트 서비스는 고객이 각 조직에 맞게 보안 패브릭 보안 환경을 설계, 구현하고 지속적으로 관리할 수 있도록 유도합니다. 보안 패브릭은 보안 모범 사례를 기초로 구축되었으며, 보안팀은 이러한 감사 검사를 실행하여 보안 패브릭 설정에서 중대한 취약성과 구성 약점을 찾아내고 모범 사례에 따른 권고 사항을 구현할 수 있습니다.

Product Category Thumb SS virus outbreak

Virus Outbreak Protection Service

FortiGuard Virus Outbreak Protection Service (VOS) closes the gap between antivirus updates with FortiCloud Sandbox analysis to detect and stop malware threats discovered between signature updates before they can spread throughout an organization. OS initiates a real-time look-up to our Global Threat Intelligence database.

FG Web Filtering

웹 필터링

악성 또는 해킹되거나 부적절한 웹사이트 액세스를 차단하여 기관을 보호합니다.

   

FortiGuard Service Bundles for FortiGate

Enterprise Protection Bundle

Protection to address today's advanced threat landscape. It delivers all FortiGuard security services available for the FortiGate including: NGFW Application Control and IPS, Web Filtering, FortiCloud Sandbox, Antivirus, Mobile Security, IP Reputation & Antibotnet, Antispam, and core FortiCare security services with a choice of 8x5 or 24x7 support.

UTM Protection Bundle

Traditional UTM security services including NGFW Application Control and IPS, Web Filtering, Antivirus, Antispam, and core FortiCare security services with a choice of 8x5 or 24x7 support.

Threat Protection Bundle

Core protection technologies including: Application Control, IPS, AV, Botnet IP/Domain and Mobile Malware Service. FortiCare security services include 24x7 support. 

You can find more information here.

FortiGate IPS Demo

product demo fortigate 1500d

FortiGate Next-Generation Firewall Demo

This full working demo lets you explore the many features of our FortiGate Next-Generation Firewall (NGFW). You’ll quickly see how FortiGate allows you to enable threat protection features such as IPS, Web-Filtering, Anti-Malware, Cloud Sand-box and SSL inspection to stop known and unknown threats. FortiGate also provides the full visibility and identifies applications, users and devices to identify issues quickly and intuitively. Be sure to check out our Security Fabric features to provide end to end topology view, security ratings based on the best practices and automation to reduce complexity. 

Access the demo
product demo fortiguard ips

FortiGate IPS Demo

Try out FortiGate IPS for yourself and see all of the detection capabilities and incident monitoring possible in this world-class IPS solution.

Access the demo

FortiGate IPS Certification

 

NSS Labs NGIPS 2018 SVM and Report

NSS Labs’ NGIPS test is the most extensive IPS test, including several tests not conducted for DCIPS, such as live drive-by-exploits (100% block rate for Fortinet), exploits against web target types, application ID and evasions (also 100% block rate for Fortinet). The FortiGate 500E and FortiGate 3000D are world-class IPS appliance, achieving “Recommended” status again with an overall Exploit block rate of 99.5% for FortiGate 500E and 99.6% for FortiGate 3000D.

NSS Labs DCIPS 2018 SVM and Report

NSS Labs’ Data Center Intrusion Prevention Systems (DCIPS) focuses on data center environments, especially vulnerabilities commonly found in servers. The Security Value Map (SVM) shows that FortiGate IPS achieved the highest cumulative blocking rate at 98.73% and the lowest TCO at $3 per protected Mbps. Fortinet builds world-class IPS appliances and another “Recommended” IPS rating from NSS Labs proves this.

NSS Labs DCSG 2017 SVM and Report

NSS Labs’ DCSG test is a comprehensive Data Center Security Gateway (DCSG) test, including several tests to measure relevant security effectiveness and Intrusion Prevention (IPS) performance using live exploits including “weaponized” exploits (97.9% and 98% block rate respectively for Fortinet FortiGate 7060E and FortiGate 3000D) and resistance to evasion techniques (100% block rate for Fortinet). The FortiGate 7060E and 3000D both achieved “Recommended” status, with a leading combination of Security Effectiveness and Value per protected Megabit Per Second (Mbps) in the NSS Labs Security Value Map (SVM).

NSS Labs Breach Prevention Systems (BPS) Test 2017

NSS Labs introduced a new group test, BPS focused on detecting and blocking exploits, advanced malware, and evasions. This helps validate the advanced threat response cycle of prevent-detect-mitigate across a number of threat vectors including web, email, and endpoint. Fortinet's Security Fabric consisting of FortiSandbox, FortiGate, FortiMail, and FortiClient integrated together, earned a Recommended award by achieving a block rate of 99.6% and offering the lowest 3-year TCO

NSS Labs DCIPS 2016 SVM

NSS Labs’ Data Center Intrusion Prevention System (DCIPS) report is the industry’s most comprehensive test to date with their Security Value Map revealing that Fortinet’s FortiGate 3000D earned the highest ratings for Security Effectiveness, blocking 99.9 percent of exploits, and TCO (Total Cost of Ownership) per protected Mbps (Megabit per second).

NSS Labs 2015 Next Generation IPS Test

In 2015, NSS Labs conducted a group test of next generation IPS solutions to assess their abilities to identify both the applications and the users on their internal networks, protect the enterprise user against threats/exploits, and catch sophisticated attacks while producing as few false positives as possible. Demonstrating 99% effectiveness and superior value, Fortinet FortiGate earned the NSS Labs Recommendation.

ICSA Labs Certified: Antivirus, Corporate Firewall, IPsec, NIPS, SSL-TLS, and Web Application Firewall

FortiGate and FortiWeb products are evaluated against ICSA criteria in 6 popular Certification programs. ICSA Labs manages and sponsors security consortia that provides a forum for intelligence sharing among the leading vendors of security products. In addition, ICSA Labs publishes surveys, security industry studies, and buyer's guides for computer security products.

FortiGate IPS Alliance Partners

FortiGate IPS provides integration with many leading IT vendors as part of the Fortinet Security Fabric.  Below is a list of current Product Alliance Partners:

AlgosSec
AlgosSec

The leading provider of business-driven security management solutions, AlgoSec helps over 1,500 enterprises align security with their business processes, to make their organizations more agile, secure and compliant.

Attivo Networks
Attivo Networks

Attivo Networks is an award-winning innovator in cyber security defense. As the leader in deception-based threat detection technology, Attivo empowers continuous threat management using dynamic deceptions for the real-time detection, analysis, and accelerated response to cyber incidents.

Centrify
Centrify

Centrify is the leader in securing enterprise identities against cyberthreats that target today’s hybrid IT environment of cloud, mobile, and on-premises.

FireMon
FireMon

FireMon solutions deliver continuous visibility into and control over network security infrastructure, policies, and risk.

Gigamon
Gigamon

Gigamon provides active visibility into physical and virtual network traffic, enabling stronger security, and superior performance.

Technical Integration Guide

IBM
IBM

IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio enables organizations to effectively manage risk and defend against emerging threats.

Nozomi Networks
Nozomi Networks

Nozomi Networks is a leading provider of real-time visibility, advanced monitoring capabilities, and strong security for industrial control networks supporting critical infrastructure. Nozomi has been deployed in some of the largest industrial installations, providing some of the fastest return-on–investment in the industry.

ServiceNow
ServiceNow

ServiceNow makes work better. Our applications automate, predict, digitize and optimize business processes across IT, Customer Service, Security Operations, HR and more, for a better enterprise experience.

Splunk
Splunk

Splunk Inc. is the market-leading platform that powers Operational Intelligence.

Tufin
Tufin

Tufin leads the Security Policy Orchestration market, enabling enterprises to centrally manage, visualize, and control security policies across hybrid cloud and physical network environments.

UBiqube
UBiqube

UBiqube is a vendor-agnostic provider of end-to-end network and security orchestration solutions. UBiqube’s MSActivator™ is a multi-tenant software framework enabling the design, automation, and management of services over hybrid communication infrastructures (SDN/NFV/IoT).

FortiGate IPS FAQs

Does Fortinet really build IPS technology?

Although better known for firewalls, Fortinet has built IPS products for more than 10 years, participating in NSS Labs IPS testing for the past few years and receiving “recommended” ratings with detection and blocking scores better than many of the traditional IPS vendors. Chose the IPS form factor that suits you best – either standalone IPS or IPS integrated into the firewall.

How is FortiGate IPS different from IPS offered by other firewall vendors?

IPS products that are bolted on to firewall platforms are usually an afterthought and tend to be a massive performance burden. It is not uncommon to see more than 80% performance degradation when turning IPS inspection on in many firewalls. FortiGate IPS and FortiGate firewalls were part of the inspection path from the beginning, designed with parallel path processing in all form factors and having the benefits of Security Processing Units (SPU) in hardware form. This is why FortiGate IPS was capable of 131 Gbps throughput as verified by NSS Labs on the FortiGate IPS 7060E. Value and IPS performance are not an issue for FortiGate IPS. 

How are IPS and Firewalls different?

Fundamentally, a firewalls is tasked with access control, based on a set of access rules. IPS is tasked with content inspection. While both try to keep bad traffic out of your network, they go about it in different ways. Firewalls can usually determine whether a network flow should be allowed into the network by discerning the application type and user information. This often requires only inspecting the first few packets in a flow or even just the packet headers. This is a good thing, making firewall inspection very efficient. In contrast, IPS needs to inspect the entire flow, in order to determine if the payload or intent of the flow is malicious. That can mean inspecting every packet or even inspection across multiple flows to fully examine payload. This is a lot more work and while firewall and IPS functions can absolutely reside on the same appliance, do not let your IPS capability be strangled by a platform that is only optimized to look for application type or user.

Can Firewalls and IPS be managed together?

Absolutely yes. FortiGate IPS and FortiGate firewalls (and several other Fortinet technologies) are managed by the same central management system – FortiManager and FortiAnalyzer – often sharing the same settings and configurations. In fact, this central management system extends across environments seamlessly with a single-pane-of-glass, from hardware to virtual machines to public cloud instances.