차세대 방화벽

FortiGate: 복잡성을 낮추어서 업계 최고의 위협 방지 및 성능 제공

Gartner 2018 Magic Quadrant 엔터프라이즈 방화벽 부문
구매 가능 지역 :
  • 어플라이언스
  • 가상 머신
  • 클라우드

FortiGate: Next-Generation Firewall Overview

As security architects consider how to provide comprehensive threat protection for their enterprises, including intrusion prevention, web filtering, anti-malware and application control, they face a major complexity hurdle managing these point products with no integration and lack of visibility. Gartner estimates that by 2019 80% of enterprise traffic will be encrypted and 50% of attacks targeting enterprise will be hidden in encrypted traffic.

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance including encrypted traffic. FortiGate reduces complexity with automated visibility into applications, users and network and provides security ratings to adopt security best practices. 

 

FortiGate: Next-Generation News

7/17/2018: Fortinet Receives Recommended Rating in Latest NSS Labs NGFW Report, Delivers High SSL Performance Suited for Encrypted Cloud Access.  Receives Fifth Consecutive “Recommended” Rating, Blocked 100 Percent of Evasions and Achieved Minimal Performance Degradation for SSL Inspection

 

7/31/2018: Fortinet Announces Enhancements to Our Security Services Portfolio. Defending against the ever-expanding threat landscape requires real-time threat research and intelligence. Enhancing our subscription services to provide this crucial resource, we are announcing two critical changes.

 

2/27/2018:  Fortinet Delivers Third Generation of Network Security with the Evolution of its Security Fabric.  FortiOS 6.0 delivers more than 200 new capabilities across Security Fabric to automate security operations and protect the digital attack surface

FortiGate: Next-Generation Firewall Videos

FortiGate Next Generation Firewall with Security Fabric Demo
An Interview with John Maddison, Fortinet SVP of Products and Solutions
FortiOS 6.0 and Security Fabric Q&A with Michael Xie

FortiGate: Next-Generation Firewall Product Details

FortiGate enterprise firewalls offer flexible deployments from the network edge to the core, data center, internal segment, and the Cloud. FortiGate enterprise firewalls leverages purpose-built security processors (SPUs) that delivers scalable performance of advanced security services like Threat Protection, SSL inspection, and ultra-low latency for protecting internal segments and mission critical environments.

FortiGate NGFW provides automated visibility into cloud applications, IoT devices and automatically discovers end to end topology view of the enterprise network. FortiGate is a core part of security fabric and validated security protect the enterprise network from known and unknown attacks. 

 

Features and Benefits

high performance icon

High-performance threat protection

Industry's highest threat protection and SSL inspection performance to protect from malware attacks hiding in encrypted traffic 
icon vulnerability

Validated security effectiveness

Independently certified and continuous threat intelligence updates provide robust protection from known and unknown attacks
icon benefits secure choice

Protect mission critical applications

Highly scalable segmentation and ultra-low latency to protect network segments 
icon benefits management

Continuous risk assessment via automation

Leverage automated workflow and auditing features to deal with scarce security staff and continuously maintain compliance posture 
Icon security fabric

Security Fabric integration

Intelligently share threats across the entire digital attack surface to provide quick and automated protection 
platform support icon

Enterprise class security management

Deliver consistent security policy -- Single pane-of-glass to manage security assets irrespective of location and form factor

FortiGate: Next-Generation Firewalls Models and Specifications

FortiGate NGFW is available in many different models to meet your needs ranging from entry-level hardware appliances to ultra high-end appliances to meet the most demanding threat protection performance requirements.  This ensures that enterprise campus, core data-center, or internal segments, FortiGate can fit seamlessly into your environment.  

FortiGate: Chassis-based NGFW

Threat Protection
80 Gbps
SSL Inspection Throughput
100 Gbps
Network Interfaces
Multiple 10 GE SFP+/SFP, 40 GE QSFP+, 100 GE CFP2/QSFP28
Threat Protection
40 Gbps
SSL Inspection Throughput
50 Gbps
Network Interfaces
Multiple 10 GE SFP+/SFP, 40 GE QSFP+, 100 GE CFP2/QSFP28
Threat Protection
35 Gbps
SSL Inspection Throughput
50 Gbps
Network Interfaces
Multiple 10 GE SFP+/SFP, 40 GE/100 GE QSFP28
Threat Protection
13.5 Gbps
SSL Inspection Throughput
17 Gbps
Network Interfaces
2x 40GE QSFP+, 2x 10GE SFP+, 2x GE RJ45

Please see the product page for more information on these and many more Product features.  

FortiGate: Ultra high-end NGFW

Threat Protection
60 Gbps
SSL Inspection Throughput
90 Gbps
Network Interfaces
Multiple 40/100 GE QSFP28, 1/10/25 GE SFP28, 1/10 GE SFP+ and GE RJ45
Threat Protection
100 Gbps
SSL Inspection Throughput
130 Gbps
Network Interfaces
Multiple 40/100 GE QSFP28, 1/10/25 GE SFP28, 1/10 GE SFP+ and GE RJ45

Please see the product page for more information on these and many more Product features.  

FortiGate: High-end NGFW

Threat Protection
20 Gbps
SSL Inspection Throughput
32 Gbps
Network Interfaces
10x 100GE QSFP28, 16x 10GE SFP+, 2x GE RJ45
Threat Protection
13.5 Gbps
SSL Inspection Throughput
30 Gbps
Network Interfaces
Multiple 40/100 GE QSFP+/QSFP28, 10 GE SFP+ and GE RJ45
Threat Protection
13 Gbps
SSL Inspection Throughput
23 Gbps
Network Interfaces
Multiple 100 GE CFP2, 40 GE QSFP+, 10 GE SFP+ and/or multiple GE SFP/RJ45 depending on variants
Threat Protection
13 Gbps
SSL Inspection Throughput
24 Gbps
Network Interfaces
Multiple 40 GE QSFP+, 10 GE SFP+ and GE SFP
Threat Protection
15 Gbps
SSL Inspection Throughput
20 Gbps
Network Interfaces
Multiple GE RJ45 and 10 GE SFP+ / GE SFP slots
Threat Protection
13 Gbps
SSL Inspection Throughput
22 Gbps
Network Interfaces
Multiple 10 GE SFP+ | Multiple GE SFP and GE RJ45
Threat Protection
13 Gbps
SSL Inspection Throughput
19 Gbps
Network Interfaces
Multiple 10 GE SFP+ | Multiple GE SFP and GE RJ45
Threat Protection
5.4 Gbps
SSL Inspection Throughput
11.5 Gbps
Network Interfaces
10x 10GE SFP+, 2x 10GE SFP+ bypass, 34x GE RJ45
Threat Protection
5.4 Gbps
SSL Inspection Throughput
12.5 Gbps
Network Interfaces
6x 10GE SFP+, , 34x GE RJ45
Threat Protection
5 Gbps
SSL Inspection Throughput
10.5 Gbps
Network Interfaces
8x 10GE SFP+/GE SFP, 16x GE SFP, 18x GE RJ45
Threat Protection
4 Gbps
SSL Inspection Throughput
6 Gbps
Network Interfaces
4x 10GE SFP+/GE SFP, 16x GE SFP, 18x GE RJ45
Threat Protection
4 Gbps
SSL Throughput Inspection
4 Gbps
Network Interfaces
2x 10 GE SFP+, 16x GE SFP, 18x GE RJ45

Please see the product page for more information on these and many more Product features.  

FortiGate: Mid-range NGFW

Threat Protection
3 Gbps
SSL Inspection Throughput
4 Gbps
Network Interfaces
Multiple GE RJ45, GE SFP and 10 GE SFP+ slots
Threat Protection
3 Gbps
SSL Inspection Throughput
4 Gbps
Network Interfaces
Multiple GE RJ45, GE SFP, 10 GE SFP+ slots and bypass GE RJ45 pairs
Threat Protection
3 Gbps
SSL Inspection Throughput
3.5 Gbps
Network Interfaces
Multiple GE RJ45, GE SFP and 10 GE SFP+ Slots
Threat Protection
4.7 Gbps
SSL Inspection Throughput
6.8 Gbps
Network Interfaces
Multiple GE RJ45, GE SFP and 10 GE SFP+ Slots
Threat Protection
3 Gbps
SSL Throughput Inspection
6.8 Gbps
Network Interfaces
Multiple GE RJ45 and GE SFP Slots
Threat Protection
1.2 Gbps
SSL Throughput Inspection
1 Gbps
Network Interfaces
Multiple GE RJ45, GE SFP Slots
Threat Protection
250 Mbps
SSL Throughput Inspection
190 Mbps
Network Interfaces
Multiple GE RJ45, GE SFP Slots | PoE/+ Variants

Please see the product page for more information on these and many more Product features.  

FortiGate: Entry-level NGFW

Threat Protection
270 Mbps
SSL Inspection Throughput
300 Mbps
Network Interfaces
Multiple GE RJ45 | WiFi Variants
Threat Protection
250 Mbps
SSL Inspection Throughput
180 Mbps
Network Interfaces
Multiple GE RJ45 | Varients with internal storage | Variants with PoE/+ interfaces
Threat Protection
200 Mbps
SSL Throughput Inspection
175 Mbps
Network Interfaces
Multiple GE RJ45 | WiFi variants | Variants with internal storage | Variants with PoE/+ interfaces
Threat Protection
160 Mbps
SSL Throughput Inspection
185 Mbps
Network Interfaces
Multiple GE RJ45 | WiFi Variants | Variants with dual radios | Variants with internal storage
Threat Protection
150 Mbps
SSL Throughput Inspection
160 Mbps
Network Interfaces
Multiple GE RJ45 | WiFi Variants
Threat Protection
25 Mbps
SSL Throughput Inspection
18 Mbps
Network Interfaces
10x GE RJ45

Please see the product page for more information on these and many more Product features.  

FortiGuard Security Services for FortiGate: Next-Generation Firewalls

FortiGate NGFW receives continuous threat intelligence updates from FortiGuard Labs security services. Intrusion prevention, anti-malware, cloud sand-box, application control and web filtering protects enterprises from known and unknown advanced attacks.

View FortiGuard Labs Services and Bundle.

FG Application Control

애플리케이션 제어

사용자가 실행하는 애플리케이션에 업계 최고의 실시간 가시성을 제공하여 보안을 개선하고 허용 가능한 사용 정책을 준수합니다. FortiGuard 애플리케이션 제어를 사용하면 애플리케이션 또는 애플리케이션 카테고리에 대한 액세스 허용, 거부 또는 제한 정책을 신속히 설정할 수 있습니다.

FG Web Filtering

웹 필터링

악성 또는 해킹되거나 부적절한 웹사이트 액세스를 차단하여 기관을 보호합니다.

Icon cloudsandbox

FortiSandbox 클라우드

FortiSandbox 클라우드 서비스는 이전에 알려지지 않았던 멀웨어를 동적 분석으로 식별하는 지능형 위협 보호 솔루션입니다. FortiSandbox 클라우드가 생성한 조치 가능한 인텔리전스를 네트워크 내부의 예방적 제어 기능에 입력하여 위협을 무력화합니다.

FG Antivirus

바이러스 백신

FortiGuard 바이러스 백신은 최신 바이러스, 스파이웨어 및 기타 콘텐츠 수준 위협을 방어합니다. 업계 최고의 진보된 탐지 엔진을 사용해 새로운 위협과 지능형 위협이 네트워크 내에서 발판을 마련하고 귀중한 콘텐츠에 액세스하지 못하도록 차단합니다.

FG Intrusion Prevention

침입 방지

FortiGuard IPS는 위협이 네트워크 장치에 도달하기 전에 탐지, 차단함으로써 새로운 네트워크 침입으로부터 보호합니다.

Product Category Thumb SS virus outbreak

Virus Outbreak Protection Service

FortiGuard Virus Outbreak Protection Service (VOS) closes the gap between antivirus updates with FortiCloud Sandbox analysis to detect and stop malware threats discovered between signature updates before they can spread throughout an organization. OS initiates a real-time look-up to our Global Threat Intelligence database.

Product Category Thumb SS security audit

Content Disarm & Reconstruction

Content Disarm & Reconstruction (CDR) strips all active content from files in real-time, creating a flat sanitized file. All active content is treated as suspect and removed. CDR processes all incoming files, deconstructs them, and removes all elements that do not match firewall policies.

FG AntiBotnet

IP 평판 및 안티봇넷 보안

FortiGuard IP 신뢰도 서비스는 위협 센서, CERT, MITRE, 협력사 및 기타 국제적 협업 기관으로 구성된 Fortinet 분산 네트워크에서 악성 소스 IP 데이터를 집계하고 적대적 소스에 대한 최신 위협 인텔리전스를 제공합니다. 분산 네트워크 게이트웨이에서 실시간에 가깝게 인텔리전스를 제공하는 데다, FortiGuard Labs의 세계적인 연구를 결합해 기관이 위협으로부터 안전하고 공격을 미리 차단할 수 있도록 돕습니다.

FortiGate Enterprise Bundle

Our Enterprise (ENT) bundle now includes:

  • CASB - providing visibility, compliance, data security and threat protection for your cloud-based services.
  • Industrial Security Service protection – SCADA (supervisory control and data acquisition) and ICS (industrial control systems). These signatures address attacks against critical infrastructure and manufacturing industries, where we are seeing frequent and sophisticated cyberattacks.
  • Security Rating Service - this service performs checks against your fabric-enabled network and provides scoring and recommendations to your operation teams. The subsequent scorecard can be used to gauge adherence to various internal and external organizational polices, standards, and regulations requirements, including providing a ranking of your firm against industry peers. 

The FortiGuard Enterprise (ENT) Protection bundle is designed to address today’s advanced threat landscape. The Enterprise Bundle consolidates the comprehensive protection needed to protect and defend against all cyberattack channels from the endpoint to the cloud. Including the technologies needed to address today’s challenging OT, compliance, and management concerns. The Enterprise Bundle offers the most comprehensive protection overall. The Enterprise Bundle includes: 

  • NGFW Application Control
  • IPS
  • Antivirus
  • Botnet
  • IP/Domain Reputation
  • Mobile Security
  • Web Filtering
  • Antispam
  • FortiSandbox Cloud
  • Virus Outbreak Protection
  • Content Disarm & Reconstruction 
  • CASB
  • Security Rating 
  • Industrial Security Service
  • FortiCare
FortiGate UTM Bundle

The FortiGuard Unified Protection Bundle (UTM) is our traditional Unified Threat Management security bundle. The Unified Protection Bundle extends threat protection across the entire digital attack surface, providing industry-leading defense against sophisticated attacks. The UTM bundle has you covered for web and email-based attacks. The UTM bundle delivers the best package available for a unified threat protection offering. The UTM Bundle includes: 

  • NGFW Application Control
  • IPS
  • Antivirus
  • Botnet
  • IP/Domain Reputation
  • Mobile Security
  • Web Filtering
  • Antispam
  • FortiSandbox Cloud
  • Virus Outbreak Protection
  • Content Disarm & Reconstruction 
  • FortiCare

The FortiGuard Advantage: 

  • FortiGuard processes over 69 million websites every hour, providing up-to-the-minute reputation and categorization. 
  • Prevent malicious downloads and browser hijacking attacks with top-rated web filtering (VBWeb Verified)
  • Improved email productivity through superior spam prevention validated with 3rd party independent testing (VBSpam + Verified)
FortiGate Advanced Threat Protection Bundle

The FortiGuard Advanced Threat Protection (ATP) bundle provides the foundational security needed to protect and defend against known and unknown cyber threats. The Advanced Threat Protection bundle includes: 

  • NGFW Application Control
  • IPS
  • Antivirus
  • Botnet
  • IP/Domain Reputation
  • Mobile Security
  • FortiSandbox Cloud
  • Virus Outbreak Protection
  • Content Disarm & Reconstruction 
  • FortiCare 24*7
Services Table
Service Advanced Threat Protection
(ATP)
 
Unified Protection
(UTM)
 
Enterprise Protection
(ENT)
 
A La Carte Protection


Threat Intelligence Service
     
Industrial Security Service
   

Security Rating
   

CASB
   

Web Filtering
 

Antivirus + Sandboxing




IPS




Antispam
 

 
Internet DB



 
IP Reputation


 
Application Control



 

FortiGate: Next-Generation Firewall Demo

product demo fortigate 1500d

FortiGate Next-Generation Firewall Demo

This full working demo lets you explore the many features of our FortiGate Next-Generation Firewall (NGFW). You’ll quickly see how FortiGate allows you to enable threat protection features such as IPS, Web-Filtering, Anti-Malware, Cloud Sand-box and SSL inspection to stop known and unknown threats. FortiGate also provides the full visibility and identifies applications, users and devices to identify issues quickly and intuitively. Be sure to check out our Security Fabric features to provide end to end topology view, security ratings based on the best practices and automation to reduce complexity. 

Access the demo

차세대 방화벽 | NGFW | FortiGate

 

NSS Labs NGFW/SSL 2018 SVM and Report

NSS Labs Next Generation Firewall (NGFW) focuses on enterprise edge and internal segments along with growing need of SSL inspection. The Security Value Map (SVM) shows that FortiGate 500E achieved high cumulative blocking rate at 99.3% and the lowest TCO at $2.00 per protected Mbps. FortiGate 500E also received high SSL inspection performance and a very minimal performance degradation based on our purpose-built security processor technology. Fortinet received fifth consecutive NSS Labs NGFW “Recommended” rating showcase the consistency and commitment to customer need.

NSS labs 2018 SVM diagram

NSS Labs NGFW 2018 Comparative Reports

NSS Labs NGFW Comparative reports provide detailed comparison of all 10 participated vendors for security, performance and total cost of ownership (TCO). With these reports, you can compare Fortinet’s outstanding results with Palo Alto Networks, Checkpoint, Cisco and many other vendors. In several areas, Fortinet showcased the best results:  

  • High SSL Inspection Performance with industry's least performance degradation
  • Fortinet delivered 100% block rate for live exploits
  • Fortinet showcased highest value among all vendors
  • NGFW performance is 30% better than claimed in data sheet
  • Fortinet delivered best ultra-low latency across different packet sizes

Security - NGFW Comparative Report

Performance - NGFW Comparative Report

TCO - NGFW Comparative Report

SVM - NGFW Comparative Report

NSS Labs DCIPS 2018 SVM and Report

NSS Labs’ Data Center Intrusion Prevention Systems (DCIPS) focuses on data center environments, especially vulnerabilities commonly found in servers. The Security Value Map (SVM) shows that FortiGate IPS achieved the highest cumulative blocking rate at 98.73% and the lowest TCO at $3 per protected Mbps. Fortinet builds world-class IPS appliances and another “Recommended” IPS rating from NSS Labs proves this.

NSS Labs DCSG 2017 SVM and Report

NSS Labs’ DCSG test is a comprehensive Data Center Security Gateway (DCSG) test, including several tests to measure relevant security effectiveness and Intrusion Prevention (IPS) performance using live exploits including “weaponized” exploits (97.9% and 98% block rate respectively for Fortinet FortiGate 7060E and FortiGate 3000D) and resistance to evasion techniques (100% block rate for Fortinet). The FortiGate 7060E and 3000D both achieved “Recommended” status, with a leading combination of Security Effectiveness and Value per protected Megabit Per Second (Mbps) in the NSS Labs Security Value Map (SVM).

NSS Labs NGFW 2017 SVM

FortiGate 3200D and 600D enterprise firewalls both offer a winning combination of security effectiveness, performance, and value, earning Fortinet its fourth consecutive NSS Labs NGFW Recommended rating. Fortinet excelled in continuous live testing, blocking 99.71% of exploits used in active attack campaigns every day and delivered the highest performance scores with 18.5 Gbps throughput and an average latency of 4.6 microseconds, regardless of packet size and including real-world traffic processing.

NSS Labs Breach Prevention Systems (BPS) Test 2017

NSS Labs introduced a new group test, BPS focused on detecting and blocking exploits, advanced malware, and evasions. This helps validate the advanced threat response cycle of prevent-detect-mitigate across a number of threat vectors including web, email, and endpoint. Fortinet's Security Fabric consisting of FortiSandbox, FortiGate, FortiMail, and FortiClient integrated together, earned a Recommended award by achieving a block rate of 99.6% and offering the lowest 3-year TCO.

NSS Labs NGFW 2016 SVM

NSS Labs’ Next Generation Firewall (NGFW) real-world testing reveals that Fortinet delivers a winning combination of security, network performance, and total cost of ownership (TCO). Fortinet was nearly perfect; scoring 99.6% in overall security effectiveness. The FortiGate 3200D was rated by NSS at 19 Gbps, 37% above its data sheet specifications, with excellent TCO where the value increased based on actual performance compared to the claimed specifications.

NSS Labs 2015 Next Generation IPS Test

In 2015, NSS Labs conducted a group test of next generation IPS solutions to assess their abilities to identify both the applications and the users on their internal networks, protect the enterprise user against threats/exploits, and catch sophisticated attacks while producing as few false positives as possible. Demonstrating 99% effectiveness and superior value, Fortinet FortiGate earned the NSS Labs Recommendation.

FortiGate: Next-Generation Firewall Alliance Partners

For a complete list of all the Alliance partners go to www.fortinet.com/fabricready.

 

Below is a list of current FortiGate Next-Generation Firewall Alliance Partners:

AlgosSec
AlgosSec

The leading provider of business-driven security management solutions, AlgoSec helps over 1,500 enterprises align security with their business processes, to make their organizations more agile, secure and compliant.

Amazon Web Services
Amazon Web Services

AWS services are trusted by more than a million active customers around the world – including the fastest growing startups, largest enterprises, and leading government agencies – to power their infrastructures, make them more agile, and lower costs.

Solution brief

Learn more on the Fortinet-AWS alliance

Arista
Arista

Arista Networks was founded to pioneer and deliver software-driven cloud networking solutions for large data center storage and computing environments.

Solution brief

Cisco
Cisco

Cisco is the worldwide leader in IT that helps companies seize the opportunities of tomorrow by proving that amazing things can happen when you connect the previously unconnected.

FireMon
FireMon

FireMon solutions deliver continuous visibility into and control over network security infrastructure, policies, and risk.

Google Cloud Platform
Google Cloud Platform

Google Cloud Platform is a secure, dedicated public cloud computing service operated by Google which provides a range of infrastructure and application services that enable deployments in the cloud. Fortinet provides critical firewalling, advanced security and scalable BYOL protection for elastic compute, container, and machine-learning workloads in Google’s innovative public cloud.

Solution brief

IBM
IBM

IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio enables organizations to effectively manage risk and defend against emerging threats.

Nozomi Networks
Nozomi Networks

Nozomi Networks is a leading provider of real-time visibility, advanced monitoring capabilities, and strong security for industrial control networks supporting critical infrastructure. Nozomi has been deployed in some of the largest industrial installations, providing some of the fastest return-on–investment in the industry.

Nuage Networks
Nuage Networks

Nuage Networks, a Nokia Corp subsidiary, brings a unique combination of groundbreaking technologies and unmatched networking expertise to the enterprise and telecommunications industries.

Solution brief

Oracle
Oracle

Oracle offers a comprehensive and fully integrated stack of cloud applications and platform services.

Solution brief

Tufin
Tufin

Tufin leads the Security Policy Orchestration market, enabling enterprises to centrally manage, visualize, and control security policies across hybrid cloud and physical network environments.

VMware
VMware

VMware is a global leader in cloud infrastructure and business mobility.