Secure Web Gateway (SWG)

Enterprise-class protection against internet-borne threats

Gartner 2018 Magic Quadrant for Enterprise Firewall
Disponible en:
  • Aparato
  • Máquina virtual
  • Nube

Secure Web Gateway (SWG) Overview

Secure Sockets Layer (SSL) adoption is on the rise, with  at least 60% of internet sites using it as of January 2018. While this provides confidentiality, it’s also a great place for cybercriminals to hide malware. Industry reports indicate that 41% of malicious traffic leverages encryption. In addition, administrators lose visibility of data leaving the enterprise and can’t enforce data loss policies.

Fortinet firewalls with Gateway Security protects enterprises against web attacks with URL filtering, visibility and control of encrypted web traffic via SSL inspection, and application of granular web application policies. Fortinet is the first and only gateway security vendor to earn Virus Bulletin’s VBWeb certification for web filtering effectiveness.

 

Secure Web Gateway (SWG) News

Security Services Bridge Gaps Caused by Fragmented Network Environments

5/29/2018: Learn how you can deploy effective security services to reap the maximum benefits from your security devices. Read the blog.

 

FortiOS 6.0

2/27/2018:   FortiOS 6.0 introduces more than 200 features designed to help enterprises embrace cloud adoption without compromising on security. Learn more.

 

Threat Landscape

2/16/2018: Find out about the latest threats trends and what they mean to your organization. Highlights this quarter include analysis on cryptojacking, micro-targeted and personalized malware and zero-day threats on black markets. Find out more

 

Secure Web Gateway (SWG) Videos

Demo of FortiGate SWG Use cases

FortiGate SWG protects against web attacks with URL filtering, visibility and control of encrypted web traffic via SSL inspection, and application of granular web application policies. This demo walks through two key use cases: How to enforce Acceptable Use Policy How to block malicious web pages using FortiGuard Web Filtering

Ver ahora
Reclaim Your Freedom to Safely Surf the Web
FortiGate Cookbook - Transparent Web Proxy (5.6)
FortiOS 6.0 and Security Fabric Q&A with Michael Xie

Secure Web Gateway (SWG) Product Details

Fortinet Secure Web Gateway defends users from internet-borne threats and helps enterprises enforce policy compliance for internet applications.   

With FortiGate SWG, you can deploy industry-leading Fortinet Next Generation Firewalls as a proxy.  FortiGate SWG consolidates NGFW and SWG services, helping enterprises manage their network security solution with ease.  It supports all proxy deployment modes, and uses multiple detection techniques such as web filtering, DNS filtering, data loss prevention, antivirus, intrusion prevention and advanced threat protection to protect employees from internet threats.  FortiGate SWG is best suited for enterprises looking to consolidate network security services and optimize the workload of security teams.

Enterprises can also adopt FortiProxy, a dedicated Secure Web Gateway solution.

 

   

Features and Benefits

integration icon

Feature-rich product that consolidates NGFW and SWG services

high performance icon

Powerful hardware that can perform SSL deep inspection

icon vulnerability

Anti-malware techniques updated with the latest threat intelligence

icon benefits management

Reduce security team’s workload by providing a single pane of glass management for both NGFW and SWG

visibility icon

Effectively remove blind spots in encrypted traffic, without compromising on performance

checkmark icon

Stay protected against the latest known and unknown internet-borne attacks 

Secure Web Gateway(SWG) Models and Specifications



SWG is available in different form factors with many different models to choose from to meet your needs ranging from hardware appliances to VM options that be deployed in your datacenter.

Hardware Appliances
Throughput
5 Gbps
Ports
2x 10 GE SFP+, 10x GE RJ45, 8x GE SFP
SSL Inspection
6.8 Gbps
Throughput
4 Gbps
Ports
2x 10 GE SFP+, 10x GE RJ45, 8x GE SFP
SSL Inspection
6.8 Gbps
Throughput
5 Gbps
Ports
2x 10 GE SFP+, 16x GE SFP, 18x GE RJ45
SSL Inspection
4 Gbps
Throughput
6 Gbps
Ports
4x 10GE SFP+/GE SFP, 16x GE SFP, 18x GE RJ45
SSL Inspection
6 Gbps
Throughput
7 Gbps
Ports
8x 10GE SFP+/GE SFP, 16x GE SFP, 18x GE RJ45
SSL Inspection
10.5 Gbps
Throughput
9 Gbps
Ports
6x 10GE SFP+, 34x GE RJ45
SSL Inspection
12.5 Gbps
Throughput
9 Gbps
Ports
10x 10GE SFP+, 2x 10GE SFP+ bypass, 34x GE RJ45
SSL Inspection
12.5 Gbps
Throughput
22 Gbps
Ports
16x 10GE SFP+/GE SFP, 2x GE RJ45
SSL Inspection
19 Gbps
Throughput
24 Gbps
Ports
48x 10GE SFP+/GE SFP, 2x GE RJ45
SSL Inspection
20 Gbps
Throughput
20 Gbps
Ports
4x 40GE QSFP+, 20x 10GE SFP+/GE SFP, 8x SFP+, 2x GE RJ45
SSL Inspection
24 Gbps
Virtual Machines
FortiGate is supported on VMware, Microsoft Hyper-V, Citrix XenServer, Open Source Xen, KVM, Amazon Web Services (AWS) and Microsoft Azure. Please see the data sheet for more details.

Throughput
2.5 Gbps
Ports
1 / 10 (Minimum/Maximum)
Throughput
4.5 Gbps
Ports
1 / 10 (Minimum/Maximum)
Throughput
9 Gbps
Ports
1 / 10 (Minimum/Maximum)
Throughput
16.5 Gbps
Ports
1 / 10 (Minimum/Maximum)

Actual performance may vary depending on the network and system configuration. Performance metrics were observed using a DELL R740 (CPU Intel Xeon Platinum 8168 2.7 GHz, Intel X710 network adapters), running FOS v5.6.3. Tested with VMware vSphere 6.5 Enterprise Plus. SR-IOV is enabled. 1. IPS performance is measured using 1 Mbyte HTTP and Enterprise Traffic Mix. 2. Application Control performance is measured with 64 Kbytes HTTP traffic. 3. NGFW performance is measured with IPS and Application Control enabled, based on Enterprise Traffic Mix. 4. Threat Protection performance is measured with IPS and Application Control and Malware protection enabled, based on Enterprise Traffic Mix.

Public Cloud
Amazon Web Services (AWS) and Microsoft Azure supported for both BYOL (bring your own license) and On-demand (pay-as-you go). Please see the AWS and Azure Marketplace listings for more information:
Hardware Appliances
Modelo
FortiProxy 400E
License Capacity
500-2,500 Users
Ports
4x GE RJ45
Modelo
FortiProxy 2000E
License Capacity
2,500-25,000 Users
Ports
2x 10 GE SFP+, 2x GE SFP ports, 2x GE RJ45 ports
Modelo
FortiProxy 4000E
License Capacity
15,000-50,000 Users
Ports
4x 10 GE SFP+, 2x GE SFP ports, 4x GE RJ45 ports
Virtual Machines
Modelo
FortiProxy VM
License Capacity
25-25,000 Users
Ports
1 / 10 (Minimum/Maximum)

FortiGuard Security Services for Secure Web Gateway (SWG)

FortiGate SWG employs multiple FortiGuard services to protect users against the latest web threats and to enforce compliance.  One of the key services is FortiGuard Web Filtering, which is the only web filtering service in the industry that is VBWeb certified for security effectiveness by Virus Bulletin.

FG Web Filtering

Web Filtering

Protects your organization by blocking access to malicious, hacked, or inappropriate websites.

Icon cloudsandbox

FortiSandbox Cloud

FortiSandbox Cloud Service is an advanced threat detection solution that performs dynamic analysis to identify previously unknown malware. Actionable intelligence generated by FortiCloud Sandbox is fed back into preventive controls within your network—disarming the threat.

FG Antivirus

Antivirus

FortiGuard Antivirus protects against the latest viruses, spyware, and other content-level threats. It uses industry-leading advanced detection engines to prevent both new and evolving threats from gaining a foothold inside your network and accessing its invaluable content.

FG Application Control

Application Control

Improve security and meet compliance with easy enforcement of your acceptable use policy through unmatched, real-time visibility into the applications your users are running. With FortiGuard Application Control, you can quickly create policies to allow, deny, or restrict access to applications or entire categories of applications.

FG Intrusion Prevention

Intrusion Prevention

FortiGuard IPS protects against the latest network intrusions by detecting and blocking threats before they reach network devices.

Secure Web Gateway (SWG) Demo

product demo secure web gateway

FortiGate Secure Web Gateway Demo

With the increase in SSL web traffic, zero-day malware and growing number of social websites, enterprises are turning to secure web gateway to protect employees from internet-borne attacks. 

This demo lets you explore the key Secure Web Gateway features such as SSL Inspection, DNS and Web Filtering, Web Application Control, Authenticated Web Access and Detailed Reporting. 

Access the demo

Secure Web Gateway (SWG) FAQs

We recently migrated to Office 365 and our proxy can’t handle the traffic.  Can FortiGate SWG be used?

Yes, this is one of our common deployments.  FortiGate SWG has powerful hardware, and custom-built ASICs to provide high performance.  It can also enforce Office365 tenant restrictions and inspect SSL traffic .

Can FortiGate SWG be deployed in explicit proxy mode?

FortiGate SWG can be deployed in all proxy modes. It includes explicit proxy and transparent proxy for large enterprises, and inline proxy mode for smaller enterprises.    

How is FortiGate SWG licensed?

Unlike other SWG vendors, FortiGate SWG is not licensed per user.  You pay for the hardware and security services such as web filtering, antivirus, IPS, sandboxing, CASB and application control.   This significantly reduces the total cost of ownership.

What are the use cases supported by FortiGate SWG?

FortiGate SWG supports all common authentication methods such as RADIUS, Active Directory, LDAP and SAML.

What techniques does FortiGate SWG use for malware prevention?

FortiGate SWG always receives the latest security protection from FortiGuard Threat Intelligence Service, that collects threat data from more than 200,000 live deployments.   Numerous techniques are used for malware prevention such as AV, website reputation analysis, sandboxing and DLP.

Does FortiGate SWG work with other Fortinet products?

FortiGate SWG is part of the Fortinet Security Fabric; integrating with FortiClient for endpoint protection, FortiCASB for cloud applications protection, FortiSandbox for advanced protection, and FortiManager and FortiAnalyzer for management.