FortiGate IPS Overview
Whether part of a firewall solution or a separate standalone appliance, Intrusion Prevention Systems (IPS) technology is becoming an increasingly ubiquitous part of network security defenses. Fortinet, well known for its next-generation firewall (NGFW) solution, has built IPS technology for more than ten years. Fortinet customers expect and depend on high performance from FortiGate firewalls and FortiGate IPS benefits from this legacy, delivering pound-for-pound, the best IPS performance available in the market today. FortiGate IPS, following a different evolution path than traditional IPS, innovates in ways that other standalone IPS products do not.
FortiGate IPS News
May 25, 2018
-
2020年8月12日FortiGuard Labs Reports Cyber Adversaries Are Exploiting the Global Pandemic at Enormous Scale
-
2020年8月6日Fortinet Reports Second Quarter 2020 Financial Results
-
2020年8月6日Fortinet Introduces the World’s First Hyperscale FirewallFortiGate 4400F is the Only Firewall Capable of Securing Hyperscale Data Centers and 5G Networks, Delivering the Industry’s Highest Performance with Security Compute Ratings of up to 13x
FortiGate IPS Webinar and Videos
The true dilemma for most organizations facing today's sophisticated threats is which approach to IPS will meet their unique network needs.
The true dilemma for most organizations facing today's sophisticated threats is which approach to IPS will meet their unique network needs.
Watch the recorded webinar
FortiGate IPS Product Details
Zero-day, advanced targeted attacks, ransomware, polymorphic malware and distributed denial-of-service attacks all require sophisticated detection engines not available in traditional standalone IPS or in most firewalls. FortiGate IPS includes multiple inspection engines, threat intelligence feeds and advanced threat protection options to defend against these unknown threats. Packaged in powerful FortiGate platforms (hardware, virtual, cloud) with advanced analytics and workflows through FortiAnalyzer, FortiGate IPS is a cost-effective network security solution to feed incident response needs in your SOC.
Features and Benefits
World-class Protection
Deep inspection for advanced threats, botnets, zero days and targeted attacks on the network
Industry certification
Independent third-party validation to demonstrate superior detection and best price performance
High performance
Innovative security processor (SPU) technology for high-performance network throughput and deep security inspection
Advanced threat protection
Seamless integration – appliance or cloud service – with world-class sandboxing for advanced threats
Security Fabric integration
Integration and automation with Fortinet’s broad product portfolio and partner ecosystem
Data leak protection
File protection controls to prevent sensitive data exfiltration
FortiGate IPS Models and Specifications
FortiGate IPS is available in different form factors and models to meet the needs of your environment. All models offer full FortiGate IPS functionality and can be managed across all form factors in a single FortiManager-FortiAnalyzer instance.
IPS Throughput |
120 Gbps |
港口 |
Varied |
IPS Throughput |
60 Gbps |
港口 |
Varied |
IPS Throughput |
60 Gbps |
港口 |
Varied |
IPS Throughput |
18 Gbps |
港口 |
2x 40GE QSFP+, 2x 10GE SFP+, 2x GE RJ45 |
IPS Throughput |
170 Gbps |
港口 |
4x 100GE QSFP28, 24x 25GE SFP28, 3x 10GE SFP+,2x GE RJ45 |
IPS Throughput |
110 Gbps |
港口 |
4x 100GE QSFP28, 24x 25GE SFP28, 3x 10GE SFP+,2x GE RJ45 |
IPS Throughput |
32 Gbps |
港口 |
10x 100GE QSFP28,16x 10GE SFP+, 2x GE RJ45 |
IPS Throughput |
30 Gbps |
港口 |
6x 100GE QSFP28, 16x 10GE SFP+, 2x GE RJ45 |
IPS Throughput |
30 Gbps |
港口 |
4x 100GE CFP2, 4x 40GE QSFP+ 8x 10GE SFP+, 2x GE RJ45 |
IPS Throughput |
28 Gbps |
港口 |
4x 40GE QSFP+, 20x 10GE SFP+/GE SFP, 8x SFP+, 2x GE RJ45 |
IPS Throughput |
26 Gbps |
港口 |
48x 10GE SFP+/GE SFP, 2x GE RJ45 |
IPS Throughput |
22 Gbps |
港口 |
32x 10GE SFP+/GE SFP, 2x GE RJ45 |
IPS Throughput |
23 Gbps |
港口 |
16x 10GE SFP+/GE SFP, 2x GE RJ45 |
IPS Throughput |
11.5 Gbps |
港口 |
10x 10GE SFP+, 2x 10GE SFP+ bypass, 34x GE RJ45 |
IPS Throughput |
11.5 Gbps |
港口 |
6x 10GE SFP+, 34x GE RJ45 |
IPS Throughput |
13 Gbps |
港口 |
8x 10GE SFP+/GE SFP, 16x GE SFP, 18x GE RJ45 |
IPS Throughput |
6.8 Gbps |
港口 |
4x 10GE SFP+/GE SFP, 16x GE SFP, 18x GE RJ45 |
IPS Throughput |
6 Gbps |
港口 |
2x 10 GE SFP+, 16x GE SFP, 18x GE RJ45 |
IPS Throughput |
4.2 Gbps |
港口 |
2x 10 GE SFP+, 8x GE SFP, 4x GE RJ45 Bypass, 22x GE RJ45 |
IPS Throughput |
5.2 Gbps |
港口 |
2x 10 GE SFP+, 10x GE RJ45, 8x GE SFP |
IPS Throughput |
5 Gbps |
港口 |
18x GE RJ45, 16x GE SFP |
IPS Throughput |
2.2 Gbps |
港口 |
18x GE RJ45, 4x GE SFP |
IPS Throughput |
500 Mbps |
港口 |
20x GE RJ45, 2x Shared Port Pairs |
Devices/VDOMs (maximum) |
150 |
GB/Day of Logs |
100 |
Collector Sustained Rate (logs/sec) |
4500 |
Devices/VDOMs (maximum) |
200 |
GB/Day of Logs |
200 |
Collector Sustained Rate (logs/sec) |
9000 |
Devices/VDOMs (maximum) |
2000 |
GB/Day of Logs |
600 |
Collector Sustained Rate (logs/sec) |
27000 |
Devices/VDOMs (maximum) |
2000 |
GB/Day of Logs |
1000 |
Collector Sustained Rate (logs/sec) |
45000 |
Devices/VDOMs (maximum) |
4000 |
GB/Day of Logs |
3000 |
Collector Sustained Rate (logs/sec) |
60000 |
Devices/VDOMs (maximum) |
10000 |
GB/Day of Logs |
5000 |
Collector Sustained Rate (logs/sec) |
90000 |
Devices/VDOMs (maximum) |
10000 |
GB/Day of Logs |
8300 |
Collector Sustained Rate (logs/sec) |
150000 |
Devices/VDOMs (maximum) |
30 |
GB/Day of Logs |
2 |
Storage Capacity |
8 TB |
Devices/VDOMs (maximum) |
100 |
GB/Day of Logs |
2 |
Storage Capacity |
12 TB |
Devices/VDOMs (maximum) |
300 |
GB/Day of Logs |
2 |
Storage Capacity |
24 TB |
Devices/VDOMs (maximum) |
1200 |
GB/Day of Logs |
2 |
Storage Capacity |
36 TB |
Devices/VDOMs (maximum) |
4000 |
GB/Day of Logs |
10 |
Storage Capacity |
48 TB |
IPS Throughput |
1 Gbps |
港口 |
Up to 10 |
IPS Throughput |
1.5 Gbps |
港口 |
Up to 10 |
IPS Throughput |
3 Gbps |
港口 |
Up to 10 |
IPS Throughput |
6 Gbps |
港口 |
Up to 10 |
IPS Throughput |
12 Gbps |
港口 |
Up to 10 |
IPS Throughput |
19 Gbps |
港口 |
Up to 10 |
Devices/VDOMs (maximum) |
10000 |
GB/Day of Logs |
1 |
Storage Capacity |
500 GB |
Devices/VDOMs (maximum) |
10000 |
GB/Day of Logs |
+1 |
Storage Capacity |
+500 GB |
Devices/VDOMs (maximum) |
10000 |
GB/Day of Logs |
+5 |
Storage Capacity |
+3 TB |
Devices/VDOMs (maximum) |
10000 |
GB/Day of Logs |
+25 |
Storage Capacity |
+10 TB |
Devices/VDOMs (maximum) |
10000 |
GB/Day of Logs |
+100 |
Storage Capacity |
+24 TB |
Devices/VDOMs (maximum) |
10000 |
GB/Day of Logs |
+500 |
Storage Capacity |
+48 TB |
Devices/VDOMs (maximum) |
10000 |
GB/Day of Logs |
+2000 |
Storage Capacity |
+100 TB |
Devices/VDOMs (maximum) |
10 |
GB/Day of Logs |
1 |
Storage Capacity |
100 GB |
Devices/VDOMs (maximum) |
+10 |
GB/Day of Logs |
2 |
Storage Capacity |
200 GB |
Devices/VDOMs (maximum) |
+100 |
GB/Day of Logs |
5 |
Storage Capacity |
1 TB |
Devices/VDOMs (maximum) |
+1000 |
GB/Day of Logs |
10 |
Storage Capacity |
4 TB |
Devices/VDOMs (maximum) |
+ 5000 |
GB/Day of Logs |
25 |
Storage Capacity |
8 TB |
Devices/VDOMs (maximum) |
+ 10000 |
GB/Day of Logs |
50 |
Storage Capacity |
16 TB |
FortiGate IPS, FortiAnalyzer and FortiManager virtual machines are all available on Amazon Web Services and Microsoft Azure. In addition, FortiGate IPS is also available on Oracle Cloud, IBM Cloud and Google Cloud Platform.
Amazon Web Service
- FortiGate IPS (free trial)
- FortiGate IPS (BYOL)
- FortiAnalyzer (free trial)
- FortiAnalyzer (BYOL)
- FortiManager (BYOL)
Microsoft Azure
Oracle Cloud
IBM Cloud
Google Cloud Platform
FortiGuard Service for FortiGate IPS
FortiGate IPS is the primary user of the FortiGuard Intrusion Prevention service, but your detection, control and security posture are greatly improved with any combination of the following FortiGuard services, many of which are included in the FortiGuard bundles.
View FortiGuard Labs Services and Bundles.
垃圾郵件防護
FortiGuard 反垃圾郵件可提供一種全面且多層次的方法,對組織處理的垃圾郵件進行偵測和篩選。雙通道偵測技術可以顯著地減少周邊垃圾郵件數量,給您一個無與倫比的郵件攻擊與感染控制體驗。
應用程式控制
可對您的客戶正在執行的應用程式獲得無可比擬的即時可視性,並輕鬆實施您可接受的使用原則,進而提高安全性並滿足合規要求。透過 FortiGuard 應用程式控制,您可以快速建立原則來允許、拒絕或限制對應用程式或整個類別的應用程式的存取。
Content Disarm & Reconstruction
Content Disarm & Reconstruction (CDR) strips all active content from files in real-time, creating a flat sanitized file. All active content is treated as suspect and removed. CDR processes all incoming files, deconstructs them, and removes all elements that do not match firewall policies.
FortiSandbox 雲端
FortiSandbox 雲端服務是一個進階威脅偵測解決方案,可執行動態分析以識別先前未知的惡意軟體。FortiSandbox 雲端產生的可執行情報會反饋到網路中的預防控制機制,進而消除威脅。
Indicators of Compromise
The FortiGuard Indicator of Compromise (IOC) service packages recently observed artifacts of host intrusions or compromise, delivering them daily to retroactively identify any host intrusions and proactively protect against the latest targeted attacks.
工業控制系統
FortiGuard 工業安全服務會持續更新特徵碼,以識別和監控大多數常見的 ICS/SCADA (監控和資料擷取)協定,以實現精細化可見度和控制。另外還對主要 ICS 製造商的應用程式和裝置提供漏洞保護。
IP 聲譽評等 & 預防殭屍網路安全服務
FortiGuard IP 聲譽評等服務從 Fortinet 分佈式威脅感測器網路、CERT、MITRE、進行合作的競爭對手以及其他全球資源彙集惡意來源 IP 資料,這些資源共同協作,合力提供關於敵對來源的最新威脅情報。憑藉來自分佈式網路閘道近乎即時的情報,再結合 FortiGuard Labs 的世界級研究,組織可得到更安全的保護並對攻擊實施主動攔截。
安全評級
安全稽核更新服務旨在引導客戶設計、實現並持續維護適合其組織的目標 Security Fabric 的安全狀態。Security Fabric 從根本上是構建於最佳安全實踐之上,透過執行這些稽核檢查,安全團隊將能夠識別 Security Fabric 設定中的關鍵漏洞和組態弱點,並實施最佳實踐建議。
Virus Outbreak Protection Service
FortiGuard Virus Outbreak Protection Service (VOS) closes the gap between antivirus updates with FortiCloud Sandbox analysis to detect and stop malware threats discovered between signature updates before they can spread throughout an organization. OS initiates a real-time look-up to our Global Threat Intelligence database.
FortiGuard Service Bundles for FortiGate
Enterprise Protection Bundle
Protection to address today's advanced threat landscape. It delivers all FortiGuard security services available for the FortiGate including: NGFW Application Control and IPS, Web Filtering, FortiCloud Sandbox, Antivirus, Mobile Security, IP Reputation & Antibotnet, Antispam, and core FortiCare security services with a choice of 8x5 or 24x7 support.
UTM Protection Bundle
Traditional UTM security services including NGFW Application Control and IPS, Web Filtering, Antivirus, Antispam, and core FortiCare security services with a choice of 8x5 or 24x7 support.
Threat Protection Bundle
Core protection technologies including: Application Control, IPS, AV, Botnet IP/Domain and Mobile Malware Service. FortiCare security services include 24x7 support.
You can find more information here.
Data sheets
Solution Guides
Webinars and Videos
FortiGate IPS Demo
Try out FortiGate IPS for yourself and see all of the detection capabilities and incident monitoring possible in this world-class IPS solution.
FortiGate IPS Certification
NSS Labs Next Generation Intrusion Prevention Systems (NGIPS) 2019
NSS Labs’ Next Generation Intrusion Prevention Systems (NGIPS) focuses on security effectiveness and TCO for NGIPS solutions across selected vendors tested. The Security Value Map (SVM) shows that FortiGate NGIPS achieved a cumulative blocking rate of 99.18% for FortiGate 100F and the lowest TCO at $2 per protected Mbps. Fortinet builds world-class NGIPS appliances that requires highest possible performance, best of breed security and having another “Recommended” IPS rating from NSS Labs is just another proof point.
NSS Labs NGIPS 2018 SVM and Report
NSS Labs’ NGIPS test is the most extensive IPS test, including several tests not conducted for DCIPS, such as live drive-by-exploits (100% block rate for Fortinet), exploits against web target types, application ID and evasions (also 100% block rate for Fortinet). The FortiGate 500E and FortiGate 3000D are world-class IPS appliance, achieving “Recommended” status again with an overall Exploit block rate of 99.5% for FortiGate 500E and 99.6% for FortiGate 3000D.
- NSS Labs 2018 NGIPS SVM
- NSS Labs 2018 NGIPS Test Report FortiGate 500E
- NSS Labs 2018 NGIPS Test Report FortiGate 3000D
NSS Labs DCIPS 2018 SVM and Report
NSS Labs’ Data Center Intrusion Prevention Systems (DCIPS) focuses on data center environments, especially vulnerabilities commonly found in servers. The Security Value Map (SVM) shows that FortiGate IPS achieved the highest cumulative blocking rate at 98.73% and the lowest TCO at $3 per protected Mbps. Fortinet builds world-class IPS appliances and another “Recommended” IPS rating from NSS Labs proves this.
NSS Labs DCSG 2017 SVM and Report
NSS Labs’ DCSG test is a comprehensive Data Center Security Gateway (DCSG) test, including several tests to measure relevant security effectiveness and Intrusion Prevention (IPS) performance using live exploits including “weaponized” exploits (97.9% and 98% block rate respectively for Fortinet FortiGate 7060E and FortiGate 3000D) and resistance to evasion techniques (100% block rate for Fortinet). The FortiGate 7060E and 3000D both achieved “Recommended” status, with a leading combination of Security Effectiveness and Value per protected Megabit Per Second (Mbps) in the NSS Labs Security Value Map (SVM).
- NSS Labs 2017 DCSG SVM
- NSS Labs 2017 DCSG Test Report FortiGate 3000D
- NSS Labs 2017 DCSG Test Report FortiGate 7060E
NSS Labs Breach Prevention Systems (BPS) Test 2017
NSS Labs introduced a new group test, BPS focused on detecting and blocking exploits, advanced malware, and evasions. This helps validate the advanced threat response cycle of prevent-detect-mitigate across a number of threat vectors including web, email, and endpoint. Fortinet's Security Fabric consisting of FortiSandbox, FortiGate, FortiMail, and FortiClient integrated together, earned a Recommended award by achieving a block rate of 99.6% and offering the lowest 3-year TCO
NSS Labs DCIPS 2016 SVM
NSS Labs’ Data Center Intrusion Prevention System (DCIPS) report is the industry’s most comprehensive test to date with their Security Value Map revealing that Fortinet’s FortiGate 3000D earned the highest ratings for Security Effectiveness, blocking 99.9 percent of exploits, and TCO (Total Cost of Ownership) per protected Mbps (Megabit per second).
NSS Labs 2015 Next Generation IPS Test
In 2015, NSS Labs conducted a group test of next generation IPS solutions to assess their abilities to identify both the applications and the users on their internal networks, protect the enterprise user against threats/exploits, and catch sophisticated attacks while producing as few false positives as possible. Demonstrating 99% effectiveness and superior value, Fortinet FortiGate earned the NSS Labs Recommendation.
ICSA Labs Certified: Antivirus, Corporate Firewall, IPsec, NIPS, SSL-TLS, and Web Application Firewall
FortiGate and FortiWeb products are evaluated against ICSA criteria in 6 popular Certification programs. ICSA Labs manages and sponsors security consortia that provides a forum for intelligence sharing among the leading vendors of security products. In addition, ICSA Labs publishes surveys, security industry studies, and buyer's guides for computer security products.
FortiGate IPS Alliance Partners
FortiGate IPS provides integration with many leading IT vendors as part of the Fortinet Security Fabric. Below is a list of current Product Alliance Partners:
The leading provider of business-driven security management solutions, AlgoSec helps over 1,500 enterprises align security with their business processes, to make their organizations more agile, secure and compliant.
Attivo Networks is an award-winning innovator in cyber security defense. As the leader in deception-based threat detection technology, Attivo empowers continuous threat management using dynamic deceptions for the real-time detection, analysis, and accelerated response to cyber incidents.
Centrify is the leader in securing enterprise identities against cyberthreats that target today’s hybrid IT environment of cloud, mobile, and on-premises.
FireMon solutions deliver continuous visibility into and control over network security infrastructure, policies, and risk.
IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio enables organizations to effectively manage risk and defend against emerging threats.
Nozomi Networks is a leading provider of real-time visibility, advanced monitoring capabilities, and strong security for industrial control networks supporting critical infrastructure. Nozomi has been deployed in some of the largest industrial installations, providing some of the fastest return-on–investment in the industry.
- Solution brief
- Fortinet FortiGate and Nozomi Networks Guardian Deployment Guide
- Fortinet FortiSIEM and Nozomi Networks CMDB Deployment Guide
- ICS Security Overview & Integration Video
- Fortinet-Nozomi integration demo
ServiceNow makes work better. Our applications automate, predict, digitize and optimize business processes across IT, Customer Service, Security Operations, HR and more, for a better enterprise experience.
Splunk Inc. is the market-leading platform that powers Operational Intelligence.
Tufin leads the Security Policy Orchestration market, enabling enterprises to centrally manage, visualize, and control security policies across hybrid cloud and physical network environments.
UBiqube is a vendor-agnostic provider of end-to-end network and security orchestration solutions. UBiqube’s MSActivator™ is a multi-tenant software framework enabling the design, automation, and management of services over hybrid communication infrastructures (SDN/NFV/IoT).
FortiGate IPS FAQs
Does Fortinet really build IPS technology?
Although better known for firewalls, Fortinet has built IPS products for more than 10 years, participating in NSS Labs IPS testing for the past few years and receiving “recommended” ratings with detection and blocking scores better than many of the traditional IPS vendors. Chose the IPS form factor that suits you best – either standalone IPS or IPS integrated into the firewall.
How is FortiGate IPS different from IPS offered by other firewall vendors?
IPS products that are bolted on to firewall platforms are usually an afterthought and tend to be a massive performance burden. It is not uncommon to see more than 80% performance degradation when turning IPS inspection on in many firewalls. FortiGate IPS and FortiGate firewalls were part of the inspection path from the beginning, designed with parallel path processing in all form factors and having the benefits of Security Processing Units (SPU) in hardware form. This is why FortiGate IPS was capable of 131 Gbps throughput as verified by NSS Labs on the FortiGate IPS 7060E. Value and IPS performance are not an issue for FortiGate IPS.
How are IPS and Firewalls different?
Fundamentally, a firewalls is tasked with access control, based on a set of access rules. IPS is tasked with content inspection. While both try to keep bad traffic out of your network, they go about it in different ways. Firewalls can usually determine whether a network flow should be allowed into the network by discerning the application type and user information. This often requires only inspecting the first few packets in a flow or even just the packet headers. This is a good thing, making firewall inspection very efficient. In contrast, IPS needs to inspect the entire flow, in order to determine if the payload or intent of the flow is malicious. That can mean inspecting every packet or even inspection across multiple flows to fully examine payload. This is a lot more work and while firewall and IPS functions can absolutely reside on the same appliance, do not let your IPS capability be strangled by a platform that is only optimized to look for application type or user.
Can Firewalls and IPS be managed together?
Absolutely yes. FortiGate IPS and FortiGate firewalls (and several other Fortinet technologies) are managed by the same central management system – FortiManager and FortiAnalyzer – often sharing the same settings and configurations. In fact, this central management system extends across environments seamlessly with a single-pane-of-glass, from hardware to virtual machines to public cloud instances.