Secure NSX Environment with FortiGate VMX
FortiGate Virtual Firewall simplifies policy provisioning and provides deep visibility as well as automated enforcement in VMware NSX based Private Cloud environments.
立即觀看Private Cloud Security
Advanced Security for Private Cloud, SDN, and Virtualization Platforms
Key Use Cases and Strategies for Private Cloud
適用於:
Private Cloud Overview
Virtualization and software-defined network (SDN) security are rapidly transforming data centers into agile, innovative, software-defined, and cost-effective private clouds. Yet, security is often an afterthought when it comes to private cloud deployments. Traditional security cannot keep up with these new environments, creating security gaps or manual security processes that negate the benefits of virtualization and SDN firewalls. Private cloud requires a software-defined approach to security due to the lack of visibility posed by east-west traffic and virtualized services. Private cloud and software-defined data center (SDDC) assets need advanced protection from evolving threats, both known and unknown.
Secure the virtualized data center and private cloud
Fortinet’s software-defined security solution is certified by leading SDN, virtualization and network function virtualization (NFV) platforms and can be applied to any data center transformed into a cloud environment. Integration with leading hypervisor and private cloud solutions from VMware, Nutanix, Cisco, OpenStack, Microsoft and more, allows automated insertion and orchestration of private cloud security throughout software defined data centers as well as rich API extensibility. Fortinet Fabric Connectors provide open, API-based integration and orchestration with multiple SDN and private cloud platforms, enabling security automation and simplified management.
Fortinet’s Private Cloud Security strategy is defined by three key pillars - Native integration of security capabilities to each private cloud platform by abstracting the cloud specific intricacies; Broad protection of applications across all private cloud platforms by offering the broad set of security products and Single pane of glass management via unified management of policy, events and analytics across physical, virtual and cloud infrastructure to eliminate security and compliance gaps.
The FortiGate-VM Series is a virtual appliance version of our market-leading, high-performance FortiGate next-generation firewall (NGFW) that delivers advanced protection for north-south and east-west traffic in virtualized data centers and private cloud.
As an innovator and leader in data center security, Fortinet offers the largest range of virtual appliances that provide in-depth visibility and control of virtual network traffic with scalability, performance, and value. Virtual appliances also deliver elasticity, automation, and orchestration for comprehensive private cloud security, SDN security, and VM security.
Telco Cloud/Mobile Security/NFV
For virtualized service provider infrastructures, Fortinet offers a broad range of next generation virtual firewalls virtualized network functions (VNFs). Powered by Fortinet’s Virtual SPU Technology, FortiGate VNFs deliver significant increases in application and carrier security performance through innovative security processing optimizations and the latest packet processing acceleration technologies. The FortiGate NGFW VNFs provide comprehensive network security capabilities; these VNFs have a small footprint, boot within seconds, and require less storage, thereby enabling service providers to protect their virtual networks and cloud platforms cost effectively. For more info, click here.
Private Cloud Security News
-
Feb 26, 2020NSE 7 Private Cloud Security 6.0The NSE 7 Private Cloud Security 6.0 training has recently been updated.
-
Aug 26, 2019Fortinet Extends Support for VMware NSX-T to Further Advance Security in Software Defined Data Centers and the CloudFortiGate-VM, powered by the Fortinet Security Fabric, is extending its native integration with VMware’s NSX-T Data Center to provide advanced security for East-West traffic
-
Aug 26, 2019Fortinet Fully Supports VMware NSX-T to Advance Security for Software-Defined Data Centers and the CloudLearn more about how Fortinet now provides full interoperability and integration between FortiGate-VM and VMware NSX-T Data Center through its expanded support of East-West traffic.
Private Cloud Videos
|
Private Cloud Security Use Cases:
Security in the cloud enables the confidence to safely deploy applications in the software-defined data center and private cloud, improving overall organizational agility and ability to respond to market demand. By leveraging Fortinet Security Fabric solutions to deploy use case driven security capabilities, organizations benefit from market-leading security with streamlined management functionality. Following is a set of common deployment scenarios of Fortinet’s Security Fabric in the private cloud.
▼
North-South Advanced L7 Security Protection
Organizations expanding their networks to accommodate the rapid deployment of data center-based services may often discover a strain on the security architecture’s ability to handle a subsequently growing security threat landscape. Implementing a virtual next-generation firewall with FortiGate-VM in the virtualized data center or private cloud provides extensive visibility and control of the infrastructure. FortiGate-VM automatically provisions and scales security, and has broad support for leading hypervisors, software-defined networks (SDNs) and cloud platforms. It provides advanced Layer 7 protection for north-south traffic in virtualized data centers.
Download the eBook to learn more about the use cases
Intent-Based Segmentation: East-West Advanced L7 Security Protection
Microsegmentation is a method of creating secure zones in data centers and cloud deployments that allows companies to isolate workloads from one another and secure them individually. Virtualization and SDN increase east-west traffic in software-defined data centers (SDDC), and poor visibility into traffic between VMs increases risk from security breaches. FortiGate-VM provides microsegmentation and control of east-west traffic in the SDDC, for workload isolation and application-aware security policy. It allows granular policy segmentation and isolation across clustered resources to provide visibility across the entire SDDC infrastructure.
Download the eBook to learn more about the use cases
Form Factor Consolidation
Enterprises can scale out or scale up with Fortinet FortiGate-VM virtual appliance offerings-virtualized versions of physical network security elements that deliver the same capabilities as a physical appliance in a virtual form factor. FortiGate virtual firewalls deliver advanced security capabilities in a virtual form factor and are ideally suited to secure virtualized resources in the data center or private cloud. Fortinet Security Fabric elements are all available packages as virtual appliances on a broad range of hypervisors.
The FortiGate-VMs run the same FortiOS operating system and FortiGuard threat intelligence as hardware models. Multiple VM sizes are available for maximizing throughput and performance.
Download the eBook to learn more about the use cases
Security Virtual Network Function (VNF)
Service providers need to deliver security services as virtual network functions both on-premises and in cloud. VNF handles specific network functions that run on one or more VMs on top of the hardware-networking infrastructure. Individual VNFs can be connected or combined together as building blocks to offer a full-scale networking communication service. Fortinet’s security VNF is deployed as an uCPE on-premises edge, or vCPE hosted in data center/cloud. FortiGate-VM is a small footprint security VNF with consolidated networking and security. It provides full application layer security with next-generation firewall, Intrusion prevention, AV, web filtering, and embedded Secure SD-WAN. VNF orchestration and service chaining is done via partner orchestrators such as Amdocs, Nuage, OpenStack, and others.
Security Virtual Network Function (VNF)Download the eBook to learn more about the use cases
Security for the Mobile Core/Telco Cloud
Mobile carriers need to deliver security services as virtual network functions for LTE and 5G mobile infrastructures. Fortinet VNFs provide a rich set of security functions for the virtual mobile infrastructure, particularly: 4G to 5G, edge cloud, cloud RAN, and telecommunications cloud. FortiOS helps secure critical control plane traffic throughout the telecommunications core. Fortinet VNFs for MEC include edge security and control, user-plane inspection, service chaining, and secure gateways. VNFs support all modern acceleration technologies such as DPDK, SR-IOV, and AES-NI.
Download the eBook to learn more about the use cases
Compliance and Regulatory Requirements
Achieving regulatory compliance with regulation mandates such as PCI DSS, HIPPA, SOX, and GDPR can be a complex and time-consuming burden. Security or governance issues force organizations into using a private cloud. Certain countries require that application data pertaining to people in a particular locale remain within the country. For a broader view of compliance across cloud platforms, FortiSIEM can create compliance reports at the push of a button. FortiAnalyzer provides a closed-loop compliance-gap mitigation and collects fabric logs, while FortiManager enables customers to audit, review, approve, and implement changes from a central place. The benefits are automated compliance auditing and reporting on-premises, in the data center, and in the cloud.
Download the eBook to learn more about the use cases
Fortinet Security Fabric for the Cloud
Fortinet Security Fabric is an architectural approach that unifies the security technologies deployed across the digital network, including multi-cloud, endpoints, email and web applications, and network access points, into a single security system integrated through a combination of open standards and a common operating system.
▼
FortiGate Virtual Next-generation Firewall Models and Specifications
FortiGate-VM next-generation firewall can be deployed as a virtual appliance in private and public cloud environments, either as a BYOL instance or provisioned on-demand via public cloud marketplaces.
Download the brief - Performance as a key attribute of Virtual Firewalls.
吞吐量 |
12 Gbps |
| vCPU | 1x vCPU core, (up to) 2 GB RAM |
吞吐量 |
12 Gbps |
| vCPU | 1x vCPU core, (up to) 2 GB RAM |
吞吐量 |
15 Gbps |
| vCPU | 2x vCPU cores, (up to) 4 GB RAM |
吞吐量 |
28 Gbps |
| vCPU | 4x vCPU cores, (up to) 6 GB RAM |
吞吐量 |
33 Gbps |
| vCPU | 8x vCPU cores, (up to) 12 GB RAM |
吞吐量 |
36 Gbps |
| vCPU | 16x vCPU cores, (up to) 24 GB RAM |
吞吐量 |
50 Gbps |
| vCPU | 32x vCPU cores, (up to) 48 GB RAM |
| vCPU | Unlimited vCPU cores and RAM |
“V” Series VMs do not include VDOM licenses by default. VDOM licenses can be added separately.
Actual performance may vary depending on the network and system configuration. Performance metrics were observed using a DELL R740 (CPU Intel Xeon Platinum 8168 2.7 GHz, Intel X710 network adapters), running FOS v5.6.3. Tested with VMware vSphere 6.5 Enterprise Plus. SR-IOV is enabled.
FortiGate-VMX for VMware NSX delivers automated deployment of advanced security and micro-segmentation in virtualized environments. FortiGate-VMX secures workloads in dynamic NSX software-defined data centers to enable protection and close compliance gaps.
vCPU Support |
1/Unlimited |
Memory Support (minimum/maximum) |
1 GB/Unlimited |
Virtual Domains (Default/Maximum) |
10/250 |
FW throughput with App Control(1) |
3.1 Gbps |
Threat protection throughput (2) |
1.4 Gbps |
New sessions per second |
30,000 |
FW throughput with App Control (1) |
5.3 Gbps |
Threat protection throughput (2) |
2.3 Gbps |
New sessions per second |
30,000 |
Note: All performance values are “up to” and vary depending on system configuration. Specification is measured on a Dell PowerEdge R630 server, 14 cores Intel(R) Xeon(R) CPU E5-2630v4 @ 2.60 GHz with VMware ESXi 6.0.0. (1). Application Control performance is measured with 64 Kbytes HTTP traffic. (2). Threat Protection performance is measured with IPS and Application Control and Malware protection enabled, based on Enterprise Traffic Mix.
Please see the product page for more information on these and many more Product features.
Virtual Machines
FortiManager virtual machines are all supported on VMware vSphere, Citrix Xen Server, Xen, KVM, and Microsoft Hyper-V.
Devices/VDOMs (maximum) |
10 |
GB/Day of Logs |
1 |
Storage Capacity |
100 GB |
Devices/VDOMs (maximum) |
+10 |
GB/Day of Logs |
2 |
Storage Capacity |
200 GB |
Devices/VDOMs (maximum) |
+100 |
GB/Day of Logs |
5 |
Storage Capacity |
1 TB |
Devices/VDOMs (maximum) |
+1,000 |
GB/Day of Logs |
10 |
Storage Capacity |
4 TB |
Devices/VDOMs (maximum) |
+5,000 |
GB/Day of Logs |
25 |
Storage Capacity |
8 TB |
Devices/VDOMs (maximum) |
+10,000 |
GB/Day of Logs |
50 |
Storage Capacity |
16 TB |
Please see the product page for more information on these and many more Product features.
Virtual Machines
FortiAnalyzer virtual machines are all supported on VMware vSphere, Citrix Xen Server, Xen, KVM, and Microsoft Hyper-V.
Devices/VDOMs (maximum) |
10,000 |
GB/Day of Logs |
1 |
Storage Capacity |
500 GB |
Devices/VDOMs (maximum) |
10,000 |
GB/Day of Logs |
+1 |
Storage Capacity |
+500 GB |
Devices/VDOMs (maximum) |
10,000 |
GB/Day of Logs |
+5 |
Storage Capacity |
+3 TB |
Devices/VDOMs (maximum) |
10,000 |
GB/Day of Logs |
+25 |
Storage Capacity |
+10 TB |
Devices/VDOMs (maximum) |
10,000 |
GB/Day of Logs |
+100 |
Storage Capacity |
+24 TB |
Devices/VDOMs (maximum) |
10,000 |
GB/Day of Logs |
+500 |
Storage Capacity |
+48 TB |
Devices/VDOMs (maximum) |
10,000 |
GB/Day of Logs |
+2,000 |
Storage Capacity |
+100 TB |
FortiGuard Services
FortiGuard Services for FortiGate-VM enable you to implement critical security controls and threat remediation within your virtual infrastructure, providing protection for north-south and east-west virtual traffic.
Effective best-in-class security requires timely, global intelligence combined with fast decision-making and response across all critical vectors. Fortinet offers proven and one of the most certified artificial intelligence-driven protection available in the market today powered by FortiGuard Labs.
For customers implementing FortiGates as NGFWs, here’s how FortiGuard subscriptions can help:
- Application Control: Fortinet boasts one of the largest applications database to safeguard your organization from risky application and allows you visibility and control of applications running in your network
- Intrusion Prevention: Stop unwanted attempts to access your network that target vulnerabilities and configuration gaps. We block over 10 million intrusion attempts per minute.
- Advanced Threats: Stop malicious files and payloads moving into your network with FortiGuard’s leading advanced malware, antivirus, and sandboxing capabilities. We stop over 35,000 malicious files per minute.
FortiGuard
Industry Leading AI-driven Protection and Intelligence
FortiCare
World-class Global Support and Professional Services
Mission critical security-driven networks deserve the best support available. FortiCare provides 24x7 support options to help keep your FortiGates up and running. We also have services to help you recover in the rare moments when bigger bumps seem to come out of nowhere such as our Premium RMA options with 4-hour replacements.
Want faster resolution? Choose our Advanced Support option.
Need help to get going with new deployments and integrations? FortiCare can do it, too, with Professional Services and Resident Engineers! Contact Sales to find out how.
FortiGuard Service Bundles for FortiGate
Enterprise Protection Bundle
Protection to address today's advanced threat landscape. It delivers all FortiGuard security services available for the FortiGate including: NGFW Application Control and IPS, Web Filtering, FortiCloud Sandbox, Antivirus, Mobile Security, IP Reputation & Antibotnet, Antispam, and core FortiCare security services with a choice of 8x5 or 24x7 support.
UTM Protection Bundle
Traditional UTM security services including NGFW Application Control and IPS, Web Filtering, Antivirus, Antispam, and core FortiCare security services with a choice of 8x5 or 24x7 support
Threat Protection Bundle
Core protection technologies including: Application Control, IPS, AV, Botnet IP/Domain and Mobile Malware Service. FortiCare security services include 24x7 support.
資源
▼
Data Sheets
Solution Guides
White Papers
Fuse Community
Product Demo
FortiGate-VM is a full-featured FortiGate packaged as a virtual appliance. FortiGate-VM virtual appliance is ideal for monitoring and enforcing virtual traffic on leading virtualization, cloud, and SDN platforms including VMware vSphere, Hyper-V, Xen, KVM, and AWS. FortiGate-VM can be orchestrated in software-defined environments to provide agile and elastic network security services to virtual workloads. Through this demo, you can see how to deploy firewall, intrusion prevention, VPN, antivirus, and other consolidated security functions to virtual workloads, as well as evaluate the easy-to-use web interface and contextual displays.
SDN and Private Cloud Ecosystem
ADVA Optical Networking
At ADVA Optical Networking, we're creating a new vision for a more connected world. Our award-winning network functions virtualization (NFV) solutions provide our customers with unprecedented choice and flexibility. Our ADVA Ensemble solution suite provides a comprehensive NFV architecture that includes programmable hardware, comprehensive software and end-to-end orchestration solutions.
Amdocs
Amdocs is a leading software and services provider to communications and media companies of all sizes, accelerating the industry’s dynamic and continuous digital transformation. Fortinet VNFs on Amdocs NFV service orchestration platform enable service providers to accelerate innovation and service agility by supporting rapid service chaining and deployment of Fortinet VNFs on customer premises, data centers and public cloud to meet customer preferences and business requirements.
Arista
Arista Networks was founded to pioneer and deliver software-driven cloud networking solutions for large data center storage and computing environments.
Big Switch Networks
Big Switch Networks is the market leader in bringing hyperscale-inspired data center networking technologies to a broader audience.
Cisco
Cisco is the worldwide leader in IT that helps companies seize the opportunities of tomorrow by proving that amazing things can happen when you connect the previously unconnected.
Cloudify
Cloudify specializes in IT operations automation technology that manages application and network services through open orchestration. The company’s award-winning Cloudify software enhances the velocity and reliability of software deployment, lifecycle management and network functions in cloud-native environments.
Corsa
Corsa scales security for high capacity networks with Red Armor, a turnkey virtualization platform. The Corsa Red Armor platform is tightly integrated with Fortinet’s FortiGate-VM virtual NGFW to scale traffic inspection capacity seamlessly while maintaining network throughput performance even with full SSL/TLS visibility enabled. This offers unlimited, economical protection for North-South traffic flows at any service provider, enterprise or campus network security zone.
Dell Technologies
Dell Technologies (NYSE:DELL) is a unique family of businesses that helps organizations and individuals build their digital future and transform how they work and live. The company provides customers with the industry’s broadest and most innovative technology and services portfolio spanning from edge to core to cloud. The Dell Technologies family includes Dell, Dell EMC, Pivotal, RSA, Secureworks, Virtustream and VMware.
Enea
Enea develops the software foundation for the connected society. We provide solutions for mobile traffic optimization, subscriber data management, network virtualization, traffic classification, embedded operating systems, and professional services. Solution vendors, systems integrators, and service providers use Enea to create new world-leading networking products and services.
Intel
Intel invents at the boundaries of technology to make amazing experiences possible for business and society, and for every person on Earth. To learn more about Intel and our technologies, please visit: www.intel.com
Lenovo
With 50,000+ employees and $51B in global sales in 160 countries, Lenovo is a global leader in providing innovative consumer, commercial and data center technologies. Together with Fortinet, we create solutions that extend security from the Communications Service Provider (CoSP) Core Network to the Edge.
NEC
NEC Corporation is a leader in the integration of IT and network technologies that benefit businesses and people around the world.
NoviFlow
NoviFlow offers fully programmable networking solutions that can handle complex flows, drive massive throughput, and can scale elegantly. NoviFlow and Fortinet joint solutions accelerate performance and flexibility with on-demand scalability, reduce total solution CAPEX and OPEX and protect TCO.
Nuage Networks
Nuage Networks, a Nokia Corp subsidiary, brings a unique combination of groundbreaking technologies and unmatched networking expertise to the enterprise and telecommunications industries.
Nutanix
Nutanix makes infrastructure invisible, elevating IT to focus on the applications and services that power their business. The Nutanix enterprise cloud platform leverages web-scale engineering and consumer-grade design to natively converge compute, virtualization and storage into a resilient, software-defined solution that delivers any application at any scale.
Pluribus Networks
Pluribus Networks provides data center solutions that allow your business to run unconstrained.
Refactr
The Refactr DevSecOps automation platform is an all-in-one solution for designing and executing secure automation pipelines that include infrastructure delivery, application configuration, and security actions. Customers can quickly deploy Fortinet’s solutions through pre-built pipelines and leverage existing Fortinet automation content built with open DevOps and security automation tools.
UBiqube
UBiqube is a vendor-agnostic provider of end-to-end network and security orchestration solutions. UBiqube’s MSActivator™ is a multi-tenant software framework enabling the design, automation, and management of services over hybrid communication infrastructures (SDN/NFV/IoT).
VMware
VMware is a global leader in cloud infrastructure and business mobility.
- NSX solution brief
- NFV solution brief
- NSX-T solution brief
- Carbon Black Solution brief
- Carbon Black Technical Integration Guide
- Carbon Black Solution Video