fortinet fortios 5 presentation

1 CONFIDENTIAL – INTERNAL ONLY 1 Fortinet ConfidentialMay 2, 2023

Introducing FortiOS 5More Security, More Control, More Intelligence

2 CONFIDENTIAL – INTERNAL ONLY

Network TrendsWired Connectivity Moving Beyond 10GUbiquitous Wireless ConnectivityMobile Devices EverywhereVideo and Audio ContentIPv6 a Reality

Background

3 CONFIDENTIAL – INTERNAL ONLY

Security TrendsVisibility of TrafficAccuracy of DetectionPolicy ExplosionLog ExplosionThreats Scale

Background

4 CONFIDENTIAL – INTERNAL ONLY

No ChangeBudgetDepartment Size

Background

5 CONFIDENTIAL – INTERNAL ONLY 5 Fortinet Confidential

FortiOS 5

6 CONFIDENTIAL – INTERNAL ONLY 6 F O R T I N E T C O N F I D E N T I A L

FortiOS 5

More SecurityMore SecurityMore ControlMore ControlMore IntelligenceMore Intelligence

7 CONFIDENTIAL – INTERNAL ONLY

Over 150 New Features & Enhancements

Fighting Advanced Threats--------------------------------------Client ReputationAdvanced Anti-malware Protection

More Security

Securing Mobile Devices------------------------------------Device IdentificationDevice Based PolicyEndpoint Control

More Control

Making Smart Policies--------------------------------------Identity Centric EnforcementSecured Guest AccessVisibility & reporting

More Intelligence

FortiOS 5 Highlights

8 CONFIDENTIAL – INTERNAL ONLY

Fighting Advanced Fighting Advanced ThreatsThreatsClient ReputationAdvanced Anti-malware Protection

More Security

9 CONFIDENTIAL – INTERNAL ONLY

Ranking

Client Reputation

Identification

Policy Enforceme

nt

Multiple Scoring VectorsReputation by Activity Threat Status

Real Time, Relative,Drill-down, Correlated

Identify potential … zero-day attacks

Score Computati

on

Zero Day Attack Detection

10 CONFIDENTIAL – INTERNAL ONLY

Multi-pass Filters

In-box Enhanced AV Engine Cloud Based AV Service

Hardware Accelerated& Code optimized

Real time updated, 3rd party validated Signature DB

Local LightweightSandboxing

Behavior / Attribute Based Heuristic Detection

Application Control – Botnet Category

FortiGuard Botnet IP Reputation DB

Cloud BasedSandboxing

Improves threat …. … detection

Advanced Anti-Malware Protection

11 CONFIDENTIAL – INTERNAL ONLY

Client ReputationThreat profiling to quickly identify most suspicious clientsEffective zero-day attacks detection

!

Advanced Anti-malware ProtectionMutilayered: Combines best-in class local AV Engine with additional cloud based detection systemDetects and block Botnet clients and activitiesImproves malware detection capabilities

More Security

12 CONFIDENTIAL – INTERNAL ONLY

Securing Mobile DevicesSecuring Mobile DevicesDevice IdentificationDevice Based PolicyEndpoint Control

More Control

13 CONFIDENTIAL – INTERNAL ONLY

See It… Control IT

Seamless integration!

BYOD – Device Identity & Policies

Device BasedIdentity Policies

AgentlessAgent based

Device Identification

Access Control Security Application

UTM Profiles

Awareness

14 CONFIDENTIAL – INTERNAL ONLY

Authorized Device

Device Based PolicySecurely adopt BYODSetup different security and network usage policies based on device types

Personal Device

✔DMZ ✔INTERNET

✗DMZ ✔INTERNET

More Control

15 CONFIDENTIAL – INTERNAL ONLY

“Off-Net” Protection

Endpoint Control: FortiClient 5

INTERNET

LAN

OFF

ON

• Client enrolls into the FortiGate and then receives its end point policy. It will receive any updates when connected again.

• Client uses last known security policies and VPN configurations.

1

2

16 CONFIDENTIAL – INTERNAL ONLY

Securing Remote DevicesProtect mobile hosts against malicious external threatsEnforce consistent end point security policies, anywhere all the timeSimplified host security and remote VPN management

Endpoint Control: FortiClient 5

17 CONFIDENTIAL – INTERNAL ONLY

Making Smart PoliciesMaking Smart PoliciesIdentity Centric EnforcementSecured Guest AccessVisibility & Reporting

More Intelligence

18 CONFIDENTIAL – INTERNAL ONLY

Identity = Policy

External Radius Service

Windows AD

Citrix Environment

= M.Jones = = S.Lim = = V.Baker == J.Jackson =

Captive Portal

802.1x

Users identified without additional logins

FortiClient

DMZ

DMZ

Users assigned to their policies

Identity-Centric Enforcement

FSSO Identity based Policies

19 CONFIDENTIAL – INTERNAL ONLY

Single Sign-On and Role Based PoliciesAuthorized network access based on user credentials secure network right at entry pointReuse captured information for security policies unifies security configurations and offers better user experience. Reduce administrative tasks & configuration errors

Marketing, Management

Operation, Staff

✔CMS ✔INTERNET

✗CMS ✔INTERNET

M.Jones

S.Lim

SSID: STAFF

SSID: MGMT

Identity-Centric Enforcement

20 CONFIDENTIAL – INTERNAL ONLY

Temporary Network Access Guest Administration PortalCredential Generation & DeliveryTime Quota

Ad hoc access without compromising security

Integrated Guest Access

Identify and track guest activities Time limits prevent unnecessary exposure to exploits

21 CONFIDENTIAL – INTERNAL ONLY

Network & Threat StatusKnowledge is Power !

Drill-Down StatisticsFilter & SortingObject DetailsContextual Information

Visibility & Reporting

22 CONFIDENTIAL – INTERNAL ONLY

Deep InsightsNew PDF FormattingDrill-downsPer User Summary

FortiManagerFortiCloud

Comprehensive reports

Visibility & Reporting

23 CONFIDENTIAL – INTERNAL ONLY

EnhancementsEnhancementsUsability / WebUIIPv6UTMWirelessFortiGuard Services

Highlights

24 CONFIDENTIAL – INTERNAL ONLY

Usability

Wizards

Improved Policy Editor

Contextual Pictograms

Enhancements

25 CONFIDENTIAL – INTERNAL ONLY

IPv6NAT64 / DNS64IPS (Forwarding Policy)Explicit ProxyHA Session Pickup

DHCP ClientPer-IP Traffic ShapingPolicy RoutingDHCPv6 Relay

Enhancements

26 CONFIDENTIAL – INTERNAL ONLY

UTMSSL Inspection of IPS & App ControlDNS-based Web FilteringCIFS (Flow-AV) & MAPI ScanningSSH proxyDLP Watermarking

Enhancements

27 CONFIDENTIAL – INTERNAL ONLY

WirelessWireless IDSWireless MeshLocal Bridge Mode (Remote sites)SSID & Port Bridging

Enhancements

28 CONFIDENTIAL – INTERNAL ONLY

User NotificationNotify Users in Real-Time• Blocked Applications• Denied Traffic• Quotas• Notifies via FortiClient if Host is Registered

Additional Enhancements

29 CONFIDENTIAL – INTERNAL ONLY

FortiGuard Services

DNS-based Web Filter DB Query

DDNS Service

NTP ServiceBYOD Signature Updates

Geography Updates

USB Modem Updates

Vulnerability Scan DB Updates SMS Messaging

FDN

Real time protection & new services

Enhancements

30 CONFIDENTIAL – INTERNAL ONLY

Supported Platforms

Desktop

Mid Range

3000 Series

5000 Series

FortiGate-VM * Available on patch release

31 CONFIDENTIAL – INTERNAL ONLY

Feature Matrix for Desktop Models

* Requires FMG/FAZ, FortiCloud for Monitoring, available in near future

32 CONFIDENTIAL – INTERNAL ONLY

Services, Licenses & Subscriptions

*Registration Required** Available on selected Models

Included with FortiGate•DNS Service •DDNS Service•NTP Service•2 FortiTokenMobile License*•10 FortiClient Endpoint License*•10 VDOMs License•FortiCloud Service (trial)*

FortiCare Subscription Required•Geography Updates•BYOD Signatures Updates•USB Modem DB Updates•Vulnerability Scan Signature Updates•Firmware Update

+ FortiTokenMobile License + Endpoint License** + VDOM License**

+ SMS Top-up+ FortiCloud Storage Top-up

BOLD: New Offerings

33 CONFIDENTIAL – INTERNAL ONLY

Services, Licenses & Subscriptions

FortiGuard AV Subscription•Botnet IP reputation DB•FortiGuard Analytics Service•Proxy & Flow based AV signatures

FortiGuard Web Filter Subscription•Botnet IP reputation DB•FortiGuard Analytics Service•Proxy & Flow based AV signatures

FortiGuard IPS Subscription•IPS Signature Updates•Application Control Signature Updates

FortiGuard Anti-spam Subscription•Anti-spam Services

BOLD: New Offerings