forti wifi
TRANSCRIPT
© Copyright Fortinet Inc. All rights reserved.
Fortinet Secure WLANLan & Wan Solutions – Excellence Partner FortinetQ1 2015
2
The Fortinet Difference
SecurityDeep Application
Inspection
SECURITY
ASIC BasedArchitecture
ASIC BasedArchitecture
PERFORMANCE INTEGRATION
Flexible Network Operating System
Multi-Platform Orchestration
MANAGEMENT
FortiGuard FortiASIC FortiOS FortiManagerFortiAnalyzer
NetworkingHigh
Performance +
Advanced Threat Protection
3
Ubiquitous Access – Unified Access Layer
Wireless Access
Wired Access
Remote Access
DIGITAL ASSET
• Content Inspection• Attack Mitigation
• User Identification• Access Control
4
Fortinet Secure WLAN Approach
Corporate Wi-Fi
Captive Portal, 802.1x—Radius /shared key
Assign users and devices to their role
Examine wireless traffic to remove threats
Apply policy to users and applications
Identify applications and destinations
Report on policy violations, application usage, destinations and PCI DSS
Ensure business traffic has priority
No additional licenses required
© Copyright Fortinet Inc. All rights reserved.
Access Point Overview
6
Thick vs. Thin Fortinet APs
FortiWiFi
FortiAP
INTERNET
INTERNET
Small Deployments - Up to 300 sq meters
or 3,000 sq feet
Larger Deployments - More than 300 sq
meters or 3,000 sq feet
FortiGate
7
FWF-30D/30D-POE FWF-60D/60D-POE FWF-90D/90D-POE
Thick AP ✓ ✓ ✓
Number of radios 1 1 1
IEEE 802.11 standards a/b/g/n a/b/g/n a/b/g/n
802.11n support 2x2 MIMO 2x2 MIMO 2x2 MIMO
Max client association rate 300Mbps 300Mbps 300Mbps
Max number of SSIDs 8 8 8
FortiAP Wireless controller support Yes Yes Yes
Max FortiAP (Total/ Local Bridge) 2/2 10 / 5 32 / 16
FortiWiFi Product Matrix
8
FortiAP Product Matrix
3x3:3
Dual Radio
2x2:2
Single
Radio1x1:1
Remote Outdoor Indoor
802.11ac
802.11ac
FAP-28C
FAP-14C
FAP-11C
FAP-222C
FAP-112D
FAP-24D
FAP-223C
FAP-221C
FAP-321C
FAP-320C
802.11ac
802.11ac
FAP-224D
FAP-25D
FAP-21D
802.11ac
FAP-112B
9
FortiAP – Simple and Secure
Traffic tunnels to FortiGateNo VLAN managementNo trunkingFast Layer-2 switching, no
Layer-3 roamingNo need to re-DHCP Increases security and control
CAPWAP
Controller redundancy
VLANsFortiGate 2FortiGate 1
10
FortiGate + FortiAP = Unified Access Layer
FortiGate
Wi-Fi Controller
Switch
FirewallAntivirusAntispamWAN OptimizationWeb FilteringApplication ControlIntrusion PreventionVPN
Security Management System
Unified Access Layer
Lower cost of acquisition Lower cost of ownershipImproves security provisioning
Wireless Management system
FortiAP
INTERNET
11
Wireless Controller Options for FortiAP
Every FortiGate is a wireless controller Largest range of wireless controllers in the
industry Per FortiGate, support ranges from 5 APs and
100 users up to 10,000 APs and 32,000 users
12
Single Pane of Glass Management
© Copyright Fortinet Inc. All rights reserved.
Wireless Features
14
Deep Application Control
Bandwidth Control Uses Layer-7 inspection Ensures business critical applications are
prioritized Ensures bandwidth allocation is fair Critical for optimization of WAN links
Fortinet Application Control Sensors Over 3,000+ Apps Identified,
16 Categories Advanced IM & P2P control Application Control
Traffic Shaping SSL Content Inspection
Client #1 Client #2
High Priority App
Priority App
Non-Priority App
Non-Priority App
Priority App
Youtube
Webex
INTERNET
FortiGate
FortiAP
15
BYOD – Device Identification and Policy
Identification Device User Application
Policies Enforcement on Device/User/App
16
Integrated WIDS
Wireless Intrusion Detection System Wi-Fi protocol & RF level attack detection Detection includes attacks & vulnerabilities:
» Weak WEP Encryption Usage» Null SSID Probes» Deauth Broadcasts» Various Management, EAP, Auth & Beacon floods
17
Rogue AP Detection & Suppression
Rogue AP Detection Determines whether an AP is indeed a Rogue device connected to
your physical wired LAN network
Rogue AP suppression ‘DeAuthentication Frames’ are sent to render unauthorized Rogue
AP’s unusable by clients
18
Secure Wireless LAN Guest Access
Temporary user provisioning and guest WLAN access Allow non-IT staff to create
Guest account via web portal Assign time quota Generate temporary password Distribute guest credentials:
Print Email SMS
Batch guest users creation option
19
Integrated Captive Portal for Authentication
HTML Customizable Captive Portal Allows users to log-in to the WLAN via a
web browser Runs directly on the FortiGate No additional licensing required! Email address for anonymous login
» Address can be captured and logged» Validates email address authenticity» Enables Business Intelligence
and marketing opportunities
20
Live Captive Portal HTML Customization
21
Headquarters
• Bridges Wi-Fi trafic to FortiAP Ethernet port
• No u-turn to HQ to access local network
• Resiliency in case of WAN failure
WAN
Internet
Remote AP with Local Bridging
22
Headquarters
• Data is encrypted
• Automatic connection to HQ
• Multiple devices can share Wi-Fi
Internet
Remote Telecommuter / Road Warrior
23
21
1 2
• AP Handoff• Frequency Handoff (Band Steering)• Auto TX Power Control
High Density Features
24
Automatic Radio Resource Provisioning
CH 1 CH 6CH 11
Channel Assignment Automatically assigns
non-overlapping channels
Selects channels with least noise and interference
Reduces chatter between APs
Auto TX Power Changes radio
transmission power settings automatically
25
Automatic Radio Resource Provisioning
CH 1CH 6CH 11
Channel Assignment Automatically assigns
non-overlapping channels
Selects channels with least noise and interference
Reduces chatter between APs
Auto TX Power Changes radio
transmission power settings automatically
26
Wireless Mesh
• Dynamic Multi-hop Mesh with resiliency• Point-to-point / Multipoint Bridging
27
Dynamic Multi-hop Mesh
INTERNET
28
Point-to-point / Multipoint Bridging
5Ghz (80Mhz wide) 867Mbps Max rate
2.4Ghz (40Mhz wide)300Mbps max rate
CAPWAP tunnel
INTERNET
FortiGate
29
Wireless Bridging – Security Camera Use Case
Dual Ethernet port with PoE enables bridging to IP CCTV cameras
Extend wireless reach with mesh capability
Offer guest Wi-Fi to patrons through secure captive portal
30
Centralized Wireless Management, Log Analysis and Reporting
FortiManager FortiAnalyzer
FortiManager Global Wireless Management
Centralized AP Firmware Upgrades
SSID and Radio Policy Configuration
Centralized Rogue AP Suppression
Real-time Client MonitoringFortiAnalyzer Wireless Usage Reporting
Security Log Analysis and Forensics
Wireless PCI Compliance Reporting
Branch OfficeBranch Office
Central Location
ManagementLogging
INTERNET
© Copyright Fortinet Inc. All rights reserved.
FortiAP Technical Specifications
32
FortiAP 11C
• 2 x GE RJ45 Interface
Hardware PerformanceTarget Environment Remote Simultaneous SSIDs 8 (7 for client access,
1 for monitoring)
Number of Antenna 1 Internal Max Transmission Power 17 dBm (50mW)
Number of Radio 1 PoE Support NIL
TX / RX Stream (802.11n) 1x1 MIMO, 150 Mbps Power Supplies Integrated AC
33
FortiAP 14C
Hardware PerformanceTarget Environment Remote Simultaneous SSIDs 8 (7 for client access,
1 for monitoring)
Number of Antenna 1 Internal Max Transmission Power 17 dBm (50mW)
Number of Radio 1 PoE Support NIL
TX / RX Stream (802.11n) 1x1 MIMO, 150 Mbps Power Supplies Ext. AC power supply
• 1 x FE WAN Interface• 4 x FE Switch Interface
34
FortiAP 21D
Specification
Use Case FortiPresence Sensor or Travel/SOHO (USB powered)
Form Factor Small, portable
Rx / Tx 2x2
Radio 1 2.4 GHz b/g/n (up to 150 Mbps)
Radio 2 -
PoE -
Antennas 1 internal
Ethernet Ports 2 x FE RJ45
USB 2 (incl. 1 for power input)
FAP-21D
35
FortiAP 24D
Specification
Use Case Low density indoor environments
Form Factor Desktop
Rx / Tx 2x2
Radio 1 2.4/5GHz a/b/g/n (up to 300 mbps)
Radio 2 -
PoE 802.3af
Antennas 2 internal
Ethernet Ports 1x GE RJ45 PoE PD WAN4x FE RJ45 LAN
USB 1
FAP-24D
36
FortiAP 25D
Specification
Use Case Hotels/Hospitality desktops
Form Factor Small, portable powerstrip design
Rx / Tx 2x2
Radio 1 2.4/5GHz a/b/g/n (up to 300 mbps)
Radio 2 -
PoE NA
Antennas 2 internal
Ethernet Ports 1x GE RJ45 WAN4x FE RJ45 LAN
USB -
FAP-25D
37
FortiAP 28C
Hardware PerformanceTarget Environment Remote Simultaneous SSIDs 8 (7 for client access,
1 for monitoring)
Number of Antenna 2 Internal Max Transmission Power 17 dBm (50mW)
Number of Radio 1 PoE Support NIL
TX / RX Stream (802.11n) 2x2 MIMO, 300 Mbps Power Supplies Ext. AC power supply
• 2 x GE RJ45 WAN Interface• 8 x GE RJ45 Switch Interface
38
FortiAP 112B
• 2 x FE Interface
Hardware PerformanceTarget Environment Indoor/Outdoor Simultaneous SSIDs 8(7 for client access,
1 for monitoring)
Number of Antenna 1 Internal Max Transmission Power 24 dBm (250mW)
Number of Radio 1 PoE Support 802.3af
Tx / RX Stream (802.11n) 1x1 MIMO, 150 Mbps
39
FortiAP 112D
Specification
Use Case Low density outdoor environments. POE pass-through can power connected IP CCTV cameras.
Form Factor Outdoor IP55 Rated, wall or pole mount
Rx / Tx 1x1
Radio 1 2.4/5GHz a/b/g/n (up to 150 Mbps)
Radio 2 -
PoE Yes
Antennas 1 internal
Ethernet Interfaces 2x FE RJ45
USB -FAP 112D
40
FortiAP 221B
• 1 x GE RJ45 Interface
Hardware PerformanceTarget Environment Indoor Simultaneous SSIDs 8(7 for client access,
1 for monitoring)
Number of Antenna 4 Internal Max Transmission Power 17 dBm (50mW)
Number of Radio 2 PoE Support 802.3af
Tx / RX Stream (802.11n) 2x2 MIMO with Dual Spatial streams, 600 Mbps Total
41
FortiAP 221C
• 1 x GE RJ45 Interface
Hardware PerformanceTarget Environment Indoor Simultaneous SSIDs 8(7 for client access,
1 for monitoring)
Number of Antenna 4 Internal Max Transmission Power 17 dBm (50mW)
Number of Radio 2 PoE Support 802.3af
Tx / RX Stream (802.11n) 2x2 MIMO with Dual Spatial streams, 1167 Mbps Total
802.11ac
42
FortiAP 222B
Specification
Use Case High density outdoor environments
Form Factor Outdoor IP67 Rated, wall or pole mount
Rx / Tx 2x2
Radio 1 2.4 GHz b/g/n (up to 300 Mbps)
Radio 2 2.4/5GHz a/n (up to 300 Mbps)
PoE 802.3at
Antennas 4 external (N-Type)
Ethernet Interfaces 1 x GE RJ45
USB -
43
FortiAP 222C
Specification
Use Case High density outdoor environments that require 802.11ac
Form Factor Outdoor IP67 Rated, wall or pole mount
Rx / Tx 2x2
Radio 1 2.4 GHz b/g/n (up to 300 Mbps)
Radio 2 2.4/5GHz a/b/g/n/ac (up to 867 Mbps)
PoE 802.3at
Antennas 4 external (N-Type)
Ethernet Interfaces 1 x GE RJ45
USB -
44
FortiAP 223B
• 1 x GE RJ45 Interface
Hardware PerformanceTarget Environment Indoor Simultaneous SSIDs 16 (14 for client access,
2 for monitoring)
Number of Antenna 4 external Max Transmission Power 17 dBm (50mW)
Number of Radio 2 PoE Support 802.3af
Tx / RX Stream (802.11n) 2x2 MIMO with Dual Spatial streams, 600 Mbps Total
45
Specification
Use Case Medium density indoor environments that require external antennas.
Form Factor Smoke Detector, wall or ceiling mount
Rx / Tx 2x2
Radio 1 2.4 GHz b/g/n (up to 300 Mbps)
Radio 2 2.4/5GHz a/b/g/n/ac concurrent(up to 867 Mbps)
PoE 802.3af
Antennas 4 external
Ethernet Interfaces 1 x GE RJ45
USB -
FortiAP 223C
FAP-223C802.11ac
46
Specification
Use Case Medium density outdoor environments
Form Factor Outdoor IP66 rated, wall or pole mount
Rx / Tx 2x2
Radio 1 2.4 GHz b/g/n (up to 300 Mbps)
Radio 2 5GHz a/n (up to 300 Mbps)
PoE Yes
Antennas 4 external
Ethernet Interfaces 1 x GE RJ45, 802.3af PoE
USB -
FortiAP 224D
FAP-224D
47
FortiAP 320B
• 2 x GE RJ45 Interface
Hardware PerformanceTarget Environment Indoor Simultaneous SSIDs 16 (14 for client access,
2 for monitoring)
Number of Antenna 6 Internal Max Transmission Power 24 dBm (250mW)
Number of Radio 2 PoE Support 802.3af
Tx / RX Stream (802.11n) 3x3 MIMO with 3 spatial streams, 900 Mbps Total
48
FortiAP 320C
• 2 x GE RJ45 Interface
Hardware PerformanceTarget Environment Indoor Simultaneous SSIDs 16 (14 for client access,
2 for monitoring)
Number of Antenna 6 Internal Max Transmission Power 24 dBm (250mW)
Number of Radio 2 PoE Support 802.3af
Tx / RX Stream (802.11n) 3x3 MIMO with 3 spatial streams, 1750 Mbps Total
802.11ac
49
FortiAP 321C
Specification
Use Case Medium density indoor environments
Form Factor Smoke Detector, wall or ceiling mount
Rx / Tx 3x3
Radio 1 2.4 GHz b/g/n (up to 450 Mbps)
Radio 2 5GHz a/n/ac (up to 1300 Mbps)
PoE Yes
Antennas 6 internal
Ethernet Interfaces 1 x GE RJ45FAP-321C802.11ac
50
FortiAntennas
FAN-612N/R
Specification
Compatible AP FAP-222B and FAP-222C
Type Point to point antenna for 5Ghz bridging with N/R connectors.
Accessories Mount Kit sold separately FAN-M22.
FAN-500N
Specification
Compatible AP FAP-222B and FAP-222C
Type Directional 120 degree outdoor panel antenna
Accessories Includes two 120cm Cables with N connector.Mount Kit sold separately FAN-22.
51
Hardware Overview – FortiAP (Indoor)
FAP-24D FAP-221B/223B*
FAP-221C/223C* FAP-320B FAP-320C FAP-321C
Use Case Low density indoor
Medium density indoor
Medium density indoor
High density, resilience
High density 802.11ac,
streaming app, resilience
Medium density 802.11ac
Form Factor Desktop
Smoke Detector, wall
or ceiling mount
Smoke Detector, wall or
ceiling mount
Wall or ceiling mount Wall or ceiling
mount
Smoke Detector, wall or
ceiling mount
Rx / Tx 2x2 2x2 2x2 3x3 3x3 3x3
Radio 1 2.4/5GHz a/b/g/n (up to 300 mbps)
2.4 GHz b/g/n (up to 300
Mbps)
2.4 GHz b/g/n(up to 300
Mbps)
2.4 GHz b/g/n(up to 450
Mbps)
2.4 GHz b/g/n(up to 450
Mbps)
2.4 GHz b/g/n(up to up to 450
Mbps)
Radio 2 -2.4/5GHz
a/b/g/n (up to 300 Mbps)
2.4/5GHz a/b/g/n/ac (up to 867
Mbps)
2.4/5GHz a/b/g/n
(up to 450 Mbps)
5GHz a/n/ac (up to 1300
Mbps)
5GHz a/n/ac (up to 1300
Mbps)
PoE 802.3af 802.3af 802.3af 802.3af 802.3af 802.3af
Antennas 2 internal 4 internal4 external*
4 internal/ 4 external* 6 internal 6 internal 6 internal
Ethernet Interfaces
1x GE RJ45 WAN
4x FE RJ45 LAN1 x GE RJ45 1 x GE RJ45 2 x GE RJ45 2 x GE RJ45 1 x GE RJ45
USB 1 - - - 1 -
52
Hardware Overview – FortiAP (Outdoor)
FAP-112B FAP-112D FAP-224D FAP-222B FAP-222C
Use Case Low density outdoor
Low density outdoor, POE
pass-through for IP CCTV cameras.
Medium density outdoor
High density outdoor
High density 802.11ac outdoor
Form FactorOutdoor IP55 Rated, wall or
pole mount
Outdoor IP55 Rated, wall or
pole mount
Outdoor IP66 Rated, wall or
pole mount
Outdoor IP67 Rated, wall or
pole mount
Outdoor IP67 Rated, wall or
pole mount
Rx / Tx 1x1 1x1 2x2 2x2 2x2
Radio 12.4 GHz b/g/n
(up to 150 Mbps)
2.4/5GHz a/b/g/n
(up to 150 Mbps)
2.4 GHz b/g/n(up to 300
Mbps)
2.4 GHz b/g/n(up to 300Mbps)
2.4 GHz b/g/n(up to 300
Mbps)
Radio 2 - -5GHz a/n(up to 300
Mbps)
5GHz a/nup to (300
Mbps)
5GHz a/n/ac (up to 867
Mbps)
PoE 802.3af 802.3af 802.3af 802.3at 802.3at
Antennas 1 internal 1 internal 4 external (RP-SMA )
4 external (N-Type)
4 external (N-Type)
Ethernet Interfaces 2x FE RJ45 2x FE RJ45 1 x GE RJ45 1 x GE RJ45 1 x GE RJ45
USB - - - - -
53
FAP-11C FAP-14C FAP-21D FAP-28C FAP-25D
Use Case Portable AP for traveller
Remote office or SOHO desktop
FortiPresence Sensor or
Travel/SOHO (USB powered)
Remote office or SOHO desktop
Hotels/Hospitality desktop
Form Factor Small, portable Desktop Small, portable Desktop Small, portablePowerstrip design
Rx / Tx 1x1 1x1 2x2 2x2 2x2
Radio 1 2.4 GHz b/g/n (up to 150 Mbps)
2.4 GHz b/g/n (up to 150 Mbps)
2.4 GHz b/g/n (up to 150 Mbps)
2.4/5GHz a/b/g/n (up to 300 mbps)
2.4/5GHz a/b/g/n (up to 300 mbps)
Radio 2 - - - - -
PoE NA NA NA NA NA
Antennas 1 internal 1 internal 1 internal 2 internal 2 internal
Ethernet Ports1x GE RJ45
WAN1x GE RJ45 LAN
1x FE WAN4x FE LAN 2x FE RJ45 2x GE RJ45 WAN
8x GE RJ45 LAN1x GE WAN4x FE LAN
USB 1 - 2 2 -
Hardware Overview – FortiAP (Remote)
54
Contattaci gratuitamente…
In questi anni di partnership con la casa madre, Lan & Wan Solutions ha ottenuto tutte le specializzazioni previste nei vari iter di certificazione, raggiungendo la qualifica di Partner Of Excellence.
Certified experts in Fortimail and email security
Certified experts in Fortiweb and web application firewall protection
Certified experts in FortiAp, FortiWifi and wireless security
ContactsTel. +39 049 8843198 DIGIT (5)[email protected]
www.lanewan.it