3. 3
FortiOS 5.2 Feature Set
ATP OSS Support AAA Central Mgmt. Integrations
Configuration Visibility Log & Report Diagnostics Management
Anti-Malware IPS
Application
Control
Web
Filtering
Email Filtering
Firewall VPN DLP
User & Device
Identity
SSL inspection Security Functions
Wireless
Controller
Switch
Controller
Endpoint
Manager
Token Server
Vulnerability
Scanner Extensions
:::::::::: Virtual Domains :::::::::: Virtual Systems
Routing NAT/CGN WAN Link / Server LB Wan Optimization
Network Functions
L2/Switching IPv6 QoS High Availability
NAT/Route Transparent Sniffer Operating Modes
LAN WiFi WAN Network Interface
Physical Appliance (+ASICS) Hypervisor Cloud Platform
* Features may varied by models
4. 4
Overview IPS
IPS Signatures
Over 7,000+ Signatures
Integrated FortiGuard IPS encyclopedia
Zero-day Threat Protection & Research
Custom Signatures
Rate based Signatures
Signature Filtering
User Quarantine, Packet Logging
DOS Protection
Rate based - set thresholds for various
types of network operations
Deployment Options
Sniffer Mode
Bypass Interface & FortiBridge
Low latency, superior coverage
and cost/performance integrated
IPS
2012 NSS Security Value Map
5. 5
IPS Sensor
Regular IPS Signatures
Protect against
» Known Vulnerability & Zero day
exploits
» Protocol abnormalities
Details Pop-Up linked to FortiGuard
IPS encyclopedia
Filtered by
IPS
Severity OS Protocol
Applications Target (Client/Server)
6. 6
Rate Based Signatures
Brute force protection by blocking subsequent requests when
threshold (incident per defined sec.) is reached
» Definable block duration
» Various tracking methods
IPS Sensor IPS
7. 7
FortiGuard Service
Outstanding Detection Rate
100% resistance to evasions, 97.9%
Detection rate (NSS Test 2011)
Vigorous Benchmark Testing
Tested on over 4 different tools Weekly
Determine & Improve effectiveness of a
security device to detect network
vulnerabilities
IPS
8. 8
FortiGuard Service
FortiGuard Center
FortiGuard Encyclopedia – detailed description of known threats
IPS Updates log (RSS Feed)
Vulnerability Advisories
Threat Monitor – Top attacks by geographic breakdowns
Zero-Day Research
• Reported over 153 vulnerabilities, 124 of which have been disclosed and fixed by the
appropriate vendor(s)
IPS
9. 9
Performance IPS
0 20 40 60 80 100 120 140 160
Latency (μs)
NSS IPS Latency (July 2012)
Check Point 12600 Stonesoft 1302 Juniper IDP 8000 Sourcefire 3D8120
Sourcefire 3D8260 Sourcefire 3D8250 SonicWALL SuperMassive IBM GX7800
PA 5020 HP/TippingPoint 6100N McAfee M-8000 FortiGate 3240C
FortiGate 3240C also beats all IPS
competition with Lowest Latency
10. 10
Packet Logging
Forensic Tool
Packet Capture triggered IPS
signatures
Can be saved as pcap file for
forensic studies
Can be either log to disk,
FortiAnalyzer or FortiCloud
IPS
11. 11
User Quarantine
Intelligently blocks attackers from launching further attack
» Most attacks are conducted via several steps. Eg. port scan, followed by more
targeted hacking activities
Free up IPS resources since traffic is now stopped by firewall.
Manually or set expiry time to remove from banned list
User Quarantine
Attackers IP Address
Antivirus IPS DLP
Duration
Endpoint Control
IPS
12. 12
Advanced Features IPS
NGIPS
Contextual Awareness
» Correlate with related information such as users & applications
Automation
» Automated impact assessment for quick policy tuning with FortiView
» Network behavior analysis using Threat Score
13. 13
DOS Sensors
DOS Protection
Detects and mitigate traffic that is is part of a DoS attack
Applied as DOS Policies prior of Firewall Policies
Rate based: set thresholds for various types of network operations
Sensor list can be updated only when the firmware image is upgraded on the
unit.
TCP UDP ICMP
Packet Rate to a Destination IP TCP_SYN_FLOOD UDP_FLOOD ICMP_FLOOD
Packet Rate from a Source IP TCP_PORT_SCAN UDP_SCAN ICMP_SWEEP
# of Concurrent Sessions to a
Destination IP
TCP_DST_SESS UDP_DST_SESS ICMP_DST_SESS
# of Concurrent Sessions From a
Source IP
TCP_SRC_SESS UDP_SRC_SESS ICMP_SRC_SESS
IPS
14. 14
Contattaci Gratuitamente …
Certified experts in Fortimail and email
security
Certified experts in Fortiweb and web
application firewall protection
Certified experts in FortiAp, FortiWifi
and wireless security
CONTACTS
Tel. +39 049 8843198 DIGIT (5)
contacts@lanewan.it
www.lanewan.it
In questi anni di partnership con la casa madre,
Lan & Wan Solutions ha ottenuto tutte le
specializzazioni previste nei vari iter di certifica-
zione, raggiungendo la qualifica di Partner Of
Excellence.