learn & sail july 2019 · endpoint/device protection secure access application security fabric...
TRANSCRIPT
![Page 1: Learn & Sail July 2019 · Endpoint/Device Protection Secure Access Application Security Fabric APIs Fabric Connectors Security Operations ... Routing OSPF, BGP, ISIS, RIP, PIM](https://reader036.vdocuments.site/reader036/viewer/2022071004/5fc180f224087a58724dc05c/html5/thumbnails/1.jpg)
1
Learn & Sail July 2019
![Page 2: Learn & Sail July 2019 · Endpoint/Device Protection Secure Access Application Security Fabric APIs Fabric Connectors Security Operations ... Routing OSPF, BGP, ISIS, RIP, PIM](https://reader036.vdocuments.site/reader036/viewer/2022071004/5fc180f224087a58724dc05c/html5/thumbnails/2.jpg)
Introduction
![Page 3: Learn & Sail July 2019 · Endpoint/Device Protection Secure Access Application Security Fabric APIs Fabric Connectors Security Operations ... Routing OSPF, BGP, ISIS, RIP, PIM](https://reader036.vdocuments.site/reader036/viewer/2022071004/5fc180f224087a58724dc05c/html5/thumbnails/3.jpg)
3
Digital Transformation at the remote branchExpansion at the WAN edge
Cloud Enabled Reduce WAN Cost Simplify Operations
![Page 4: Learn & Sail July 2019 · Endpoint/Device Protection Secure Access Application Security Fabric APIs Fabric Connectors Security Operations ... Routing OSPF, BGP, ISIS, RIP, PIM](https://reader036.vdocuments.site/reader036/viewer/2022071004/5fc180f224087a58724dc05c/html5/thumbnails/4.jpg)
4
Networks Must Change to Adopt Digital Initiatives
Applications moving to Cloud in 2019
70%
Annual increase in bandwidth due to Voice
and Video
50%
Percent of Network Changes are manually
driven
79%
![Page 5: Learn & Sail July 2019 · Endpoint/Device Protection Secure Access Application Security Fabric APIs Fabric Connectors Security Operations ... Routing OSPF, BGP, ISIS, RIP, PIM](https://reader036.vdocuments.site/reader036/viewer/2022071004/5fc180f224087a58724dc05c/html5/thumbnails/5.jpg)
5
Fortinet Security Fabric
Open Ecosystem
NetworkSecurity
Network Security
Device, Access, and Application Security
Multi-Cloud Security
NetworkOperations
Security Operations
Q1FY19 v1.4.4
Multi-CloudSecurity
Endpoint/DeviceProtection
SecureAccess
ApplicationSecurity
FabricAPIs
FabricConnectors
SecurityOperations
INTEGRATEDAI-driven breach prevention across devices, networks, and applications
AUTOMATEDOperations, orchestration, and response
BROADVisibility of the entire digital attack surface
![Page 6: Learn & Sail July 2019 · Endpoint/Device Protection Secure Access Application Security Fabric APIs Fabric Connectors Security Operations ... Routing OSPF, BGP, ISIS, RIP, PIM](https://reader036.vdocuments.site/reader036/viewer/2022071004/5fc180f224087a58724dc05c/html5/thumbnails/6.jpg)
6
Multi-Functional Security Platform
Accelerated Firewall IPv4 IPv6
SSL & IPSec VPN (+ADVPN)
Dynamic Web Filtering
Anti-Virus & Anti-Botnet
Application Control & DLP
IPS & IDS
Virtual Domains & vClustering
Advanced HA
Cloud / on-Premise Sandboxing
QoS & Traffic shaping
Identity & Device Awareness
Advanced SD-WAN & VXLANRouting OSPF, BGP, ISIS, RIP, PIM
Wan Optimisation (Cache, Explicit Proxy, Reverse Proxy) Mobile Security & Endpoint Control
![Page 7: Learn & Sail July 2019 · Endpoint/Device Protection Secure Access Application Security Fabric APIs Fabric Connectors Security Operations ... Routing OSPF, BGP, ISIS, RIP, PIM](https://reader036.vdocuments.site/reader036/viewer/2022071004/5fc180f224087a58724dc05c/html5/thumbnails/7.jpg)
VxLAN
![Page 8: Learn & Sail July 2019 · Endpoint/Device Protection Secure Access Application Security Fabric APIs Fabric Connectors Security Operations ... Routing OSPF, BGP, ISIS, RIP, PIM](https://reader036.vdocuments.site/reader036/viewer/2022071004/5fc180f224087a58724dc05c/html5/thumbnails/8.jpg)
8
VXLAN Bridge
192.168.99.0/24Common VLAN Servers
.4 .310.49.2.0/24
10.49.3.0/28
Auto-scale Linux ClusterProtected by WAF
Linux Windows
Private Cloud Linux Server
VMwarePrivate Cloud
Internet Path VoIP Path
WAN-OPTSD-WAN
US-WEST UK-WEST
Remote Useror
Contractor
Subnet 1
Subnet 2
NSG1NSG2 NSG3
US-WEST
![Page 9: Learn & Sail July 2019 · Endpoint/Device Protection Secure Access Application Security Fabric APIs Fabric Connectors Security Operations ... Routing OSPF, BGP, ISIS, RIP, PIM](https://reader036.vdocuments.site/reader036/viewer/2022071004/5fc180f224087a58724dc05c/html5/thumbnails/9.jpg)
SD-WAN & SD-Branch
![Page 10: Learn & Sail July 2019 · Endpoint/Device Protection Secure Access Application Security Fabric APIs Fabric Connectors Security Operations ... Routing OSPF, BGP, ISIS, RIP, PIM](https://reader036.vdocuments.site/reader036/viewer/2022071004/5fc180f224087a58724dc05c/html5/thumbnails/10.jpg)
10
Challenge: New WAN and Access edge paradigmEach user and device now represents an edge
Lack of Visibility Poor Performance
Secure multiple network edges
Complexity Too many point products
![Page 11: Learn & Sail July 2019 · Endpoint/Device Protection Secure Access Application Security Fabric APIs Fabric Connectors Security Operations ... Routing OSPF, BGP, ISIS, RIP, PIM](https://reader036.vdocuments.site/reader036/viewer/2022071004/5fc180f224087a58724dc05c/html5/thumbnails/11.jpg)
11
Inte
rne
t
MP
LS
LT
E
IoT
SD-BRANCH
Network Access
WAN Edge
FortiNAC
Multi-Cloud SaaS
Data-Center
NOC/SOC FortiManager Centralized FortiNAC
![Page 12: Learn & Sail July 2019 · Endpoint/Device Protection Secure Access Application Security Fabric APIs Fabric Connectors Security Operations ... Routing OSPF, BGP, ISIS, RIP, PIM](https://reader036.vdocuments.site/reader036/viewer/2022071004/5fc180f224087a58724dc05c/html5/thumbnails/12.jpg)
12
Simplified ManagementIntegrated Security
Lower TCO
Large Branch
Medium Branch Small Branch
Multi-Cloud SaaS
Data-Center
IoT
SD-BRANCHNetwork Access
WAN Edge
FortiNAC
IoT
Network Access
WAN Edge
SD-BRANCH
FortiNAC
SD-BRANCH
FortiNAC
LT
E
MP
LS
Inte
rne
t 1
NOC/SOC
FortiManager Centralized FortiNAC
WAN Edge
Network Access
IoT
Secure SD-Branch Deployment
![Page 13: Learn & Sail July 2019 · Endpoint/Device Protection Secure Access Application Security Fabric APIs Fabric Connectors Security Operations ... Routing OSPF, BGP, ISIS, RIP, PIM](https://reader036.vdocuments.site/reader036/viewer/2022071004/5fc180f224087a58724dc05c/html5/thumbnails/13.jpg)
13
Da
ta C
en
ter
• WAN Path Controller
• Application Awareness
• Zero Touch Deployment
• Device Consolidation
• Improved WAN Link Performance
• Dynamic Application Distribution
• Identity-Based Policy
• Traffic Shaping & Policing
• Next Generation Firewall (NGFW)
• Multi-Transport Support
• Centralized Management
• Single-Pane-of-Glass Monitoring
• Service Level Agreements (WAN Metrics)
Inte
rna
lS
erv
ers
VMs
Ex
tern
al
Se
rvic
es
1 G
bp
s
10 Mbps
10 Mbps
50
Mb
ps
50 Mbps
SD-WAN
Members
SD-WAN
Members
Reduce WAN OpEx with Direct Internet AccessBroadband
IPSec Tunnel
MPLS
LAN
Pri
va
te C
lou
dM
ult
i-C
lou
d
10 Mbps
100 Mbps
Branch Office
SD-WAN
Members
Internet
NGFW
NGFW
MPLS
SIEM & Analytics
Provisioning Server
Threat Intelligence
Monitoring & Management
NGFW
![Page 14: Learn & Sail July 2019 · Endpoint/Device Protection Secure Access Application Security Fabric APIs Fabric Connectors Security Operations ... Routing OSPF, BGP, ISIS, RIP, PIM](https://reader036.vdocuments.site/reader036/viewer/2022071004/5fc180f224087a58724dc05c/html5/thumbnails/14.jpg)
14
• WAN Path Controller
• Application Awareness
• Zero Touch Deployment
• Device Consolidation
• Improved WAN Link Performance
• Dynamic Application Distribution
• Next Generation Firewall
• Multi-Transport Support
• Centralized Management
• Single-Pane-of-Glass Monitoring
• Identity-Based Policy
• Service Level Agreements (WAN Metrics)
• Traffic Shaping & Policing
ISP1 (20 Mbps)
Branch Office
100 Mbps
ISP1 (Broadband)
ISP2 (LTE)
ISP2 (LTE)
SD-WAN
Members
Redundant Connectivity Enterprise BranchBroadband with LTE Direct Internet Access
Internet
NGFW
Da
ta C
en
ter
Inte
rna
lS
erv
ers
VMs
Ex
tern
al
Se
rvic
es
Pri
va
te C
lou
dM
ult
i-C
lou
d
SIEM & Analytics
Provisioning Server
Threat Intelligence
Monitoring & Management
Broadband
IPSec Tunnel
LAN
![Page 15: Learn & Sail July 2019 · Endpoint/Device Protection Secure Access Application Security Fabric APIs Fabric Connectors Security Operations ... Routing OSPF, BGP, ISIS, RIP, PIM](https://reader036.vdocuments.site/reader036/viewer/2022071004/5fc180f224087a58724dc05c/html5/thumbnails/15.jpg)
FortiCASB & Shadow IT
![Page 16: Learn & Sail July 2019 · Endpoint/Device Protection Secure Access Application Security Fabric APIs Fabric Connectors Security Operations ... Routing OSPF, BGP, ISIS, RIP, PIM](https://reader036.vdocuments.site/reader036/viewer/2022071004/5fc180f224087a58724dc05c/html5/thumbnails/16.jpg)
16
SaaS Types
SANCTIONED
Approved by IT IT Accountable
Managed Centrally
TOLERATED
Allowed by IT User Accountable
Managed by User
UNSANCTIONED
Blocked User Accountable
Managed by User
![Page 17: Learn & Sail July 2019 · Endpoint/Device Protection Secure Access Application Security Fabric APIs Fabric Connectors Security Operations ... Routing OSPF, BGP, ISIS, RIP, PIM](https://reader036.vdocuments.site/reader036/viewer/2022071004/5fc180f224087a58724dc05c/html5/thumbnails/17.jpg)
17
Fabric Use Case: Access to risky, unsanctioned application
FortiGate
Security OperationsOn-premise Users
FortiCASB
• An access attempt to a sanctioned application will be granted
• Security policy will be enforced by FortiCASB
An access attempt to an unsanctioned application will NOT be granted and
BLOCKED by FortiGate
Remote
UserFortiAnalyzer
![Page 18: Learn & Sail July 2019 · Endpoint/Device Protection Secure Access Application Security Fabric APIs Fabric Connectors Security Operations ... Routing OSPF, BGP, ISIS, RIP, PIM](https://reader036.vdocuments.site/reader036/viewer/2022071004/5fc180f224087a58724dc05c/html5/thumbnails/18.jpg)
18
![Page 19: Learn & Sail July 2019 · Endpoint/Device Protection Secure Access Application Security Fabric APIs Fabric Connectors Security Operations ... Routing OSPF, BGP, ISIS, RIP, PIM](https://reader036.vdocuments.site/reader036/viewer/2022071004/5fc180f224087a58724dc05c/html5/thumbnails/19.jpg)
Nouveautés FortiOS 6.2
![Page 20: Learn & Sail July 2019 · Endpoint/Device Protection Secure Access Application Security Fabric APIs Fabric Connectors Security Operations ... Routing OSPF, BGP, ISIS, RIP, PIM](https://reader036.vdocuments.site/reader036/viewer/2022071004/5fc180f224087a58724dc05c/html5/thumbnails/20.jpg)
20© Fortinet Inc. All Rights Reserved.
HighlightsFortiOS 6.2
EXPANDING FABRIC FAMILY
MULTI-CLOUDSD-WANFABRIC
CONNECTORSAUTOMATION &
DEV-OPS
ADVANCED THREATS
COMPLIANCESOC ADOPTIONIOT & OT UX / USABILITY
Spilt-task VDOM and
FTNT Product Integration
New SDN and Threat
Feed Connectors
VPN setup and rule
definition enhancements
Public Cloud extensions
and FortiMeter Support
Additional Triggers
and Actions
Flow-based security profile Improvements
Consolidated risk View on
Topology Map
MAC Address
Objects
Enhancements to policy
setup and visibility
FortiSandbox Cloud
Region Selection
![Page 21: Learn & Sail July 2019 · Endpoint/Device Protection Secure Access Application Security Fabric APIs Fabric Connectors Security Operations ... Routing OSPF, BGP, ISIS, RIP, PIM](https://reader036.vdocuments.site/reader036/viewer/2022071004/5fc180f224087a58724dc05c/html5/thumbnails/21.jpg)
21© Fortinet Inc. All Rights Reserved.
Fabric Connectors
Threat Feeds Connectors
Extends existing external list integration with new list types and usages
supports username/password authentication while retrieving from external DB
Remote category on DNS filter
profile
Remote category on
web filter profile
Address object on
firewall policy / Domain
Filter
Virus Outbreak Prevention
on AV profile
Authentication Option
![Page 22: Learn & Sail July 2019 · Endpoint/Device Protection Secure Access Application Security Fabric APIs Fabric Connectors Security Operations ... Routing OSPF, BGP, ISIS, RIP, PIM](https://reader036.vdocuments.site/reader036/viewer/2022071004/5fc180f224087a58724dc05c/html5/thumbnails/22.jpg)
22© Fortinet Inc. All Rights Reserved.
Fabric Connectors
Cloud and SDN Connectors
Increase number of connectors to public clouds and SDN components
Multiple fabric connectors of any type to can be defined
Cloud Connectors will be able to query filters automatically
Log Changes to Dynamic Address Objects
![Page 23: Learn & Sail July 2019 · Endpoint/Device Protection Secure Access Application Security Fabric APIs Fabric Connectors Security Operations ... Routing OSPF, BGP, ISIS, RIP, PIM](https://reader036.vdocuments.site/reader036/viewer/2022071004/5fc180f224087a58724dc05c/html5/thumbnails/23.jpg)
23
Multi-Cloud
Autoscaling and HA Betw. Zones
Active-Passive HA
Native and Para-Virtualized Modes
Azure Security CenterIntegration
Topology and CVE Integration
IAM credentialsSupport
Cross AZ HA Support
Autoscaling
![Page 24: Learn & Sail July 2019 · Endpoint/Device Protection Secure Access Application Security Fabric APIs Fabric Connectors Security Operations ... Routing OSPF, BGP, ISIS, RIP, PIM](https://reader036.vdocuments.site/reader036/viewer/2022071004/5fc180f224087a58724dc05c/html5/thumbnails/24.jpg)
24
Automation & Dev-Ops
NotificationAPI Call/
Web HookSystemStatus
IOC (Cloud)Detection
ConfigChange
CLI Script
>_
Host Quarantine
Azure Function
GCPFunction
FAZEvent Handler
Schedule
ACTIONSAUTOMATION ENGINETRIGGERS
AliCloudFunction
AWS Lambda
![Page 25: Learn & Sail July 2019 · Endpoint/Device Protection Secure Access Application Security Fabric APIs Fabric Connectors Security Operations ... Routing OSPF, BGP, ISIS, RIP, PIM](https://reader036.vdocuments.site/reader036/viewer/2022071004/5fc180f224087a58724dc05c/html5/thumbnails/25.jpg)