⬆️ ⬇️

MUK recommends: FortiGate comprehensive network security appliance

We are proud to sell such cool things Fortinet. image



FortiGate-3950B - the entire grid is protected



These "pieces of iron" protect the network from threats and attacks - ( www.muk.ua/company/vendors/fortinet ).

')

Then we will discuss only the case, the story of what this equipment can do.



Fortnet is a FortiMail e-mail protection platform, it also includes a system for monitoring FortiWeb web applications, a FortiDB database security device, a FortiScan vulnerability scanning system, a FortiManager centralized management module, a FortiAnalyzer centralized event monitoring system. , as well as the company's flagship product - a FortiGate integrated security device that allows you to integrate all protection components in one system and manage the security of the entire network from one center. Different models of the FortiGate line differ in bandwidth, firewall, IPSec VPN, intrusion prevention systems (IPS), antivirus, and other key features.



FortiGate devices contain almost the entire set of security tools, while performing the role of a router with support for both static and dynamic routing using RIP, OSPF, BGP, and policy-based routing. At the same time, FortiGate performs the function of a VPN concentrator for building virtual private networks using IPSec VPN, SSL VPN and PPTP protocols, allowing you to create secure communication channels built on public networks, such as the Internet, between local networks of individual offices. Data transmitted over these channels is protected using one of the DES encryption algorithms, 3DES and AES.



The multi-functional FortiGate firewall performs in-depth analysis of network traffic passing through it based on various criteria and is flexibly configured in accordance with security policies for different groups of users, while providing bandwidth of up to 480 Gbit / s in high-end models. Anti-Virus performs signature and heuristic analysis of network traffic in real time, scanning data transmitted via the HTTP and FTP protocols, mail SMTP, POP3, IMAP, as well as instant messaging protocols. Intrusion Prevention System (IPS) performs signature-based analysis of traffic based on the types of network resources and applications being protected, making it possible to identify and block abnormal network activity and attacks on the company's network. At the same time, the components work practically does not affect network performance, since FortiGate models use Fortinet's own technology, a specialized FortiASIC ​​chipset, to speed up data processing and encryption, allowing to transfer most of the traffic management and analysis tasks directly to hardware. The device has Antispam functionality and checks e-mail using SMTP, POP3 and IMAP protocols, testing various parameters of e-mail, and allows you to enter white and black lists of IP addresses, senders and recipients e-mail addresses.



FortiGate devices allow you to authenticate users through the LDAP, RADIUS and TACAC + protocols, and can also be integrated with the Microsoft Active directory and Novell eDirectory directories. Network access control (NAC) allows you to set network access rules for end-user devices, allowing or denying it depending on the applications and updates installed on them. The Traffic shaping component allows you to allocate bandwidth for transmitting data to a specific user or group of users, IP address or service.



image



FortiToken-200 - one-time password generator



For effective and safe work on the Internet, the FortiGate device is equipped with a web content filtering system, which allows you to customize the use policies of the company's employees for Internet resources. FortiGate filters web traffic by web page content and URL, uses the FortiGuard global website classification database, which includes information on more than 47 million resources, and also monitors ActiveX, Cookies and Java Applet.



Recently, one of the trends in information security is the focus not only on external, but also on internal threats, in particular, on the problem of leakage of confidential information. FortiGate models provide functionality that solves this problem — the Information Leakage Prevention System (DLP) helps prevent the spread of sensitive data. This system scans traffic using HTTP, FTP and NNTP protocols, as well as email and instant messaging programs.



An important advantage of FortiGate is the lack of any licensing of the device by the number of users, which greatly simplifies working with it, and also reduces costs. All models of the line are running the FortiOS operating system optimized for security tasks. Management and monitoring of FortiGate status can be done via a web interface, CLI, console or centralized management system - FortiManager. There are role-based management of several administrators, access rights, the use of Virtual Domain (VDOM) for managing virtual devices. The device supports syslog and SNMP protocols, and can also inform administrators about events via e-mail. In addition, it is possible to centrally collect event data from all FortiGate devices on the network using the FortiAnalyzer monitoring system.



If you have questions about Fortinet, write in the comments.






MUK-Service - all types of IT repair: warranty, non-warranty repair, sale of spare parts, contract service

Source: https://habr.com/ru/post/133771/



All Articles