Fortinet Firewall technology provides multi-layer traffic inspections with a comprehensive management solution with high security capabilities. It combines engines for application control, antivirus, IPS, web filtering, anti spam and VPN, along with advanced features such as a threat database with automatic updates, vulnerability management and a stream-based inspection for identify and mitigate the latest and most complex threats.
ENDPOINT ACCESS CONTROL
This module can enforce the use of security policies on users connected to your corporate network. Verifies installation, firewall operations, and antivirus signature updates before allowing new clients network access. It gives you the option to quarantine servers with applications that do not comply with security regulations.
ANTIVIRUS / ANTISPYWARE
Content inspection technology protects against viruses, spyware, worms and other types of malware that can infect users’ devices and network infrastructure. By intercepting and inspecting traffic and content at Layer 7, it ensures that malicious and hidden application-level threats are identified and removed from the data stream before they can cause harm.
IPS INTRUSION PREVENTION
IPS technology protects against current and emerging threats. In addition to reliable threat detection, IPS alerts users to traffic profiles that match attack behavior. Fortinet’s threat research team analyzes suspicious behavior, classifies emerging threats and generates new signatures to include in FortiGuard updates.
It is intended to accelerate applications across geographically dispersed networks while ensuring multi-threat inspection of all core network traffic. Wan optimization eliminates unnecessary and malicious traffic, optimizes legitimate traffic, and reduces the amount of bandwidth needed to transmit data between applications and servers. Better performance, bandwidth reduction and optimization of resource usage and infrastructure requirements, for greater control and savings in associated costs.
VPN CONNECTION MANAGEMENT
Fortinet VPN technology provides secure communications between multiple networks and servers using SSL and IPsec VPN technologies. FortiGate VPN services are the perfect complement to complete content inspection and protection and intrusion prevention in private areas of the network. The VPN connection management module allows defining QoS policies with which to prioritize critical traffic profiles in communications that move through VPN tunnels.
SSL ENCRYPTED TRAFFIC INSPECTION
SSL-encrypted traffic inspection protects from hidden threats to end customers as well as web servers and applications. SSL inspection intercepts encrypted traffic and inspects threats before forwarding them to their final destination. It can be applied to customer-oriented SSL traffic, as well as, for example, users who would like to connect to a Cloud-based CRM site, or to all inbound traffic from servers and web applications.
DATA LOSS PREVENTION (DLP)
DLP uses a sophisticated standards engine to identify and prevent the transfer of sensitive information outside your network perimeter, even when applications encrypt your communications. In addition to protecting organizations’ critical data, DLP provides record tracking to help ensure policy compliance. The user can select a wide range of configurable actions to record, block and archive data, and quarantine or ban users.
It protects servers, networks and sensitive information from web-based threats, preventing users from accessing sites with phishing risks and sources of malware. Furthermore, administrators can enforce category-based policies that simply prevent users from accessing inappropriate content, preventing them from saturating networks with unwanted traffic.
They increase performance and reliability by creating For¬tiGate Multi-Node clusters, supporting Active-Active and Active-Passive modes for maximum flexibility. High availability is included in the FortiOS operating system.
REGISTRATION CONTROL, REPORTING AND MONITORING
They offer extensive logging possibilities for traffic, systems and network protection features. In addition, it collects details and graphical reports of detailed registration information. Relays provide current and historical analysis of network activity to help identify aspects of monitoring and prevent misuse or abuse that occur on the network.
It makes it possible to reinforce and optimize the management of security policies for thousands of applications running on the network, regardless of the port or protocol used for communication, as well as optimizing the use of bandwidth in each network. The rise of Internet-based applications, which today bombard networks, makes control essential, as most application traffic looks like normal traffic to traditional firewalls.