Dell | PowerEdge E07S Series | FortiWeb Datasheet

FortiWeb Datasheet
DATASHEET
FortiWeb™
Web Application Firewall
Web Application Firewall
Secures web applications to help customers meet compliance requirements
Web Vulnerability Scanner
Scans, analyzes and detects web application vulnerabilities
Application Delivery
Assures availability and accelerates performance of critical web applications
Unmatched Protection
for Web Applications
99 ICSA WAF certified
Need for PCI DSS Compliance
Network security threats have evolved to target web-based applications that are the interface to
confidential information stored on back-end databases. In response to major security breaches,
the credit card industry created the PCI standards. However, ensuring any web-application is free of
vulnerabilities is complicated by the ongoing discovery of new vulnerabilities, patching challenges, code
revisions, time-to-market pressures, the inherent difficulty of vulnerability identification, and even access
to the application code.
99 WAF and integrated scanner
aid in PCI 6.6 compliance
99 Network and Application layer
DoS protection
99 User behavior analysis
Unmatched Protection for Web Applications
The FortiWeb family of web application firewalls provides specialized, layered application threat protection
for medium and large enterprises, application service providers, and SaaS providers. FortiWeb web
application protects your web-based applications and internet-facing data from attack and data loss.
Using advanced techniques to provide bidirectional protection against sophisticated threats like SQL
injection and cross-site scripting, FortiWeb platforms help you prevent identity theft, financial fraud and
corporate espionage. FortiWeb delivers the technology you need to monitor and enforce government
regulations, industry best practices, and internal policies.
Accelerate Deployment and Lower Costs
FortiWeb significantly reduces deployment costs by consolidating Web Application Firewall, web traffic
acceleration, and application traffic balancing into a single device with no per-user pricing. It drastically
reduces the time required to protect your regulated internet-facing data and eases the challenges
associated with policy enforcement and regulatory compliance. Its intelligent, application-aware loadbalancing and data compression and optimization engine increases application performance, improves
resource utilization and application stability while reducing server response times.
99 Geo IP analytics and security
99 Antivirus file scanning
99 Protection against the OWASP
Top 10
99 Periodic updates from
FortiGuard® Labs
Geo IP Analytics and Security
FortiWeb’s real time data analysis provides an analytic interface that helps organizations analyze their
web application usage from multiple vectors, maps requests to their geographic location and allows
blocking access from specific countries.
FortiWeb Deployment Options
• Inline Transparent – Layer two bridge that does not require network
level redesign.
• True Transparent Proxy – Layer two deployment with no need for
network level redesign. The traffic is internally terminated to provide
more functionality than pure inspection.
Transparent Inspection or
True Transparent Proxy
• Reverse Proxy – Provides additional capabilities such as URL rewrite
and advanced routing capabilities.
• Offline Sniffing – Monitors environments with zero network footprint
and latency.
Offilne Mode or
Reverse Proxy
Flexible Deployment and Efficient Management
• Multiple deployment options
Transparent Inspection and True Transparent Proxy, Reverse
Proxy and Offline Allow you to fit FortiWeb into any environment.
• Policy wizard and pre-defined policies
Allows for one click deployments and greatly eases the
process of policies creation.
• Auto-Learn Security Profiling
Automatically and dynamically build a security model of
protected applications by continuously monitoring real
time user activity. Eliminate the need for manual configuration of security profiles.
• High Availability
The high availability mode provides configuration synchronization and allows for a network-level fail- over
in the event of unexpected outage events. Integrated
bypass interfaces provide additional fail open capability for
single box deployments.
• Authentication Offload
Offload your web server authentication to the FortiWeb platform while supporting different authentication
schemes such as Local, LDAP, NTLM and Radius.
• Virtualization
Provides a Virtual Appliance for VMware ESX and ESXi
3.5/4.0/4.1 platforms mitigating blind spots in virtual
environments.
Ultimate Protection and Monitoring
• Application Layer Vulnerability Protection
Provide out of the box protection for the most complex
attacks such as SQL Injection, Cross Site Scripting,
CSRF and many others. Together with the Auto Learn
profiling system and advanced abilities, FortiWeb is able
to create rules down to the single application element.
• Data Leak Prevention
Extended monitoring and protection for credit card
leakage and application information disclosure by tightly
monitoring all outbound traffic. Allow customers to
create their own granular signatures and DLP patterns
together with predefined rules for any type of events.
• Application Support
Streamlined monitoring and protection for well-known
applications and protocols such as Microsoft Exchange,
SharePoint, ActiveSync and RPC over HTTP.
• Anti Web Defacement
Unique capabilities for monitoring protected applications for
any defacement and ability to automatically and quickly revert
to stored version.
• Vulnerability Assessments
Automatically scans and analyzes the protected web
applications and detects security weaknesses, potential
application known and unknown vulnerabilities to complete a comprehensive solution for PCI DSS.
• HTTP RFC Compliance Validation
FortiWeb blocks any attacks manipulating the HTTP
protocol by maintaining strict RFC standards to prevent
attacks such as encoding attacks, buffer overflows and
other application specific attacks.
• Antivirus
Scan file uploads using Fortinet’s Antivirus engine with
regular FortiGuard updates.
Application Delivery
• Application Aware Load Balancing
Intelligent, application aware layer 7 load balancing
eliminates performance bottlenecks, reduces deployment complexity and provides seamless application
integration.
• SSL Offload
With the integration of award winning FortiASIC™ technology, FortiWeb is able to process tens of thousands
of web transactions by providing hardware accelerated
SSL offloading.
• Data Compression
Allows efficient bandwidth utilization and response time
to users by compressing data retrieved from servers.
Aids in Compliance
• PCI DSS compliance
FortiWeb is the only product that provides a Vulnerability Scanner module within the web application firewall
that completes a comprehensive solution for PCI DSS
requirement 6.6.
• Protects against OWASP top 10
Incorporating a positive and a negative security module
based on bidirectional traffic analysis and an embedded
behavioral based anomaly detection engine FortiWeb fully
protects against the OWASP TOP 10.
• FortiGuard Labs
Utilizing Fortinet’s renowned FortiGuard service FortiWeb
customers get up to date dynamic protection from the Fortinet Global Security Research Team, which researches and
develops protection against known and potential application
security threats.
FortiWeb Auto-Learn Profiling
The Auto-Learn profiling capability is completely
transparent and does not require any changes to
the application or network architecture. FortiWeb
does not scan the application in order to build
the profile, but rather analyzes the traffic as it
monitors it flowing to the application. By creating
a comprehensive security model of the application
FortiWeb can now protect against any known or
unknown vulnerabilities, zero day attacks.
Analyze user geographic location and web site access based on Hit, Data and Attack vectors.
FortiWeb Protects Against a Wide Range of Attacks
Cross Site Scripting
SQL Injection
Session Hijacking
Cookie Tampering /
Poisoning
Cross Site Request Forgery
Command injection
Remote File Inclusion
Forms Tampering
Hidden Field Manipulation
Outbound Data Leakage
HTTP Request Smuggling
Remote File Inclusion
Encoding Attacks
Broken Access Control
Forceful Browsing
Directory Traversal
Site Reconnaissance
Search Engine Hacking
Brute Force Login
Access Rate Control
Schema Poisoning
XML Parameter Tampering
XML Intrusion Prevention
WSDL Scanning
Recursive Payload
External Entity Attack
Buffer Overflows
Denial of Service.
Technical Specifications
FortiWeb-400C
FortiWeb-1000C
FortiWeb-3000C
FortiWeb-4000C
10/100/1000 Interfaces
4
1000Base-SX Bypass Interfaces
0
4 (2 bypass)
6 (2 bypass)
6 (2 bypass)
0
2 (FWB-3000C-FSX)
USB Interfaces
2
0
2
4
4
1 TB
1 TB
2 TB (standard)
6 x 1 TB slots
2 TB (standard)
6 x 1 TB slots
Hardware Specifications
Storage
Form Factor
1U
1U
2U
2U
Power Supply
Standard
Standard
2U Hot Swap Redundant
2U Hot Swap Redundant
100 Mbps
500 Mbps
1 Gbps
2 Gbps
10,000
27,000
40,000
70,000
System Performance
Throughput
Max HTTP transactions per second
Latency
High Availability
Sub-ms
Sub-ms
Sub-ms
Sub-ms
Active/Passive
Active/Passive
Active/Passive
Active/Passive
Unlimited
Unlimited
Unlimited
Unlimited
Application Licenses
All performance values are “up to” and vary depending on the system configuration.
Dimensions
Height
1.7 in (4.4 cm)
1.69 in (4.3 cm)
3.5 in (8.9 cm)
3.5 in (8.9 cm)
Width
17.1 in (43.5 cm)
17.09 in (43.4 cm)
17.5 in (44.5 cm)
17.5 in (44.5 cm)
Length
14.3 in (36.4 cm)
24.7 in (62.71 cm)
29 in (73.7 cm)
29 in (73.7 cm)
Weight
14.15 lb (6.42 kg)
24.2 lb (11 kg)
63 lb (28.6 kg)
63 lb (28.6 kg)
Yes
Yes
Yes
Yes
100-240 VAC, 50-60 Hz, 4.0
Amp max
100-240 VAC, 50-60 Hz, 7
Amp max
100-240 VAC, 50-60 Hz, 9
Amp max
100-240 VAC, 50-60 Hz, 9
Amp max
Rack Mountable
Environment
Power Required
Power Consumption (AVG)
181W
189W
200W
200W
Operating Temperature
32 – 104 deg F
(0 – 40 deg C)
32 – 104 deg F
(0 – 40 deg C)
32 – 104 deg F
(0 – 40 deg C)
32 – 104 deg F
(0 – 40 deg C)
Storage Temperature
-13 – 158 deg F
(-25 – 70 deg C)
-40 – 149 deg F
(-40 – 65 deg C)
-40 – 149 deg F
(-40 – 65 deg C)
40 – 149 deg F
(-40 – 65 deg C)
10 to 90% non-condensing
5 to 95% non-condensing
5 to 95% non-condensing
5 to 95% non-condensing
Humidity
Compliance
FCC Part 15 Class A, C-Tick,
VCCI, CE, UL/cUL, CB
FCC Class A Part 15, UL/CB/CUL, C Tick, VCCI, CE
FortiWeb-VM (2 vCPU)
FortiWeb-VM (4 vCPU)
FortiWeb-VM (8 vCPU)
Hardware Specifications
Hypervisors Supported
VMware ESXi/ESX 3.5/4.0/4.1
Max vCPUs Supported
2
4
Max vNICs
8
4
Virtual Machine Storage Required (Minimum)
40 GB
Virtual Machine Memory Required (Minimum)
1024 MB
System Performance
HTTP Throughput
Max HTTP transactions per second
100 Mbps
500 Mbps
1 Gbps
8,000
24,000
36,000
Application Licenses
Unlimited
Actual performance values may vary depending on the network traffic and system configuration. Performance metrics were observed using a Dell PowerEdge R710 server (2 x Intel Xeon E5504 2.0 GHz 4MB Cache) running VMware
ESXi 4.1 with 3GB of vRAM assigned to the 4 vCPU and 8 vCPU FortiWeb Virtual Appliance and 1GB of vRAM assigned to the 2 vCPU FortiWeb Virtual Appliance.
Ordering Information
Product
SKU
Description
FortiWeb-400C
FWB-400C-BDL
FortiWeb-400C Hardware plus 1 year 8x5 Forticare and FortiGuard Bundle*
FortiWeb-1000C
FWB-1000C-E07S-BDL
FortiWeb-1000C Hardware plus 1 year 8x5 Forticare and FortiGuard Bundle*
FortiWeb-3000C
FWB-3000C-E02S-BDL
FortiWeb-3000C Hardware plus 1 year 8x5 Forticare and FortiGuard Bundle*
FortiWeb-4000C
FWB-4000C-BDL
FortiWeb-4000C Hardware plus 1 year 8x5 Forticare and FortiGuard Bundle*
FortiWeb-VM02
FWB-VM02
FortiWeb-VM, up to two vCPUs supported. 64-bit OS.
FortiWeb-VM04
FWB-VM04
FortiWeb-VM, up to four vCPUs supported. 64-bit OS.
FortiWeb-VM08
FWB-VM08
FortiWeb-VM, up to eight vCPUs supported. 64-bit OS
* The FortiGuard bundle includes the FortiWeb Security service and the FortiWeb Antivirus service.
GLOBAL HEADQUARTERS
EMEA SALES OFFICE – FRANCE
APAC SALES OFFICE – SINGAPORE
Fortinet Incorporated
1090 Kifer Road, Sunnyvale, CA 94086 USA
Tel +1.408.235.7700
Fax +1.408.235.7737
www.fortinet.com/sales
Fortinet Incorporated
120 rue Albert Caquot
06560, Sophia Antipolis, France
Tel +33.4.8987.0510
Fax +33.4.8987.0501
Fortinet Incorporated
300 Beach Road 20-01, The Concourse
Singapore 199555
Tel: +65-6513-3734
Fax: +65-6295-0015
Copyright© 2012 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, and FortiGuard®, are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be trademarks of Fortinet. All other product or company names may be trademarks
of their respective owners. Performance metrics contained herein were attained in internal lab tests under ideal conditions, and performance may vary. Network variables, different network environments and other conditions may affect performance results. Nothing
herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants
that the identified product will perform according to the performance metrics herein. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any guarantees. Fortinet
reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.
FST-PROD-DS-FWEB
FWEB-DAT-R12-201206
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising