FortiGate 3140B Datasheet

FortiGate 3140B Datasheet
DATASHEET
FortiGate 3240C
®
10 GE Consolidated Security Appliances
FortiGate 3240C consolidated security appliances offer exceptional levels of
performance, deployment flexibility, and security for large enterprise networks.
Built from the ground up by Fortinet, these appliances deliver superior performance
through a combination of custom hardware, including FortiASIC™ processors,
high port density, and consolidated security features from the FortiOS™ operating
system. Whether protecting virtualized infrastructure, cloud-providing infrastructure,
or traditional IT infrastructure, 10-Gigabit Ethernet (10 GE) ports and up to 40 Gbps
of firewall throughput make these appliances ideal for securing high-bandwidth
networks.
High-Performance Hardware
The FortiGate 3240C appliance provides up to 40 Gbps of firewall performance
through the use of innovative FortiASIC processors and the latest generation of
general purpose CPUs. Impressive consolidated security performance and support
for a variety of configurations ensure that essential security functions keep up with
the rest of your network.
High 10 GE Port Density
You can protect your data center and other high-bandwidth applications with the
10 GE interfaces that ship standard on the FortiGate 3240C appliances. Each
platform includes system ports supporting SFP+, SFP, and RJ-45 connections,
providing maximum flexibility.
FortiGate 3240C Benefits
• Outstanding value as 10 GE
network security appliances
with best-in-class firewall
price-performance
• Highest 10 GE port density in
their class
• Complete Content Protection
provides application control
coupled with identity-based
policy enforcement
• IPv6 certified platform
• Strong authentication options
for policy compliance
Consolidated Security
Using the advanced FortiOS operating system, FortiGate 3240C appliances
effectively neutralize a wide range of network security threats. Whether deployed
as high-performance firewalls or as comprehensive multi-threat security solutions,
these dedicated appliances protect assets with some of the most effective security
available today.
FortiGate Certifications
10 GE
10-GbE
Data Center
1 GE
1-GbE
FG-3240C
Ideal for protecting data centers
and enabling cloud services
Local Area
Network
The FortiASIC Advantage
FortiGate 3240C appliances include our latest FortiASIC Network Processors (NP)
and Content Processors (CP). These purpose-built, high-performance processors
use proprietary digital engines to accelerate resource-intensive security services.
FortiASIC™- NP4
The FortiASIC NP4 works inline with firewall and VPN functions delivering:
0849
A905ES
•
•
•
•
Wire-speed firewall performance for any size packets
VPN acceleration
Anomaly-based intrusion prevention, checksum offload and packet
defragmentation
Traffic shaping and priority queuing
The FortiASIC CP8 works outside of the direct flow of traffic, providing high-speed
cryptography and content inspection services including:
•
•
FortiASIC-CP8
Encryption and decryption offloading
Signature-based content inspection acceleration
TS4KJ-000
0846 CO
FortiGate 3240C Appliance (Front)
FortiGate 3240C Appliance (Back)
FortiGuard® Security Subscription Services deliver dynamic, automated updates for Fortinet products. The Fortinet Global Security
Research Team creates these updates to ensure up-to-date protection against sophisticated threats. Subscriptions include antivirus,
intrusion prevention, web filtering, antispam, vulnerability management, application control, and database security services. For more
information about FortiGuard Services, please visit www.fortiguard.com.
FortiCare™ Support Services provide global support for all Fortinet products and services. FortiCare support enables your Fortinet
products to perform optimally. Support plans start with 8x5 Enhanced Support with return and replace hardware support or 24x7
Comprehensive Support with advanced hardware replacement. Options include Premium Support, Premium RMA, and Professional
Services. All hardware products include a 1-year limited hardware warranty and a 90-day limited software warranty. Additionally,
Fortinet Professional Services can be engaged to expedite critical projects and initial deployments.
FortiGuard Subscription Services
Products
Antivirus
FortiGate 3240C
Supported
Intrusion
Prevention
Supported
Web Filtering
Antispam
Supported
Supported
Application
Control
Supported
Vulnerability
Management
Supported
Firewall
Intrusion Prevention
Fortinet firewall technology delivers complete content and network
protection by combining stateful inspection with a comprehensive
suite of powerful security features. Application control, antivirus,
IPS, Web filtering and VPN, along with advanced features such as
an extreme threat database, vulnerability management, flow-based
inspection and active profiling work in concert to identify and
mitigate the latest complex security threats. The security-hardened
FortiOS operating system works together with purpose-built
FortiASIC processors to accelerate inspection throughput and
identification of malware.
IPS technology protects against current and emerging networklevel threats. In addition to signature-based threat detection,
IPS performs anomaly-based detection which alerts users to
any traffic that matches attack behavior profiles. The Fortinet
threat research team analyzes suspicious behavior, identifies
and classifies emerging threats, and generate new signatures
to include with FortiGuard Service updates.
Features
Features
NAT, PAT and Transparent (Bridge)
Policy-Based NAT
SIP/H.323/SCCP NAT Traversal
VLAN Tagging (802.1Q)
Vulnerability Management
IPv6 Support
Automatic Database Updates
Protocol Anomaly Support
IPS and DoS Prevention Sensor
Custom Signature Support
IPv6 Support
Throughput
1518 Byte Packets
512 Byte Packets
64 Byte Packets
Throughput
40 Gbps
40 Gbps
40 Gbps
IPS
8 Gbps
Antivirus / Antispyware
VPN
Antivirus content inspection technology protects against viruses,
spyware, worms, and other forms of malware which can infect
network infrastructure and endpoint devices. By intercepting
and inspecting application-based traffic and content, antivirus
protection ensures that malicious threats hidden within legitimate
application content are identified and removed from data streams
before they can cause damage. FortiGuard subscription services
ensure that FortiGate devices are updated with the latest malware
signatures for high levels of detection and mitigation.
Fortinet VPN technology provides secure communications
between multiple networks and hosts, using SSL and IPsec
VPN technologies. Both services leverage our custom FortiASIC
processors to provide acceleration in the encryption and
decryption steps. The FortiGate VPN service enforces complete
content inspection and multi-threat protections including antivirus,
intrusion prevention and Web filtering. Traffic optimization provides
prioritization for critical communications traversing VPN tunnels.
Features
Features
Automatic Database Updates
Proxy-based Antivirus
Flow-based Antivirus
File Quarantine
IPv6 Support
IPSec and SSL VPN
DES, 3DES, AES and SHA-1/MD5 Authentication
PPTP, L2TP, VPN Client Pass Through
SSL Single Sign-On Bookmarks
Two-Factor Authentication
Throughput
Antivirus (Proxy-based)
Antivirus (Flow-based)
Performance
2.6 Gbps
9 Gbps
IPsec VPN Throughput
SSL VPN Throughput
Maximum SSL-VPN Users
Recommended
17 Gbps
3.4 Gbps
30,000
WAN Optimization
SSL-Encrypted Traffic Inspection
Wide Area Network (WAN) optimization accelerates applications
over geographically dispersed networks, while ensuring multi-threat
inspection of all network traffic. WAN optimization eliminates
unnecessary and malicious traffic, optimizes legitimate traffic,
and reduces the amount of bandwidth required to transmit data
between applications and servers. Improved application
performance and delivery of network services reduces bandwidth
and infrastructure requirements, along with associated
expenditures.
SSL-encrypted traffic inspection protects endpoint clients and
Web and application servers from hidden threats. SSL Inspection
intercepts encrypted traffic and inspects it for threats prior to
routing it to its final destination. It can be applied to client-oriented
SSL traffic, such as users connecting to cloud-based CRM site,
and to inbound Web and application server traffic. SSL inspection
enables you to enforce appropriate use policies on encrypted Web
content and to protect servers from threats which may be hidden
inside encrypted traffic flows.
Features
Features
Gateway-to-Gateway Optimization
Bidirectional Gateway-to-client Optimization
Web Caching
Secure Tunnel
Transparent Mode
Protocol support:
HTTPS, SMTPS, POP3S, IMAPS
Inspection support:
Antivirus, Web Filtering, Antispam, Data Loss Prevention, SSL Offload
Endpoint NAC
Data Loss Prevention
Endpoint NAC can enforce the use of FortiClient Endpoint Security
for users connecting to corporate networks. Endpoint NAC verifies
FortiClient Endpoint Security installation, firewall operation and
up-to-date antivirus signatures before allowing network access.
Non-compliant endpoints, such as endpoints running applications
that violate security policies can be quarantined or sent to
remediation.
DLP uses a sophisticated pattern-matching engine to identify
and prevent the transfer of sensitive information outside of
your network perimeter, even when applications encrypt their
communications. In addition to protecting your organization’s
critical data, Fortinet DLP provides audit trails to aid in policy
compliance. You can select from a wide range of configurable
actions to log, block, and archive data, and quarantine or ban users.
Features
Features
Monitor & Control Hosts Running FortiClient
Vulnerability Scanning of Network Nodes
Quarantine Portal
Application Detection and Control
Built-in Application Database
Identification and Control Over Data in Motion
Built-in Pattern Database
RegEx Based Matching Engine
Common File Format Inspection
International Character Sets Supported
Flow-based DLP
Web Filtering
Logging, Reporting & Monitoring
Web filtering protects endpoints, networks and sensitive
information against Web-based threats by preventing users from
accessing known phishing sites and sources of malware. In
addition, administrators can enforce policies based on Website
categories to easily prevent users from accessing inappropriate
content and clogging networks with unwanted traffic.
FortiGate consolidated security appliances provide extensive
logging capabilities for traffic, system, and network protection
functions. They also allow you to assemble drill-down and
graphical reports from detailed log information. Reports can
provide historical and current analysis of network activity to aid
with identification of security issues and to prevent network
misuse and abuse.
Features
Features
HTTP/HTTPS Filtering
URL / Keyword / Phrase Block
Blocks Java Applet, Cookies or Active X
MIME Content Header Filtering
Flow-based Web Filtering
IPv6 Support
Internal Log storage and Report Generation
Graphical Real-Time and Historical Monitoring
Graphical Report Scheduling Support
Graphical Drill-down Charts
Optional FortiAnalyzer Logging (including per VDOM)
Optional FortiGuard Analysis and Management Service
High Availability
Application Control
High Availability (HA) configurations enhance reliability and
increase performance by clustering multiple FortiGate appliances
into a single entity. FortiGate High Availability supports ActiveActive and Active-Passive options to provide maximum flexibility
for utilizing each member within the HA cluster. The HA feature is
included as part of the FortiOS operation system and is available
with most FortiGate appliances.
Application control enables you to define and enforce policies for
thousands of applications running across networks regardless
of port or the protocol used for communication. The explosion
of new Internet-based and Web 2.0 applications bombarding
networks today make application control essential, as most
application traffic looks like normal Web traffic to traditional
firewalls. Fortinet application control provides granular control of
applications along with traffic shaping capabilities and flow-based
inspection options.
Features
Features
Active-Active and Active-Passive
Stateful Failover (FW and VPN)
Link State Monitor and Failover
Device Failure Detection and Notification
Server Load Balancing
Identify and Control Over 1,800 Applications
Traffic Shaping (Per Application)
Control Popular Apps Regardless of Port or Protocol
Popular Applications include:
AOL-IM Yahoo
MSN
KaZaa
ICQ
Gnutella BitTorrent MySpace
WinNY
Skype eDonkey Facebook
and more
Virtual Domains
Setup / Configuration Options
Virtual Domains (VDOMs) enable a single FortiGate system to
function as multiple independent virtual FortiGate systems. Each
VDOM contains its own virtual interfaces, security profiles, routing
table, administration, and many other features. FortiGate VDOMs
reduce the complexity of securing disparate networks by
virtualizing security resources on the FortiGate platform, greatly
reducing the power and footprint required as compared to
multiple point products. Ideal for large enterprise and managed
service providers.
Fortinet provides administrators with a variety of methods and
wizards for configuring FortiGate appliances during deployment.
From the easy-to-use Web-based interface to the advanced
capabilities of the command-line interface, FortiGate systems
offer the flexibility and simplicity you need.
Features
Features
Separate Firewall / Routing Domains
Separate Administrative Domains
Separate VLAN Interfaces
Maximum VDOMs: 500
Default VDOMs: 10
Web-based User Interface
Command Line Interface Over Serial Connection
Pre-configured Settings from USB Drive
Wireless Controller
All FortiGate and FortiWiFi™ consolidated security platforms
have an integrated wireless controller, enabling centralized
management of FortiAP™ secure access points and wireless
LANs. Unauthorized wireless traffic is blocked, while allowed
traffic is subject to identity-aware firewall policies and multi-threat
security inspection. From a single console you can control
network access, update security policies, and enable automatic
identification and suppression of rogue access points.
Features
Unified WiFi and Access Point Management
Automatic Provisioning of APs
On-wire Detection and Blocking of Rogue APs
Supports Virtual APs with Different SSIDs
Supports Multiple Authentication Methods
Technical Specifications
FortiGate 3240C
FortiGate-3240C consolidated
security appliances also include:
Interfaces and Modules
Total Network Interfaces
30
Hardware Accelerated 10 GE SFP+ Interfaces
12
Hardware Accelerated 1 GE SFP Interfaces
16
Non-Accelerated 10/100/1000 Interfaces
2
Transceivers Included
• Multiple deployment modes (Transparent/
Routing) for ease of installation
2x SFP+ (SR 10 GE)
Local Solid State Disk Storage Included
• Integrated Switch Fabric for very low latency
64 GB SSD
USB Interfaces (Client / Server)
• Advanced Layer-2/3 routing for data center
traffic optimization
1/1
RJ45 Serial Console
1
System Performance
Firewall Throughput (1518 / 512 / 64 byte UDP packets)
• High Availability (Active/Active, Active/
Passive, Clustering) for maximum uptime
40 / 40 / 40 Gbps
Firewall Latency (64 byte UDP packets)
4 μs
Firewall Throughput (Packets Per Second)
60 Mpps
Concurrent Sessions (TCP)
10 Million
New Sessions/Sec (TCP)
200,000
Firewall Policies
100,000
IPsec VPN Throughput (512 byte packets)
17 Gbps
Gateway-to-Gateway IPsec VPN Tunnels
10,000
Client-to-Gateway IPsec VPN Tunnels
64,000
SSL-VPN Throughput
3.4 Gbps
Concurrent SSL-VPN Users (Recommended Maximum)
• Virtual Domains (VDOMs) for multi-tenant
environments
• Traffic Shaping and Prioritization ensure
performance of critical traffic
• WAN Optimization and Web Caching for
improved performance and lower costs
• Local event logging and reporting for
compliance and auditing
30,000
IPS Throughput
8 Gbps
Antivirus Throughput (Proxy Based / Flow Based)
2.6 / 9 Gbps
CAPWAP Clear-text Throughput (HTTP)
MANAGEMENT OPTIONS
5.60 Gbps
Virtual Domains (Default / Max)
10 / 500
Maximum Number of FortiAPs (Total / Tunnel Mode)
• Local Web-Based Management Interface
4,096 / 1,024
Maximum Number of FortiTokens
5,000
Maximum Number of Registered FortiClients
8,000
High Availability Configurations
• Command Line Management Interface (CLI)
• Centralized management and analysis by
FortiManager and FortiAnalyzer
Active/Active, Active/Passive, Clustering
Unlimited User Licenses
Yes
Dimensions and Power
Height x Width x Length
3.5 x 17.4 x 21.9 in (8.8 x 44.2 x 55.5 cm)
Weight
40 lb (18.2 kg)
Rack Mountable
Ears + Rails (Optional)
AC Power Supply
100–240V AC, 50–60 Hz, 3.50–1.75 A (Max)
Power Consumption (Average / Maximum)
315 W / 378 W
Heat Dissipation
1290 BTU/h
DC Power Supply (FG-3240C-DC)
-48V VDC
Redundant Power Supplies (Hot Swappable)
Yes
Operating Environment and Certifications
Operating Temperature
32–104°F (0–40°C)
Storage Temperature
-31–158°F (-35–70°C)
Humidity
20–90% non-condensing
Operating Altitude
Up to 7,400 ft (2,250 m)
Compliance
FCC Part 15 Class A, C-Tick, VCCI, CE, UL/cUL, CB
Certifications
ICSA Labs: Firewall, IPsec, IPS, Antivirus, SSL-VPN
Note: A ll performance values are “up to” and vary depending on system
configuration. Antivirus performance is measured using 44 Kbyte HTTP files.
IPS performance is measured using 1 Mbyte HTTP files.
Ordering Info
Product
SKU
Description
FortiGate 3240C
FG-3240C
12x 10 GE SFP+ slots, 16x SFP slots, 2x GE RJ45 ports, 64 GB SSD onboard storage, and dual AC power supplies
FortiGate 3240C-DC
FG-3240C-DC
12x 10 GE SFP+ slots, 16x SFP slots, 2x GE RJ45 ports, 64 GB SSD onboard storage, and dual DC power supplies
10 GE SFP+ transceiver module, short range
FG-TRAN-SFP+SR
10 GE SFP+ transceiver module, short range for all systems with SFP+ and SFP/SFP+ slots
10 GE SFP+ transceiver module, long range
FG-TRAN-SFP+LR
10 GE SFP+ transceiver module, long range for all systems with SFP+ and SFP/SFP+ slots
Power supply
SP-FG3600C-PS
AC power supply for FG-3600C and FG-3240C
Optional Accessories
GLOBAL HEADQUARTERS
EMEA SALES OFFICE – FRANCE
APAC SALES OFFICE – SINGAPORE
Fortinet Incorporated
899 Kifer Road, Sunnyvale, CA 94086 USA
Tel +1.408.235.7700
Fax +1.408.235.7737
www.fortinet.com/sales
Fortinet Incorporated
120 rue Albert Caquot
06560, Sophia Antipolis, France
Tel +33.4.8987.0510
Fax +33.4.8987.0501
Fortinet Incorporated
300 Beach Road #20-01, The Concourse
Singapore 199555
Tel: +65-6513-3734
Fax: +65-6295-0015
Copyright© 2014 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks
of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network
variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters
a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance
metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants,
representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.
FST-PROD-DS-GT3K3
FG-3240C-DAT-R11-201411
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement