FortiGate™-5000 Series - Network Security Alliance

Large Enterprises
Managed Security Service Providers
Carrier Networks
•••••••••••••••
•••••••••••••••
FortiGate -5000 Series
™
Datasheet
High Performance Modular Multi-Threat Security Solutions
Today’s Threats Against Large Networks
Threats against today’s networks are complex, blended attacks that infect computers, steal confidential information, create denials of service, or
cause costly network outages. Point-based security appliances are inadequately equipped to protect against these attacks because of the multitude
of attack vectors used. The FortiGate-5000 Series addresses this problem by tightly integrating multi-threat protection into a purpose-built platform
to effectively block today’s file-based threats and network-based threats. Examples of critical threats that are blocked by the FortiGate include:
viruses, Trojans, worms, phishing schemes, intrusion attempts, denial of service (DoS) attacks and an ever increasing number of attacks that use
blended threat vectors.
Leading Edge Chassis-Based Security Platform
The Fortinet FortiGate-5000 Series of Advanced Telecom Computing Architecture (AdvancedTCA or ATCA) security chassis deliver multi-gigabit performance
and integrated multi-threat protection ideal for securing high-bandwidth enterprise and service provider networks. Complete Unified Threat Management
(UTM) features include: content inspection firewall, VPN, intrusion prevention, web filtering, antispam, antivirus, Instant Messaging (IM) controls and
Peer-to-Peer (P2P) controls. These security technologies work together to prevent blended attacks from affecting assets protected by the FortiGate
system. The FortiGate-5000 Series features three chassis designs and multiple security modules that meet stringent enterprise and service provider
requirements. Highly available configurations with redundant power supplies and fans combined with superior UTM features ensure non-stop availability
of mission-critical network applications. The Fortinet FortiGuard™ Security Subscription service makes the FortiGate-5000 Series an affordable and
easy-to-manage security solution for large enterprises and service provider customers.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • •
Key Solution Features and Benefits
Industry proven, multi-threat security
architecture for large enterprises and
service providers
Delivers powerful, integrated application security ideal for protecting against
today’s complex blended threats
Extremely high price-to-performance ratio
Low total cost of ownership, ultra high-performance, and wide range of
deployment options matches complex network security requirements
FortiGate-5140
14-slot chassis
Easy to deploy ATCA-based chassis
ATCA-based design allows for rapid deployment to quickly secure missioncritical networks
Modular software and hardware
architecture
Enables rapid support of new technologies, such as VoIP, IPTV, IM, and P2P, to
be secured without unnecessary interruptions
Customized and detailed logging and
reporting tools
FortiGate systems combined with FortiAnalyzer™ centralized reporting
solutions and FortiManager™ centralized management solutions offer
extensive reporting, logging, and data archiving options for regulatory
compliance, trending, or baselining
FortiGate-5050
5-slot chassis
FortiGate-5020
2-slot chassis
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • •
ING
HAP
HS
IDT
DW N
BAN VP AM G
P
TIS RIN Y
AN ILTE ACTIVIT
LY
BF
MO
WE
ANO
IC
RAW
TRAFFIC
ALL
EW
FIR N
VP G
N
UTI
RO
DYNAMIC
CLEAN CONTROLLED
TRAFFIC
T
RIS
HEU
Fortinet’s award-winning security inspection engines offer
unparalleled levels of protection against blended threats. Fully
integrated routing, firewall, encryption, intrusion prevention,
antivirus, antispam, Web filtering and traffic shaping modules
means that all traffic is inspected upon entry into and exit from your
network to ensure that communication is clean and controlled.
IPS
IDS
S
IRU
TIV
AN
The FortiGate Multi-Threat Security Inspection Model
LOGGING / REPORTING
The Fortinet FortiGate-5000 Series are designed to secure
large enterprise, service provider and carrier networks.
Next-Generation Perimeter Security
Firewall + Intrusion Prevention + Antivirus
1 Gb
HIGH SECURITY
SERVER FARM
Firewalls alone aren’t enough to block today’s
blended threats. When single packets are examined
by point products with no concern for multi-vector
attacks, blended threats often pass undetected.
Combining content inspection firewall technology
with gateway antivirus and intrusion prevention
allows packet flows to be tracked. Fortinet multilayered security technologies examine entire
packet flows, from content inspection through
reassembly, stopping threats at the perimeter
before corporate resources are compromised.
1 Gb
10 Gb
SECURED
CORPORATE
NETWORK
DMZ
DNS, EMAIL GATEWAY
WEB, VOIP SERVER
10 Gb
1 Gb
10 Gb
VOIP
10 Gb
VOIP
VOIP
MSSP Core Security
Security Service Offerings:
Discrete Classes of Customers
Firewall-Stateful Inspection
AV.IPS
Customer VPN IPSec
Firewall Virtualization for scalability
Secure Server Support:
MSSP MANAGEMENT
NETWORK
Antispam, Spyware, Trojans
Web, Email, FTP (AV scan)
Web Content Filtering (FortiGuard)
VoIP, SIP/H.323 security
IM/P2P Control
GOVERNMENT
RETAIL
ACCESS NETWORK
MANUFACTURING
COMPANY
(DSL, CABLE, WIRELESS)
INTERNET
5140 chassis scales to 70 Gbps
of firewall performance.
SME
K-12
DISTRICT
Comprehensive logging
and reporting tools provide
detailed and customized
reports via FortiAnalyzer
5140 chassis delivers industry-leading scalability
providing up to 3500 security domains.
Intrusion Prevention + Antivirus + Firewall + VPN
The FortiGate-5000 Series delivers comprehensive
security for Managed Security Service Providers
(MSSPs). The full suite of ASIC-accelerated security
modules allows for customizable features for specific
customers, while virtualization features like Virtual
Domains (VDOMs) provides up to 3,500 separate
security domains. Implementing the FortiGuard
Distribution Network enables MSSPs to deliver
FortiGuard update services to their customers as a
managed service. Finally, the full suite of Fortinet
integrated management applications—including
granular reporting features—offer unprecedented
visibility into the security posture of customers while
illustrating their highest risks.
Secure Messaging
P2P
Web Filtering + Antispam + Antivirus +
IM/P2P Controls
Email is an essential corporate communication
tool. Malware has adapted to this trend and
email is now a primary vector of transmission of
malcode threats. Instant messaging is quickly
becoming a primary propagation vector as
IM adoption rate increases. As with any new
technology, IM introduces security risks in
the form of a new generation of malware that
could potentially infect corporate resources.
By combining Fortinet antispam technology, IM
and P2P controls, antivirus scanning, and web
filtering, customers can ensure that email and
other messaging remains secure and won’t
result in lost revenue or lost data.
Email
DMZ
DNS, Email Gateway,
Web, VOIP Server
P2P
INTERNET
5050
IM
Collaboration
P2P
FortiGate-5000 Series Chassis
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • •
Feature
FortiGate-5020
FortiGate-5050
FortiGate-5140
Available Slots.................................................... 2............................................................ 5..................................................................... 14...........................................
Power Source..................................................... AC.......................................................... DC/AC*............................................................. DC/AC*....................................
High Availability Backplane................................. Built-in................................................. Built-in............................................................ Built-in....................................
Dual Switch Module Support............................... No.......................................................... Yes.................................................................. Yes..........................................
Max FW Throughput........................................... 10 Gbps................................................... 25 Gbps.......................................................... 70 Gbps..................................
Max VPN Performance........................................ 1.2 Gbps 3DES....................................... 3 Gbps 3DES................................................... 8.4 Gbps 3DES........................
Concurrent Sessions.......................................... Up to 2M................................................ Up to 5M......................................................... Up to 14M...............................
Dimensions (H, W, L, weight).............................. 5.25 inches, 17 inches, .......................... 8.75 inches, 17 inches, .................................. 21 inches, 19 inches, .............
15.5 inches, 35.5 lb (16.1 kg)
15.5 inches, 26.75 lb (12.1 kg)
19 inches, 64.5 lb (29.3 kg)
Environmental................................................... Operating temperature: 32 to 104 deg F (0 to 40 deg C)
Storage temperature: -13 to 158 deg F (-25 to 70 deg C)
Humidity: 5 to 95% non-condensing
Regulatory ....................................................... FCC Class A Part 15
Certifications..................................................... ICSA Labs: Antivirus, Firewall, IPSec, SSL-VPN, and IPS
NSS Group: UTM Tested and Approved
FIPS 140-2
Common Criteria EAL 4+ Firewall
* Optional FortiGate-5053 Power Supply Shelf used to provide AC power to the FortiGate-5050 or FortiGate-5140 Chassis.
FortiASIC-Accelerated Security Modules
Fortinet offers fully integrated, multi-threat security solutions to protect against blended threats. You
can deploy a chassis either for complete protection across all blades or dedicate one or more blades
for specific functions
Complete content inspection and application assurance to protect
Firewall (FW):
......................................................
your mission-critical corporate resources.
Virtual Private Network (VPN):
With integrated FW, AV, IPS, and URL filtering that
......................................................
can inspect traffic inside VPN tunnels for secure
communications to your data and applications from mobile
workers, partners, and customers.
The FortiASIC Advantage
The FortiASIC is the foundation of Fortinet’s
unique technology. FortiASICs use an intelligent,
proprietary content scanning engine that
accelerates the compute-intensive actions. They
also contain acceleration algorithms for encryption
so that FortiGate security devices can perform
antivirus scanning on VPN tunnels ensuring clean
and controlled communications. Coupling our
custom ASIC with proprietary network processor
acceleration, Fortinet’s
chassis
systems
deliver extreme performance and security at a
compelling total cost of ownership.
FortiOS: Developed for Security
Intrusion Prevention (IPS):
Signature, anomaly, and activity inspection for over 3,000 known
......................................................
intrusions detects and blocks network attacks aimed at exploiting
application vulnerabilities, keeping applications available and
preventing misuse.
Antivirus/Antispyware (AV):
Signature-based, heuristic, and activity inspections from the
......................................................
only ASIC-accelerated AV engine removes malicious content
from SMTP, POP3, IMAP, IM, P2P, HTTP, and FTP sessions
so that communications to and from your network are clean
and controlled.
Antispam (AS):
Heuristic, and gray listing engines block up to several million
......................................................
unsolicited, unwanted, or inappropriate messages from clogging
network resources and reducing productivity.
Web Filtering (WF):
Stops access to over 29 million offensive and undesirable
......................................................
internet sites with 76 categories (with multiple administrative
override capabilities) that could harm your network resources.
Fortinet’s FortiOS is with security and performance
as top prorities. FortiOS features full routing (BGP,
OSPF, RIP), complete logging and auditing for
forensic analysis, granular Virtual Security Domain
(VDOM) support, and a complete command line
interface (CLI). No 3rd party software applications
are included that might lead to a vulnerability. It is
Common Criteria Certified EAL 4+.
Fortinet’s AdvancedTCA
Architecture
The Advanced Telecom Computing Architecture
(AdvancedTCA) offers distinct performance and
management advantages over proprietary
designs. The FortiGate-5000 Series chassis
systems are carrier-grade, offering extremely
high reliability and scalability. Moreover, the
AdvancedTCA chassis are Network Equipment
Building System (NEBS) compliant. Fortinet
is the first and only security vendor utilizing
AdvancedTCA systems for security applications.
FortiGate-5001SX
FortiGate-5001FA2
FortiGate-5005FA2
FortiSwitch-5003
FortiController-5208
Features the complete suite
of FortiGate multi-layered
security technologies
Features hardware
acceleration for FortiGate
multi-layered security
technologies
Features hardware
acceleration and the highest
level of performance among
FortiGate blade solutions
Features high availability
switching across the highspeed chassis backplane
Features high bandwidth
traffic load balancing for
customized applications
FortiGate-5000 Series Blades
FortiGate-5001SX
FortiGate-5001FA2
FortiGate-5005FA2
FortiSwitch-5003
FortiController-5208
SFP Ports ..............................................................4 .................................. 4 ........................................... 8 ....................................0 ...........................................8 + 2 x 10GbE (XFP) .....
10/100/1000 Base-T Ports ....................................4 .................................. 4 ........................................... 0 ....................................3+1 mananagement .............1 management .............
Network Processor Accelerated Ports.....................N/A ............................... 2 .......................................... 2 ...................................N/A ........................................N/A ..............................
Concurrent Sessions .............................................1M ............................... 1M ........................................ 1M .................................N/A ........................................N/A ..............................
Firewall Throughput...............................................4 Gbps .......................... 4 Gbps .................................. 5 Gbps ...........................N/A ........................................N/A ..............................
IPSec (3DES) VPN Throughput ................................600 Mbps ..................... 600 Mbps .............................. 800 Mbps ......................N/A ........................................N/A ..............................
Maximum VPN Tunnels ..........................................10,000 ......................... 10,000 .................................. 10,000 ...........................N/A ........................................N/A ..............................
IPS Throughput .....................................................2 Gbps .......................... 2 Gbps .................................. 3 Gbps ...........................N/A ........................................N/A ..............................
Antivirus Throughput .............................................250 Mbps ..................... 250 Mbps .............................. 300 Mbps ......................N/A ........................................N/A ..............................
Unlimited User Licenses ........................................Yes ............................... Yes ........................................ Yes.................................N/A ........................................N/A ..............................
Maximum Policies .................................................100,000........................ 100,000 ................................ 100,000 .........................N/A ........................................N/A ..............................
Virtual Domains (VDOMs) .......................................10/250* ........................ 10/250*................................. 10/250* .........................N/A ........................................N/A ..............................
* 10 VDOMs (standard) / Up to 250 VDOMs available (optional, requires additional license)
FortiGuard Security
Subscription Services
Technical Specifications FortiGate-5000 Series
FortiGate-5000 Series offers the following features:
FIREWALL
ANTIVIRUS
NETWORKING/ROUTING
USER AUTHENTICATION OPTIONS
ICSA Labs Certified (Enterprise Firewall)
NAT, PAT, Transparent (Bridge)
Routing Mode (RIP v1 & v2, OSPF, BGP,
& Multicast)
Policy-Based NAT
Virtual Domains (NAT/Transparent mode)
VLAN Tagging (802.1Q)
User Group-Based Authentication
SIP/H.323 NAT Traversal
WINS Support
Customized Protection Profiles
ICSA Labs Certified (Gateway Antivirus)
Includes AntiSpyware and Worm
Prevention
HTTP/SMTP/POP3/IMAP/FTP/IM and
Encrypted VPN Tunnels
Automatic “Push” Virus Database Update
File Quarantine Support
Block by File Size or Type
Multiple WAN Link Support
PPPoE Support
DHCP Client/Server
Policy-Based Routing
Dynamic Routing (RIP v1 & v2, OSPF,
BGP, & Multicast)
Multi-Zone Support
Route Between Zones
Route Between Virtual LANs (VDOMS)
Multi-Link Aggregation (802.3ad)
Local Database
Windows Active Directory (AD)
Integration
External RADIUS/LDAP Integration
IP/MAC Address Binding
Xauth over RADIUS for IPSEC VPN
RSA SecurID Support
VIRTUAL PRIVATE NETWORK (VPN)
ICSA Labs Certified (IPSec & SSL)
PPTP, IPSec, and SSL
Dedicated Tunnels
DES, 3DES, and AES Encryption Support
SHA-1/MD5 Authentication
PPTP, L2TP, VPN Client Pass Through
Hub and Spoke VPN Support
IKE Certificate Authentication
IPSec NAT Traversal
Dead Peer Detection
RSA SecurID Support
INTRUSION PREVENTION SYSTEM
(IPS)
ICSA Labs Certified (NIPS)
Protection From Over 3000 Threats
Protocol Anomaly Support
Custom Signature Support
Automatic Attack Database Update
WEB FILTERING
URL/Keyword/Phrase Block
URL Exempt List
Content Profiles
Blocks Java Applet, Cookies, Active X
FortiGuard Web Filtering Support
MANAGEMENT/ADMINISTRATION
OPTIONS
Real-Time Blacklist/Open Relay
Database Server
MIME Header Check
Keyword/Phrase Filtering
IP Address Blacklist/Exempt List
Automatic Real-Time Updates From
FortiGuard Network
Console Interface (RS-232)
WebUI (HTTP/HTTPS)
Telnet / Secure Command Shell (SSH)
Command Line Interface
Role-Based Administration
Multi-language Support
Multiple Administrators and User Levels
Upgrades and Changes Via TFTP and
WebUI
System Software Rollback
Central Management via FortiManager
(optional)
TRAFFIC SHAPING
LOGGING/MONITORING
Policy-based Traffic Shaping
Differentiated Services (DiffServ)
Support
Guarantee/Max/Priority Bandwidth
Internal Logging
Log to Remote Syslog/WELF server
Graphical Real-Time and Historical
Monitoring
SNMP
Email Notification of Viruses And Attacks
VPN Tunnel Monitor
Optional FortiAnalyzer Logging
ANTISPAM
GLOBAL HEADQUARTERS
Fortinet Incorporated
1090 Kifer Road, Sunnyvale, CA 94086 USA
Tel +1-408-235-7700
Fax +1-408-235-7737
www.fortinet.com/sales
EMEA SALES OFFICE-FRANCE
Fortinet Incorporated
120 rue Albert Caquot
06560, Sophia Antipolis, France
Tel +33-4-8987-0510
Fax +33-1-5858-0025
VIRTUAL DOMAINS (VDOMs)
Separate Firewall/Routing domains
Separate Administrative domains
Separate VLAN interfaces
10 VDOMs (standard)
Up to 250 VDOMs (optional license)
HIGH AVAILABILITY (HA)
Active-Active, Active-Passive
Stateful Failover (FW and VPN)
Device Failure Detection and Notification
Link Status Monitor
Link failover
INSTANT MESSENGER /
PEER-TO-PEER ACCESS CONTROL
AOL-IM
ICQ
BitTorrent
Donkey
Yahoo
Gnutella
Skype
MSN
WinNY
KaZaa
Includes:
• Automatic updates from over 50
redundant high speed database servers
around the globe.
• Complete Wildlist virus protection
for over 4500 active viruses from
FortiGuard’s active database of over
60,000 viruses.
• Real-time IPS updates for protection
against over 6000 threats.
• 76 rated web categories for more
accurate web filtering.
• Web filtering for more than 29 million
rated domains and 2 billion rated Web
pages.
FortiCare Support Services
Includes:
•
•
24x7x365 FortiCare Web Service
Web-based and Phone-based
Technical Support*
• 1-Year Limited Hardware Warranty
• 90-Day Limited Software Warranty
* 8x5 and 24x7 Phone-based Technical
Support Options Available
APAC SALES OFFICE-HONG KONG
Fortinet Incorporated
Room 2429-2431, 24/F Sun Hung Kai Centre
No.30 Harbour Road, WanChai, Hong Kong
Tel +852-3171-3000
Fax +852-3171-3008
©Copyright 2006-2007 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiOS, FortiAnalyzer, FortiGuard, FortiCare, FortiASIC, FortiManager, FortiWiFi, FortiClient, FortiLog and FortiReporter are trademarks or registered
trademarks of the Fortinet Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Licensed under U.S. Patent
No. 5,623,600, Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. Please note that no Fortinet
statements herein constitute or contain any guarantee, warranty or legally binding representation. All materials contained in this publication are subject to change without notice, and Fortinet reserves the right to change, modify,
transfer, or otherwise revise this publication without notice.
DAT136-0607-R6