DATASHEET FortiGate®/FortiWiFi™-80 Series Enterprise-Class Protection for Branch Offices Proven Security for Remote Offices, Retail, and Customer Premise Equipment FortiGate/FortiWiFi-80 Series consolidated security appliances deliver comprehensive enterprise-class protection for remote locations, branch offices, customer premise equipment (CPE) and retail networks. FortiGate/FortiWiFi-80 Series platforms feature an integrated set of essential security technologies in a single device to protect all of your applications and data. Simple per-device pricing, an integrated management console, and remote management capabilities significantly reduce costs associated with deployment and management. Primary Features & Benefits Enterprise-grade protection for smaller networks • Enables deployment of Fortinet’s unmatched protection and performance in smaller environments Comprehensive Protection Fortinet’s market-leading security technology and research results in appliances providing unmatched protection against today’s sophisticated multi-vector threats. FortiGate/FortiWiFi consolidated security platforms integrate firewall, IPSec and SSL VPN, antivirus, antispam, intrusion prevention, web filtering and vulnerability management into a single device at a single price. They also provide data loss prevention (DLP), application control, and endpoint NAC. Redundant connectivity methods The FortiGate/FortiWiFi-80 Series specifically addresses many policy enforcement requirements included in government and industry regulations, such as the PCI Data Security Standard. They also ease migration to new industry standards such as IPv6, supporting dynamic routing for both IPv4 and IPv6 networks. Fortinet’s Global Threat Research Team and ICSA Labs-certified inspection engines ensure the best possible protection in your network. Centralized Management 80 Series Deployment Options • • Dual 10/100/1000 Ethernet, analog modem (FG/FWF80CM models) and optional 3G wireless offer redundant WAN connections to ensure availability of data FortiManager and FortiAnalyzer centralized management and reporting appliances simplify the deployment, monitoring, and maintenance of the security infrastructure Redundant Connectivity The FortiGate/FortiWiFi-80 Series platforms offer dual WAN Gigabit Ethernet (10/100/1000) links, for load balancing or redundant ISP connections delivering high availability and scalability to small or home office application. Six Fast Ethernet (10/100) internal security zone or switch ports and one dedicated DMZ port eliminate need for additional networking devices, reducing investment and management burden. An ExpressCard slot allows for optional 3G wireless WAN connectivity such as EVDO, W-CDMA, HSPA and GPRS, which provides mobile network connectivity for remote deployments or backup data connectivity in the event of a network failure. The FortiGate/FortiWiFi-80CM platforms gives you the additional convenience and reliability of an analog modem. FortiGate-80C FortiGate-80CM Internal Storage The internal storage standard on the FortiGate/FortiWiFi-80 Series enables local caching of data for policy compliance or WAN optimization. WAN optimization lowers your networking costs and improves your application and network performance by reducing the amount of data transmitted over your WAN. FortiWiFi-80CM FortiGuard® Security Subscription Services deliver dynamic, automated updates for Fortinet products. The Fortinet Global Security Research Team creates these updates to ensure up-to-date protection against sophisticated threats. Subscriptions include antivirus, intrusion prevention, web filtering, antispam, vulnerability and compliance management, application control, and database security services. FortiCare™ Support Services provide global support for all Fortinet products and services. FortiCare support enables your Fortinet products to perform optimally. Support plans start with 8x5 Enhanced Support with return and replace hardware support or 24x7 Comprehensive Support with advanced hardware replacement. Options include Premium Support, Premium RMA, and Professional Services. All hardware products include a 1-year limited hardware warranty and a 90-day limited software warranty. FortiGuard Subscription Services FortiGate-80C FortiGate-80CM FortiWiFi-80CM Antivirus Intrusion Prevention Web Filtering Antispam Application Control Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Vulnerability Management Supported Supported Supported FortiOS 4.0 Software—Raising The Bar FortiOS 4.0: Redefining Network Security FortiOS 4.0 is the software foundation of FortiGate multithreat security platforms. Developed solely for security, performance, and reliability, it is a purpose-built operating system that leverages the power of FortiASIC processors. Fortinet’s ASIC-Based Advantage FortiASICs are a family of purpose-built, high performance processors that use an intelligent proprietary content scanning engine and multiple algorithms to accelerate security and network services. FortiOS Security Services FIREWALL ICSA Labs Certified (Enterprise Firewall) NAT, PAT, Transparent (Bridge) Routing Mode (RIP, OSPF, BGP, Multicast) Policy-Based NAT Virtual Domains (NAT/Transparent mode) VLAN Tagging (802.1Q) Group-Based Authentication & Scheduling SIP/H.323 /SCCP NAT Traversal WINS Support Explicit Proxy Support (Citrix/TS etc.) VoIP Security (SIP Firewall/RTP Pinholing) Granular Per-Policy Protection Profiles Identity/Application-Based Policy Vulnerability Management IPv6 Support (NAT/Transparent mode) VIRTUAL PRIVATE NETWORK (VPN) ICSA Labs Certified (IPSec) PPTP, IPSec, and SSL Dedicated Tunnels SSL-VPN Concentrator (incl. iPhone client support) DES, 3DES, and AES Encryption Support SHA-1/MD5 Authentication PPTP, L2TP, VPN Client Pass Through Hub and Spoke VPN Support IKE Certificate Authentication (v1 & v2) IPSec NAT Traversal Automatic IPSec Configuration Dead Peer Detection RSA SecurID Support SSL Single Sign-On Bookmarks SSL Two-Factor Authentication LDAP Group Authentication (SSL) ANTIVIRUS / ANTISPYWARE ICSA Labs Certified (Gateway Antivirus) Includes Antispyware and Worm Prevention: HTTP/HTTPS SMTP/SMTPS POP3/POP3S IMAP/IMAPS FTP IM Protocols Flow-Based Antivirus Scanning Mode Automatic “Push” Content Updates File Quarantine Support Databases: Standard, Extended, Extreme, Flow IPv6 Support WEB FILTERING 76 Unique Categories FortiGuard Web Filtering Service Categorizes over 2 Billion Web pages HTTP/HTTPS Filtering Web Filtering Time-Based Quota URL/Keyword/Phrase Block URL Exempt List Content Profiles Blocks Java Applet, Cookies, Active X MIME Content Header Filtering IPv6 Support APPLICATION CONTROL Identify and Control Over 1800 Applications Control Popular IM/P2P Apps Regardless of Port/ Protocol: AOL-IMYahoo MSN KaZaa ICQ Gnutella BitTorrentMySpace WinNY Skype eDonkey Facebook HIGH AVAILABILITY (HA) NETWORKING/ROUTING Active-Active, Active-Passive Multiple WAN Link Support Stateful Failover (FW and VPN) DHCP Client/Server Device Failure Detection and Notification Policy-Based Routing Link Status Monitor Dynamic Routing for IPv4 and IPv6 (RIP, OSPF, BGP, & Link failover Multicast for IPv4) Server Load Balancing Multi-Zone Support Route Between Zones WAN OPTIMIZATION Route Between Virtual LANs (VDOMS) Bi-directional / Gateway to Client/Gateway Multi-Link Aggregation (802.3ad) Integrated Caching and Protocol Optimization IPv6 Support (Firewall, DNS, Transparent Mode, SIP, Accelerates CIFS/FTP/MAPI/HTTP/HTTPS/Generic TCP Dynamic Routing, Admin Access, Management) VIRTUAL DOMAINS (VDOMs) VRRP and Link Failure Control Separate Firewall/Routing Domains sFlow Client Separate Administrative Domains USER AUTHENTICATION OPTIONS Separate VLAN Interfaces Local Database 10 VDOM License Std. (more can be added) Windows Active Directory (AD) Integration External RADIUS/LDAP Integration WIRELESS CONTROLLER Xauth over RADIUS for IPSEC VPN Unified WiFi and Access Point Management RSA SecurID Support Automatic Provisioning of APs LDAP Group Support On-wire Detection and Blocking of Rogue APs Virtual APs with Different SSIDs DATA CENTER OPTIMIZATION Multiple Authentication Methods Web Server Caching TCP Multiplexing TRAFFIC SHAPING HTTPS Offloading Policy-based Traffic Shaping WCCP Support Application-based and Per-IP Traffic Shaping Differentiated Services (DiffServ) Support Guarantee/Max/Priority Bandwidth Shaping via Accounting, Traffic Quotas Note: The list above is comprehensive and may contain FortiOS features which are not available on all FortiGate appliances. Consult FortiGate system documentation to determine feature availability. INTRUSION PREVENTION SYSTEM (IPS) ICSA Labs Certified (NIPS) Protection From Over 3000 Threats Protocol Anomaly Support Custom Signature Support Automatic Attack Database Update IPv6 Support DATA LOSS PREVENTION (DLP) Identification and Control Over Sensitive Data in Motion Built-in Pattern Database RegEx-based Matching Engine for Customized Patterns Configurable Actions (block/log) Supports IM, HTTP/HTTPS, and More Many Popular File Types Supported International Character Sets Supported ANTISPAM Support for SMTP/SMTPS, POP3/POP3S, IMAP/ IMAPS Real-Time Blacklist/Open Relay Database Server MIME Header Check Keyword/Phrase Filtering IP Address Blacklist/Exempt List Automatic Real-Time Updates From FortiGuard Network ENDPOINT COMPLIANCE AND CONTROL Monitor & Control Hosts Running FortiClient Endpoint Security MANAGEMENT/ADMINISTRATION Console Interface (RS-232) WebUI (HTTP/HTTPS) Telnet / Secure Command Shell (SSH) Command Line Interface Role-Based Administration Multi-language Support: English, Japanese, Korean, Spanish, Chinese (Simplified & Traditional), French Multiple Administrators and User Levels Upgrades and Changes via TFTP and WebUI System Software Rollback Configurable Password Policy Optional FortiManager Central Management LOGGING/MONITORING/VULNERABILITY Local Event Logging Log to Remote Syslog/WELF Server Graphical Real-Time and Historical Monitoring SNMP Support Email Notification of Viruses And Attacks VPN Tunnel Monitor Optional FortiAnalyzer Logging / Reporting Optional FortiGuard Analysis and Management Service Firewall Fortinet firewall technology delivers industry-leading performance for network and application firewalling including Web 2.0 application policies based on the application identity, up to and beyond 10 Gbps throughput. Our technology identifies traffic patterns and links them to the use of specific applications, such as instant messaging and peer-to-peer applications, permitting application access control. By coupling application intelligence with firewall technology, the FortiGate platform is able to deliver real-time security with integrated application content level inspection, thereby simplifying security deployments. NAT, PAT and Transparent (Bridge) Policy-Based NAT SIP/H.323/SCCP NAT Traversal VLAN Tagging (802.1Q) IPv6 Support Features Supported Firewall (1518 Byte) Firewall (512 Byte) Firewall (64 Byte) 1.9 Gbps 700 Mbps 120 Mbps Antivirus / Antispyware Antivirus content inspection technology provides protection against virus, spyware, worms, phishing and other forms of malware being transmitted over the network infrastructure. By intercepting application content in transit, and reassembling the data into user expected content, the FortiGate Antivirus features ensures that malicious threats hidden within legitimate application content is identified and removed from the data stream destined for internal (or external) recipients. The addition of Fortinet’s FortiGuard subscription services ensured each FortiGate has access to updated malware signatures, resulting in high level of accuracy and detection capabilities including emerging and newly discovered viruses. ICSA Labs has certified our antivirus functionality. IPS Throughput 350 Mbps VPN Fortinet VPN technology provides secure communications between multiple networks and hosts, through both secure socket layer, or SSL, and IPsec VPN technologies, leveraging our custom FortiASIC to provide hardware acceleration for high-performance communications and data privacy. Benefits include the ability to enforce complete content inspection and multi-threat security as part of VPN communications, including antivirus, IPS and Web filtering. Additional features include traffic optimization providing prioritization for traffic across VPNs. VPN Antivirus Proxy Antivirus Flow-based Antivirus File Quarantine IPv6 Support Feature Highlights Performance Antivirus (Proxy-based) Antivirus (Flow-based) Automatic Attack Database Update Protocol Anomaly Support IPS and DoS Prevention Sensor Custom Signature Support IPv6 Support Performance Performance Features Supported IPS technology provides protection against current and emerging network level threats. In addition to signature-based detection, we perform anomaly-based detection whereby our system alerts users to traffic that fits a profile matching attack behavior. This behavior is then analyzed by our threat research team to identify threats as they emerge and generate new signatures that will be incorporated into our FortiGuard services. Intrusion Prevention System Firewall Feature Highlights Intrusion Prevention 50 Mbps 190 Mbps IPSec and SSL VPN DES, 3DES, AES and SHA-1/MD5 Authentication PPTP, L2TP, VPN Client Pass Through SSL Single Sign-On Bookmarks Two-Factor Authentication Performance IPSec VPN SSL VPN Recommend # of SSL Users 140 Mbps 70 Mbps 60 WAN Optimization With WAN Optimization, you can accelerate applications over your wide area links while ensuring multi-threat security enforcement. FortiOS 4.0 software not only eliminates unnecessary and malicious traffic as one of its core capabilities, it also optimizes legitimate traffic by reducing the amount of communication and data transmitted between applications and servers across the WAN. This results in improved performance of applications and network services, as well as helping to avoid additional higher-bandwidth provisioning requirements. SSL-Encrypted Traffic Inspection protects clients and web and application servers from malicious SSL-encrypted traffic, to which most security devices are often blind. SSL Inspection intercepts encrypted traffic and inspects it for threats, prior to routing it to its final destination. SSL Inspection applies to both client-oriented SSL traffic (such as users connecting to an SSL-encrypted hosted CRM site) and inbound traffic destined an organization’s own web and application servers. You now have the ability to enforce appropriate use policies on inappropriate encrypted web content, and protect servers from SSL Inspection WAN Optimization Features Highlight SSL Inspection Gateway-to-Gateway Optimization Bi-directional Gateway-to-client Optimization Web Caching Secure Tunnel Transparent Mode Features Highlight Protocol: HTTPS, SMTPS, POP3S, IMAPS Inspection support: Antivirus, Web Filtering, Antispam, Data Loss Prevention SSL Offload Data Loss Prevention End-Point NAC Endpoint NAC enforces the use of the FortiClient Endpoint Security application (either Standard or Premium editions) on your network. It verifies the installation of the most recent version of the FortiClient application, up-to-date antivirus signatures, and enabled firewall before allowing the traffic from that endpoint to pass through the FortiGate platform. You also have the option to quarantine endpoints running applications that violate policies and require remediation. It is imperative for you to control the vast amount of confidential, regulated, and proprietary data traversing your network, and keep it within defined network boundaries. Working across multiple applications (including those encrypting their communications), DLP uses a sophisticated pattern-matching engine to identify and then prevent the communication of sensitive information outside the network perimeter. In addition to protecting your organization’s critical information, DLP also provides audit trails for data and files to aid in policy compliance. You can use the wide range of configurable actions to log, block, and archive data, as well as ban or quarantine users. Endpoint Network Access Control (NAC) Data Loss Prevention (DLP) Features Highlight Features Highlight Monitor & Control Hosts Running FortiClient Vulnerability Scanning of Network Nodes Quarantine Portal Application Detection and Control Built-in Application Database Web Filtering Web filtering technology is a pro-active defense feature that identifies known locations of malware and blocks access to these malicious sources. In addition, the technology enables administrators to enforce policies based on website content categories ensuring users are not accessing content that is inappropriate for their work environment. The technology restricts access to denied categories based on the policy by comparing each Web address request to a Fortinet hosted database. Logging & Monitoring FortiGate units provide extensive logging capabilities for traffic, system and network protection functions. They also allow you to compile reports from the detailed log information gathered. Reports provide historical and current analysis of network activity to help identify security issues that will reduce and prevent network misuse and abuse. Logging and Monitoring WEB Filtering Features Highlight Identification And Control Over Data in Motion Built-in Pattern Database RegEx Based Matching Engine Common File Format Inspection International Character Sets Supported HTTP/HTTPS Filtering URL / Keyword / Phrase Block Blocks Java Applet, Cookies or Active X MIME Content Header Filtering IPv6 Support Features Highlight Internal Log storage and Report Generation Graphical Real-Time and Historical Monitoring Graphical Report Scheduling Support Optional FortiAnalyzer Logging (including per VDOM) Optional FortiGuard Analysis and Management Service Virtual Domain Virtual Domain (VDOM) enables a single FortiGate system to function as multiple independent virtual FortiGate systems. Each VDOM contains its own virtual interfaces, security profiles, routing table, administration and many other features. FortiGate VDOMs reduce the complexity of your physical network by virtualizing different security resources over a common platform, greatly reducing the power and footprint required by multiple point solutions. Virtual Domains Features Highlight VDOMs (Max / Default) High Availability (HA) configuration enhances reliability and increases performance by clustering multiple FortiGate appliances into a single entity. FortiGate High Availability supports Active-Active and Active-Passive options to provide the maximum flexibility for utilizing each member within the HA cluster. The HA feature is included as part of the FortiOS operation system so end-users can benefit from the reliability enhancement without the extra cost. High Availability (HA) Separate Firewall / Routing Domains Separate Administrative Domains Separate VLAN Interfaces 10 / 10 Application Control Application control enables you to define and enforce policies for thousands of applications running on your endpoints, regardless of the port or the protocol used for communication. Application classification and control is essential to manage the explosion of new web-based applications bombarding networks today, as most application traffic looks like normal web traffic to traditional firewalls. Fortinet’s application control technology identifies application traffic and then applies security policies easily defined by the administrator. The end result is more flexible and granular policy control, with deeper visibility into your network traffic. Features Highlight Active-Active and Active-Passive Stateful Failover (FW and VPN) Link State Monitor and Failover Device Failure Detection and Notification Server Load Balancing Wireless Controller Wireless controller integrated into every FortiGate platform centralizes the management and monitoring of all FortiAP units. All wireless traffic is directed to the FortiGate multi-threat security platform and undergoes identity-aware firewall policies and UTM engine inspection. Only authorized wireless traffic is forwarded. From a single console you can control network access, update policies quickly and easily, and monitor compliance. Wireless Controller Application Control Features Highlight High Availability Identify and Control Over 1800 Applications Traffic Shaping (Per Application) Control Popular IM/P2P Apps Regardless of Port / Protocol Popular Applications include: AOL-IMYahoo MSN KaZaa ICQ Gnutella BitTorrentMySpace WinNY Skype eDonkey Facebook and more Features Highlight Managed and Monitor FortiAP product Rogue AP Detection, Control and Reporting Virtual AP with different SSID Technical Specifications FortiGate-80C FortiGate-80CM FortiWiFi-80CM 2 6 1 1 2 1 - 2 6 1 1 2 1 Yes 8 GB 2 6 1 1 2 1 802.11 a/n or b/g/n Yes Hardware Specifications 10/100/1000 WAN Interfaces (Copper, RJ-45) 10/100 Internal Switch Interfaces (Copper, RJ-45) 10/100 DMZ Interfaces (Copper, RJ-45) Management Console Interface (Copper, RJ-45) USB Interfaces ExpressCard Slot WLAN Support Modem Port Internal Storage System Performance Firewall Throughput (1518 / 512 / 64 byte UDP packets) Firewall Latency (64 byte UDP packets) Firewall Throughput (Packets Per Second) Concurrent Sessions (TCP) New Sessions/Sec (TCP) Firewall Policies (System / VDOM) IPSec VPN Throughput (512 byte packets) Gateway-to-Gateway IPSec VPN Tunnels (System / VDOM) Client-to-Gateway IPSec VPN Tunnels SSL-VPN Throughput Concurrent SSL-VPN Users (Recommended Max) IPS Throughput Antivirus Throughput (Proxy Based / Flow Based) Virtual Domains (Default / Max) Max Number of FortiAPs Max Number of FortiTokens High Availability Configurations Unlimited User Licenses Dimensions Height x Width x Length Weight Wall Mountable Environment Power Required 1900 / 700 / 120 Mbps 45 μs 230 Kpps 400,000 12,000 5,000 / 500 140 Mbps 200 / 200 1000 70 Mbps 60 350 Mbps 50 / 190 Mbps 10 / 10 16 500 Active/Active, Active/Passive, Clustering Yes 1.75 x 10.87 x 6.13 in (4.45 x 27.61 x 15.57 cm) 3.3 lb (1.5 kg) Yes 100-240 VAC, 50-60 Hz Power Consumption (AVG / Max) 25 / 30 W 26 / 31.2 W 28 / 33.6 W Heat Dissipation Operating Temperature Storage Temperature Humidity Compliance & Certification Compliance Certification 102.3 BTU 106.5 BTU 32 – 104 deg F (0 – 40 deg C) -13 – 158 deg F (-25 – 70 deg C) 20 to 95% non-condensing 115 BTU FCC Part 15 Class B, C-Tick, VCCI, CE, UL/cUL, CB ICSA Labs: Firewall, IPSec, IPS, Antivirus, SSL VPN All performance values are “up to” and vary depending on system configuration. Antivirus performance is measured using 44 Kbyte HTTP files (similar to NSS Labs test methodology). IPS performance is measured using 1 Mbyte HTTP files. Industry Certifications Ordering Info Unit FortiGate-80C SKU FG-80C FotiGate-80CM FortiWiFi-80CM Optional Accessories DC Adapter for the FG-80C, FG-80CM, FWF-80CM Wall Mount Kit (with express card lock) FG-80CM FWF-80CM SKU SP-FG80-PDC SP-FG-50B-60B-MOUNT GLOBAL HEADQUARTERS EMEA SALES OFFICE – FRANCE APAC SALES OFFICE – SINGAPORE Fortinet Incorporated 1090 Kifer Road, Sunnyvale, CA 94086 USA Tel +1.408.235.7700 Fax +1.408.235.7737 www.fortinet.com/sales Fortinet Incorporated 120 rue Albert Caquot 06560, Sophia Antipolis, France Tel +33.4.8987.0510 Fax +33.4.8987.0501 Fortinet Incorporated 300 Beach Road #20-01 The Concourse, 199555 Singapore Tel: +65-6513-3734 Fax: +65-6295-0015 Copyright© 2012 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, and FortiGuard®, are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance metrics contained herein were attained in internal lab tests under ideal conditions, and performance may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to the performance metrics herein. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any guarantees. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. FST-PROD-DS-GT80C FG-FWF-80C-DAT-R6-201203
* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project
advertisement
© 2021