FortiGate Security Series
Comprehensive Solutions for
Real Time Network Protection
Threats Have Changed
Spam
Threats to corporate networks have evolved beyond the capabilities of
Banned
Content
traditional network defenses. Email messages, file transfers, Web-pages
Speed, Damage ($)
Worms
Contentbased
Connection-based
1980
inappropriate content into data networks. Traditional firewalls are
Viruses
powerless against most of these “content-based” threats — they simply
Intrusions
Hardware
Theft
Physical
1970
and VPN links are now used to introduce damaging viruses, worms and
Trojans
1990
2000
weren’t designed to analyze and process the application-level contents of
network traffic. And software-based solutions are complex, costly, and too
slow for today’s real time communications.
Today’s content-based threats, which bypass conventional
“Firewalls must provide a wide range of intrusion
prevention capabilities, or face extinction ...
”
– Gartner
firewalls, spread faster and do more damage. Conventional
solutions rely on a complex, costly collection of independent
systems that don't stop today's content-based attacks.
FortiGate Takes Real-Time Network Protection to the Edge
We went back to the drawing board and developed a new type of platform that can
deal with today’s and tomorrow’s threats at the network edge, without slowing your
critical network applications. We assembled a team of the world’s leading networking
and security experts — including the creator of the world’s most successful network
security appliance and one of the world’s most respected antivirus experts — and
created the award-winning FortiGate™ line of Antivirus Firewalls — the next generation
in real-time network protection. The unique, ASIC-based architecture of FortiGate
platforms avoid the limitations of conventional firewalls, VPN gateways, and softwareFortiGate Antivirus Firewalls provide complete, realtime protection at the network edge.
based antivirus and content filtering systems. They provide better protection, and faster
processing, at a lower cost.
The World’s First Hardware-Based Antivirus Firewalls—and More
Software-based antivirus systems, which are designed for scanning non real-time email
messages, are too slow to be used to scan Web traffic or other real-time network
applications. And that leaves your network dangerously exposed.
FortiGate platforms use the revolutionary FortiASIC™ Content Processor chip to enable
real-time antivirus protection at network speeds. With continuous, automatic updates of
the latest threats from the FortiProtect Network, all of your critical communications —
including Web, email, file transfer and even VPN traffic — can now be scanned and
Virus and worm infections increasingly come from
Web pages and other real-time applications, but
few systems have the power to scan Web traffic
cleared of viruses, worms, and malicious code before they can enter your network —
without compromising performance.
without bringing performance to a crawl.
In fact, the FortiGate family is the world’s first line of ASIC-based systems to be certified
by the International Computer Security Association (ICSA) for antivirus protection. And
that’s just the beginning.
>
2
A L C AT E L
FortiGate Security Series
Complete Network Protection Increases Security, Lowers Costs
FortiGate Antivirus Firewalls protect you against threats to your security and productivity, and
offer an unmatched array of integrated, policy-based capabilities. FortiGate units integrate
seamlessly into your network, and provide antivirus and content filtering services
“transparently” in conjunction with your existing firewall. FortiGate network protection systems
have earned an unprecedented four certifications from ICSA for firewall, IPSec, antivirus, and
intrusion detection.
A Complete Family of Integrated Products and Services
FortiGate offers a complete range of products and services that work together to provide the
most comprehensive, cost-effective and manageable solutions available for protecting
Capabilities supported by all FortiGate
Antivirus Firewalls.
networks of all sizes.
FortiGate systems are kept
up-to-date automatically via
the global FortiProtect™
Network, providing realtime protection against the
latest threats.
“
FortiGate has demonstrated its
investment in powerful network
processing technology by filtering
FortiLog systems
provide reliable,
centralized data
collection for multiple
FortiGate systems and
enable consolidated
reporting and analysis.
viruses in-line, which requires an
unprecedented level of packet
”
assembly and filtering.
– Gartner
“
We were extremely impressed
with the FortiGate unit’s ability
to detect and eliminate viruses
”
and worms in real time.
The ASIC-accelerated
FortiGate Antivirus Firewalls
provide complete network
protection, with real time
performance, at the lowest
total cost for both wired and
wireless networks.
– Miercom
FortiManager Systems enable
enterprises and service providers to
efficiently manage, monitor and
control dozens, hundreds or
thousands of FortiGate systems from a
central location.
A L C AT E L
3
>
FortiGate Systems Scale from SOHO to Service Provider
All FortiGate models run the powerful, secure FortiOS™ real-time operating system and provide the full
range of security functions. With systems designed for SOHO and telecommuters, small and mediumsized businesses, enterprises and service providers, there’s a FortiGate model to fit every application.
FortiGate Systems for Enterprises address the flexibility and performance
requirements for large businesses and enterprise branch offices. They support
zones with independent security policies, and also support high-availability
configurations that virtually eliminate downtime, even in the event of a system
failure.
FortiGate-200A
FortiGate-3600
FortiGate-60
FortiGate-60
FortiGate Systems for large enterprise and service
providers establish a new level of price/performance
for gigabit-speed network protection. High-uptime
features such as redundant, hot-swappable power
supplies and fan assemblies, and sophisticated
networking capabilities make these units ideal for
large, complex networks and for managed security
service offerings.
The easy to deploy and administer
FortiGate Systems for SOHO and
SMB enable smaller organizations to
implement enterprise-class security.
“
The FortiGate 400 sets the benchmarks for
”
appliance-based firewall devices.
– Internet Telephony
>
4
A L C AT E L
“
The FortiGate 3600 would be an excellent choice in
”
the enterprise/carrier-class arena — Best Buy.
– SC Magazine
FortiGate Security Series
Respond to New Threats in Real Time
FortiGate’s FortiProtect services provide up-to-date protection
FortiGate’s Threat Protect Team operates around the world, around the clock to identify new threats
and develop new detection and prevention “signatures.” The FortiProtect™ Distribution Network
operates 24x7 to automatically deliver updated signature databases to FortiGate units around the
world — and can even “push” updates to all FortiGate units in minutes in the event of a fastspreading outbreak.
FortiProtect distribution servers
are located worldwide to
ensure fast, reliable updates to
stop new attacks.
The FortiProtect Center portal provides comprehensive,
searchable information regarding viruses and system
vulnerabilities, and provides a wealth of information
resources that keep customers up to speed on the latest
vulnerabilities and how to protect against them, including
FortiProtect Bulletins delivered to customer inboxes to
provide instant alerts and daily
summaries of new threats.
A L C AT E L
5
>
FORTIGATE FAMILY OVERVIEW – SOHO / Branch Office / SMB
Feature List
SOHO/
Branch Office
Small / Medium
Business
FortiGate
60
FortiGate
200A
Interfaces
10/100 Ethernet ports
10/100 Switch ports
USB ports
3
4
2
4
4
2
50K
2K
70
20
•
500
256
400K
4K
150
70
•
2K
256
System Performance
Concurrent sessions
New sessions/second
Firewall throughput (Mbps)
168-bit Triple-DES throughput (Mbps)
Unlimited concurrent users
Policies
Schedules
Antivirus / Worm Detection & Removal (ICSA Certified)
Scans HTTP, SMTP, POP3, IMAP,
FTP and encrypted VPN tunnels
Automatic “push” virus database update
Block by file size
•
•
•
•
•
•
•
•
•
•
32
•
•
•
•
•
32
40
•
•
•
•
•
80
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Firewall (ICSA Certified)
NAT, PAT, transparent (bridge)
Routing mode (RIP v1, v2)
802.1Q VLAN Support
User group-based authentication
H.323 NAT traversal
Protection profiles
VPN (ICSA Certified)
Dedicated tunnels
Encryption (DES, 3DES, AES)
PPTP, L2TP, VPN client pass though
Hub and spoke architecture
IKE certificate authentication (X.509)
IPSec NAT traversal
Content Filtering
URL block, keyword block, exempt List
Java applet, cookies, Active X
Email filtering (keyword, exempt list)
RBL/ORDB support
Mime header check
Feature List
6
A L C AT E L
Small / Medium
Business
FortiGate
60
FortiGate
200A
•
•
•
•
•
•
•
•
•
•
•
Dynamic Intrusion
Detection/Prevention (ICSA Certified)
Prevention for over 1,300 attacks
Customizable dynamic detection
signature list
Automatic attack database update
Logging / Monitoring
Internal HDD
Email notification of viruses and attacks
Syslog, SNMP
High Availability (HA)
Active-active, active-passive
Stateful failover (FW and VPN)
Device failure detection and notification
Link status monitor
A-P
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Multiple administrators and user levels
•
Upgrades and changes via TFTP and WebUI •
System software rollback
•
•
•
•
Networking
Multiple WAN link support
PPPoE
DHCP client/server
Policy-based routing
System Management
Console interface (RS-232)
WebUI (HTTPS), multi-language support
Command line interface,
Secure Command Shell (SSH)
FortiManager system
Administration
User Authentication
Internal database
External RADIUS/LDAP database
IP/MAC address binding
Xauth over RADIUS for IPSEC VPN
RSA SecurID
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Traffic Shaping
Policy-based traffic shaping
DiffServ setting
Guarantee/max/priority bandwidth
>
SOHO/
Branch Office
FortiGate Security Series
FORTIGATE FAMILY OVERVIEW – Enterprise / Service Provider
Feature List
Enterprise
Large Enterprise/
Service Provider
FortiGate
400
800
FortiGate
3000 3600
Interfaces
10/100 Ethernet ports
Gigabit Ethernet ports (copper/fiber)
High availability port
USB Ports
4
4
4C
•
•
1
3
1
1C/2F 2C/4F
•
•
System Performance
Concurrent sessions
New sessions/second
Firewall throughput (Mbps)
168-bit Triple-DES throughput (Mbps)
Unlimited concurrent users
Policies
Schedules
400K 400K
10K 10K
280 600
975K
20K
2.25
1M
25K
4
Gbps
Gbps
80
•
5K
256
200
•
20K
256
530
•
50K
256
600
•
50K
256
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
2/10
•
•
•
2/10
•
•
32
•
•
32
•
•
•
up to
250
•
•
32
•
•
•
up to
250
•
•
32
2K
•
•
•
•
•
2K
•
•
•
•
•
5K
•
•
•
•
•
5K
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Antivirus / Worm Scans
Detection & Removal
HTTP, SMTP, POP3, IMAP, FTP
and encrypted VPN tunnels
Automatic “push” virus database
update
Quarantine infected messages
Block by file size
User group-based authentication
H.323 NAT traversal
Protection profiles
VPN (ICSA Certified)
Dedicated tunnels
Encryption (DES, 3DES, AES)
PPTP, L2TP, VPN client pass though
Hub and spoke architecture
IKE certificate authentication (X.509)
IPSec NAT traversal
Content Filtering
URL block, keyword block, exempt list
Java applet, cookies, Active X
Email filtering (keyword, exempt list)
RBL/ORDB support
Mime header check
Enterprise
FortiGate
400
800
Large Enterprise/
Service Provider
FortiGate
3000 3600
Dynamic Intrusion
Detection/Prevention (ICSA Certified)
Prevention for over 1,300 attacks
Customizable dynamic detection
signature list
Automatic attack database update
•
•
•
•
•
•
•
•
•
•
•
•
20G
20G
20G
20G
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Logging / Monitoring
Internal logging capacity
Email notification of
viruses and attacks
Syslog, SNMP
High Availability (HA)
Active-active, active-passive
Stateful failover (FW and VPN)
Device failure detection
and notification
Redundant power supplies
Link status monitor
Networking
Firewall (ICSA Certified)
NAT, PAT, transparent (bridge)
Routing mode (RIP v1, v2)
802.1Q VLAN support
Virtual domains (NAT/transparent)
Feature List
Multiple WAN link support
PPPoE
DHCP client/server
Policy-based routing
System Management
Console Interface (RS-232)
WebUI (HTTPS),
multi-language support
Command line interface, SSH
FortiManager System
Administration
Multiple administrators and user levels
Upgrades and changes
via TFTP and WebUI
System software rollback
User authentication
Internal database
External RADIUS/LDAP database
IP/MAC address binding
Xauth over RADIUS for IPSEC VPM
RSA SecurID
Traffic Shaping
Policy-based traffic shaping
DiffServ setting
Guarantee/max/priority bandwidth
A L C AT E L
7
>
www.alcatel.com/enterprise
Alcatel
26801 West Agoura Road
Calabasas, CA 91301 USA
Contact Center
(800) 995-2612 US/Canada
(818) 880-3500 Outside US
www.alcatel.com/enterprise
Product specifications contained in this document are subject to change without notice. Contact
your local Alcatel representative for the most current information. Copyright © 2004 Alcatel
Internetworking, Inc. All rights reserved. This document may not be reproduced in whole or in
part without the expressed written permission of Alcatel Internetworking, Inc. Alcatel® and the
Alcatel logo are registered trademarks of Alcatel. All other trademarks are the property of their
respective owners.
P/N 031532-00
10/04
Download PDF