Scribd Logo
Upload

Welcome to Scribd!

  • Authen - Advance Route

    Uploaded by

    Trung Trơ Trẽn
    17 views45 pages

    Original Title

    Authen _ Advance Route

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    17 views45 pages

    Authen - Advance Route

    Uploaded by

    Trung Trơ Trẽn

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 45

    Authentication & Advance Routing

    Hieu

    © Copyright Fortinet Inc. All rights reserved.


    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    NETWORKING

    ROUTING
    ROUTING
    FEATURES

    § Static and Policy Routing


    § Routing Protocol Support:
    »BGP, OSPF, IS-IS
    »Multicast Routing
    § Route Monitor and Lookup

    31
    NETWORKING

    POLICY ROUTE

    32
    NETWORKING

    POLICY ROUTE

    33
    NETWORKING

    SD-WAN
    SD-WAN requires direct internet access which requires better security at every branch

    90% of the SD-WAN vendors only offer stateful firewalls which is not enough

    Secure SD-WAN
    NGFW

    SD-WAN

    + + + + + + + +
    SD-WAN Traffic VPN App Intrusion Antivirus URL Sandboxing SSL Inspection
    Shaping Control Prevention Filtering

    Scalable and Easy to Deploy

    Unprecedented Integration and visibility

    34
    NETWORKING

    6.
    SD-WAN

    0
    MULTI-PATH
    INTELLIGENCE

    § Maintain High availability and


    QoS for business critical
    applications
    § Select links based on prioritized
    SLAs or certain link quality metrics,
    and fail-back to desired link once
    SLA is stabilized

    35
    NETWORKING

    6.
    60.
    SD-WAN

    0B
    2
    Path Selection Strategy Best Quality Min. Quality (SLA)
    Administrators who prefer simplistic path Administrators who desire granular threshold
    Recommended Use Case
    selection, relying on preferred quality criteria configurations per applications

    36
    NETWORKING

    6.
    SD-WAN

    0
    APPLICATION
    AWARENESS

    § WAN Path Controller is able to


    route traffic using Application
    Control DB (with over 3,000
    signatures), in addition to ISDB
    § Once identified via application
    control, subsequent matching
    sessions are identified when seen
    next time on first packet

    37
    NETWORKING

    6.
    SD-WAN

    0
    TRAFFIC
    SHAPING

    § Centralized traffic shaping policy


    management
    § L7 Analysis for QoS rules based
    on Users, Apps, URLs
    § Option to setup traffic shaping
    profile by defining the
    percentage of interface

    38
    NETWORKING

    SD-WAN
    WAN OPTIMIZATION
    Supports various network
    topologies such as inline and
    WAN
    Peers
    out-of-path design
    Utilize Protocol Optimization &
    Authentication group byte Caching
    Supports multi-peers
    Can be used in both transparent
    or NAT/Route Mode, virtualized
    per VDOM

    39
    NETWORKING

    SD-WAN

    INTERNET

    Forward Proxy Reverse Proxy

    WEB CACHING
    Reducing bandwidth usage with fewer request and response across WAN
    Reducing server load as it has to serve fewer requests
    Perceived latency since data is obtained from local unit

    FortiGate Models with single disk will have to toggle disk from Local Log to WAN Optimization.

    40
    NETWORKING

    6.
    EXPLICIT PROXY

    0
    WEB/FTP
    PROXY

    § Proxy HTTP/HTTPS & FTP


    Session from web browsers
    § Distribute proxy auto-config (PAC)
    § Proxy Chaining with forward server
    load balancing support
    § User authentication
    § Transparent Explicit Proxy option
    using IP reflect

    41
    NETWORKING

    6.
    HIGH AVAILABILITY

    0
    Signatures
    FortiGate Clustering FortiGate Session Virtual Router
    Protocol (FGCP) Life Support Redundancy
    Protocol (FGSP) Protocol (VRRP)
    • Enhanced reliability via • For supporting asymmetric • RFC standard based,
    device failover, link traffic and support allow 3rd party device
    failover and remote link scenarios with load- integration
    failover balancers and routers • Resource intensive,
    • Increased performance distributing sessions performance and latency
    via active-active HA load across multiple appliances impact
    balancing • does not have a heartbeat
    • uses a virtual MAC/single mechanism to detect unit
    IP address per network failure, each FG operates
    segment by itself with config and
    session sync

    42
    NETWORKING

    6.
    HIGH AVAILABILITY

    0
    FORTIGATE-01 FORTIGATE-02

    Cluster 1
    Virtual
    VDOM 1 VDOM 1

    VDOM 2 VDOM 2

    Cluster 2
    Virtual
    VDOM 3 VDOM 3

    VIRTUAL CLUSTER
    Similar concept to loadsharing 2 Virtual clusters can be created with as many VDOMs
    available assigned to them
    Can operate in A-A or A-P mode
    Inter-VDOM links must be entirely within one virtual
    Available when VDOMs are enabled cluster.

    43
    NETWORKING

    HIGH AVAILABILITY
    HA FAILOVER
    Device & Link Failover
    Failover can be triggered when the
    master/primary units fails or links
    connecting it
    Remote Link Failover
    Uses ping servers on the primary unit
    to test connectivity with IP addresses
    of network devices that is not directly
    connected
    May be multiple interfaces and/or
    multiple IPs on a monitored interface

    44

    You might also like