This David Papkin page has information about Fortinet.
Fortigate Firewall Features
- Firewall Authetication
- Web Proxy
Fortimanager – provides a rich set of tools to help network admins centrally manage Security Fabric devices such as firewalls, switches, wireless wan extenders, access points, and VPNs from a single console, including capabilities to facilitate simplified deployments, centralized provisioning, and connection monitoring
ISFW – The Internal Segmentation Firewall (ISFW) is designed to protect network segments from malicious code that makes its way to the internal network. Fortinet’s ISFW architecture delivers maximum performance and maximum security, while still offering the flexibility of being placed anywhere in the enterprise.
FortiAnalyzer – FortiAnalyzer provides deep insights into advanced threats through Single-Pane Orchestration, Automation, and Response for your entire attack surface to reduce risks and improve your organization’s overall security. Network Security Logging, Analysis, and Reporting Appliances securely aggregate log data from Fortinet Security Appliances. A comprehensive suite of easily customable reports allows you to quickly analyze and visualize network threats, inefficiencies and usage.
Q & A
What is used to choose where to send packers? What mode is FortiGate unit is installed as a gateway or router between two networks?
Routing. NAT mode.
What is DLP?
DLP enables businesses to detect data loss, as well as prevent the illicit transfer of data outside the organization and the unwanted destruction of sensitive or personally identifiable data (PII).
What are some security risks because of business policy and new technology ?
BYOD, Malware, Insider threats, Public Cloud, IoT
Q How to have HA for business critical applications?
SD-WAN can intelligently identify applications and determine the best path they should take to maximize functionality. Moreover, self-healing capabilities automatically route traffic, in real-time, to the next-best available link in the event of an outage of the primary link.
HA Cluster. A group of FortiGate units that act as a single virtual FortiGate unit to maintain connectivity even if one of the FortiGate units in the cluster fails. Cluster unit. A FortiGate unit operating in a FortiGate HA cluster
Q Compare IPsec VPN vs SSL VPN.
You can use SSLVPN client-less, that is, from any browser, this is called web mode or portal mode. The portal only supports some protocols as proxy which might or might not meet your needs.
IPsec on the other hand is typically used for site-to-site tunnels but is suitable for host-to-site settings as well. You will always need a software client for IPsec on the host which is this case could be again the FortiClient. All protocols are supported across the tunnel.
End of David Papkin page on Fortinet info
David Papkin favorite movies