forti cloud
TRANSCRIPT
© Copyright Fortinet Inc. All rights reserved.
FortiCloud OverviewCloud-based Provisioning, Management and AnalyticsQ1 2015
2
Drivers for Cloud-Based Management
SIZE OF BUSINESS
NEE
D F
OR
CLO
UD
MAN
AGEM
ENT
SMALL MID-SIZED ENTERPRISE LARGE ENTERPRISE
Limited Budgets
Automated Provisioning
BYOD
Shift from CAPEX to OPEX
Acceptance of “Everything as a Service”
Easier to Manage Remotely
Linear Cost Scalability
3
Challenges with Managing Security + Wireless Infrastructure
CostsOperationsSecurity
• Control over applications, webusage, devices and users
• Upfront investment requiredfor CPE-based solutions
• WiFi guest user access and device configuration
• Provisioning devices remotely and in bulk
• Ongoing expenses due to recurring AP/user licensing
• Multiple management consoles for individual WiFi access points
• Preventing unauthorized access from rogue WiFi access points
• Consolidated visibility into illicit or actionable activity
• Security & wireless vendor interoperability
4
Introducing FortiCloud
FortiCloud
New York(Branch Office)
Las Vegas(Branch Office)
s e c u r i t y p o l i c i e sfi r m w a r e u p d a t e s
w i r e l e s s s e t t i n g sz e r o t o u c h p r o v i s i o n i n g
San Jose(Headquarters)
H o s t e d Fo r t i C l o u d M a n a g e m e n t
5
FortiCloud: Fortinet’s Solution for Hosted Management
Cloud-Based Management
Zero Touch Provisioning
Integrated Security
Reporting and Visibility
• Singular hosted console for managing wireless & security devices• Dashboards for both wireless (FortiAP) and security (FortiGate) • No setup fees; service is free of charge w/ no recurring expenses
• Simple provisioning makes initial deployment much less complex• Use included key to register a device to your FortiCloud account• Bulk deployment options for mapping many FortiAPs to FortiCloud
• Configure wireless security modes, encryption, authentication, etc.• Detection of rogue APs + WIDS facilitates PCI compliance• Offloads suspicious files to cloud sandbox for analysis
• Wireless/security log filtering and drill-down capabilities• Built-in FortiView forensics for app/web/threat usage stats• Includes pre-defined PDF reports with chart visualizations
6
FortiCloud: How It Works
Logging enabled by default(no user traffic – logs only)
All devices managed directly AP networks can be grouped
Challenge: Setting up a cost-effective, highly available logging and management infrastructure for security and wireless devices
FortiWiFis(Firewalls with Wireless)
FortiAPs can be grouped and configured as logical units
and locations
Device settings can be managed directly from the FortiCloud
hosted management console
FortiGates(Firewalls)
FortiCloud
FortiAPs(Access Points)
CONFIG
CON
FIG
CONFIG
LOG
S
LOGS
LOGS
Application and security logs are sent to FortiCloud
7
Provisioning with FortiCloud
Enterprise HQ
Branch Offices(or Retail Stores)
FortiManager
FGT-111
FGT-222
FWF-333
FWF-444
IT admin logs into FortiCloud, enters
bulk FortiCloud key and configures FortiManager IP to assign as devices come online
Deployed devices “phone home” to
FortiCloud and are assigned the specified
FortiManager IP
IT admin
FortiCloud
Now that devices are being managed, IT admin can
push firewall policies and configurations down to
FortiGates/FortiAPs directly
Challenge: Deploying security/wireless infrastructure at remote locations (with limited on-site expertise) while centrally managing configuration/reporting functions
8
Cloud-based Sandboxing with FortiCloud
Challenge: Detecting unknown malware and/or zero-day attacks & preventing them from compromising your network (ultimately culminating in data exfiltration)
FortiCloud
Enterprise HQ IT admin
FortiGuard Labs
FortiGate detects a suspicious file with an unknown payload
Copy of file is sent to FortiCloud for further
inspection and is executed in a sandboxed environment
Branch OfficeFirewall If further analysis is required,
file is sent to FortiGuard Labs for deconstruction and
signature creation
Any new FortiGate protection updates are now available to
FortiGuard subscribers worldwide
IT administrator can view FortiCloud management UI at any time for an updated
determination status
9
Hosted Management with FortiCloud
Minimize your capital investment: FortiCloud hosted management takes the worry out of deployment, log storage and on-site expertise without compromising security or ease of use
Control your wired OR wireless network simply: Single pane of glass management utilizing a SaaS model makes it painless to manage devices of any type whether they’re firewalls, access points or somewhere in between
Challenge: Upfront investments in management solutions can be costly and may only manage specific devices
10
Network Visibility with FortiCloud
Immediate network analysis: Utilizing a dashboard interface, IT administrators can get an instantaneous snapshot of the health and activity of their overall network usage
Incident management made easy: Inspect risks to your network with FortiView to assist with threat prevention and oversight of application usage
Challenge: Advanced analytics and risk analysis are typically features out of reach for smaller businesses and can be costly add-ons for larger enterprises
11
Managed Wireless with FortiCloud
Wireless at your fingertips: Quickly determine wireless health, discover access point locations and modify AP device settings with a hosted FortiCloud cloud-based interface – all with no additional fees
Challenge: Cloud managed wireless typically invokes a limited feature set for an exorbitant subscription fee per device
12
Wireless PCI Compliance with FortiCloud
Challenge: All point of sale and credit card transactions mandate strict security standards (especially using wireless), but ensuring all of the infrastructure pieces deliver on this objective can be trying
Out of the box PCI compliance: FortiCloud with FortiAP provides rogue AP detection, WIDS and scheduled reporting – all key tenets of PCI
13
FortiCloud Free vs. Subscription
Capability FortiCloud Free FortiCloud Subscription
Firewall Interoperability P PWireless AP Interoperability P PDevice Logging P PDevice Management P P
Device ProvisioningBuilt-in support,
FortiDeploy purchase required for devices
Built-in support, FortiDeploy purchase required for devices
Device Reporting PMax Storage (per Device) 1 GB 200GBDaily Limit on Log Storage(per Device) 100 MB Unlimited
Generate Reports P PSchedule Reports X PCustomize Reports X P
14
Use Case: Small Business (Security Management)
Small, boutique handcrafted jewelry business with three stores
IT infrastructure managed by contractor Previously purchased FortiGates, but
couldn’t afford upfront cost of FortiManager
Organization and Challenge
Why We Won
What They Bought
FortiCloud service filled a substantive management need and was an OPEX cost
External IT contractor just wanted a simple, consolidated management console
Potential to utilize on-premise FortiManager if fledgling business continues to grow and additional features are necessary
FortiCloud (200GB subscription), FortiGates
FortiCloud
Boutique A
External IT Contractor
Boutique B
Boutique C
15
Use Case: Distributed Enterprise (Wireless Management)
One of the top shoe retailers in the world with 4,000+ stores throughout the Americas
Retailer wished to consolidate vendor relationships and present a wireless enabled showcase which stores could replicate and roll out
Organization and Challenge
Why We Won
What They Bought
FortiCloud’s provisioning capabilities for both wired and wireless devices
Consolidated, single pane of glass management capabilities
Breadth of complementary solution set
FortiCloud (FortiDeploy), FortiAPs, FortiWiFis, FortiGates, FortiManager & FortiAnalyzer
Deployment Team
4,000+ Retail Locations
Security Operations
Team
Corporate HQ
FortiCloud
16
FortiCloud and FortiDeploy Licensing
Extending Storage with FortiCloud DevicesBundling Instructions❶ Purchase quantity of licenses equal to number of
managed devices
Example PO: Based on 3 managed FGTs
Qty SKU Description
3 FC-10-90801-131-02-12 1-year FortiCloud… (activate with reseller contract on support.fortinet.com)Note: FortiCloud licenses are only necessary when
customers want to increase their monthly storage per device from 1 GB to 200 GB/year
Bundling FortiDeploy with DevicesBundling Instructions❶ Add as many FortiGates, FortiWifis or FortiAPs to the
purchase order as needed
❷ Add the FortiDeploy SKU to the same PO
Example PO: Based on 20 FortiAPs
Qty SKU Description
20 FAP-221C-A Indoor wireless AP…
20 FC-10-P0225-311-02-DD 8x5 FortiCare Contract
1 FDP-SINGLE-USE Enables zero touch bulk provisioning…
Note: There is a nominal cost associated with FortiDeploy, so make sure that all
FortiGates/FortiWiFis/FortiAPs are on the same PO if possible
17
Comparing FortiCloud with FortiAnalyzer
Capability FortiCloud FortiAnalyzer
Per device licensing Free, subscription optional
Max device limit by models (up to 10,000)
Form factor Cloud-based SaaS Hardware or VMGranular admin access profiles Limited PSupports external authentication for admin access X P
Disk quota1GB per device with valid
FortiCare, additional storage contract allows
200GB per device
Variable; quotas can be assigned to each device
based on available storage
Advanced report configuration Yes, with subscription P
Centralized logging Real-time and batch uploads
Real-time and batch uploads
Cloud-based sandboxing P X
18
Comparing FortiCloud with FortiManager
Capability FortiCloud FortiManager
Per device licensing Free, subscription optional
Max device limit by models (up to 10,000)
Zero touch provisioning PIntegrated with FortiCloud,
but not possible via FortiManager itself
Form factor Cloud-based SaaS Hardware or VMGranular admin access profiles Limited PMulti-tenancy capabilities X PSupports external authentication for admin access X P
FortiGuard proxy (FDS) capabilities X PDevice firmware updates Limited P
Configuration management Limited, per device only Full provisioning profiles & multi-device management
Security policy management Remote access to device UI only
Integrated multi-device object library/policies
Exposed APIs for automation and customization X P
19
Contattaci gratuitamente…
In questi anni di partnership con la casa madre, Lan & Wan Solutions ha ottenuto tutte le specializzazioni previste nei vari iter di certificazione, raggiungendo la qualifica di Partner Of Excellence.
Certified experts in Fortimail and email security
Certified experts in Fortiweb and web application firewall protection
Certified experts in FortiAp, FortiWifi and wireless security
ContactsTel. +39 049 8843198 DIGIT (5)[email protected]
www.lanewan.it