Fortinet-飞塔防病毒解决方案白皮书

FortiGate® -30-100 系列适合中小企业和远程办公 Datasheet 技术规格全面的网络和内容层安全解决方案企业内的混合式攻击网络安全攻击会造成企业商务的崩溃。

知识资产、收益、客户和企业信息以及其他的重要的关键资源都是攻击的目标。

随着大企业强化了网络安全，攻击的主要目标转向中小企业。

SOHO类的企业往往缺乏专业的人才和强大的体系来防御这些高精尖的攻击，同样远程和分支机构(ROBO)也普遍缺乏经验处理复杂的安全问题。

单一功能的安全产品不足以防御采用了多种手段的混合式攻击。

Fortinet公司的FortiGate系列产品把多种安全功能集成在一个平台上，能够有效地防御应用类的基于网络的攻击。

高性价比的网络安全平台FortiGate 安全平台是基于Fortinet公司的FortiASIC™ 内容处理器技术提供的一整套综合性实时安全解决方案。

涵盖了防火墙、IPSec和SSL VPN、入侵检测防御、Web内容过滤、反垃圾邮件、防病毒、反间谍件、IM和P2P 控制、DLP数据弱点管理、广域网优化以及集成的流量管理功能。

FortiGate能在保证很高的网络性能情况下提供综合安全功能，为当前的企业用户和分支办公室提供了最高性价比的安全防御平台。

全系列产品都可以实现HA功能。

它可以支持透明模式和路由模式，部分型号硬件支持交换接口和Modem接口，集成了WiFi功能和预留了支持3G/UMTS Modem的PC卡插槽。

此外，Fortinet采用的是基于设备的许可证方式，对于SOHO和ROBO企业而言，是经济有效的。

特点和益处中小企业所面临着最主要的安全问题是，如何利用有限的资源处理复杂的网络和内容层的攻击。

多合一的UTM产品能够在更高的性价比上实现多层的防御体系。

不同厂家提供的单一功能的解决方案往往过于昂贵和复杂UTM安全解决方案提供了全套的防御体系，实现单一的管理界面WiFi技术往往带来了内部攻击的危险内置的WiFi无线技术实现了在无线的层面上的安全防御SOX和PCI条例要求更为强大的日志和报表UTM能够提供多种功能，其日志和报表功能尤为丰富。

WHITE PAPERFigure 1: When deployed as part of the Fortinet Security Fabric, FortiClient can take advantage of threat-intelligence sharing to expand network visibility, detect attacks in real time, and coordinate threat response.Integrated Endpoint and Network Security Open Ecosystem Array A critical starting point to integrating endpoint and network security is an integrated, openecosystem of security solutions. Woven together to scale and adapt as business demandschange, the Security Fabric enables companies to address the full spectrum of challengesacross the expanding attack surface. Accordingly, part of the Fortinet Security Fabric,FortiClient works alongside common antivirus (AV) and endpoint detection and response (EDR)solutions. For example, users of Microsoft Windows Defender can augment their endpointprotection with FortiClient capabilities such as sandbox integration and VPN support.Endpoint Visibility and ManagementFortiClient integrates endpoint and network security, providing seamless visibility andcontrol across and between all endpoints, enforcing conditional access, and deliveringautomated threat response. It provides end-to-end visibility for both hosts and endpointdevices to help organizations harden endpoints and boost their security posture.Specifically, FortiClient simplifies endpoint management by centralizing key security tasks,identifying vulnerabilities, and correlating events to improve incident reporting. Followingare the ways FortiClient integrates endpoint and network security to provide transparentvisibility and management:Telemetry-based risk awarenessFortiClient establishes risk awareness by sharing real-time endpoint telemetry with networksecurity through the Fortinet Security Fabric. As part of this process, FortiAnalyzer collectslogs from FortiClient and other network components and incorporates global threatintelligence from FortiGuard Labs into a single pane of glass.Vulnerability managementFortiClient includes vulnerability scanning that allows IT infrastructure teams to discover andprioritize unpatched vulnerabilities. FortiClient also creates an applications inventory. Thisnot only provides visibility into software license utilization but also helps identify potentiallyunwanted applications and outdated applications for which patching support may not beavailable. All of this results in a reduced endpoint attack surface.Centralized provisioning and monitoringFortiClient allows IT infrastructure teams to deploy endpoint security software and performcontrolled upgrades to thousands of clients in just minutes, avoiding the time drain associated with manual deployment and minimizing human error. This seamless process is aided by FortiClient API integration with Microsoft Active Directory.Alert verificationIntegration between FortiClient and other security elements across the Security Fabric enables cross-referencing of events with network traffic. This feature helps to verify and triage alerts, enhancing the “signal-to-noise” ratio for incident reporting. As a result, IT infrastructure teams spend less time investigating false positives and are able to focus on identifying actual threats more accurately.Proactive risk managementOrganizations can augment their FortiClient endpoint security with an optional subscription to the FortiGuard Security Rating Service. The Security Rating Service helps IT infrastructure leaders improve their security in measurable ways and report their risk posture to executive management, boards of directors, and auditors. The Security Rating Service helps organizations understand where they stand in relation to peer organizations and accepted standards and provides actionable insights that IT infrastructure leaders can take to improve theorganization’s risk posture.Secure Remote AccessFortiClient offers IT infrastructure teams a powerful toolset for securing access by remote users, including conditional access empowered through endpoint and network integration and streamlined virtual private network (VPN 0 access) (Figure 2).Figure 2: FortiClient supports both IPsec and SSL VPN connections to provide secure remote access to remote users and branch offices.The FortiClient console allows administrators to provision VPN configurations and endpoint users to set up new VPN connections, saving time and reducing configuration errors.Conditional access empowered through endpoint and network integrationLeveraging conditional access capabilities in FortiClient, the IT infrastructure team is able to control endpoint access dynamically through virtual groups to determine access rights. Thus, as an example, only users in a finance group can retrieve information from the organization’s financial database. Yet, users in sales or engineering groups are unable to do so. Accordingly, FortiGate next-generation firewalls (NGFWs) retrieve and use FortiClient virtual groups to create firewall policies that enforce conditional access. This process is automatable since FortiGate NGFWs and FortiClient are integrated within the Security Fabric.Security enforcement also extends beyond virtual group access by automating conditional access: If an endpoint is out of compliance according to a preset condition (e.g., the device lacks a critical iOS or Android patch for a specified timeframe), FortiClient will assignthe user to a security-risk virtual group. By virtue of this designation, FortiGate NGFWs deny access to all resources except for internet connectivity. Once a user installs the required patch, FortiClient removes the user from the security-risk group, thereby restoring previous access rights.Streamlined VPN accessSecure sockets layer (SSL)/transport layer security (TLS) and IPsec VPN features inFortiClient provide secure and reliable access to corporate networks and applicationsfrom virtually any internet-connected remote location. FortiClient simplifies the remoteuser experience with built-in auto-connect and always-up VPN capability. Integration withFortiAuthenticator allows network teams to add two-factor authentication for additionalaccess security. In addition, FortiClient integrates with Microsoft Active Directory to facilitateauthentication and VPN logins using Active Directory credentials.Proactive Threat Response FortiClient leverages machine learning (ML)-based anti-malware, exploit prevention, web filtering, and sandbox integration to proactively protect endpoint devices. Here, FortiClient shares real-time threat intelligence across and between all endpoints and network securitycomponents to enable enterprisewide protection, regardless of where the threat is firstdiscovered. Threat-intelligence sharing facilitates automated responses, containingoutbreaks in near real time—thereby reducing time to containment and resolution.Automated remediationFortiClient automatically quarantines suspect devices to limit the spread of infection toother parts of the network. It also supports automatic patching for software applications andoperating systems, even when the endpoint is offline. These features help IT infrastructureleaders to ensure compliance with increasingly strict data privacy standards and industryregulations.Web filteringFortiClient delivers web security, web content filtering, and granular Software-as-a-Service(SaaS) control. In this case, it monitors browser and web application activity and enforcespolicies. FortiClient web filtering supports a variety of user devices, including Windows, Mac,iOS, Android, and Chromebook. Additionally, with FortiClient, IT infrastructure teams can seta consistent policy for devices when they are on and off the network. This enables them toavoid the time and expense needed to deploy and manage a third-party web filtering solutionor web proxy tools.Sandbox integrationFortiClient submits unknown or suspicious objects to FortiSandbox for detailed analysis.Once FortiSandbox identifies the threat, it notifies all FortiClient-protected endpoints andother security elements within the Security Fabric (Figure 3). This proactive approachallows IT infrastructure leaders to pinpoint and block unknown and zero-day threatsquickly and easily. ConclusionFortiClient facilitates deep integration between endpoint security and network security, especially when deployed as part of the FortinetSecurity Fabric. This integration strengthens not only endpoint security but also network security. At the same time, automation of endpoint security workflows and threat-intelligence sharing enables IT infrastructure leaders to streamline operations. This helps them deal with the cybersecurity skills shortage.65Copyright © 2019 Fortinet, Inc. All rights reserved. Fortinet , FortiGate , FortiCare and FortiGuard , and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common lawtrademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be October 18, 2019 12:47 AM In addition to the above, FortiClient gives IT infrastructure teams end-to-end risk visibility based on threat-intelligence sharing and full control of security policies and responses. At the same time, it offers flexible, powerful remote access security with conditional admission and VPN support. Finally, FortiClient delivers proactive threat response with integrated, automated remediation, sandbox integration, web filtering, and interoperability with common AV and EDR solutions.Figure 3: By integrating with the Security Fabric, FortiClient automates the process of quarantining suspicious or compromised endpoints.1James Hasty, et al., “Advanced Endpoint Protection Test Report ,” NSS Labs, March 5, 2019. 2“Security Value Map: Advanced Endpoint Protection (AEP),” NSS Labs, March 2019. 3Jim Parise, “Heads Up: Cybercriminals Are Businesspeople ,” CFO, August 2, 2019.4Dionisio Zumerle, “The Long-Term Evolution of Endpoints Will Reshape Enterprise Security ,” Gartner, May 1, 2019.5“Empower Security Analysts Through Guided EDR Investigation: Bridging The Gap Between Detection And Response ,” Forrester, May 2019.6 Navanwita Sachdev, “The many motives of hackers and how much your data is worth to them ,” The Sociable, July 1, 2019.。

美国FORTINET 公司系列产品技术手册V4.0版2004年7月北京办事处地址:北京市海淀区中关村南大街２号数码大厦Ｂ座９０３室　邮编１０００８６　电话：（010）8251 2622 传真：（010）8251 2630网站：Fortinet 内部资料2004年目 录1． 公司介绍.................................................................................................................................................................4 1.1 公司背景............................................................................................................................................................4 1.2 产品简介............................................................................................................................................................4 1.3 关键技术............................................................................................................................................................4 1.4 总裁介绍............................................................................................................................................................5 1.5 业务范围 (5)2. 产品系列介绍 (6)2.1 F ORTI G ATE -50A................................................................................................................................................7 2.2 F ORTI G ATE -60...................................................................................................................................................7 2.3 F ORTI G ATE -100.................................................................................................................................................7 2.4 F ORTI G ATE -200.................................................................................................................................................8 2.5 F ORTI G ATE -300.................................................................................................................................................8 2.6 F ORTI G ATE -400.................................................................................................................................................9 2.7 F ORTI G ATE -500.................................................................................................................................................9 2.8 F ORTI G ATE -800...............................................................................................................................................10 2.9 F ORTI G ATE -1000............................................................................................................................................10 2.10 F ORTI G ATE -3000............................................................................................................................................10 2.11 F ORTI G ATE -3600............................................................................................................................................11 2.12 F ORTI G ATE -4000............................................................................................................................................12 2.13 F ORTI G ATE -5000............................................................................................................................................13 2.14 F ORTI M ANAGER 系统. (13)3. 产品功能和特点 (14)3.1 病毒防火墙新理念........................................................................................................................................14 3.2 F ORTI G ATE 系列.............................................................................................................................................14 3.3 基于网络的防病毒........................................................................................................................................15 3.4 分区域安全管理的特色...............................................................................................................................15 3.5 VPN 功能..........................................................................................................................................................15 3.6 防火墙功能.....................................................................................................................................................16 3.7 独特的内容过滤.............................................................................................................................................16 3.8 基于网络IDS 的/IDP 功能.............................................................................................................................16 3.9 VPN 远程客户端软件....................................................................................................................................17 3.10F ORTI ASIC F 技术和ORTI OS 操作系统 (17)3.10.1 高性能并行处理................................................................................................17 3.10.2 实时体系结构...................................................................................................17 3.10.3 实时内容级智能................................................................................................17 3.10.4 提供分区间安全的虚拟系统支撑.......................................................................18 3.10.5 高可用性(HA)...................................................................................................18 3.11 F ORTI G ATE 提供整体解决方案. (18)4.FORTIGATE 防火墙典型应用方案..................................................................................................................19 4.1 中小型企业防火墙应用...............................................................................................................................19 4.2 中大型企业防火墙应用...............................................................................................................................20 4.3 分布型企业防火墙应用...............................................................................................................................21 4.4 校园网安全部署应用....................................................................................................................................22 5. 销售许可证和认证证书. (23)5.1 公安部硬件防火墙销售许可证..................................................................................................................23 5.2公安部病毒防火墙销售许可证 (23)5.3中国信息安全产品测评认证中心 (24)5.4计算机世界推荐产品奖 (24)5.5中国 (24)5.6ICSA认证证书 (25)5.7在美国获奖 (26)6.技术支持方式 (27)6.1北京办事处技术支持 (27)6.1.1 技术支持、售后服务及人员培训 (27)6.1.2 服务组织结构 (27)6.1.3 技术咨询和培训 (27)6.2F ORTI P ROTECT防护服务中心 (27)6.3F ORT P ROTECT安全防护小组 (28)6.4F ORTI P ROTECT推进式网络 (28)7.说明 (29)7.1附件：公司与产品介绍资料 (29)7.2联系我们 (29)Fortinet 内部资料2004年1．公司介绍1.1 公司背景美国Fortinet(飞塔)公司是新一代的网络安全设备的技术引领厂家。

Fortinet技术白皮书Version 5.02006.03目录1．公司介绍 (5)2．产品定位 (5)2.1产品理念 (5)2.2产品概述 (6)2.3系统结构 (6)3．功能列表 (7)4．FORTIGATE系列性能 (9)4.1F ORTI G A TE-50A (9)4.2F ORTI G A TE-60 (9)4.3F ORTI W I F I-60 (10)4.4F ORTI G A TE-100 (10)4.5F ORTI G A TE-100A (10)4.6F ORTI G A TE-200 (11)4.7F ORTI G A TE-200A (11)4.8F ORTI G A TE-300 (11)4.9F ORTI G A TE-300A (12)4.10F ORTI G ATE-400 (12)4.11F ORTI G ATE-400A (13)4.12F ORTI G ATE-500 (13)4.13F ORTI G ATE-500A (13)4.14F ORTI G ATE-800 (14)4.15F ORTI G ATE-800F (14)4.16F ORTI G ATE-1000A/FA2 (15)4.17F ORTI G ATE-3000 (15)4.18F ORTI G ATE-3600 (16)4.19F ORTI G ATE-5020 (16)4.20F ORTI G ATE-5050 (17)4.21F ORTI G ATE-5140 (17)4．其他产品 (19)4.1F ORTI M ANAGER－集中安全管理平台 (19)4.2F ORTI C LIENT－主机安全软件 (19)4.3F ORTI A NALYZER－集中日志报告系统 (19)4.4F ROTI R EPORTER －安全分析报告软件 (19)4.5F ORTI M AIL －高性能邮件安全平台 (19)5．FORTIGUARD 安全服务系统 (21)5.1F ORTI P ROTECT －全球安全防护服务体系 (21)5.3F ORTI G UARD入侵检测和防御服务 (21)5.4F ORTI G UARD W EB内容过滤服务 (21)5.5F ORTI G UARD反垃圾邮件服务 (21)6. FORTINET产品特色 (21)6.1F ORTINET提供了网络安全的整体解决方案 (21)6.2F ORTINET产品技术领先 (22)6.3F ORTINET产品功能齐全 (22)6.4F ORTINET产品线完善 (22)6.5F ORTI G A TE产品应用面广适合各种领域 (22)6.6F ORTINET设计的ASIC独特 (22)6.7F ORTI G A TE作为防病毒网关产品支持多种I NTERNET协议 (22)6.8F ORTI G A TE支持中文管理界面 (22)6.9F ORTINET有高端产品适合运营服务供应商应用 (23)6.10F ORTINET服务体系完善 (23)6.11F ORTI G ATE产品性价比高 (23)6.12F ORTINET产品可以为企业带来良好的投资回报率 (23)6.13F ORTINET产品在中国得到广泛应用 (23)6.14F ORTINET获得多项国家权威机构论证证书和销售许可证 (23)6.15F ORTINET产品在中国业界获得多项奖项 (23)7．竞争分析 (25)1.F ORTI G ATE作为防火墙产品与其它同类产品相比优势突出 (25)2.F ORTINET在网络安全市场上竞争对手甚少 (25)3．F ORTINET公司引领统一威胁管理市场潮流 (25)4．市场需要UTM的理由 (25)8. 销售许可 (26)9．典型应用 (27)9.1中小型企业防火墙应用 (27)9.2中大型企业防火墙应用 (28)9.3分布型企业防火墙应用 (28)9.4校园网络安全部署应用 (29)10．成功案例 (30)10.1应用案例1 (30)10.2应用案例2 (30)10.3应用案例3 (31)10.4应用案例4 (32)10.5应用案例5 (32)10.6应用案例6 (33)10.7应用案例7 (34)11．核心技术 (37)11.1技术要点 (37)11.2病毒防火墙新理念 (37)11.3基于网络的IDP功能 (37)11.4集成VPN的安全网关 (37)11.5ASIC加速和实时操作系统 (37)11.6独特的内容过滤 (38)11.7动态威胁防御系统 (38)11.8分区域安全管理 (38)12．技术支持 (39)1．公司介绍美国Fortinet(飞塔)公司是新一代网络安全防御技术的前锋，引导着网络信息安全发展的潮流。