Network security systems

SOLTI solutions guarantee:

protection of the network infrastructure with the most modern technologies;
provide connection of geographically distributed networks using secure VPN channels, uniting the organization’s networks into a single network infrastructure;
confidentiality of transmitted data;
secure exchange of information between all participants in business processes (remote branches, employees, partners, clients).

Unified threat Management is the base of today's

threat defense trends

With the increase in the number of new threats, there is a need for additional protection tools – intrusion detection and prevention systems, application control, web filtering, antispam, etc.

The approach to protecting against these threats differs depending on the size of the enterprise. Not all enterprises can afford a complex IT security infrastructure and a large staff of certified engineers, but nevertheless, they need solutions similar in functionality, but at an affordable cost. This is made possible by the use of Unified threat management (UTM).

Structurally, such devices are usually connected in the form of a gateway through which all traffic passes when working with the Internet and provide protection against most external threats, both for individual computers and for the local network as a whole.

Such devices play an ever-increasing key role in the modern network security market because they combine many services to protect against various network attacks – on the principle of “all in one”, while at the same time having the ability to quickly deploy, easily scale and adapt to the needs of enterprises.

SOLTI recommends Fortinet solutions

Fortinet (USA) is a leading developer of integrated software and hardware solutions in the field of network security and a leading supplier of integrated security devices (Unified Threat Management – UTM).

Fortinet’s subscription solutions and services provide a broad range of integrated high-speed protections against dynamic security threats and include multiple layers of protection: firewall, anti-virus, anti-intrusion, VPN, anti-spyware, and anti-spam. They are implemented on specialized ASICs, have a unified interface, and can provide security with scalability from basic tools in remote offices to chassis solutions with integrated management and reporting tools.

Features of systems of complex

Unified Threat Management

Ease of installation and security configuration: UTM solutions are supplied with a set of default settings preinstalled by the manufacturer to provide an appropriate level of security.

Ease of service and administration UTM: due to the absence of the problem of compatibility of different solutions with each other.

Traffic analysis takes place on a separate device, which relieves the load from the server and workstations and allows employees to work without interrupting when various threats are detected.

Significantly lower acquisition and maintenance cost of UTM, compared to a set of software of the same functionality from several manufacturers.

Product benefits

UTM Fortinet

Benefits of Fortinet’s UTM products for detecting various types of threats at high data rates and providing reliable protection for networks, data and applications:

Increasing the protection of the local network of the enterprise and reducing the cost of its maintenance. Achieved through integration within one UTM device to ensure the security of a large number of different components: firewall, intrusion detection and prevention system (IDS / IPS), antivirus, VPN technology (Virtual Private Network), anti-spam, web filtering, DLP systems, application control, and various tools to optimize and protect traffic.
Increase the speed of processing and scanning network traffic. To increase the performance of UTM devices, the Fortinet System-on-a-Chip architecture is used, which allows to combine traditional multi-core processes and specialized coprocessors on a single chip.
Timely response to new threats. FortiGuard subscription services include subscription updates for antivirus, IPS, antispam, and web filtering. These services allow you to organize protection, both at the network level and at the application level. New updates are automatically downloaded to UTM devices via the Fortinet Distribution Network with an anti-virus database update frequency of 1 hour. Also, the update can be carried out manually (“push updates”) at any time.

FortiGate is a multifunctional hardware and software network security complex

FortiGate firewalls, in addition to the necessary security features, also have networking capabilities for both traffic routing and wireless connections — one device for a small office that provides both network connectivity and security. Ideal for companies with retail outlets or small offices.

Management and monitoring can be carried out via the WEB-interface, CLI (ssh, telnet), console, and centralized management – using the FortiManager device. Provides role-based management of several administrators, differentiation of access rights, use of VDOM to manage virtual devices. The device supports syslog, SNMP protocols, can inform about events by e-mail. Collection, logging and reporting of network events is tightly integrated with FortiAnalyzer.

FortiGate devices run the FortiOS operating system. All information about the operation of the device can be obtained through the CLI console, the web console, or the FortiManager device.

In addition to the hardware design, the FortiGate platform is presented as a Virtual Application – FortiGate-VM. FortiGate Virtual Appliances is designed to protect virtual infrastructure built on VMware solutions. The FortiGate-VM includes a complete set of security features for traditional FortiGate devices.

All FortiGate functions

Stateful Firewall – the firewall monitors and filters all packets passing through it based on flexible security policies, you can configure policies for the entire local network as a whole, and for each of its segments or a specific user;
VPN concentrator with IPSec, SSL, L2TP, PPTP functions and support for DES, 3DES and AES encryption algorithms;
IPS – an intrusion detection and prevention system based on its own FortiGuard Intrusion Prevention Service – continuous monitoring of all network activity to detect unauthorized access to the network and blocking it, conducts signature analysis of traffic, tracking and analysis of traffic anomalies, and automatic signature updates;
AntiVirus – antivirus protection allows real-time scanning for viruses and malicious code: web traffic (HTTP, HTTPS), FTP, email (SMTP, POP3, IMAP), instant messaging protocols (ICQ, AIM, MSN, Yahoo and others), P2P, News Transfer Protocol (NNTP) Antivirus signatures are updated automatically from Fortinet servers (there is a PUSH mechanism for notifying about new signatures). There is a search engine for unknown viruses;
AntiSpam – checks e-mail (SMTP, POP3, IMAP) for SPAM, generates “white” and “black” lists of IP addresses and e-mail addresses of senders and recipients. Information leakage prevention (list of prohibited phrases). Checking the sender’s reputation in the Fortinet Global Reputation Database. Signature analysis of correspondence;
WEB content filtering – ensuring the corporate policy of using the Internet by the company’s users (site analytics using the global database of classification and reputation of Internet sites FortiGuard Web Filtering service), checking the headers and content of WEB traffic, managing Java applets, ActiveX components, Cookies;
Application control – application control checks traffic for specified applications: instant messaging systems (ICQ, AIM, MSN, Yahoo), P2P protocols, Voice over IP protocols (H.323, SIP, SCCP). In this case, control is carried out regardless of the ports used;
Traffic shaping – the device has the functions of controlling the traffic flow and limiting the downloaded information (guarantee / limiting / prioritizing bandwidth);
User authentication – the device supports the functionality of user authentication before providing network services. Supported by a local user base, interaction with external authentication systems via LDAP, RADIUS, TACACS +. If there are user authentication servers in the infrastructure (such as a Windows Active Directory domain controller and Novell eDirectory), using Fortinet Single Sign-On technology, FortiGate has the ability to perform one-time user authentication when they access corporate network resources and / or the Internet ( for example, application server, differentiation of access to Internet resources);
NAT and load balancing – advanced address translation functions are supported (dynamic and static NAT, policy-based NAT, SIP / H.323 NAT-Traversal), there are also load balancing functions between several servers, load balancing between several ISPs with different mechanisms;
Routing – the device supports static, dynamic routing (RIP, OSPF, BGP), policy-based routing, as well as routing of multicast traffic;
Protection profile – allows you to assign (enable) a set of security services individually for each type of traffic or user on the network;
VDOM (Virtual Domain) – virtual domains. Allows to create several virtual devices based on one physical device with independent management, security policies, routing tables for each. 10 VDOM licenses are activated in the basic delivery, the number of licenses can be expanded;
HA (high availability) – a mode of joint operation of two devices to increase network resiliency. Active / Active, Active / Passive, VRRP modes are supported;
IPv6 – the product supports the IPv6 protocol;
VLAN – VLAN 802.1q are supported;
3G – the device works with external 3G or CDMA modems in USB form factor.

Need a consultation?

Call +38 (057) 765-84-00 or leave your number / mail. We will contact you

Certificates

SOLTI — Fortinet Bronze + Partner

Fortinet Certified Network Security Administrator (FCNSA)

Fortinet Certified Network Security Professional (FCNSP)

Подробнее