Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Cristian Ulrich
Ingeniero Sr, de Desarrollo de Negocios
para Telcos y Proveedores de Servicios
en America Latina
culrich@fortinet.com
Nov, 2022
Agenda
3 Despliegue y Demo
4 Herramientas adicionales
Principales desafíos
IaaS
DC1 DC2
SaaS
✓ Conectar usuarios con usuarios
Public Cloud
Applications
✓ Funciones de seguridad integradas
HQ Branch
Datacenter Office
Security-Driven Cloud
Networking Security
Access &
Endpoint
Security
FortiGuard
Threat
empresarial y mejorar
la experiencia de
usuario en cualquier Secure
Networking
Open
Ecosystem
perímetro
Network Security
SIEM / SIEM /
SOAR SOAR
DLP EASM DLP EASM
EPP EPP
SIEM WAF WAF
EDR EDR
Cloud
ASIC/Appliance
FortiGate VM
Public /
Private
Cloud
Data Center
FortiAP FortiGate Edge
FortiGate HW
empresarial Internet
LAN
Multi-Cloud
Internet
Branch Office
Private Cloud
Branch Office
MPLS
ISP1 Internet
Private Cloud
Branch Office
Internet
LAN
Branch Office
Internet
Private Cloud
Internet
LAN
Multi-Cloud
Private Cloud
Internet
Provisioning Threat SIEM & Fabric
Server Intelligence Analytics Management
Center Branch Office
ADVPN
Shortcut
MPLS
FortiGuard
Enterprise class security
services across the kill chain (Industry-leading
Threat Intelligence)
3. Dispositivos de acceso
LAN
FortiAP
Large portfolio of access points including WiFi6
capability
FortiSwitch
Large portfolio of LAN switches to extend the reach of
the FortiGate
2. Plataforma Centralizada
© Fortinet Inc. All Rights Reserved. 15
Diseño y dimensionamiento
de la solución SD-WAN
segura
Elementos Principales
CPE de Perimetro
FortiGuard
Routing
SSL Inspection
✓ Amplia selección de opciones de
SECURITY
WAN
Remediation
conectividad, la mejor para cada sitio
QoS VPN ✓ Inteligencia distribuida
Web Filtering
Fortigate ✓ Mediciones de salud
SD-WAN
✓ Protocolos dinámicos
SD-Branch
AntiMalware
✓ Desarrollado por FortiGuard
IPS
6 7 9
2 4 7
1 4
2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016.. 2019 2020
01 Oct 2019
FGT 60F
Integrando SD-WAN
03 July 2020
FGT 80F
Múltiples factores de forma,
05
con el NGFW mas incluidas las interfaces de
vendido de la industria bypass
Múltiples variantes
para cada
implementación Built-in LTE Built-in Wireless Built-in POE Built-in Bypass
IPsec VPN 6.5Gbps 0.8Gbps 8x 0.1Gbps 1.3Gbps 0.2Gbps 1.5 Gbps 900 Mbps
IPsec GW to GW
tunnels
200 537 - - - 50 - 20
Threat
prevention
0.70Gbps 0.38Gbps 2x 0.15Gbps 0.45Gbps 0.3Gbps 400 Mbps 600 Mbps
SSL Inspection
0.75Gbps 0.14Gbps 5x 0.065Gbps - - 170 Mbps 180 Mbps
Concurrent
Sessions
700,000 80,000 9x 64,000 500,000 - - 125,000
Connections per
second
35,000 8,000 4x 4,200 14,000 NA - 6,000
1. Security Compute Rating: Benchmark (performance multiplier) that compares FortiGate NGFW performance vs the industry average of competing products across various categories that fall within the same price band
Storage Storage
WAN VPN Throughput 11.5 Gbps WAN VPN Throughput 13 Gbps
Application Control Throughput: 2.2 Gbps Application Control Throughput: 13 Gbps
Customer
Premises
Customer A Customer B
SOC Based
CPU CPU
CPU
Content Processor Nx Nx Nx
Blades
Network Processor CPU Content Processor
Policy Engine Automation Engine Logging & Reporting Monitoring & HA Orchestration API Connectors
WAN Interface
Controller
4G/5G
Security
Identity
LAN & Device Controllers
WiFi
Web San SSL
Authentication AV IPS Botnet URL IoT OT IPAM
security Inspection
Token DSL
SAML Content Processor Accelerated
Switch
Networking
WAN Path
Controller
Network
Security
Endpoint
Firewall Segmentation VPN SSL VPN DDoS CAPWAP Switching
Routing CGNAT Proxy
(VXLAN)
SD-WAN
NAC Network Processor Accelerated Network Processor Accelerated
Abstraction layer
NP + CP
© Fortinet Inc. All Rights Reserved. 26
Licenciamiento para FortiGate
Appliance Virtual
SD-WAN no requiere licencia ni subscripcion Machine
Cloud
1 2 3
Hardware or Base License FortiCare (Support) FortiGuard Subscription
Advanced
Web and Security
Malware IPS
Permanent FortiCare (1,3,5 year) Video Filter
Protection
Rating
Virtual
Subscription
Included with the Security Bundles
subscription
FortiConverter Service ●
ADOM A ADOM B
MSSP Premises
or Public Cloud
1 HW or Licensed Resource
2
FortiCare (Support)
(Device / VDOM)
HW Based
Permanent
Virtual
1 HW or Licensed Resource
2
FortiCare (Support)
(GB/Day and GB Storage)
HW Based
Permanent
Virtual
• A medida que crece el número de sitios, puede ser razonable definir varias regiones.
• Cada región es un bloque independiente Hub-and-Spoke (como se describio hasta ahora)
• Las regiones están interconectadas por túneles Hub-to-Hub con EBGP para el intercambio de rutas
• Opcionalmente, se puede habilitar ADVPN interregional, lo que permite accesos directos entre spokes de diferentes
regiones
INET
MPLS
Optional
FortiExtender
▪ Comercialmente, se cotizaba de
acuerdo con el precio de la
competencia sin entender las
necesidades reales del cliente.
▪ “Precio primero…”
FortiGate-40F FortiGate-60F
Max Number of
38 50 30 34 30 38 60
Days Analytics
2x GE RJ45, 2x GE RJ45, 2x GE RJ45,
2x GE RJ45 4x GE RJ45, 2x GE RJ45,
Total Interfaces 4 x RJ45 GE 2x 25GE 2x 25GE 2x 25GE
2x GE SFP 2x 10GE SFP+
SFP28 SFP28 SFP28
60x 4TB HDD
Storage capacity 2x 2 TB 2x 4 TB 4x 4 TB 8x 4TB 16x 4TB 24x 4TB + 6x 3.2TB
SSD
Provisioning Templates
Security Zero-Touch,
System CLI SD-WAN Policy Low-Touch
… Packages
Templates Templates Templates
Model
Device Groups
Device
Do per project
Do Per-Site
Reuse much!
Deployed
El Assign
Fortinet
device
Order
equipo FortiManager
registers
will
Provision get
the FortiGates
instalado its
your
obtendrá your
fullIP
devices
susalong devices
to registered
with
detalles in in FortiCloud
configuration devices
from
deFortiManager FortiManager
aadministración
FortiDeploy SKU
de FortiCloud
Customer Fortinet
www.kahoot.it
HUB 1 HUB 2
172.16.64.0/24 172.16.128.0/24
FortiAnalyzer
port4 port4
port3
port2
port2
port3 port2 port1 FortiManager
Internet
EMS
Router / Netem Router / Netem
MPLS Internet
FortiAuthenticator
port2
port3
ha
port3 port5
port2 port4 port4 Internal
port4 Servers /
port3 port2
Applications
FortiSwitch
BRANCH 11
10.0.11/0/24
port4
client11 BRANCH 21
10.0.21.0/24
client21
BRANCH 12
client12 10.0.12.0/24
© Fortinet Inc. All Rights Reserved. 61
Demo Topology - Overlay
Server1 AWS 10.1.0.0.0/16
HUB 1
172.16.64.0/24
FortiAnalyzer
port4
port2
port2
port3 port1 FortiManager
Internet
Internet EMS
MPLS
FortiAuthenticator
port3 port2
port3
Internal
Remote Users Servers /
port2 Applications
port4
port4
BRANCH 11 BRANCH 12
10.0.11/0/24 10.0.12.0/24
client12
client11
https://docs.fortinet.com/4d-resources/SD-WAN
Firewall
+ NAT
Firewall + IPS
+ Application
Control
https://www.fortinet.com/ctap/