Application Delivery Controller

Who is Fortinet?
 Fortinet, a global leader, growing faster the market overall, is a
provider of network security and SD-WAN, switching and wireless
WHO IS access, network access control, authentication, public and private
cloud security, endpoint security, and AI-driven advanced threat
FORTINET? protection solutions for carriers, data centers, enterprises, and
distributed offices.

$3.09B 28B+ Market Cap (as of 2.21.21) BBB+ Baa1

FY2020 Billing Nasdaq: FTNT Security Investment Grade Rating
Financially Stable S&P 500 Leading the Cybersecurity Industry

50 500,000+ 600,000+
Integrated Fabric Products Customers Worldwide NSE Certifications
Broadest Attack Surface Coverage Massive Customer Input WEF Cybersecurity Founders

© Fortinet Inc. All Rights Reserved. 3

 Network Security
Operations Operations

Fortinet
Security Appliance

Fabric Cloud
Security

Broad Access &

Endpoint
Security
Virtual

visibility and protection of the entire

digital attack surface to better FortiGuard
Threat
manage risk Intelligence
Hosted

Integrated
Cloud
solution that reduces management
complexity and shares threat
intelligence Open
Secure
Networking Ecosystem
Agent

Automated
self-healing networks with AI-driven Container
security for fast and efficient
operations

© Fortinet Inc. All Rights Reserved. 4

© Fortinet Inc. All Rights Reserved. 5
FortiGuard

Tailor the Close Trust the Disrupt

Defense the Gaps Outcome The Attack
With Rich Portfolio & With Broad & With Credible Analysis With Timely & Automated
Consumption Models Integrated security & Actionable Insights Detection to Prevention

FortiGuard Labs Proactive Research FortiGuard Security Services FortiGuard Labs Consulting
Fortinet’s elite threat intelligence Market leading security across the attack Tools and services to Improve your
and research organization lifecycle & surface security posture and skill set

Before the Attack

Global Leadership & Collaboration Coordinated AI/ ML Real-time Penetration Testing ● Focused Threat Analysis ●
• Co-founded the CTA * co –founded the World Economic Context aware security Trained by Automated updates Anti-Phishing Service ● Security Architecture
Forum’s Center for Cybersecurity across networks, professional on to the security
endpoints and clouds unified data set posture across the
Evaluation
full ecosystem
Actionable Insights During the Attack
• Zero Day Research * Adversary Playbooks * Newsletters, Real-time security protection updates ● External
Blogs, Podcasts Threat Feed

After the Attack

ML/AI Development and Training Incident Response
Content Web User Device SOC/NOC
• Optimizing global unified data sets across networks, Security Security Security Security Tools
endpoints and clouds * leveraging AI/ML to provide timely
Security Mastery
and consistently top-rated protections
Cybersecurity workshops that close the skills gap

© Fortinet Inc. All Rights Reserved. 6

FortiADC
Application Delivery Controller
FortiADC – Application Delivery Without Limits

• Advanced Application Delivery Controller

• All-Inclusive License
• Flexible Deployment
• Fortinet Security Fabric Integration
• Best Price/Performance in the market

Class-leading performance and value almost any sized application environment

© Fortinet Inc. All Rights Reserved. 8
Application Optimization
The Need for Speed

Page Speed
 Along with Compression and Dynamic Caching, FortiADC
supports Page Speed to improve the web browsing experience.

» Minimize client-server round trip times

» Resource consolidation, minimize payload size
» Optimize Web Browser Rendering
» Minimize Request Overhead
» Extend File cache lifetime
» Mobile Device Identify
» Mobile Specific Acceleration
» Auto-Learning based on statistics

© Fortinet Inc. All Rights Reserved. 9

VPN Load Balancing with FortiADC and FortiGate
FortiADC-
Business drivers: vDOM1

• VPN ”Always-On”
DMZ
• Business & Service continuity
SSL / IPSec VPN
• Improve user QoE (WorldWide teleworkers) Gateway

FortiGate-N FortiGate-B FortiGate-A

Two NEW solutions!!

FortiADC-
• VPN Load-Balancing with FortiADC and FortiGate vDOM2

• VPN & Service Continuity with GSLB and FortiGate

Internal Applications

© Fortinet Inc. All Rights Reserved. 10

SSL Visibility with Mirroring

• Secure traffic decrypted by FortiADC

• Transparent copying and transmission of Web Servers

decrypted clear traffic to inspection FortiADC

devices (IPS, NGFW, IDS) Load balances traffic to
servers, offloads SSL HTTP/Clear
traffic; sends mirror copy
• Normal application traffic unaffected from of decrypted traffic to Encrypted
FortiGate
user to servers Decrypted

• No threat remediation by FortiADC

• Only used for monitoring and analysis of
encrypted traffic with other devices
• Supports Fortinet and third party solutions

FortiGate
Protects against attacks in
non-secure traffic; scans
and reports threats in
decrypted traffic sent by
FortiADC

© Fortinet Inc. All Rights Reserved. 11

SSL Inspection with Forward Proxy

• Inspect secure traffic, but offload from

FortiGate firewall Internal
• Maintains secure traffic and certificates FortiADCs provide User
encryption and decryption
with clients and external hosts services and can load
balance multiple FortiGates
• FortiADC pair in front of and behind
firewall
• FortiGate load lessened and can focus on
threat detection and mitigation
• Load balance multiple FortiGates
FortiGate inspects
• FortiGuard Web Filtering simplifies URL unencyrpted traffic (IPS,
management (only SSL FP) DLP, UTM)

© Fortinet Inc. All Rights Reserved. 12

SSL Tools Comparison

Offloading Visibility Inspection (with FortiGate)

Primary Purpose Relieve servers from processing Decrypt traffic and send to IPS or Decrypt secure traffic and pass
SSL to increase capacity and Firewall for analysis only to FortiGate for
reduce response times inspection/mitigation, then re-
encrypt

Deployment Inline Inline Inline (2x FortiADC; in front and

behind FortiGate)

Recommended Models Any (depends on traffic needs) Hardware accelerated Hardware accelerated

Threat Detection Limited Yes Yes

Threat Mitigation Limited No Yes

 SSL Offloading is a basic ADC function that provides security such as IP reputation and basic firewall capabilities
that are built into FortiADC
 Visibility and Inspection use FortiADC’s advanced SSL decryption and re-encryption to pass unencrypted traffic for
inspection and mitigation on another device

© Fortinet Inc. All Rights Reserved. 13

Containers - Microservices

“Organizations build new applications based on a microservice architecture, to

improve development lead times by up to 75%” (Gartner 2017)

• Fast Service Provision

• Increase responsiveness
• Policy automation
• Mulitple application services
• Load Balancing
• Optimization
• Authentication
• Web Application Firewall
• Service continuity

© Fortinet Inc. All Rights Reserved. 14

K8s Ingress Connector

FortiADC Connector Public

FortiADC
Public

API Pooling

 FAD k8s connectors (API based)

 Support for microservices-based applications
 Security for containers (L4-7 LB, WAF)

© Fortinet Inc. All Rights Reserved. 15

Unleash the power of the Script

FortiADC Script is a powerful feature within the FortiADC. Allow you to manage and
control network/application traffic

• Use scripting to manipulate HTTP/S, TCP, IP and SSL

request/response
• Create custom, event-driven rules using predefined
commands, variables and operators
• Supported with following features: L4-L7 LB, NAT,
Geo-IP, Persistency, Authentication, Compression and
much more..
• More then 50 predefined rules within FortiADC
• Lua-based scripting language

© Fortinet Inc. All Rights Reserved. 16

User Authentication

• Provide Policy enforcement and access Authentication &

control to all applications authorization

• Authentication & Authorization to all

internal and external users Cloud Application

• Support multiple services:

• Local Authentication
• RADIUS & LDAP FortiADC
• Full AD FS Proxy
• SAML SSO
• Kerberos
• OTP - FortiToken and Google Authenticator Web Application

• HTTP Basic SSO

• NTLM
Directors

© Fortinet Inc. All Rights Reserved. 17

GSLB Service

• Multi sites failover and service continuity

• Increase user QoE
• Real time traffic load balancing between multiple locations
• Rule sets allow closest resource to be requested
• Reduce latency
• Increase application responsiveness

• Features included:
• Full multi-site visibility (application, load and latency)
• Global LB decision according to Geo-IP, load and application availability
• Advanced application health check
• Full DNS services

© Fortinet Inc. All Rights Reserved. 18

 Application Visibility and Control
Provides a real-time monitoring and historical traffic data
 Application Service:
» Client and server RTT
» Application Performance
» Health check
» Sessions and persistence
» Top locations, OS and browsers
» Global Data Center
 Application Security:
» Threat map
» WAF and Anti-Virus logs
» Top attacks, Geo IP, IP Reputation
 System:
» System logs
» Traffic logs

© Fortinet Inc. All Rights Reserved. 19

Real Time Analytics Integration
 Splunk Integration/Connector
 FortiSIEM & FortiAnalyzer Integration

Provide full visibility on ADC traffic and security events

Real-Time Network Analytics
Real-Time Operational for Security Analytics

© Fortinet Inc. All Rights Reserved. 20

 Stepping Into “Security Fabric”
FortiADC/Fortinet Security Fabric

BENEFITS:
 Supported from FortiGate version 6.2 ADC Topology
FortiADC
 Application information via FortiGate Dashboard
 Full Visibility on ADC and Servers Availability FortiGate
Web Servers

 FortiSIEM Integration
 FortiAnalyzer Integration
 Automation Stiches

ADC Visibility

© Fortinet Inc. All Rights Reserved. 21

 FortiADC CM
Central Management – VM Based
• Centralized visibility to all ADC instances,
including all sorts of statistics, log, monitoring
• Global configuration repository, apply to all ADC
in batch
• Global maintenance of all ADC instances,
including diagnostic, firmware upgrade, etc.
• Offer Restful API to 3rd party application, like
GUI and Automation

• Centralized Management License:

• Up to 10 ADCs
• Unlimited License

© Fortinet Inc. All Rights Reserved. 22

Applications, SDN and Cloud Integration
Multiple options for deployment flexibility

Cloud Infrastructure

Application Integration

SDN & Private Cloud

© Fortinet Inc. All Rights Reserved. 23

FortiADC Security Features

L4 Geo-IP
Firewall Protection
DDoS App.
Protection Security
WAF IPS SANDBOX

Antivirus IP
Reputation

© Fortinet Inc. All Rights Reserved. 24

 Web Application Firewall
Security
OWASP Top 10 Protection
Web Fabric
SQLi/XSS Protection, Web Scraping, Brute Force, Web Vulnerability Integration
Defacement, CSRF Protection
Scanner FortiSandbox &
FortiGate

API Sensitive
Web Protocol Input
Protection Data Bot
Attack Validation Validation
API Gateway, XML,
Protection Detection
Signatures HTTP/S, URL Protection
File Restriction,
Hidden Files
JSON and SOAP
validation. OpenAPI
validation Cookie Security, DLP

© Fortinet Inc. All Rights Reserved. 25

 App

FortiADC Appliances

FortiADC VM

Public Cloud Marketplaces

FortiGSLB Cloud

FortiGuard Services

© Fortinet Inc. All Rights Reserved. 26

 App

FortiADC Appliances

FortiADC VM 100/200/300

Public Cloud Marketplaces

FortiGSLB Cloud

FortiGuard Services

© Fortinet Inc. All Rights Reserved. 27

 App

FortiADC Appliances

FortiADC VM

Public Cloud Marketplaces

FortiGSLB Cloud

FortiGuard Services

© Fortinet Inc. All Rights Reserved. 28

 App

FortiADC Appliances

FortiADC VM

Public Cloud Marketplaces

FortiGSLB Cloud

FortiGuard Services

SD-WAN Traffic Optimization

© Fortinet Inc. All Rights Reserved. 29

 App

FortiADC Appliances

FortiADC VM

Public Cloud Marketplaces

FortiGSLB Cloud

FortiGuard Services

© Fortinet Inc. All Rights Reserved. 30

FortiGuard Services for FortiADC

WAF Security IP Antivirus and IPS FortiSandbox Credential Web

Service Reputation • Scan file uploads Cloud stuffing Defense Filtering
• Application layer • Protection for • Regular and • FortiSandbox • Identifies login • Manage SSL FP
signatures automated attacks extended AV hosted by Fortinet attempts using scanning
and malicious databases stolen credentials exceptions
• Web Application • Subscription-based
sources from numerous
signature to prevent • Protect the network • Enable/disable SSL
• No separate sources
any web attack • DDoS, Phishing, against exploitable inspection by
sandbox required
Botnet, Spam, vulnerabilities • Automatic updates category
Anonymous proxies
• Prevents unwanted • Automatic updates
and infected
access and defends
sources
against data
breaches

STANDARD BUNDLE

ADVANCED BUNDLE

© Fortinet Inc. All Rights Reserved. 31

Industry Validation for Fortinet Innovation

Network WAN Edge

Firewalls Infrastructure

Fortinet is also recognized in 4 Web Application SIEM

Firewall
additional Gartner 2020/2021 Magic
Quadrant Reports, including a wide
Endpoint Protection
range of technologies: Wired and WLAN
Platforms*

And Fortinet is mentioned as a ‘Vendor

Secure Web Indoor Location
To Consider’ in 2 additional Gartner
Gateway Services
2020 Magic Quadrant Reports:

And Fortinet is listed in 6 IDPS Email NAC

Gartner Market Guides

ZTNA OT SOAR

Gartner is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the
highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as
statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular
purpose. *This report last publishes in 2019 and is provided here for historical purposes.

© Fortinet Inc. All Rights Reserved. 32

FortiADC Summary

Security and Reliability for Internet-based

Applications

• Expand Application Capacity

• Add additional servers for more users in
• Manage user traffic to different Geo Location Data Centers
• Balance traffic to best available resources

• Ensure Reliability and Security

• Server health and availability monitoring
• Offload tasks from servers
• Server Protection using Web Application Firewall and DDoS protection

© Fortinet Inc. All Rights Reserved. 33