Professional Documents
Culture Documents
2 / SD-WAN
• Nome:
• Órgão:
• Função:
• Soluções Fortinet:
3
What’s New in FortiOS 6.2
Objectives
4
Introduction
Solving Key Challenges
Key Customer Challenges
DIGITAL ATTACK SURFACE EXPANDING
• Dissolving perimeters
• Complexities of securing hybrid and multi-cloud environments as they
migrate workloads to Cloud
• IoT devices continue to grow
ADVANCED THREATS
• Focus on malware and breaches in isolation is not enough.
6
Fortinet Solves Key Customer Challenges
BROAD visibility of the entire digital attack surface
• We cover entire digital attack surface with our extensive product range
• We also partner closely with some 70+ other Alliance Partners (open ecosystem)
• Manage and secure access and data through Intent-based Segmentation
Open Ecosystem
Security Operations
Fabric Fabric
BROAD APIs Connectors
INTEGRATED Endpoint/Device
Protection
Multi-Cloud
Security
AI-driven breach prevention across Network
devices, networks, and applications Security
Security
Operations
Q1FY19 v1.4.4 8
Security Fabric Product Portfolio
Network Security Multi-Cloud Secure Endpoint/Device Application
Operations Operations Security Access Protection Security
Network
Security
9
Introducing FortiOS 6.2 – 300 New features
Continued Evolution of The Security Fabric
New Cloud Based Orchestration and New and Enhanced Cloud New Fabric elements FortiADC, FortiToken,
1 2 3
Enhanced Routing Capabilities Integrations and Metering FortiCASB, FortiDDoS, FortiNAC and VDOM
Secure Fabric
Multi-Cloud Expansion
SD-WAN
New and Enhanced Cloud, SDN New Machine Learning and New Triggers and Actions for the Automation
4 and NAC Connectors
5 comprehensive intelligence for leading 6 Engine. Enhanced Security Ratings
protection
10
Secure SD-WAN
Evolution of the Fabric
Secure SD-WAN
Forward Error Correction
12
Forward Error Correction - FEC
• What it does:
• Allows for dynamic remediation of packet loss or erroneous
data caused by adverse WAN conditions
• Use Cases:
• FEC can be used to increase the reliability of WAN traffic sent
through an overlay VPN tunnel established over a broadband
Internet link
• Can also be used to increase the Quality of Experience (QoE)
of voice or video traffic that are pinned to specific overlay
tunnels
13
Secure SD-WAN
WAN Path Remediation using FEC
Packet loss
Jitter Buffer
or error in
transmission
A A
B X
Reconstruct
C C
D D
Redundant Packets
Overlay Tunnel
A B C D A B C D
Original Payload Original Payload Recovered
Sending FortiGate Receiving FortiGate
14
1
Interface-based
Traffic Shaping
15
Secure SD-WAN
Load Balancing Per-Rule
16
Secure SD-WAN
Dual VPN
• Purpose
• Simplify VPN
• Function
• Shortcut – VPN wizard
• Multiple interfaces
• Use Case
• Speed up Dual VPNs
• Simple Deployments
17
Multi-Cloud
Evolution of the Fabric
2
Multi-Cloud Multi-Cloud
Native Cloud Connectors
Azure
Autoscaling and Security Center
HA Betw. Zones Integration
Para-
Virtualization
HA between ADs
19
Fabric Expansion
Evolution of the Fabric
3
Fortinet Product
Fabric Integration
21
3
Split-task
VDOM Mode Security Fabric Network
Communicate with Configure policies
the fabric via mgmt. and other UTM
interface(s), these features
interfaces cannot
pass traffic
22
3
Endpoint Tagging
23
3
MAC Address
Objects
24
Open Ecosystem
Evolution of the Fabric
4
26
Extended Fabric Connectors
27
AI – Driven Security
Evolution of the Fabric
5
Address
• Extends existing external list Remote Remote Virus
integration with new list types and object on
category on category on Outbreak
usages firewall policy
DNS filter web filter Prevention
/ Domain
• supports username/password profile profile on AV profile
authentication while retrieving from Filter
external DB
Authentication Option
29
External Block List – File Hashes
30
Flow-based Web Filter
31
Inspection Mode Per Policy
32
SD-WAN
• Describe SD-WAN
• Understand the need for Secure SD-WAN
• View Use Cases and Success Stories
33
Traditional WAN
• Used to extend computer networks to
HQ/Datacenter
connect remote branch offices to data
Public Cloud centers
• Expensive Circuit costs
SaaS
• Fixed circuits
• Long lead time
• Proprietary hardware
• Difficult to expand
• Branch traffic hauled back to HQ
Branch Office
34
The WAN is Complex and Needs Transformation
Security is “MUST”
90% Of vendors don’t provide in-built NGFW security with WAN solutions
35
Gartner: Security is Biggest WAN Concern
Branch Office
37
FortiGate Secure SD-WAN
Data-Center
Internet
Multi-Cloud
Branch
SaaS
Improves Security
Reduce WAN Cost Business Application First
Posture
40
Configure SD-WAN
Enable SD-WAN
Networking > SD-WAN
• Select the interfaces that will become members
of the SD-WAN, and provide a gateway for that
interface. NEW
• Physical Interfaces that are referenced by any
other configuration element (for example, routes
or policies) will not appear on this list NEW
42
Performance SLA
NEW
SLA Targets
43
Performance SLA - Link Health Monitor
Available Protocols via CLI:
ping PING link monitor
http HTTP-GET link monitor
tcp-echo TCP echo link monitor
udp-echo UDP echo link monitor
TWAMP Two-Way Active Measurement
Protocol
44
SD-WAN Rules
• Rules can match traffic based on:
• Source IP address, destination IP address, or
port number
• Internet services database (ISDB) address
object
• Users or user groups
• Type of service (ToS)
NEW
• Allow you to route traffic through the
member interfaces that best suites your
needs
45
FortiOS / SD-Wan Quiz
https://kahoot.it
Labs
Student Access
<Fast Track> Session
https://use.cloudshare.com/Class/Class/2sz61
Student Name: <student email>
Passphrase: Fortinet1!
Student Access
• Classroom URL and Password provided from Instructor Email
51
Student Access
• Launch FortiFIED Application
52
Jumpbox Desktop
FortiFIED Interactive
Lab Guide
• Application Banner
• Objectives List
• Display Tabs
• Rich Text
• Answer Choice
• Submit/Continue
• Status Bar
• Scale Text Slider
• Resize Display Bar
53