Securing data centers from blended threats

Fortinet announced the addition of a new consolidated security appliance to its FortiGate product family, and a new release of its FortiOS 4.0 operating system for said family.

The FortiGate-3140B consolidated security appliance is designed for large enterprises and data centers requiring maximum firewall, virtual private network and intrusion prevention system (IPS) performance to optimize protection against blended threats, destructive malware and constantly evolving attempts to breach security in high-speed network environments.

Leveraging custom FortiASIC processors, the appliance provides large enterprises with up to 58 gigabits-per-second of firewall performance, 10 Gbps of IPS performance, and up to a robust 22 gigabits-per-second of VPN performance, all in a highly compact two rack unit (2-RU) form factor designed to preserve precious wiring closet real estate.

The new appliance comes standard with ten 10-gigabit Ethernet (10-GbE) ports. To provide the most flexible protection for the most demanding network environments, the appliance offers a total of 22 ports, making the system ideal for data centre and other high-bandwidth applications.

This port density enables it to be deployed as either a high-performance firewall or a unified threat management solution that can be easily configured to concurrently support VPN, IPS, application control, anti-spam and anti-virus security measures without degrading performance.

Equipped with the third major release of the FortiOS 4.0 MR3 operating system, the appliance will feature active profiling for improved policy enforcement and flow-based inspection for superior Web filtering and traffic shaping.

The advancements offered in the FortiOS 4.0 MR3 operating system introduce wireless controller extensions that support automatic provisioning of wireless access points, detection and suppression of rogue access points, multiple authentication methods and strengthened unified management of both wired and wireless networks from a single FortiGate platform.

The FortiOS operating system also features active profiling that provides the ability to use a form of behavioral analysis to create and actively enforce policies based on deviations from corporate, group or individual baseline profiles. A range of policy enforcement options is available for suspicious behavior, including monitoring, quarantining and/or outright blocking.

Flow-based inspection enhancements included with the OS enable more powerful Web filtering and traffic shaping features, interface-based “one-arm” IPS, and advanced data loss prevention (DLP) capabilities. Flow-based inspection also leverages FortiASIC processors to further accelerate anti-virus, application control, IPS and IPv6 firewall inspection.

Other FortiOS 4.0 MR3 operating system enhancements include:

  • Stronger authentication: Two-factor authentication via FortiToken, SMS messaging and email is enabled. FortiToken supports one-time password authentication, IPSec and SSL VPN authentication, and administrator and firewall login.
  • Expanded compliance: Extensions in vulnerability scanning have been added to support rogue access point detection and suppression in wireless networks. PCI DSS compliance requires periodic detection and removal of unauthorized wireless devices.
  • Setup wizards: New HTML-based wizards streamline the setup of all FortiGate consolidated security appliances. Setup of basic, as well as advanced firewall, UTM, dual-WAN, and remote VPN security features is now faster and easier.

Don't miss