Easy Read Time: 3 Minutes
Enterprise Network Firewalls are standalone, purpose-built firewall systems with IPSec VPN features, capable of providing robust firewall and perimeter access control functionality. Enterprise firewalls also incorporate IPS technologies which also replace perimeter IPS. These firewalls, also known as Next-Generation Firewalls (NGFWs), have additional integration with more applications and user awareness protection capabilities.
However, the enterprise network firewall sector is still comprised predominantly of purpose-built appliances to protect enterprise corporate networks, while more significant are virtual appliances in the public and private cloud and highly virtualized data centers. Market products must be in a position to support single enterprise firewall deployments and large and/or complex deployments. These include traditional “big firewall” placements of data centers, multitiered demilitarized zones, branch offices, and, increasingly, virtual versions for the data center and various cloud environments. Customers should be given the option of deploying versions within public cloud environments such as Microsoft Azure, Google Cloud, and Amazon Web Services.
FortiGate: Next-Generation Firewall (NGFW)
Through the last few years, network firewall technology has evolved enormously by adding new features and enhancing existing ones. Firewalls are developing into network security platforms with firewall vendors embedding numerous security features in firewalls and allowing convergence and automation capabilities with other security products. FortiGate is a next-generation firewall provided by Fortinet a leader in IT cybersecurity, that offers the ultimate vulnerability protection for businesses of all sizes. Fortinet also offers FortiGuard firewall that can be configured to ensure unmatched performance and protection while simplifying the network using purpose-built security processors and threat intelligence. Fortinet provides different versions ranging from FortiGate-20 entry-level series for small and retail offices to the FortiGate-1500 series for large organizations to satisfy any deployment requirement.
Features and Services
FortiGate NGFWs allow security-driven networking and integrate industry-leading security technologies such as the framework for intrusion prevention, web filtering, secure sockets layer (SSL) inspection, and automatic threat protection. Fortinet NGFWs fulfill the performance needs of highly flexible, hybrid IT architectures that enable enterprises to reduce complexity and handle security risks. FortiGate NGFWs, powered by FortiGuard Labs guided by AI, provide proactive threat protection with high-performance inspection of both clear-text and encrypted traffic (including the latest industry encryption standard TLS 1.3) to stay ahead of the rapidly expanding threat environment. FortiGate NGFWs track traffic as it enters and exits the network. These inspections occur at an unparalleled speed, scale, and efficiency and prevent anything from malware to DDoS attacks, without compromising user experience or causing unnecessary and costly downtime. In a multivendor scenario, FortiGate NGFWs can interact as an integral part of the Fortinet Security Framework within the robust Fortinet security portfolio as well as third party security solutions. They exchange threat intelligence and enhance the security posture and streamlined workflow to accelerate the pace of operations and response.
The FortiGate next-generation firewall will defend against a variety of threats to security. Includes:
- Spyware (Grayware)
- Blended network attacks
- Peer-to-Peer networks
- Instant Messaging viruses
- Email attacks
- Pharming attacks
- Phishing/Social Engineering schemes
In brief, a FortiGate firewall operates by analyzing the data that passes through your network and ensuring that it is safe to pass through the organizational network. Typically, lower specification firewalls can analyze this data using information such as its location and source. Such details must then be evaluated against a set list of permissions to determine whether it can be allowed to pass through the network. A firewall offers front-line protection against security threats, however as cyberattacks become more sophisticated, protecting against the multitude of cyber-security threats is more challenging for just a firewall alone, which can be encrypted behind what seems to be a secure source. Gartner predicts that 80% of traffic to an organization will be encrypted in 2019, with 50% of attacks hidden in encrypted traffic. FortiGate firewalls provide advanced defense even from encrypted traffic for the organization with purposeful security processors that operate alongside FortiGuard’s threat detection. Some of the features include:
Performance and security: NSS Laboratories tested the FortiGate 500E and gave the FortiGate a security efficiency rating of 99.3 % of test products behind only Forcepoint while its performance was 6.753 Mbps.
Value: NSS Laboratories issued Fortinet the highest score for all the products tested by the company, with a $2 TCO per protected Mbps,.
Implementation: The implementation and integration are fairly simple for users.
Support: Users are dependent on the quality of their channel partner, without direct vendor support.
Cloud features: Fortinet has lagged competitors in this area, but recent AWS and Google Cloud offerings show the company is gaining ground.
Administration: Reporting also gets high marks and most users report ease of use of the app. Identified improvement areas are unified and cloud management.
FortiGate firewalls use FortiGuard Labs’ machine-learning-based threat intelligence and feature in-depth analysis through FortiAnalyzer. They can also be combined with FortiSandbox so that local threat intelligence is automatically generated to protect against new zero-day and developed threats. Hardware appliances (on-site and managed), a virtual machine, cloud (private, public, or Hybrid), and security as a service are included in these solutions. Hardware devices of the entry-level start from roughly $500, and for the 7060E-8 high-end enterprise pricing can amount to $350,000. Pricing covers base pricing for hardware and services including subscription licenses for FortiGuard and support options for FortiCare. Hardware and services can be purchased either separately or as bundles. A similar price model is followed by virtual machines and cloud packages.