Engineers from La Salle-URL share the latest news and projects in the field of network solutions in telematic engineering.

11 May 2017 | Posted by Redacción Data Center

Fortinet Security Solution

Wellcome back everybody! In today's post we are going to talk about the security solution for our Data Center case in which we will use Fortinet's equipment, which is our provider for this segment. After looking for some physical devices, we realised that all our data center is virtualised and SDN-controlled thanks to HP DCN Solution, so we finally decided to also virtualise the security segment with FortiGate-VMX, which is Fortinet's virtualised Next Generation Firewall (NGFW).

FortiGate-VMX is a specific security solution for VMware environments that provides purpose-built integration for VMware’s Software-Defined Data Center (SDDC), encompassing interoperability with VMware NSX and vSphere, which perfectly fits with our HP DCN solution (which us VMWare SDDC and vShere). Through direct API-integration, FortiGate-VMX has visibility into and can secure virtualised network traffic at the hypervisor level. Unlike traditional deployments where the security virtual appliance is required to be in the flow of traffic to enforce policy, FortiGate-VMX can see traffic as it traverses between the virtual switch port and the virtual NIC (vNIC) of the workload VM itself.
Security Solution: FortiGate-VMX Concept FortiGate-VMX Concept

 

But FortiGate-VMX is not only a NGFW, since it can comprise other services from FortiGuard Security Services. FortiGuard is a wide range of security functions which can be deployed with its equipment. Those who can be implemented with FortiGate-VMX are NGFW, Antivirus, Web Filtering, FortiSanbox Cloud (IDS for the cloud), Application Control, Mobile Security, IP Reputation and Anti-botnet Security.

Security solution: FortiGuard Services FortiGuard Services

 

FortiGate-VMX also disposes of Fortinet's Virtual Domain technology. By defining separate Virtual Domains in combination with VMWare's security groups, segmentation of security functions and enablement of multi-tenancy is enabled. Mapping NSX Service Profiles to Fortinet VDOMs segregates policies to be enforced for specific traffic flows. This model reduces the added complexity of registering a specific security solution for each tenant hosted in the environment. Furthermore, any additions or other changes to these Security Groups in the NSX Manager will be automatically associated with the proper FortiGate-VMX security policy without requiring any manual changes in the FortiGate-VMX Service Manager. Not only changes, but new VM workloads are automatically associated to their proper security policy in real-time upon creation, avoiding lag-time or human error caused by manual intervention.  

Security solution: Fortinet VDOMs Fortinet VDOMs

 

These virtualised NGFW uses the FortiOS operating system, which lets the administrator control all the security capabilities in a single intuitive platform. You can learn more about it here.
Security solution: FortiOS FortiOS

 

That's all for today folks. As always, thank you for following us and, if you feel like you need to know more about FortiGate-VMX, you can click here. If you liked the post, please give us a like and share it! See you soon!

Share

Add new comment

CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
1 + 0 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.