Fortinet FortiOS Software
Redefining Network Security
Overview:
FortiOS is a security-hardened, purpose-built operating system that is the software foundation of FortiGate multi-threat network security platforms. Leveraging the hardware acceleration provided by FortiASIC™ content and network processors, FortiOS enables high performance multi-threat security resulting in some of the highest levels of security and performance possible from a single device. When updated with the latest threat intelligence via FortiGuard™ security subscription services, FortiOS is prepared to stop the latest and evolving threats facing networks today.
With the release of FortiOS 4.0, Fortinet has redefined network security again by extending the scope of consolidated security and networking capabilities within FortiGate multi-threat network security platforms. While FortiOS 4.0 includes many new features, the most significant additions to the FortiGate platform include Data Leakage Prevention (DLP), WAN Optimization, Application Control, and SSL-Encrypted Traffic Inspection. Organizations of all sizes can now benefit from an integrated solution which offers the most comprehensive suite of security and networking services within a single device—the new services in FortiOS 4.0 joining the already included enterprise-class firewall, IPSec VPN, SSL-VPN, Intrusion Prevention, Antivirus, Web Filtering, Antispam, and Layer 2/3 routing services. With over 40 new features, FortiOS 4.0 delivers on its mission to enable secure business communications while offering the best security, performance, and total cost of ownership possible.
 |
Enhanced SecurityFortiOS 4.0 security services are designed from the ground up to be integrated, delivering overall security effectiveness that standalone products simply cannot match. The services work together as a system, acting in tandem to provide better visibility and stop threats as early as possible—resulting in less collateral damage. Improved ValueFortiOS 4.0 provides access to security services that were previously cost prohibitive or too complex to deploy individually. Moreover, the new features of FortiOS 4.0 are available at no additional cost for every eligible FortiGate device with an active maintenance contract. Simplified ManagementFortiOS 4.0 consolidates security infrastructure and simplifies management. Using a unified policy at the device level, and an appliance-based centralized management platform for large deployments, complexity can be dramatically reduced over standalone offerings. Fortinet even offers a servicebased management solution for smaller organizations to further simplify security management, fully integrated with FortiOS 4.0. |
FortiOS 4.0—Over 40 New Features:
With over 40 new features, Fortinet engineers have enhanced virtually every aspect of the operating system, including the addition of two distinct services, Data Leakage Prevention and WAN Optimization, which have previously been available as standalone products only. Other features extend existing services, such as an identity-based policy feature, which allows the FortiGate’s firewall policies to be defined by user or group. Multiple enhancements to the existing intrusion prevention service allow passive IDS support, and also make the intrusion prevention service IPv6 ready.
 |
Data Leakage Prevention (DLP)With increasingly sensitive, confidential, and proprietary data being communicated across networks, the ability to keep that information within defined network boundaries is imperative. Working across multiple applications (including those encrypting their communications), DLP uses a sophisticated pattern-matching and regular-expression engine to identify then prevent the communication of sensitive information outside of the network perimeter. In addition to protecting an organization’s critical information, DLP also provides audit trails for data and files, which can aid in legislative compliance. With configurable DLP actions, organizations can log, block, and archive data as well as ban or quarantine users. |
 |
WAN OptimizationWith WAN Optimization, customers can accelerate applications over wide area links and, at the same time, ensure multi-threat security enforcement. FortiOS 4.0 not only eliminates unnecessary and malicious traffic as one of its core capabilities, it also now optimizes legitimate traffic by reducing the amount of communication and data transmitted between applications and servers across the WAN. This results in a much faster user experience—increasing productivity—as well as helping to avoid additional higher-bandwidth provisioning requirements. |
 |
Application ControlWith Application Control, security policy can be defined and enforced for thousands of applications, regardless of the port or the protocol used for communication. With the explosion of new web-based applications bombarding networks today, most of which look like normal web traffic to traditional firewalls, application classification and control is essential. Fortinet’s Application Control technology identifies application traffic and then applies security policies easily defined by the administrator. The end result: more flexible, more granular policy control and deeper visibility into network traffic. |
 |
SSL-Encrypted Traffic InspectionSSL-Encrypted Traffic Inspection protects clients and web and application servers from malicious SSL-encrypted traffic which security devices are often blind to. With SSL Inspection, encrypted traffic is intercepted and inspected for threats, prior to being allowed access to its final destination. SSL Inspection applies to both client-oriented SSL traffic, such as users connecting to an SSL-encrypted hosted CRM site; and inbound traffic destined an organization’s own web and application servers. Inappropriate encrypted web content can now be filtered by appropriate use policies and servers can now be protected from encrypted intrusion attempts and attacks. |
 |
Endpoint Network Access Control (NAC)Endpoint NAC enforces the use of the FortiClient Endpoint Security application (either Standard or Premium editions) on your network. It verifies the installation of the most recent version of the FortiClient application, up-to-date antivirus signatures, and enabled firewall before allowing the traffic from that endpoint to pass through the FortiGate platform. You also have the option to quarantine endpoints running applications that violate policies and require remediation. |
Specifications:
FortiGate—Purpose-Built Hardware, Software, and Services
FortiGate platforms are based on an integrated hardware, software, and services architecture specifically designed for improved security and performance in perimeter, core, and data center environments. The FortiASIC™ Content Processor (CP) is a key component in FortiGate security platforms; providing a hardware scanning engine, hardware encryption, and real-time content analysis processing capabilities. The FortiASIC Network Processor (NP) series of processors provides acceleration for firewall, encryption/decryption, signature and heuristic packet scanning, and bandwidth shaping. FortiOS security applications can be selectively enabled to provide a full suite or a unique set security services all within a single platform. The FortiGuard™ network dynamically updates system software and security services such as antivirus, antispam, Web filtering, antispyware, and intrusion prevention to ensure the maximum level of protection is being provided.
| FortiOS Security Services: | ||
|---|---|---|
Firewall:
Virtual Private Network (VPN):
|
AntiVirus:
Web Filtering:
Application Control:
|
Intrusion Prevention System (IPS):
Data Leakage Prevetion (DLP):
AntiSpam:
Endpoint Compliance and Control:
|
| FortiOS Networking Services: | ||
Networking/Routing:
|
Traffic Shaping:
Virtual Domains (VDOMs):
Data Center Optimization:
|
High Availability (HA):
WAN Optimization:
|
| FortiOS Management Services: | ||
Management/Administration Options:
|
Logging/Monitoring:
|
Firewall User Authentication Options:
|
Documentation:
Download the Fortinet
FortiOS Software Datasheet (PDF).