View
1
Download
0
Category
Preview:
Citation preview
© Copyright Fortinet Inc. All rights reserved.
Security Automation with VMware NSX and Network Function Virtualization (NFV)
2
FORTINET: GLOBAL NETWORK SECURITY LEADER
4,700+
EMPLOYEES WORLDWIDE
100+OFFICESACROSSTHE GLOBE
395PATENTS
316 INPROCESS
ISSUED
3.3mSHIPPEDSECURITYDEVICES
320KCUSTOMERS
$1bnREVENUE
IN EXCESS OF
$1.46bnIN CASH
30%YEAR ON YEARGROWTH
2000FOUNDED IN
HEADQUARTERED IN
SUNNYVALECALIFORNIA
3
0
100,000
200,000
300,000
400,000
500,000
600,000
700,000
2009 2010 2011 2012 2013 2014 2015 2016
CONTINUED GROWTH – TAKING MARKET SHARENetwork Security Appliance Shipments
Fortinet Palo Alto Networks Cisco Check Point
IDC WW, 2016
VMware’s Software Defined Data Center를위한 진보된 보안기능
5
MICRO-SEGMENTATION ? HOW ?
5
App
Services
DB
DMZ
6
ADDED VALUE OF SECURITY INTEGRATION IN SDDC
Not just firewall, but advanced features
Micro-Segmentation and Zero Trust
Control of ‘east-west’ traffic, Inter and Intra VM
security, Logical Security Zone (multi-tier)
Integration, Orchestration and Automation
7
Manage
COMPONENTS FOR NSX FOR VSPHERE INTEGRATION
Third Party Solution
Service Manager
Service Appliance
ESXi Hosts
VMware
vCenter Server
v5.5 or v6.x
VMware vSphere
(Advanced license
v5.5 or v6.x)
REST APIFortinet Solution
FortiGate-VMX
Service Manager
FortiGate-VMX
Security Appliance
88
• VM간에 실행되는 SDDC 용VMware NSX를 사용한 보안 솔루션
• 하나의 플랫폼내 완벽한 차세대보안 기능 솔루션
• 실시간 인텔리전스 업데이트를 위한Forti OS 정책 구성 및 FortiGuard 지원
• 가상 도메인 (VDOM)에서 입증 된멀티-테넌트
Hypervisor
Group C
적용된정책에따라 FortiGate-VMX를통한트래픽의리디렉션.
Group AGroup B
FortiGate-VMX Security Node
WHAT IS FORTIGATE-VMX?
9
FORTIGATE-VMX INTERACTION / WORKFLOW
VMware Kernel VMware Kernel
vDistributed Switch
1. Register Fortinet as security service with NSX Manager
2. A
uto
-dep
loy F
ort
iGa
te-V
MX
to
all
hosts
in s
ecurity
clu
ste
r
3. F
ort
iGa
te-V
MX
co
nn
ects
with
Fort
iGa
te-V
MX
Se
rvic
e M
an
ag
er
4. License verification and configuration
synchronization with FortiGate-VMX
5. R
edire
ction
po
licy r
ule
s u
pd
ate
d fo
r
ena
ble
me
nt o
f F
ort
iGa
te-V
MX
se
curity
se
rvic
e
6. Real-time updates of object database
7. P
olic
y s
yn
chro
niz
ation
to
all
Fort
iGa
te-V
MX
dep
loye
d in
clu
ste
r
FortiGate-VMX Service
Manager
NSX Manager
10
COMPETITIVE ADVANTAGES
Real Multi-tenancy (VDOM) 지원.
✓ 가상도메인 (VDOM)은테넌트별지원되는개별보안기능.
✓ FortiGate VDOM을기반으로한리디렉션정책은적절한세분화보장.
11
COMPETITIVE ADVANTAGESReal Multi-tenancy (VDOM) support
✓ Real Multi-tenancy (VDOM) 지원및독립적보안기능적용
✓ 포티게이트 VDOM은리디렉션정책을기반으로함.
12
NSX SECURITY GROUP DEFINITION AND USAGE
NSX Manager에서생성된서비스그룹은자동으로FortiGate-VMX로전송되어정책적용.
Exchanged Security Group을사용하여 FortiGate-VMX에서생성된정책
FortiGate-VMX NSX Manager
Web-SG
Web-SG
13
▪ FortiGate-VMX와FortiGate-VMX Service Manager는모두FortiAnalzyer로로그전송
▪ 모든트래픽로그,보안이벤트로그분석,상관관계분석,정기리포트
FORTIGATE-VMX LOGS[5.6.3] TO FORTI-ANALYZER
14
YES! SECURE
14
App
Services
DB
DMZ
Recommended