www.fortinet.com 1

On-Demand Security-as-a-Service with Amazon Web ServicesCloud computing as new infrastructure or resources is becoming the new normal. For many people it has become the default choice. Cloud computing fulfills rapid IT environment provisioning. It enables on-demand applications and enables companies to analyze big data as storage requirements grow. Fortinet and Amazon Web Services (AWS) deliver a cost-effective, security-as-a-service (SaaS) solution with lower operational expenses, reduced complexity, and a reduced security risk that provides advanced threat protection to varying environments including datacenter, distributed locations and branch offices. Fortinet enables enterprise posture beyond standard security offerings in the AWS environment. Fortinet security appliances seamlessly integrate with Amazon EC2 and VPC to minimize risk and mitigate security concerns over the public cloud.

Cloud Elasticity Needs Security Agility

Highlights:nn Best-in-class Enterprise AMI available: FortiGate, FortiWeb, FortiAnalyzer, and FortiManager can plug in to AWS security reference architecture instantly

nn FortiGate provides comprehensive threat protection with Fortinet’s unmatched range of enterprise-grade security technologies to deliver firewall, VPN (IPsec and SSL), intrusion prevention, and antivirus/anti-spyware/anti-spam technologies

SOLUTION BRIEF

SOLUTION BRIEF: AMAZON WEB SERVICES

2

n� – Multiple high-availability (HA) options with config sync via FortiManager

nn FortiGuard updates to provide best-in-class security

n� – URL database/filtering, including command-and-control servers and GeoIP intelligence

n� – IPS signatures

n� – Malware scanning

nn FortiWeb for AWS class-leading Web Application firewall

n� – Identifies vulnerabilities instantly in web applications without false positives

n� – Many options for reverse proxy security for applications like Outlook Web Access

n� – SQL injection and zero-day middleware and database protection

n� – X509 certificate authentication for Single-SignOn options

nn Flexible licensing for on-demand Cloud deployment usage including Bring-Your-Own-License (BYOL), Annual or Hourly metering

nn FortiAnalyzer for AWS output syslog for log analytics and real-time compliance auditing

nn FortiManager seamless hybrid deployment and security posture management with a single console: available in virtual machines, physical appliance, or Amazon Machine Image (AMI)

“AWS offers self-service, highly automated, highly scalable cloud infrastructure-as-a-service (IaaS), along with some platform-as-a-service (PaaS) capabilities. While it is easy to get started with these services, as customers expand their adoption, they encounter challenges in managing availability, performance, security, cost, and internal governance.” -Gartner G00268418

It’s important to remember that Security is still every IT Department’s responsibility to configure, regardless of the tools offered by AWS.

Why Fortinet in AWS Fortinet delivers the most complete and full range of network security features including firewall, intrusion prevention (IPS), antivirus (AV), application control, WAN optimization, data loss prevention (DLP), web filtering, anti-spam filtering, and explicit proxy in AWS. All features are natively built by Fortinet and updated in real time by FortiGuard advanced threat intelligence.

Pay-As-You-Go or Bring-Your-Own-License (BYOL)It’s not hard to see why there is such demand in AWS where you get the ability to scale up or down, without any of the overhead to manage physical servers. Fortinet realizes the security practice also needs to provide utility metering. If existing customers have purchased the licenses, Fortinet eases the licensing transition concerns in the data center or the Cloud.

Fortinet virtual appliances enable critical firewall, intrusion prevention, and web application security for AWS instances in the public cloud where hardware solutions cannot be deployed. AWS users can leverage the same Fortinet enterprise-class network security controls in AWS as they deploy in the internal data center or private cloud. In addition to Fortinet VMs in the AWS Marketplace, Fortinet provides advanced configuration options for HA design in AWS.

Fortinet Marketplace

SOLUTION BRIEF: AMAZON WEB SERVICES

3

Hot Standby FortiGate Appliances in AWSOne of many solution differentiators is that Fortinet enables both FortiGate firewalls passing traffic at the same time using hot standby. FortiGate achieves high availability in AWS across multiple AZs leveraging FortiManager to perform a configuration sync between the two FortiGate appliances. By leveraging Route 53’s health checks, we can detect any connection failure. This solution is ideal because most of the traffic is originated from devices behind the firewall. For the application servers expected to have inbound connections, the data needs to be replicated on both the AZs.

Quickly Secure Your AWS Cloud Workloads in Varying EnvironmentsThe Fortinet agile security solution can quickly secure workloads in the AWS cloud supporting customer compliance requirements, applications, and varying environments including data center, distributed locations, and branch offices.

Fortinet uses encryption to protect sensitive data in AWS environments and simplify operations and compliance so that businesses can expend energy on what they are building.

Full tunnel mesh connecting all VPCs with headquarters

FortiManager plays the important part for the HA design in AWS for configuration synchronization to push policy sync between FortiGate1 and FortiGate2 using dynamic objects. All policy settings are pushed and managed through FortiManager.

The interoperability with Amazon Route 53 allows the flexible configuration to pass traffic to multiple FortiGate appliances simultaneously or one at a time based on the organization’s use cases.

Fortinet provides you with the features to fulfill various cloud workloads and helps businesses make the best security-deployment decision. Remember, Security is still your responsibility even when it’s deployed in the Cloud.

Enterprise distributed remote locations to create tunnels. Connecting AWS hosts to

reduce bottlenecks

Annual

SOLUTION BRIEF: AMAZON WEB SERVICES

FortiGate-VMs provide full UTM and Next-Generation Firewall functionality securing the virtual infrastructure while also providing VPN and Internet Gateway protection. The seamless integration with EC2 and VPC further mitigates security concerns and provides advanced threat protection capabilities beyond standard security offerings in the AWS environment.

For more Fortinet information on AWS, visit the product listing in AWS Marketplace.

For use case and security practices sharing, visit Fortinet Cookbook.

Copyright © 2015 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.

GLOBAL HEADQUARTERSFortinet Inc.899 Kifer RoadSunnyvale, CA 94086United StatesTel: +1.408.235.7700www.fortinet.com/sales

EMEA SALES OFFICE120 rue Albert Caquot06560, Sophia Antipolis, FranceTel: +33.4.8987.0510

APAC SALES OFFICE300 Beach Road 20-01The ConcourseSingapore 199555Tel: +65.6513.3730

LATIN AMERICA SALES OFFICEPaseo de la Reforma 412 piso 16Col. JuarezC.P. 06600 México D.F.Tel: 011-52-(55) 5524-8428

Sep 14, 2015