© Copyright Fortinet Inc. All rights reserved.

Security Automation with VMware NSX and Network Function Virtualization (NFV)

2

FORTINET: GLOBAL NETWORK SECURITY LEADER

4,700+

EMPLOYEES WORLDWIDE

100+OFFICESACROSSTHE GLOBE

395PATENTS

316 INPROCESS

ISSUED

3.3mSHIPPEDSECURITYDEVICES

320KCUSTOMERS

$1bnREVENUE

IN EXCESS OF

$1.46bnIN CASH

30%YEAR ON YEARGROWTH

2000FOUNDED IN

HEADQUARTERED IN

SUNNYVALECALIFORNIA

3

0

100,000

200,000

300,000

400,000

500,000

600,000

700,000

2009 2010 2011 2012 2013 2014 2015 2016

CONTINUED GROWTH – TAKING MARKET SHARENetwork Security Appliance Shipments

Fortinet Palo Alto Networks Cisco Check Point

IDC WW, 2016

VMware’s Software Defined Data Center를위한 진보된 보안기능

5

MICRO-SEGMENTATION ? HOW ?

5

App

Services

DB

DMZ

6

ADDED VALUE OF SECURITY INTEGRATION IN SDDC

Not just firewall, but advanced features

Micro-Segmentation and Zero Trust

Control of ‘east-west’ traffic, Inter and Intra VM

security, Logical Security Zone (multi-tier)

Integration, Orchestration and Automation

7

Manage

COMPONENTS FOR NSX FOR VSPHERE INTEGRATION

Third Party Solution

Service Manager

Service Appliance

ESXi Hosts

VMware

vCenter Server

v5.5 or v6.x

VMware vSphere

(Advanced license

v5.5 or v6.x)

REST APIFortinet Solution

FortiGate-VMX

Service Manager

FortiGate-VMX

Security Appliance

88

• VM간에 실행되는 SDDC 용VMware NSX를 사용한 보안 솔루션

• 하나의 플랫폼내 완벽한 차세대보안 기능 솔루션

• 실시간 인텔리전스 업데이트를 위한Forti OS 정책 구성 및 FortiGuard 지원

• 가상 도메인 (VDOM)에서 입증 된멀티-테넌트

Hypervisor

Group C

적용된정책에따라 FortiGate-VMX를통한트래픽의리디렉션.

Group AGroup B

FortiGate-VMX Security Node

WHAT IS FORTIGATE-VMX?

9

FORTIGATE-VMX INTERACTION / WORKFLOW

VMware Kernel VMware Kernel

vDistributed Switch

1. Register Fortinet as security service with NSX Manager

2. A

uto

-dep

loy F

ort

iGa

te-V

MX

to

all

hosts

in s

ecurity

clu

ste

r

3. F

ort

iGa

te-V

MX

co

nn

ects

with

Fort

iGa

te-V

MX

Se

rvic

e M

an

ag

er

4. License verification and configuration

synchronization with FortiGate-VMX

5. R

edire

ction

po

licy r

ule

s u

pd

ate

d fo

r

ena

ble

me

nt o

f F

ort

iGa

te-V

MX

se

curity

se

rvic

e

6. Real-time updates of object database

7. P

olic

y s

yn

chro

niz

ation

to

all

Fort

iGa

te-V

MX

dep

loye

d in

clu

ste

r

FortiGate-VMX Service

Manager

NSX Manager

10

COMPETITIVE ADVANTAGES

Real Multi-tenancy (VDOM) 지원.

✓ 가상도메인 (VDOM)은테넌트별지원되는개별보안기능.

✓ FortiGate VDOM을기반으로한리디렉션정책은적절한세분화보장.

11

COMPETITIVE ADVANTAGESReal Multi-tenancy (VDOM) support

✓ Real Multi-tenancy (VDOM) 지원및독립적보안기능적용

✓ 포티게이트 VDOM은리디렉션정책을기반으로함.

12

NSX SECURITY GROUP DEFINITION AND USAGE

NSX Manager에서생성된서비스그룹은자동으로FortiGate-VMX로전송되어정책적용.

Exchanged Security Group을사용하여 FortiGate-VMX에서생성된정책

FortiGate-VMX NSX Manager

Web-SG

Web-SG

13

▪ FortiGate-VMX와FortiGate-VMX Service Manager는모두FortiAnalzyer로로그전송

▪ 모든트래픽로그,보안이벤트로그분석,상관관계분석,정기리포트

FORTIGATE-VMX LOGS[5.6.3] TO FORTI-ANALYZER

14

YES! SECURE

14

App

Services

DB

DMZ