Forti wifi

© Copyright Fortinet Inc. All rights reserved.

Fortinet Secure WLANLan & Wan Solutions – Excellence Partner FortinetQ1 2015

2

The Fortinet Difference

SecurityDeep Application

Inspection

SECURITY

ASIC BasedArchitecture

ASIC BasedArchitecture

PERFORMANCE INTEGRATION

Flexible Network Operating System

Multi-Platform Orchestration

MANAGEMENT

FortiGuard FortiASIC FortiOS FortiManagerFortiAnalyzer

NetworkingHigh

Performance +

Advanced Threat Protection

3

Ubiquitous Access – Unified Access Layer

Wireless Access

Wired Access

Remote Access

DIGITAL ASSET

• Content Inspection• Attack Mitigation

• User Identification• Access Control

4

Fortinet Secure WLAN Approach

Corporate Wi-Fi

Captive Portal, 802.1x—Radius /shared key

Assign users and devices to their role

Examine wireless traffic to remove threats

Apply policy to users and applications

Identify applications and destinations

Report on policy violations, application usage, destinations and PCI DSS

Ensure business traffic has priority

No additional licenses required


Access Point Overview

6

Thick vs. Thin Fortinet APs

FortiWiFi

FortiAP

INTERNET

INTERNET

Small Deployments - Up to 300 sq meters

or 3,000 sq feet

Larger Deployments - More than 300 sq

meters or 3,000 sq feet

FortiGate

7

FWF-30D/30D-POE FWF-60D/60D-POE FWF-90D/90D-POE

Thick AP ✓ ✓ ✓

Number of radios 1 1 1

IEEE 802.11 standards a/b/g/n a/b/g/n a/b/g/n

802.11n support 2x2 MIMO 2x2 MIMO 2x2 MIMO

Max client association rate 300Mbps 300Mbps 300Mbps

Max number of SSIDs 8 8 8

FortiAP Wireless controller support Yes Yes Yes

Max FortiAP (Total/ Local Bridge) 2/2 10 / 5 32 / 16

FortiWiFi Product Matrix

8

FortiAP Product Matrix

3x3:3

Dual Radio

2x2:2

Single

Radio1x1:1

Remote Outdoor Indoor

802.11ac

802.11ac

FAP-28C

FAP-14C

FAP-11C

FAP-222C

FAP-112D

FAP-24D

FAP-223C

FAP-221C

FAP-321C

FAP-320C

802.11ac

802.11ac

FAP-224D

FAP-25D

FAP-21D

802.11ac

FAP-112B

9

FortiAP – Simple and Secure

Traffic tunnels to FortiGateNo VLAN managementNo trunkingFast Layer-2 switching, no

Layer-3 roamingNo need to re-DHCP Increases security and control

CAPWAP

Controller redundancy

VLANsFortiGate 2FortiGate 1

10

FortiGate + FortiAP = Unified Access Layer

FortiGate

Wi-Fi Controller

Switch

FirewallAntivirusAntispamWAN OptimizationWeb FilteringApplication ControlIntrusion PreventionVPN

Security Management System

Unified Access Layer

Lower cost of acquisition Lower cost of ownershipImproves security provisioning

Wireless Management system

FortiAP

INTERNET

11

Wireless Controller Options for FortiAP

Every FortiGate is a wireless controller Largest range of wireless controllers in the

industry Per FortiGate, support ranges from 5 APs and

100 users up to 10,000 APs and 32,000 users

12

Single Pane of Glass Management


Wireless Features

14

Deep Application Control

Bandwidth Control Uses Layer-7 inspection Ensures business critical applications are

prioritized Ensures bandwidth allocation is fair Critical for optimization of WAN links

Fortinet Application Control Sensors Over 3,000+ Apps Identified,

16 Categories Advanced IM & P2P control Application Control

Traffic Shaping SSL Content Inspection

Client #1 Client #2

High Priority App

Priority App

Non-Priority App

Non-Priority App

Priority App

Youtube

Webex

INTERNET

FortiGate

FortiAP

15

BYOD – Device Identification and Policy

Identification Device User Application

Policies Enforcement on Device/User/App

16

Integrated WIDS

Wireless Intrusion Detection System Wi-Fi protocol & RF level attack detection Detection includes attacks & vulnerabilities:

» Weak WEP Encryption Usage» Null SSID Probes» Deauth Broadcasts» Various Management, EAP, Auth & Beacon floods

17

Rogue AP Detection & Suppression

Rogue AP Detection Determines whether an AP is indeed a Rogue device connected to

your physical wired LAN network

Rogue AP suppression ‘DeAuthentication Frames’ are sent to render unauthorized Rogue

AP’s unusable by clients

18

Secure Wireless LAN Guest Access

Temporary user provisioning and guest WLAN access Allow non-IT staff to create

Guest account via web portal Assign time quota Generate temporary password Distribute guest credentials:

Print Email SMS

Batch guest users creation option

19

Integrated Captive Portal for Authentication

HTML Customizable Captive Portal Allows users to log-in to the WLAN via a

web browser Runs directly on the FortiGate No additional licensing required! Email address for anonymous login

» Address can be captured and logged» Validates email address authenticity» Enables Business Intelligence

and marketing opportunities

20

Live Captive Portal HTML Customization

21

Headquarters

• Bridges Wi-Fi trafic to FortiAP Ethernet port

• No u-turn to HQ to access local network

• Resiliency in case of WAN failure

WAN

Internet

Remote AP with Local Bridging

22

Headquarters

• Data is encrypted

• Automatic connection to HQ

• Multiple devices can share Wi-Fi

Internet

Remote Telecommuter / Road Warrior

http://www.crunchbase.com/product/ipad

23

21

1 2

• AP Handoff• Frequency Handoff (Band Steering)• Auto TX Power Control

High Density Features

24

Automatic Radio Resource Provisioning

CH 1 CH 6CH 11

Channel Assignment Automatically assigns

non-overlapping channels

Selects channels with least noise and interference

Reduces chatter between APs

Auto TX Power Changes radio

transmission power settings automatically

25

Automatic Radio Resource Provisioning

CH 1CH 6CH 11

Channel Assignment Automatically assigns

non-overlapping channels

Selects channels with least noise and interference

Reduces chatter between APs

Auto TX Power Changes radio

transmission power settings automatically

26

Wireless Mesh

• Dynamic Multi-hop Mesh with resiliency• Point-to-point / Multipoint Bridging

27

Dynamic Multi-hop Mesh

INTERNET

28

Point-to-point / Multipoint Bridging

5Ghz (80Mhz wide) 867Mbps Max rate

2.4Ghz (40Mhz wide)300Mbps max rate

CAPWAP tunnel

INTERNET

FortiGate

29

Wireless Bridging – Security Camera Use Case

Dual Ethernet port with PoE enables bridging to IP CCTV cameras

Extend wireless reach with mesh capability

Offer guest Wi-Fi to patrons through secure captive portal

30

Centralized Wireless Management, Log Analysis and Reporting

FortiManager FortiAnalyzer

FortiManager Global Wireless Management

Centralized AP Firmware Upgrades

SSID and Radio Policy Configuration

Centralized Rogue AP Suppression

Real-time Client MonitoringFortiAnalyzer Wireless Usage Reporting

Security Log Analysis and Forensics

Wireless PCI Compliance Reporting

Branch OfficeBranch Office

Central Location

ManagementLogging

INTERNET


FortiAP Technical Specifications

32

FortiAP 11C

• 2 x GE RJ45 Interface

Hardware PerformanceTarget Environment Remote Simultaneous SSIDs 8 (7 for client access,

1 for monitoring)

Number of Antenna 1 Internal Max Transmission Power 17 dBm (50mW)

Number of Radio 1 PoE Support NIL

TX / RX Stream (802.11n) 1x1 MIMO, 150 Mbps Power Supplies Integrated AC

33

FortiAP 14C


1 for monitoring)



TX / RX Stream (802.11n) 1x1 MIMO, 150 Mbps Power Supplies Ext. AC power supply

• 1 x FE WAN Interface• 4 x FE Switch Interface

34

FortiAP 21D

Specification

Use Case FortiPresence Sensor or Travel/SOHO (USB powered)

Form Factor Small, portable

Rx / Tx 2x2

Radio 1 2.4 GHz b/g/n (up to 150 Mbps)

Radio 2 -

PoE -

Antennas 1 internal

Ethernet Ports 2 x FE RJ45

USB 2 (incl. 1 for power input)

FAP-21D

35

FortiAP 24D

Specification

Use Case Low density indoor environments

Form Factor Desktop

Rx / Tx 2x2

Radio 1 2.4/5GHz a/b/g/n (up to 300 mbps)

Radio 2 -

PoE 802.3af

Antennas 2 internal

Ethernet Ports 1x GE RJ45 PoE PD WAN4x FE RJ45 LAN

USB 1

FAP-24D

36

FortiAP 25D

Specification

Use Case Hotels/Hospitality desktops

Form Factor Small, portable powerstrip design

Rx / Tx 2x2


Radio 2 -

PoE NA

Antennas 2 internal

Ethernet Ports 1x GE RJ45 WAN4x FE RJ45 LAN

USB -

FAP-25D

37

FortiAP 28C


1 for monitoring)



TX / RX Stream (802.11n) 2x2 MIMO, 300 Mbps Power Supplies Ext. AC power supply

• 2 x GE RJ45 WAN Interface• 8 x GE RJ45 Switch Interface

38

FortiAP 112B

• 2 x FE Interface

Hardware PerformanceTarget Environment Indoor/Outdoor Simultaneous SSIDs 8(7 for client access,

1 for monitoring)


Number of Radio 1 PoE Support 802.3af

Tx / RX Stream (802.11n) 1x1 MIMO, 150 Mbps

39

FortiAP 112D

Specification

Use Case Low density outdoor environments. POE pass-through can power connected IP CCTV cameras.

Form Factor Outdoor IP55 Rated, wall or pole mount

Rx / Tx 1x1

Radio 1 2.4/5GHz a/b/g/n (up to 150 Mbps)

Radio 2 -

PoE Yes

Antennas 1 internal

Ethernet Interfaces 2x FE RJ45

USB -FAP 112D

40

FortiAP 221B


Hardware PerformanceTarget Environment Indoor Simultaneous SSIDs 8(7 for client access,

1 for monitoring)



Tx / RX Stream (802.11n) 2x2 MIMO with Dual Spatial streams, 600 Mbps Total

41

FortiAP 221C


Hardware PerformanceTarget Environment Indoor Simultaneous SSIDs 8(7 for client access,

1 for monitoring)




802.11ac

42

FortiAP 222B

Specification

Use Case High density outdoor environments


Rx / Tx 2x2


Radio 2 2.4/5GHz a/n (up to 300 Mbps)

PoE 802.3at

Antennas 4 external (N-Type)

Ethernet Interfaces 1 x GE RJ45

USB -

43

FortiAP 222C

Specification

Use Case High density outdoor environments that require 802.11ac


Rx / Tx 2x2


Radio 2 2.4/5GHz a/b/g/n/ac (up to 867 Mbps)

PoE 802.3at

Antennas 4 external (N-Type)


USB -

44

FortiAP 223B


Hardware PerformanceTarget Environment Indoor Simultaneous SSIDs 16 (14 for client access,

2 for monitoring)

Number of Antenna 4 external Max Transmission Power 17 dBm (50mW)



45

Specification

Use Case Medium density indoor environments that require external antennas.

Form Factor Smoke Detector, wall or ceiling mount

Rx / Tx 2x2


Radio 2 2.4/5GHz a/b/g/n/ac concurrent(up to 867 Mbps)

PoE 802.3af

Antennas 4 external


USB -

FortiAP 223C

FAP-223C802.11ac

46

Specification

Use Case Medium density outdoor environments

Form Factor Outdoor IP66 rated, wall or pole mount

Rx / Tx 2x2


Radio 2 5GHz a/n (up to 300 Mbps)

PoE Yes

Antennas 4 external

Ethernet Interfaces 1 x GE RJ45, 802.3af PoE

USB -

FortiAP 224D

FAP-224D

47

FortiAP 320B



2 for monitoring)



Tx / RX Stream (802.11n) 3x3 MIMO with 3 spatial streams, 900 Mbps Total

48

FortiAP 320C



2 for monitoring)



Tx / RX Stream (802.11n) 3x3 MIMO with 3 spatial streams, 1750 Mbps Total

802.11ac

49

FortiAP 321C

Specification

Use Case Medium density indoor environments

Form Factor Smoke Detector, wall or ceiling mount

Rx / Tx 3x3


Radio 2 5GHz a/n/ac (up to 1300 Mbps)

PoE Yes

Antennas 6 internal

Ethernet Interfaces 1 x GE RJ45FAP-321C802.11ac

50

FortiAntennas

FAN-612N/R

Specification

Compatible AP FAP-222B and FAP-222C

Type Point to point antenna for 5Ghz bridging with N/R connectors.

Accessories Mount Kit sold separately FAN-M22.

FAN-500N

Specification

Compatible AP FAP-222B and FAP-222C

Type Directional 120 degree outdoor panel antenna

Accessories Includes two 120cm Cables with N connector.Mount Kit sold separately FAN-22.

51

Hardware Overview – FortiAP (Indoor)

FAP-24D FAP-221B/223B*

FAP-221C/223C* FAP-320B FAP-320C FAP-321C

Use Case Low density indoor

Medium density indoor

Medium density indoor

High density, resilience

High density 802.11ac,

streaming app, resilience

Medium density 802.11ac

Form Factor Desktop

Smoke Detector, wall

or ceiling mount

Smoke Detector, wall or

ceiling mount

Wall or ceiling mount Wall or ceiling

mount

Smoke Detector, wall or

ceiling mount

Rx / Tx 2x2 2x2 2x2 3x3 3x3 3x3


2.4 GHz b/g/n (up to 300

Mbps)

2.4 GHz b/g/n(up to 300

Mbps)


Mbps)


Mbps)

2.4 GHz b/g/n(up to up to 450

Mbps)

Radio 2 -2.4/5GHz

a/b/g/n (up to 300 Mbps)

2.4/5GHz a/b/g/n/ac (up to 867

Mbps)

2.4/5GHz a/b/g/n

(up to 450 Mbps)

5GHz a/n/ac (up to 1300

Mbps)


Mbps)

PoE 802.3af 802.3af 802.3af 802.3af 802.3af 802.3af

Antennas 2 internal 4 internal4 external*

4 internal/ 4 external* 6 internal 6 internal 6 internal

Ethernet Interfaces

1x GE RJ45 WAN

4x FE RJ45 LAN1 x GE RJ45 1 x GE RJ45 2 x GE RJ45 2 x GE RJ45 1 x GE RJ45

USB 1 - - - 1 -

52

Hardware Overview – FortiAP (Outdoor)

FAP-112B FAP-112D FAP-224D FAP-222B FAP-222C

Use Case Low density outdoor

Low density outdoor, POE

pass-through for IP CCTV cameras.

Medium density outdoor

High density outdoor

High density 802.11ac outdoor

Form FactorOutdoor IP55 Rated, wall or

pole mount

Outdoor IP55 Rated, wall or

pole mount


pole mount


pole mount


pole mount

Rx / Tx 1x1 1x1 2x2 2x2 2x2

Radio 12.4 GHz b/g/n

(up to 150 Mbps)

2.4/5GHz a/b/g/n

(up to 150 Mbps)


Mbps)

2.4 GHz b/g/n(up to 300Mbps)


Mbps)

Radio 2 - -5GHz a/n(up to 300

Mbps)

5GHz a/nup to (300

Mbps)


Mbps)

PoE 802.3af 802.3af 802.3af 802.3at 802.3at

Antennas 1 internal 1 internal 4 external (RP-SMA )

4 external (N-Type)

4 external (N-Type)

Ethernet Interfaces 2x FE RJ45 2x FE RJ45 1 x GE RJ45 1 x GE RJ45 1 x GE RJ45

USB - - - - -

53

FAP-11C FAP-14C FAP-21D FAP-28C FAP-25D

Use Case Portable AP for traveller

Remote office or SOHO desktop

FortiPresence Sensor or

Travel/SOHO (USB powered)

Remote office or SOHO desktop

Hotels/Hospitality desktop

Form Factor Small, portable Desktop Small, portable Desktop Small, portablePowerstrip design

Rx / Tx 1x1 1x1 2x2 2x2 2x2


2.4 GHz b/g/n (up to 150 Mbps)

2.4 GHz b/g/n (up to 150 Mbps)

2.4/5GHz a/b/g/n (up to 300 mbps)

2.4/5GHz a/b/g/n (up to 300 mbps)

Radio 2 - - - - -

PoE NA NA NA NA NA

Antennas 1 internal 1 internal 1 internal 2 internal 2 internal

Ethernet Ports1x GE RJ45

WAN1x GE RJ45 LAN

1x FE WAN4x FE LAN 2x FE RJ45 2x GE RJ45 WAN

8x GE RJ45 LAN1x GE WAN4x FE LAN

USB 1 - 2 2 -

Hardware Overview – FortiAP (Remote)

54

Contattaci gratuitamente…

In questi anni di partnership con la casa madre, Lan & Wan Solutions ha ottenuto tutte le specializzazioni previste nei vari iter di certificazione, raggiungendo la qualifica di Partner Of Excellence.

Certified experts in Fortimail and email security

Certified experts in Fortiweb and web application firewall protection

Certified experts in FortiAp, FortiWifi and wireless security

ContactsTel. +39 049 8843198 DIGIT (5)[email protected]

www.lanewan.it

Software

Forti wifi