Vpn
13
© Copyright Fortinet Inc. All rights reserved. Inside FortiOS VPN Versione 5.2.4 – Mar 2015 Lan & Wan Solutions – Soluzioni Informatiche per Reti Locali e Geografiche
-
Upload
lan-wan-solutions -
Category
Software
-
view
254 -
download
1
Transcript of Vpn
© Copyright Fortinet Inc. All rights reserved.
Inside FortiOS VPNVersione 5.2.4 – Mar 2015Lan & Wan Solutions – Soluzioni Informatiche per Reti Locali e Geografiche
2
FortiOS Features
3
FortiOS 5.2 Feature Set
ATP OSS Support AAA Central Mgmt. Integrations
Configuration Visibility Log & Report Diagnostics Management
Anti-Malware IPS Application Control
WebFiltering Email Filtering
Firewall VPN DLP User & Device Identity SSL inspection Security Functions
Wireless Controller
Switch Controller
Endpoint Manager Token Server Vulnerability
Scanner Extensions
:::::::::: Virtual Domains :::::::::: Virtual SystemsRouting NAT/CGN WAN Link / Server LB Wan Optimization
Network FunctionsL2/Switching IPv6 QoS High Availability
NAT/Route Transparent Sniffer Operating Modes
LAN WiFi WAN Network Interface
Physical Appliance (+ASICS) Hypervisor Cloud Platform
* Features may varied by models
4
Overview VPN
IPSEC VPN Standard Based Protocol Support Policy and route based configurations Hub-and-Spoke, mesh VPN
architectures Redundant tunnels Spilt Tunneling Remote VPN with FortiClient VPN Wizard
SSL VPN Web and Tunnel Mode Customizable Portal with bookmarks Virtual Desktop & Host Check
Other VPN Features L2TP (Microsoft) & GRE Hardware Acceleration*
No Additional Licenses required Integrates with UTM functions
protects Internal resources against remote traffic
SSL VPN Portal
*applicable to supported models
V5.2
5
Wizard
Step-by-step Guided IPSEC configurations
» Custom defined» Predefined Templates
Covers authentication & Network settings
» No need to create separate phase1 objects for different user groups as authorization is handled by Firewall policy
IPSEC VPN
V5.2
6
Web Application Mode
• Support via Java Applets
• Limited application support: HTTP/HTTPS, FTP, SMB/CIFS, TELNET, SSH, VNC, RDP, Citrix
• Ease of use
Access Modes
Tunnel Mode
• Support via SSL VPN Client, requires download & install
• Unlimited L3 application support
SSL VPN
Port Forward Mode
• Support via Java Applets
• Extends applications supported by web application mode
• Does not need admin privilege to install and run
7
SSL VPN Portal
Customized header, logo, themes and page layout
Customized Widgets
Tunnel Mode Widget
SSL VPN
Web Mode bookmarks
Session Stats and status
8
SSL VPN Portal
User group based portal access
Ability for MSP to create and set different portal access without using VDOMs» URL path (i.e. suffix to bind to), Max concurrent users, Custom login page
Custom login profile selection on per SSL VPN usergroup policy
SSL VPN
https://sslvpn/customerA/ https://sslvpn/customerB/
9
Virtual Desktop
CLI Command Available for Windows terminals only
SSL VPN
Application Control:• Controls which applications
users can run on their virtual desktop.
• By creating a list of either allowed or blocked applications which you then select when you configure the virtual desktop.
• Application Definitions is by MD5 Signatures
Host Check:• Enforces the client’s use of
antivirus or firewall software, • Offers predefined list which can be
edited• Customized applications can be
added with globally unique identifier (GUID)
• Windows patch check (on CLI only) allows admin to define the minimum Windows version and patch level allowed» Supports Windows 2000, XP,
Vista & 7
File Access:• Completely isolates the SSL VPN
session from the client computer’s desktop environment
• All data is encrypted, including • cached user credentials• browser history• cookies• temporary files and user files
created during the session. • When the SSL VPN session ends
normally, the files are deleted.
10
Single Sign-on
Available on Admin defined Web-Mode HTTP/HTTPS bookmarks
Allow user to log into the SSL VPN without having to enter any more credentials to visit preconfigured website
2 Modes:» Automatic - Use user’s SSL
VPN credentials for login» Static - Fill in the login
credentials as defined by specified field name
SSL VPN
11
Overview SSL Offloading & Inspection
SSL Offloading SSL Offloading for WANOPT & reverse
web caching SSL Offloading for SLB
SSL Inspection Facilitate UTM on SSL encrypted
applications “SSL Cert Inspection” and “Full SSL
Inspection” modes
Intercept and proxy SSL encrypted Traffic for UTM for more security
SSL offloading from web servers to economical secure web access offering
SSL Inspection Option
V5.2
12
Overview
SSL Inspection Exemptions Allows admin to build exclusion list using
» Web Categories with defaults» (Destination) Address Object - FQDN or IP addresses
Applicable to both “SSL Cert Inspection” and “Full SSL Inspection” modes
SSL Offloading & Inspection
V5.2
13
Contattaci Gratuitamente …
Certified experts in Fortimail and email security
Certified experts in Fortiweb and web application firewall protection
Certified experts in FortiAp, FortiWifi and wireless security
CONTACTSTel. +39 049 8843198 DIGIT (5)[email protected]
www.lanewan.it
In questi anni di partnership con la casa madre, Lan & Wan Solutions ha ottenuto tutte le specializzazioni previste nei vari iter di certifica-zione, raggiungendo la qualifica di Partner Of Excellence.
