Professional Documents
Culture Documents
In this lesson, we will give an overview of Fortinet as a company, including its key competitive
advantages against other vendors.
NSE 1: Corporate Overview
This lesson is part of the NSE 1 course. Together with NSE 2 and NSE 3, completing the NSE 1
exams qualifies you to be a Fortinet Certified Sales Associate.
NSE 1: Corporate Overview
After completing this lesson, you should be able to discuss how to choose and buy FortiGate,
FortiASIC, FortiGuard and FortiCare solutions. You should also be able to discuss the advantages of
Fortinet as a company, and identify its key characteristics relative to competitors.
NSE 1: Corporate Overview
NSE 1: Corporate Overview
5
NSE 1: Corporate Overview
New threats require deep coverage. As new threats have arrived, customers have deployed point
solutions in response. For example, when intrusions and worms came about, IPS systems were
deployed, viruses and malware led to antivirus and antimalware, spam and botnets led to antispam,
malicious sites led to web filtering, malicious apps led to application control. And then more recently,
advanced targeted attacks led to advanced threat protection systems. Security vendors fall into two
major categories. There are infrastructure vendors who provide better performance and networking,
but work at the lower levels of the application stack, OSI Layer 3 and 4. And then the software
vendors will focus on maybe a deeper application inspection, but then fall foul of the performance
parameters needed inside a network. What Fortinet brings is the combination of both. It has very high
speed networking capabilities through ASICs, but also has a deep look inside the content and is able
to compare to its threat intelligence systems, FortiGuard. Fortinet provides the intersection of security
and networking.
NSE 1: Corporate Overview
Enterprises need a new security strategy. Daily news reports on data breaches prove old standard
approaches are too limited for today’s security challenge. One major issue is too many point
solutions. Too many different security vendors whose products do not communicate with one another
means that the time to detect is very high. You need a seamless security approach across the entire
network, where each of the solutions can talk to each other. Another issue is too much compromise
when deploying. Because some security solutions slow down the network, causing bottlenecks,
sometimes companies do not deploy the full portfolio of security applications. You need a powerful
security solution that provides deep visibility and control while not slowing down the network. Lastly,
there is too much focus on the edge. Enterprises over the last five to ten years have really focused on
the perimeter, the edge, on stopping things from getting in. Because that’s changed now, enterprises
need to look inside as well. They need an intelligent security solution that works beyond the border.
NSE 1: Corporate Overview
What should the new strategy be? There are three rules.
NSE 1: Corporate Overview
In a particular situation in the network, there are often many different vendors providing not only the
networking but also the basic security. Vendor A may be providing routing and WAN capability.
There may be a security vendor providing firewall and VPN. There may be an infrastructure vendor
providing switching. There may be a completely different vendor providing a Wi-Fi controller and
access. Not only that, each one of these solutions has their own management console.
NSE 1: Corporate Overview
Once you go beyond the basic security to provide advanced security, it becomes even more
complex. Maybe you’re providing security against advanced threats, IPS and app control, Wi-Fi
security, web gateways, cloud security, antivirus type scanning… Again, all of these solutions have
their own management consoles, and often do not talk to one another.
NSE 1: Corporate Overview
The third type of complexity is when multiple firewall vendors are deployed across the network,
leading to a fragmented security policy. Maybe Vendor A is a next-generation firewall (NGFW),
maybe Vendor B is a UTM at a branch, Vendor C is a high-speed data center firewall, Vendor D is in
the core of the network, providing segmentation, Vendor E is a virtual machine inside a data center’s
East-West flow, and there may even be a separate cloud vendor. The issue with using different
vendors for all of these situations is that a single policy that you want to push out must be translated
to each vendor, making it very complex and very slow.
NSE 1: Corporate Overview
The key is a single enterprise firewall across the entire end-to-end network, providing different
personalities and security capabilities. If the same vendor can be used for branch, for campus, for
core, for data center, for cloud and for carrier, with a range of security capabilities, then the ability to
deploy a policy across there rapidly to defend the network increases dramatically. This is what
Fortinet provides with its FortiGate, FortiOS, and FortiASIC range of capabilities.
NSE 1: Corporate Overview
NSE 1: Corporate Overview
The attack surface for today’s companies has increased dramatically. Connections to the cloud (both
infrastructure and software as a service, local connectivity at branch offices, wide area connectivity,
different endpoint devices whether Internet of Things (IoT) or point of sale (PoS), and wireless
connectivity has expanded the attack surface that a company has to deal with, allowing threats more
opportunity to get inside of the company.
NSE 1: Corporate Overview
Fortinet delivers intelligent security inside, at the edge, and outside the network. These days, the
internal network needs to be segmented: network segmentation using internal segmentation firewalls
both in the corporate network, the core network, campus, the wide area network (WAN), the data
center, including East-West and SDN orchestration, and of course the cloud.
NSE 1: Corporate Overview
NSE 1: Corporate Overview
The bandwidth that networks use is ever-increasing. Video, carrier-grade NAT, SSL inspection, deep
packet inspection: these are all critical security controls that need to be applied to the network. But if
you use the wrong platform, this causes severe performance bottlenecks.
NSE 1: Corporate Overview
Most firewalls today are built on a CPU architecture. That is, all of the policy management, packet
processing and deep inspection has to be done by that CPU or multiple CPUs. This causes a slowing
down of the throughput because that CPU has to perform multiple tasks at different levels. Fortinet’s
architecture consists of a CPU plus content processor (CP) plus network processor (NP). Certain
tasks that use deep packet inspection use the CPU, the network processor, and most importantly the
content processor to accelerate. Certain types of traffic will go through the network processor and
CPU, and other types of traffic will just pass through the packet processor. This optimum path
processing allows throughputs far in excess of a CPU only. The graph on the right, for example,
shows firewall throughput at 30 gigabits per second with NP processing compared to less than 2
gigabits per second with a CPU. The same is true for encrypted traffic like IPsec VPN: 30 gigabits per
second with NP processing drops to 7 gigabits per second if processed by a CPU.
NSE 1: Corporate Overview
The cybersecurity platform from Fortinet provides coverage from client to access to network to
applications to cloud, synchronized by FortiOS and updated by the security services framework from
FortiGuard. Each one of these areas has a full product portfolio: for endpoint devices, access
devices, network devices, application and data center devices, as well as cloud, which all work
together to provide the best protection.
NSE 1: Corporate Overview
NSE 1: Corporate Overview
In terms of network security appliance shipments, according to IDC, in 2014, Fortinet shipped almost
400,000 network security appliances, making that almost twice as many as our nearest competitor,
Cisco, three times as many as Check Point, and almost 10 times as many as Palo Alto Networks and
Juniper. These are not all small systems or entry-level systems. In fact, as Infonetics Research lists
us as the second largest market share vendor in the data center, and we’re catching up to Cisco
rapidly. So not only do we ship the most network security appliances, we also ship the most
advanced and high-performance network security appliances.
NSE 1: Corporate Overview
Fortinet’s global infrastructure is built to support global enterprises and businesses worldwide.
Fortinet’s corporate headquarters is in Sunnyvale, California, which also houses a development
center. The largest development center is in Burnaby, Canada, but there is also a wireless and Wi-Fi
development center in India, with over 100 offices worldwide providing sales support and technical
support. Fortinet has also built out an expansive FortiGuard Delivery Network (FDN), which provides
updates to customers’ systems on a 24 x 7 basis.
NSE 1: Corporate Overview
Fortinet aggressively certifies its products in all the major, independent certification organizations.
Fortinet aggressively tests and validates its solutions via truly independent, 3rd party testers like NSS
Labs. We do not engage in “pay for play” test reports like our competitors do (such as Tolly,
Miercom, etc., where the network security vendor pays them to run the test and write a report, and
suspiciously the sponsor’s network security product always looks good). No other network security
vendor achieves such a large set of successful certifications and “recommended” validations.
Some analysts might speak highly of some of our competitors, but when you actually plug the
products in and test them in real-life scenarios, Fortinet shines while the competition often fails. Our
competition often fails to live up to their own datasheet performance and effectiveness claims, while
Fortinet meets or exceeds its claims.
It is a part of Fortinet’s culture and a founding principle of the company to build great products and
certify, validate, and test them rigorously to prove their value.
NSE 1: Corporate Overview
NSS Labs validates our advantage. NSS Labs tests different deployment modes of gateway firewalls
and web application firewalls. The security value matrix looks at price-performance and security
effectiveness. These three examples for next-generation firewall, next-generation IPS, and breach
detection show that Fortinet solutions fit in the “recommended” quadrant. This means that they are
providing some of the best price-performance, and at the same time the best effectiveness.
NSE 1: Corporate Overview
FortiGate is a custom ASIC-based, scalable network security platform. FortiGate ranges from entry
level (two-digit model numbers) and mid-range (three-digit model numbers) to high-end (four-digit
models) and virtual appliances. Each one of these different levels and ranges comes with a different
combination of ASIC chips and CPUs to provide the required performance. For example, entry-level
models often applying UTM have system-on-a-chip (SoC) – a combination of CPU with CP and NP
on an energy-efficient single chip. Mid-range uses CPU and a single network processor (NP) and
content processor (CP), whereas higher-end systems use multiple network processors, content
processors, and CPUs.
FortiOS is common across all the appliances and virtual machines. FortiOS is configured for different
personalities depending on where the FortiGate appliance is deployed in the network. The
personalities include unified threat management (UTM), internal segmentation firewall (ISFW), next-
generation firewall (NGFW) and next-generation IPS (NGIPS), data center firewall (DCFW), carrier
class firewall (CCFW), cloud firewall (CFW) and virtual machine firewall (VMFW).
NSE 1: Corporate Overview
1. Decide on your form factor and deployment mode: the number of ports, port speed, and throughput
and location.
2. Select support. FortiCare coverage can be 8 hours a day, 5 days per week, or 24 x7. There are
also professional services.
3. Add subscription services from FortiGuard. These can be individual à la carte services, the UTM
bundle, or the new enterprise bundle. Decide on FortiCare support level for each service.
4. Finally, decide on the term for the contract: 1 year, 2 years, 3 years, 4 years, or 5 years.
NSE 1: Corporate Overview
Fortinet provides a broad range of complementary technologies beyond FortiGate. When you’re
ready to extend and deepen your security to specialized applications and devices, Fortinet’s portfolio
can grow with your security needs.
NSE 1: Corporate Overview
Fortinet’s global service and support team, FortiCare, offers 8 hour per day, 5 day per week
enhanced support, as well as 24-hour, 7 day per week comprehensive support. Premium service is
available with:
• Assigned TAM
• Enhanced SLA
• Extended software support
• Priority escalation
• Onsite visits
It can be global or regional.
Become a Fortinet network security expert with the Network Security Expert program, NSE.
Validate your security experience, demonstrate value to your customers, and accelerate sales
through technical knowledge. NSE has 8 levels.
NSE 1-3 are for sales associates. NSE 4-8 are for technical staff.
NSE 1 is open to the public and provides a general understanding of network security.
NSE 2 is focused on FortiGate gateway solutions.
NSE 3 is focused on Fortinet’s advanced security solutions.
NSE 4 is for technical understanding and configuration of FortiGate.
NSE 5 is for technical understanding and configuration of FortiManager and FortiAnalyzer.
NSE 6 is for technical training on our advanced technologies.
NSE 7 is to provide troubleshooting.
NSE 8 is the expert level, validated by both a written and practical exam.
NSE 1: Corporate Overview
To review, in this lesson, we discussed why Fortinet solutions win, and what makes Fortinet unique
as a company.
To prepare for this lesson’s quiz, make sure that you’ve learned the key points listed here.
NSE 1: Corporate Overview