© Copyright Fortinet Inc. All rights reserved.

FortiCloud OverviewCloud-based Provisioning, Management and AnalyticsQ1 2015

2

Drivers for Cloud-Based Management

SIZE OF BUSINESS

NEE

D F

OR

CLO

UD

MAN

AGEM

ENT

SMALL MID-SIZED ENTERPRISE LARGE ENTERPRISE

Limited Budgets

Automated Provisioning

BYOD

Shift from CAPEX to OPEX

Acceptance of “Everything as a Service”

Easier to Manage Remotely

Linear Cost Scalability

3

Challenges with Managing Security + Wireless Infrastructure

CostsOperationsSecurity

• Control over applications, webusage, devices and users

• Upfront investment requiredfor CPE-based solutions

• WiFi guest user access and device configuration

• Provisioning devices remotely and in bulk

• Ongoing expenses due to recurring AP/user licensing

• Multiple management consoles for individual WiFi access points

• Preventing unauthorized access from rogue WiFi access points

• Consolidated visibility into illicit or actionable activity

• Security & wireless vendor interoperability

4

Introducing FortiCloud

FortiCloud

New York(Branch Office)

Las Vegas(Branch Office)

s e c u r i t y p o l i c i e sfi r m w a r e u p d a t e s

w i r e l e s s s e t t i n g sz e r o t o u c h p r o v i s i o n i n g

San Jose(Headquarters)

H o s t e d Fo r t i C l o u d M a n a g e m e n t

5

FortiCloud: Fortinet’s Solution for Hosted Management

Cloud-Based Management

Zero Touch Provisioning

Integrated Security

Reporting and Visibility

• Singular hosted console for managing wireless & security devices• Dashboards for both wireless (FortiAP) and security (FortiGate) • No setup fees; service is free of charge w/ no recurring expenses

• Simple provisioning makes initial deployment much less complex• Use included key to register a device to your FortiCloud account• Bulk deployment options for mapping many FortiAPs to FortiCloud

• Configure wireless security modes, encryption, authentication, etc.• Detection of rogue APs + WIDS facilitates PCI compliance• Offloads suspicious files to cloud sandbox for analysis

• Wireless/security log filtering and drill-down capabilities• Built-in FortiView forensics for app/web/threat usage stats• Includes pre-defined PDF reports with chart visualizations

6

FortiCloud: How It Works

Logging enabled by default(no user traffic – logs only)

All devices managed directly AP networks can be grouped

Challenge: Setting up a cost-effective, highly available logging and management infrastructure for security and wireless devices

FortiWiFis(Firewalls with Wireless)

FortiAPs can be grouped and configured as logical units

and locations

Device settings can be managed directly from the FortiCloud

hosted management console

FortiGates(Firewalls)

FortiCloud

FortiAPs(Access Points)

CONFIG

CON

FIG

CONFIG

LOG

S

LOGS

LOGS

Application and security logs are sent to FortiCloud

7

Provisioning with FortiCloud

Enterprise HQ

Branch Offices(or Retail Stores)

FortiManager

FGT-111

FGT-222

FWF-333

FWF-444

IT admin logs into FortiCloud, enters

bulk FortiCloud key and configures FortiManager IP to assign as devices come online

Deployed devices “phone home” to

FortiCloud and are assigned the specified

FortiManager IP

IT admin

FortiCloud

Now that devices are being managed, IT admin can

push firewall policies and configurations down to

FortiGates/FortiAPs directly

Challenge: Deploying security/wireless infrastructure at remote locations (with limited on-site expertise) while centrally managing configuration/reporting functions

8

Cloud-based Sandboxing with FortiCloud

Challenge: Detecting unknown malware and/or zero-day attacks & preventing them from compromising your network (ultimately culminating in data exfiltration)

FortiCloud

Enterprise HQ IT admin

FortiGuard Labs

FortiGate detects a suspicious file with an unknown payload

Copy of file is sent to FortiCloud for further

inspection and is executed in a sandboxed environment

Branch OfficeFirewall If further analysis is required,

file is sent to FortiGuard Labs for deconstruction and

signature creation

Any new FortiGate protection updates are now available to

FortiGuard subscribers worldwide

IT administrator can view FortiCloud management UI at any time for an updated

determination status

9

Hosted Management with FortiCloud

Minimize your capital investment: FortiCloud hosted management takes the worry out of deployment, log storage and on-site expertise without compromising security or ease of use

Control your wired OR wireless network simply: Single pane of glass management utilizing a SaaS model makes it painless to manage devices of any type whether they’re firewalls, access points or somewhere in between

Challenge: Upfront investments in management solutions can be costly and may only manage specific devices

10

Network Visibility with FortiCloud

Immediate network analysis: Utilizing a dashboard interface, IT administrators can get an instantaneous snapshot of the health and activity of their overall network usage

Incident management made easy: Inspect risks to your network with FortiView to assist with threat prevention and oversight of application usage

Challenge: Advanced analytics and risk analysis are typically features out of reach for smaller businesses and can be costly add-ons for larger enterprises

11

Managed Wireless with FortiCloud

Wireless at your fingertips: Quickly determine wireless health, discover access point locations and modify AP device settings with a hosted FortiCloud cloud-based interface – all with no additional fees

Challenge: Cloud managed wireless typically invokes a limited feature set for an exorbitant subscription fee per device

12

Wireless PCI Compliance with FortiCloud

Challenge: All point of sale and credit card transactions mandate strict security standards (especially using wireless), but ensuring all of the infrastructure pieces deliver on this objective can be trying

Out of the box PCI compliance: FortiCloud with FortiAP provides rogue AP detection, WIDS and scheduled reporting – all key tenets of PCI

13

FortiCloud Free vs. Subscription

Capability FortiCloud Free FortiCloud Subscription

Firewall Interoperability P PWireless AP Interoperability P PDevice Logging P PDevice Management P P

Device ProvisioningBuilt-in support,

FortiDeploy purchase required for devices

Built-in support, FortiDeploy purchase required for devices

Device Reporting PMax Storage (per Device) 1 GB 200GBDaily Limit on Log Storage(per Device) 100 MB Unlimited

Generate Reports P PSchedule Reports X PCustomize Reports X P

14

Use Case: Small Business (Security Management)

Small, boutique handcrafted jewelry business with three stores

IT infrastructure managed by contractor Previously purchased FortiGates, but

couldn’t afford upfront cost of FortiManager

Organization and Challenge

Why We Won

What They Bought

FortiCloud service filled a substantive management need and was an OPEX cost

External IT contractor just wanted a simple, consolidated management console

Potential to utilize on-premise FortiManager if fledgling business continues to grow and additional features are necessary

FortiCloud (200GB subscription), FortiGates

FortiCloud

Boutique A

External IT Contractor

Boutique B

Boutique C

15

Use Case: Distributed Enterprise (Wireless Management)

One of the top shoe retailers in the world with 4,000+ stores throughout the Americas

Retailer wished to consolidate vendor relationships and present a wireless enabled showcase which stores could replicate and roll out

Organization and Challenge

Why We Won

What They Bought

FortiCloud’s provisioning capabilities for both wired and wireless devices

Consolidated, single pane of glass management capabilities

Breadth of complementary solution set

FortiCloud (FortiDeploy), FortiAPs, FortiWiFis, FortiGates, FortiManager & FortiAnalyzer

Deployment Team

4,000+ Retail Locations

Security Operations

Team

Corporate HQ

FortiCloud

16

FortiCloud and FortiDeploy Licensing

Extending Storage with FortiCloud DevicesBundling Instructions❶ Purchase quantity of licenses equal to number of

managed devices

Example PO: Based on 3 managed FGTs

Qty SKU Description

3 FC-10-90801-131-02-12 1-year FortiCloud… (activate with reseller contract on support.fortinet.com)Note: FortiCloud licenses are only necessary when

customers want to increase their monthly storage per device from 1 GB to 200 GB/year

Bundling FortiDeploy with DevicesBundling Instructions❶ Add as many FortiGates, FortiWifis or FortiAPs to the

purchase order as needed

❷ Add the FortiDeploy SKU to the same PO

Example PO: Based on 20 FortiAPs

Qty SKU Description

20 FAP-221C-A Indoor wireless AP…

20 FC-10-P0225-311-02-DD 8x5 FortiCare Contract

1 FDP-SINGLE-USE Enables zero touch bulk provisioning…

Note: There is a nominal cost associated with FortiDeploy, so make sure that all

FortiGates/FortiWiFis/FortiAPs are on the same PO if possible

17

Comparing FortiCloud with FortiAnalyzer

Capability FortiCloud FortiAnalyzer

Per device licensing Free, subscription optional

Max device limit by models (up to 10,000)

Form factor Cloud-based SaaS Hardware or VMGranular admin access profiles Limited PSupports external authentication for admin access X P

Disk quota1GB per device with valid

FortiCare, additional storage contract allows

200GB per device

Variable; quotas can be assigned to each device

based on available storage

Advanced report configuration Yes, with subscription P

Centralized logging Real-time and batch uploads

Real-time and batch uploads

Cloud-based sandboxing P X

18

Comparing FortiCloud with FortiManager

Capability FortiCloud FortiManager

Per device licensing Free, subscription optional

Max device limit by models (up to 10,000)

Zero touch provisioning PIntegrated with FortiCloud,

but not possible via FortiManager itself

Form factor Cloud-based SaaS Hardware or VMGranular admin access profiles Limited PMulti-tenancy capabilities X PSupports external authentication for admin access X P

FortiGuard proxy (FDS) capabilities X PDevice firmware updates Limited P

Configuration management Limited, per device only Full provisioning profiles & multi-device management

Security policy management Remote access to device UI only

Integrated multi-device object library/policies

Exposed APIs for automation and customization X P

19

Contattaci gratuitamente…

In questi anni di partnership con la casa madre, Lan & Wan Solutions ha ottenuto tutte le specializzazioni previste nei vari iter di certificazione, raggiungendo la qualifica di Partner Of Excellence.

Certified experts in Fortimail and email security

Certified experts in Fortiweb and web application firewall protection

Certified experts in FortiAp, FortiWifi and wireless security

ContactsTel. +39 049 8843198 DIGIT (5)contacts@lanewan.it

www.lanewan.it