解决方案

Next Generation Firewalls (NGFW)

 

Next Generation Firewall technologies from Fortinet offer integrated, high-performance protection against today's wide range range of advanced threats targeting your applications, data, and users. In today’s environment, businesses are realizing that traditional enterprise network security solutions such as firewalls, intrusion detection systems and host-based antivirus are no longer adequate to protect against new, sophisticated attacks. In order to defend networks against the latest threats, NGFWs should include, at a minimum, an integrated intrusion prevention system (IPS) with deep packet scanning, the ability to identify and control applications running over a network, and the ability to verify a user’s identity and enforce access policies accordingly.

 


Application Control

Traditional firewall protection detects and restricts applications by port, protocol and server IP address, and cannot detect malicious content or abnormal behavior in many web-based applications. Next generation firewall technology from Fortinet with Application Control allows you to identify and control applications on networks and endpoints regardless of port, protocol, and IP address used. It gives you unmatched visibility and control over application traffic, even unknown applications from unknown sources and inspects encrypted application traffic. Protocol decoders normalize and discover traffic from applications attempting to evade detection via obfuscation techniques. Following identification and decryption, application traffic is either blocked, or allowed and scanned for malicious payloads. In addition, application control protocol decoders detect and decrypt tunneled IPsec VPN and SSL VPN traffic prior to inspection, ensuring total network visibility. Application control even decrypts and inspects traffic using encrypted communications protocols, such as HTTPS, POP3S, SMTPS and IMAPS.

 


Integrated Intrusion Prevention System (IPS)

Fortinet IPS offers a wide range of features that can be used to monitor and block malicious network activity including; predefined and custom signatures, protocol decoders, out-of-band mode (or one-arm IPS mode), packet logging, and IPS sensors. Backed by automatic, real-time updates delivered by FortiGuard Global Threat Research Team, FortiGate NGFW technology leverages a database of thousands of unique attack signatures as well as anomaly-based detection techniques that enables the system to stop attacks that might evade conventional firewall defenses and recognize threats for which no signature has yet been developed.

 


User Identification

When a user attempts to access network resources, Fortinet Next Generation Firewalls will identify the user from a list of names, IP addresses and Active Directory group memberships that it maintains locally. The connection request will be allowed only if the user belongs to one of the permitted user groups, and the assigned firewall policy will be applied to all traffic to and from that user.

Related Products

FortiGate® Network Security Platform
FortiAnalyzer Centralized Network Security Reporting
FortiManager Centralized Security Management

如何购买

免费电话 4006005255(中国)

FortiPlanner 规划工具

下载FortiPlanner工具评估和规划安全的Wi-Fi部署专为您的网络。

下载 FortiExplorer

下载 FortiExplorer 看到它是多么容易的设置和配置FortiGate和FortiWiFi产品平台的。