WIXLIB

Cloud/MSSP

Agenda-Fortigate OverviewFortigate via Fortigate Cloud – MSSP 1.0Fortinet MSSP 2.0 – Gestione avanzataOverview Forticlient MSSP ReadyQ&A – Tutte le domande verranno raccolte e le risposte saranno inviate via mail.

FortiGate – Redefines Next Generation FirewallStandaloneFortiGate Next Generation FirewallsFirewall/VPNAdvanced Threat DetectionIntrusionPreventionThreat PreventionNGFWWeb ProxyAntivirusWeb-Filter FirewallVPN AppControl IntrusionPrevention AntiMalware URL Filtering SandboxingSand-boxSSL InspectionPurpose-built Security Processor delivers best performanceSSL Inspection

FortiSASE VisionCloud-native Security for all Access Edges

From Partner / MSP to MSSPMSS 1.0Aspiring MSSP Shifting to Services Service Creation OpEx Programs-HWaaSFortiCloud Multi-tenantMSSPMSS 2.0Outsourced SOC Limited in-house SOCexpertise Outsources to SOCAuthorized Partner Prep for in-house SOC FortiVet program to buildSOC hiring pipeline FMGaaS Central MgtMSS 3.0Mature MSSP FSM-MSSP and FMG forin-house SOC NSE and NIST/GIAC SOCtraining to grow internalexpertise Expands 8x5 NOC to 24x7SOC FortiVet program to buildSOC analyst benchstrengthMSS 4.0Visionary MSSP Selling business outcomes DevOps team buildout SOAR process to automate,improve response times Threat Lifecycle Services Orchestration for cloudworkloads AI for baselining, threathunting and big data searchparties Playbooks for securityautomation

MSSP Management Reporting TechnologyMSSP 1.0Aspiring MSSP Fortinet Stack FortiGate FortiAP FortiSwitch Cloud Management Limited ReportingMSSPMSSP 2.0Fortinet Fabric MSSP Fortinet Stack FortiGate FortiAP FortiSwitch FortiExtender FortiSandbox Cloud or FortiManagerManaged FortiAnalyzer Security Fabric IntegratedMSSP 3.0Full MSSP Fortinet and 3rd Partyproducts supported Full Fortinet Stack Cloud or FortiManagerManaged FortiAnalyzer for securityfabric FortiSIEM for threatanalytics and responseMSSP 4.0Visionary MSSP Fortinet and 3rd Partyproducts supported Full Fortinet Stack Cloud or FortiManagerManaged FortiAnalyzer for securityfabric FortiSIEM for threat analyticsand response Integration of SOARtechnologies Advanced fabric integrations Niche solutions likeFortiDeceptor

MSSP 1.0FortiGate Cloud Multi-Tenant

What is FortiGate Cloud? Cloud-Based Management as a Service (MaaS)Launched 2007 OverDevices under managementData Centers in NA, EMEA, AsiaDesigned with the MSP / MSSP in mindProvides: Automated Deployment Templates Zero-Touch Deployment Monitoring Logging & ReportingLog Storage &AnalysisFortiDeploy300,000FortiGate CloudFortiGatesMultisiteFortiGate Managed Switches and APsSingle site

FortiGate Cloud – One of a Suite of Cloud Management ServicesInfrastructure Cloud ExtenderFortiClientFortiSwitchFortiAP

FortiGate Managed Switches and APs With FortiGate Cloud you can nowmanage your Switches and APs just asyou can through the FortiGateConsole! This makes deployment of your entireinfrastructure – from firewall to APsimple On web based interface for your coreinfrastructure and all your securityneeds

Get an Accounthttps://support.fortinet.com

Click on FortiGate Cloud!

Single FortiGate DeploymentMake all the connections and plug in theFortiGateEither: Scan the QR code in FortiExplorer App Or enter the FortiCloud Key into FortiGateCloud Now simply configure through FortiGateCloud and Done!

FortiDeploy A Mass deployment tool using a single FortiCloud KeyCustomer Purchases FortiDeploy with SKU:FDP-SINGLE-USEBuy SKU for every PO that requires bulk registrationNominal 100 fee/PO

True Zero Touch DeploymentTemplates for mass deploymentCreate a template then: Deploy it Deploy FOS Version Choose FortiGate CloudAccount/Sub-Account todeploy it to.

Multitenancy Management of your entire deploymentFortiGate Cloud Easier than ever to offer serviceson FortiGate Cloud platform Cloud-supported capabilities: Multitenancy Mass Deployment Ideal for MSP, small MSSP Rapid drill down into eachcustomer and their deployedassets

SD-WAN Configuration and ManagementSD-WAN can be configured intwo ways: By Pre-configuration of atemplate and as part ofZTD By going into themanagement interface of adeployed FortiGate andturning on SD-WAN

FortiSandbox CloudWith a subscription to FortiSandboxCloud with each FortiGate you get: Protection from Zero day / Zerohour malwareFull analysis and reportingavailableSubscription for each FortiGaterequiredFull analysis and reportingavailableOn Demand file upload andscanning

ReportingRun customizable* reports on demand or schedule exports*With Subscription

ReportsComplete PDF reports base on timeframe available 7 days without subscription Up to 1 year with

FortiGate Cloud Subscription DetailsFor FreeIncluded Features FortiGate CloudManagement: Traffic & ApplicationVisibility 7 Days Hosted LogRetention Cloud Provisioning Predefined Reports Configuration Visibility Zero touch deploymentIncluded Features on FortiCloudSandbox Daily File SubmissionLimit Of 100 Detailed File Analysis Included Features on IOC Threat Alerts Threat Detail ReportsSubscription AdditionsExtra Subscription FeaturesFortiGate Cloud Management: 1 Year Hosted LogRetention CustomizableReports Customizable dataretention Full configurationmanagementExtra Subscription Featureson FortiCloudSandbox Daily File Submission Limit of up144,000 files (dependent on model) FortiCloudSandbox databasesubscription Extra Subscription Featureson IOC Infected Device Details White Lists Email Notification UTM Log

FortiGate MSSP SubscriptionFortigate Cloud / FortiAP Cloud – Multitenancy AccountSKU : FCLE-10-FCLD0-161-02-DD1 Year FortiGate Cloud or FortiAP Cloud Multi Tenancyservice for a Managed Service Provider (MSP) to be ableto create and manage multiple SubAccounts.

MSSP 2.0Fabric IntegrationFortManager FortiAnalyzer

FortiAnalyzer provides powerful integrated network visibility to rapidlypinpoint problems Analytics with FortiView, Reports and text Allows IT administrators to quickly identifyand respond to network security threatsacross the network Available in Appliance, Virtual Machine andCloud formatFortiAnalyzer FortiAnalyzer offers complete and deepvisibility, situation awareness, real-timethreat intelligence and actionable analyticsfor Fortinet’s Security Fabric

FabricManagementCenterFortinet SecurityFabricNetworkAccessOpen FabricEcosystemBroadvisibility of the entire digital attacksurface to better manage WSD-WANsolution that reduces the complexity ofsupporting multiple point productsAutomatedworkflows to increase speedof operations and responseEndpointApplicationsSecurityOperations

Security Fabric I Topology Aware Fabric Logging» Logs of a SF cluster stored together» Fabric data exchange Topology Learning» Sync’d from root to FAZ» Dedicated FGT FAZ connection» Logging & Device topology Collector/Analyzer» Topology info sync’d

Security Fabric I Endpoint Telemetry Fabric Agent» All endpoint data logged» Events» Vulnerabilities Additional Visibility» Enriched View & Reports» Contextual identity»»»»UserTimeLocationType of device

Security Fabric I Fabric Score Widgets Current Score» Rely on the audits on the FGTs» Audit logs sent to Analyzer Historical Trend» How is my score over the time?» What needs to be fixed? Fabric Members» Where is it in the topology tree?» How many alerts?

NOC/SOC I Dashboard Example

FortiManager offers single pane of glass with common GUI for unified management Unified Management with common GUI to manageFortiGate, Endpoint, Access Points, Switching, and moreFortiManagerFortiAnalyzer Upgrades to VPN Manager (Topology View), FortiView,Event Management and Reporting.FortiGuard Available in Appliance, Virtual Machine and Cloudformat Reduce complexity and # of skilled personnel requiredDeviceManagerVPN nagerLog ViewFortiClientManagerEvent ManagementReports FortiManager offers single pane of glass of all yourFortinet devices, allowing you to have full control ofyour network and reduced attack surface with Fortinet’sSecurity Fabric

NOC/SOC Dashboard in provides centralized monitoring and awareness of thethreats, events and network activity Google Map for FortiAP Display AP location Search/Filter/Monitor APs Firmware/profile update etc Google Map for VPN VPN topology Gateway status Traffic load

More I API Automation & Integration New APIs» Log View/FortiView» Reports» Event Mgmt. FNDN Toolkits» Easy to access» Easy to use» https://fndn.fortinet.netDEMO

MSSP Management Reporting Technology - RecupMSSP 1.0MSSP 2.0MSSP 3.0Full MSSP Fortinet and 3rd Partyproducts supported Full Fortinet Stack Cloud or FortiManagerManaged FortiAnalyzer for securityfabric FortiSIEM for threatanalytics and responseMSSPMSSP 4.0Visionary MSSP Fortinet and 3rd Partyproducts supported Full Fortinet Stack Cloud or FortiManagerManaged FortiAnalyzer for securityfabric FortiSIEM for threat analyticsand response Integration of SOARtechnologies Advanced fabric integrations Niche solutions likeFortiDeceptor

Forticlient EMS – Multi-Tenancy

Feature OverviewAll configuration based on "per-domain" / “per-customer” basis similar to our FortiGate"VDOM" functionality to logically separate all data/configuration. EMS will use virtuallyseparated based on "Sites” (tenants). When multi-tenancy is turned on then we will have a default site (like "root") thatcannot be deleted. An existing config will be migrated to “default”. By default multi-tenancy will be disabled. When enabled by Admin, all endpoints willbe put in default site called "default". Connected Endpoints are mapped to “default”site. Each site is totally separate and no data is shared or viewed between them. Maximum 500 sites are supported by EMS. License should be for whole of EMS and “pools” of seats are assigned to each site. No dedicated Multi-Tenancy license needed.

Multi-Tenancy architectureGlobal AdminSite AdminGlobalSettingsFortiEMSTCP443Site AdminSite AdminTCP443TCP443TCP443TCP443FQDN TCP8013DefaultPer Site Profiles & PoliciesPer Site LDAP serverPer Site Admins / DashboardsPer Site Zero Trust TagsPer Site Feature SelectionSite AdminFQDN TCP8013SiteAFQDN TCP8013SiteBFGT / FCTFGT / FCTFGT / FCTFQDN TCP8013SiteCFGT / 389TCP636LDAPLDAP

Use case - MSSPCustomer A (FQDN)Customer B (FQDN)Customer C (FQDN)InternetGlobal license handlingGlobal default settingGlobal Alerts and SMTPGlobal database backup/restoreMSSP PartnerEMS Multi-TenancyPer Site Profiles & PoliciesPer Site LDAP/MSAD serverPer Site Admins / DashboardsPer Site Feature SelectionPer Site Zero Trust Tags

Use case – Customer with multiple subsidiariesBranch A (FQDN)Branch B (FQDN)Branch C (FQDN)InternetGlobal license handlingGlobal default settingGlobal Alerts and SMTPGlobal database backup/restoreHeadquarterEMS Multi-TenancyPer Site Profiles & PoliciesPer Site LDAP/MSAD serverPer Site Admins / DashboardsPer Site Feature SelectionPer Site Zero Trust Tags

Feature Overview

Global Configuration EMS Server configuration (listening port, upload server certificate, etc.)Default Admin will have access to All sitesEMS firmware upgrades & SQL server related configurationAdding Super Admins that can have access to multiple "sites"Remote server / system information & license dashboardDatabase backup/restoreLicense management Admin should be able to distribute license to "sites". Example: EMS applied 500 license to EMS instance then from global super admin can assign 100 licenseto "Site A" and 200 to "site B" and 300 to "Site C". FortiGuard settings

Global Configuration

Per-Site (tenant) configuration Dashboards License dashboard only showing (read-only) the licenses assigned to this "site" and usage. License cannot be applied/updated here. Local site adminEndpoint groups / policies / profiles / compliance rulesE-Mail alert settings / LDAP Remote servers