FortiGate 600D Next Generation Firewall Internal .

7m ago
4 Views
0 Downloads
1.73 MB
6 Pages
Last View : 27d ago
Last Download : n/a
Upload by : Albert Barnett
Transcription

FortiGate 600DNext Generation FirewallInternal Segmentation FirewallThe FortiGate 600D delivers next generation firewall capabilities for mid-sized to large enterprises, withthe flexibility to be deployed at the campus or data center edge and internal segments. Protects againstcyber threats with security processor powered high performance, security efficacy and deep visibility.Security§§ Protects against known exploits, malware and maliciouswebsites using continuous threat intelligence provided byFortiGuard Labs security services§§ Identify thousands of applications including cloud applicationsfor deep inspection into network traffic§§ Protects against unknown attacks using dynamic analysis andprovides automated mitigation to stop targeted attacksPerformance§§ Delivers industry’s best threat protection performance andultra-low latency using purpose-built security processor(SPU) technology§§ Provides industry-leading performance and protection for SSLencrypted trafficCertification§§ Independently tested and validated best security effectivenessand performance§§ Received unparalleled third-party certifications from NSS Labs,ICSA, Virus Bulletin and AV ComparativesNetworking§§ Delivers extensive routing, switching, wireless controller andhigh performance IPsec VPN capabilities to consolidatenetworking and security functionality§§ Enables flexible deployment such as Next Generation Firewalland Internal Segmentation FirewallManagement§§ Single Pane of Glass with Network Operations Center (NOC)view provides 360 visibility to identify issues quicklyand intuitively§§ Predefined compliance checklist analyzes the deployment andhighlights best practices to improve overall security postureSecurity Fabric§§ Enables Fortinet and Fabric-ready partners’products to collaboratively integrate andprovide end-to-end security across the entireattack surface§§ Automatically builds Network Topologyvisualizations which discover IoT devices and provide completevisibility into Fortinet and Fabric-ready partner productsFirewallIPSNGFWThreat ProtectionInterfaces36 Gbps4 Gbps3.8 Gbps3 GbpsMultiple GE RJ45, GE SFP and 10 GE SFP SlotsRefer to specification table for detailsDATA SHEET

FortiGate 600D DEPLOYMENTN ext GenerationFirewall (NGFW)I nternal SegmentationFirewall (ISFW)§§ Combines threat prevention security capabilities into single highperformance network security appliance§§ Segmentation solution for end-to-end protection against threatswhile meeting compliance requirements§§ Reduces complexity by creating campus topology viewand providing granular visibility of devices, users and§§ High port density and accelerated traffic processing capacity, toprotect multiple segments without compromising performance.threat information§§ Deploy transparently and rapidly into existing environments with§§ Identify and stop threats with powerful intrusion preventionminimal disruptionbeyond port and protocol that examines the actual content ofyour network traffic§§ Delivers industry’s highest SSL inspection performance usingindustry-mandated ciphers§§ Proactively detect malicious unknown threats using integratedcloud-based sandbox serviceFortiSandboxAdvanced ortiAnalyzerLogging, Analysis,ReportingFortiGateNGFWFortiAPSecure FortiClientEndpoint ProtectionFortiGate 600D deployment in campus(NGFW, ISFW)2www.fortinet.com

FortiGate 600D HARDWAREFortiGate 600DMGMT 1FortiGate 600DCONSOLE13597111315USB17MGMT es1.2.3.4.Console Port2x USB Ports2x GE RJ45 Management Ports8x GE SFP Slots5. 8x GE RJ45 Ports6. 2x 10 GE SFP Slots7. FRPS ConnectorNetwork ProcessorPowered by SPU§§ Custom SPU processors deliver thepower you need to detect maliciouscontent at multi-Gigabit speeds§§ Other security technologies cannot protect againsttoday’s wide range of content- and connection-basedthreats because they rely on general-purpose CPUs,Fortinet’s new, breakthrough SPU NP6 network processor worksinline with FortiOS functions delivering:§§ Superior firewall performance for IPv4/IPv6, SCTP and multicasttraffic with ultra-low latency down to 2 microseconds§§ VPN, CAPWAP and IP tunnel acceleration§§ Anomaly-based intrusion prevention, checksum offload andpacket defragmentation§§ Traffic shaping and priority queuingcausing a dangerous performance gap§§ SPU processors provide the performance neededto block emerging threats, meet rigorous third-partycertifications, and ensure that your network securitysolution does not become a network bottleneckContent ProcessorThe SPU CP8 content processor works outside of the direct flow oftraffic, providing high-speed cryptography and content inspectionservices including:§§ Signature-based content inspection acceleration§§ Encryption and decryption offloading10 GE ConnectivityHigh speed connectivity is essential for network securitysegmentation. The FortiGate 600D provides 10 GE slots thatsimplify network designs without relying on additional devices tobridge desired connectivity.3

FortiGate 600D FORTINET SECURITY FABRICFortiManagerFortiAnalyzerFortiSIEMSecurity FabricThe Security Fabric allows security to dynamically expand andPartner APIadapt as more and more workloads and data are added. SecurityFortiGateVMseamlessly follows and protects data, users, and applicationsas they move between IoT, devices, and cloud environmentsFortiOSthroughout the network.FortiClientFortiGates are the foundation of Security Fabric, expanding securityFortiWebFortiGatevia visibility and control by tightly integrating with other Fortinetsecurity products and Fabric-Ready Partner rtiSandboxFortiOSControl all the security and networking capabilities across the entireFortiGate platform with one intuitive operating system. Reduceoperating expenses and save time with a truly consolidated nextgeneration security platform.§§ A truly consolidated platform with one OS for all security andnetworking services for all FortiGate platforms.§§ Industry-leading protection: NSS Labs Recommended, VB100,AV Comparatives, and ICSA validated security and performance.§§ Control thousands of applications, block the latest exploits, andfilter web traffic based on millions of real-time URL ratings.§§ Prevent, detect, and mitigate advanced attacks automatically inminutes with integrated advanced threat protection.§§ Fulfill your networking needs with extensive routing, switching,and SD-WAN capabilities.§§ Ultilize SPU hardware acceleration to boost security capabilityperformance.For more information, please refer to the FortiOS datasheet available at www.fortinet.comSERVICESFortiGuard Security ServicesFortiCare Support ServicesFortiGuard Labs offers real-time intelligence on the threatOur FortiCare customer support team provides global technicallandscape, delivering comprehensive security updates acrosssupport for all Fortinet products. With support staff in the Americas,the full range of Fortinet’s solutions. Comprised of securityEurope, Middle East, and Asia, FortiCare offers services to meetthreat researchers, engineers, and forensic specialists, thethe needs of enterprises of all sizes.team collaborates with the world’s leading threat monitoringorganizations and other network and security vendors, as well aslaw enforcement agencies.4For more information, please refer to forti.net/fortiguardand forti.net/forticarewww.fortinet.com

FortiGate 600D SPECIFICATIONSFORTIGATE 600DFORTIGATE 600DDimensions and PowerInterfaces and ModulesHardware Accelerated 10 GE SFP Slots2Height x Width x Length (inches)1.75 x 17 x 12.68Hardware Accelerated GE SFP Slots8Height x Width x Length (mm)44.45 x 432 x 322Hardware Accelerated GE RJ45 Ports8Weight11.46 lbs (5.2 kg)GE RJ45 Management2Form Factor1 RUUSB Ports (Client / Server)1/2AC Power Supply100–240V AC, 60–50 HzConsole Port1Power Consumption (Average / Maximum)126 W / 191 WOnboard Storage1x 120 GB SSDCurrent (Maximum)110V/4A, 220V/2AIncluded Transceivers2 SFP SXHeat Dissipation650 BTU/hRedundant Power SuppliesSupports FRPS-100System Performance and CapacityIPv4 Firewall Throughput(1518 / 512 / 64 byte, UDP)36 / 36 / 24 GbpsIPv6 Firewall Throughput(1518 / 512 / 86 byte, UDP)36 / 36 / 24 GbpsFirewall Latency (64 byte, UDP)3 μsFirewall Throughput (Packet per Second)36 MppsConcurrent Sessions (TCP)5.5 MillionNew Sessions/Second (TCP)270,000Firewall Policies10,000IPsec VPN Throughput (512 byte) 120 GbpsGateway-to-Gateway IPsec VPN Tunnels2,000Client-to-Gateway IPsec VPN Tunnels50,000SSL-VPN Throughput2.2 GbpsConcurrent SSL-VPN Users(Recommended Maximum, Tunnel Mode)5,000SSL Inspection Throughput (IPS, HTTP) 33.5 GbpsApplication Control Throughput(HTTP 64K) 29 GbpsCAPWAP Throughput (1444 byte, UDP)10 GbpsVirtual Domains (Default / Maximum)10 / 10Maximum Number of Switches Supported64Maximum Number of FortiAPs(Total / Tunnel)1024 / 512Maximum Number of FortiTokens1,000Maximum Number of Registered Endpoints2,000High Availability ConfigurationsActive-Active, Active-Passive, ClusteringOperating Environment and CertificationsOperating Temperature32–104 F (0–40 C)Storage Temperature-31–158 F (-35–70 C)Humidity10–90% non-condensingNoise Level45 dBAOperating AltitudeUp to 9,843 ft (3,000 m)ComplianceFCC Part 15 Class A, C-Tick, VCCI, CE, UL/cUL, CBCertificationsICSA Labs: Firewall, IPsec, IPS, Antivirus, SSL-VPN;USGv6/IPv6System Performance — Optimal Traffic MixIPS Throughput 27 GbpsSystem Performance — Enterprise Traffic MixIPS Throughput 24 GbpsNGFW Throughput 2, 43.8 GbpsThreat Protection Throughput 2, 53 GbpsNote: All performance values are “up to” and vary depending on system configuration.1. IPsec VPN performance test uses AES256-SHA256.2. IPS (Enterprise Mix), Application Control, NGFW and Threat Protection are measured with Logging enabled.3. SSL Inspection performance test uses TLS v1.2 with AES128-SHA256.4. NGFW performance is measured with Firewall, IPS and Application Control enabled.5. Threat Protection performance is measured with Firewall, IPS, Application Control and MalwareProtection enabled.5

FortiGate 600D ORDER INFORMATIONProductSKUDescriptionFortiGate 600DFG-600D2x 10 GE SFP slots, 10x GE RJ45 ports, 8x GE SFP slots, SPU NP6 and CP8 hardware accelerated,120 GB onboard SSD storage.Optional Accessories/SparesSKUDescription1 GE SFP LX Transceiver ModuleFG-TRAN-LX1 GE SFP LX transceiver module for all systems with SFP and SFP/SFP slots1 GE SFP RJ45 Transceiver ModuleFG-TRAN-GC1 GE SFP RJ45 transceiver module for all systems with SFP and SFP/SFP slots1 GE SFP SX Transceiver ModuleFG-TRAN-SX1 GE SFP SX transceiver module for all systems with SFP and SFP/SFP slots10 GE SFP Transceiver Module, Short RangeFG-TRAN-SFP SR10 GE SFP transceiver module, short range for all systems with SFP and SFP/SFP slots10 GE SFP Transceiver Module, Long RangeFG-TRAN-SFP LR10 GE SFP transceiver module, long range for all systems with SFP and SFP/SFP slots10 GE SFP Active Direct Attach Cable, 10m / 32.8 ftSP-CABLE-ADASFP 10 GE SFP active direct attach cable, 10m / 32.8 ft for all systems with SFP and SFP/SFP slotsExternal Redundant AC Power SupplyFRPS-100External redundant AC power supply for up to 4 units: FG-300C, FG-310B, FS-348B and FS-448B. Up to 2 units: FG-200B, FG-200D,FG-240D and FG-300D, FG-400D, FG-500D, FG-600D, FHV-500D, FDD-200B, FDD-400B, FDD-600B and FDD-800BBundlesFortiGuardBundleFortiGuard Labs delivers anumber of security intelligenceservices to augment theFortiGate firewall platform.You can easily optimize theprotection capabilities of yourFortiGate with one of theseFortiGuard Bundles.Threat ProtectionUTMEnterprise ProtectionFortiCASB SaaS-only Service FortiGuard Industrial Service FortiGuard Security Rating Service* FortiGuard AntispamFortiGuard Web FilteringFortiGuard Advanced Malware Protection (AMP) — Antivirus, Mobile Malware,Botnet, CDR*, Virus Outbreak Protection* and FortiSandbox Cloud Service* FortiGuard IPS Service FortiCare FortiGuard App Control Service * Available when running FortiOS 6.0.1 and aboveGLOBAL HEADQUARTERSFortinet Inc.899 KIFER ROADSunnyvale, CA 94086United StatesTel: 1.408.235.7700www.fortinet.com/salesEMEA SALES OFFICE905 rue Albert Einstein06560 ValbonneFranceTel: 33.4.8987.0500APAC SALES OFFICE8 Temasek Boulevard#12-01 Suntec Tower ThreeSingapore 038988Tel: 65.6395.2788 With new Q3-2018 SKUsLATIN AMERICA SALES OFFICESawgrass Lakes Center13450 W. Sunrise Blvd., Suite 430Sunrise, FL 33323United StatesTel: 1.954.368.9990Copyright 2018 Fortinet, Inc. All rights reserved. Fortinet , FortiGate , FortiCare and FortiGuard , and certain other marks are registered trademarks of Fortinet, Inc., in the U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All otherproduct or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affectperformance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified productwill perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as inFortinet’s internal lab tests. In no event does Fortinet make any commitment related to future deliverables, features or development, and circumstances may change such that any forward-looking statements herein are not accurate. Fortinet disclaims in full any covenants, representations, and guarantees pursuanthereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.FST-PROD-DS-GT6HFG-600D-DAT-R16-201807

The FortiGate 600D delivers next generation firewall capabilities for mid-sized to large enterprises, with the flexibility to be deployed at the campus or data center edge and internal segments. Protects against . FG-240D and FG-300D, FG-400D, FG-500D, FG-600D