Technical Presales at A.G.A.S. מחשוב ותקשורת לעסקים
Reseller
Top 10
2024-12-23T12:45:22Z
Dec 23, 2024
We use FortiGate firewalls for endpoint protection and communication lines, and we have some Cloud-Native and local appliances for VPN connections or multiple sites.
We are using two Fortinet firewalls. One is as an office firewall for all users behind it, configured with remote VPN for users working from home. The other firewall is for production use, with our applications behind it, ensuring PCI DSS compliance. It is deployed in AWS Cloud.
The first thing that happens is that any incoming cyber threat is stopped. The fiber channels that are coming into the country—let's say there are five or six main channels providing all communication into the country—the first layer of protection is essentially switched. Before the data enters the fiber, load balancing occurs, allowing the system to disable one input channel and switch to another. If one device fails, the system can reroute the traffic quickly to the appropriate destination. The first application entrance is the denial of service (DoS) protection. For instance, if China is bombarding the Ministry of Defense of Morocco with traffic, and it's all targeting the same IP address, the DoS protection will recognize this as abnormal traffic and activate the necessary defenses. Each manufacturer has a different strategy to prevent such attacks. For example, in the case of Juniper, instead of outright blocking the IP, they reroute the traffic to a fake IP and server, which sends out dummy data while analyzing the traffic and user behavior. This process also filters out hidden cyber attacks to gather more information. After the initial screening, the next step involves Deep Packet Inspection (DPI). DPI examines all packets, whether they are encrypted or not, and applies specific rules to them. For example, an operator might decide that all traffic to streaming services like Netflix or Prime Video should go to a particular set of servers within the country. In the DPI section, we often use a passive split of the fiber. It's not a common technique, but in this case, before the data is sent to the firewall, the fiber is split and dispatched across several servers that will inspect the data. You can have rules applied based on the origin of the traffic—like all traffic coming from a specific country, or all voice over IP traffic being directed to a particular server. Sometimes, there are requirements from companies like Google, or specific mobile regulations, stating that traffic must be routed according to certain rules. For instance, Google Maps might require that any call coming to a certain company or individual be intercepted by law enforcement. This is usually authorized by a judge, and the telecom operator will do its best to intercept and reroute the traffic to a server that is dedicated to law enforcement in that country. In such cases, the telecom operator might treat the network as their own intranet, allowing them to intercept traffic while providing a security certificate to the end user. This is related to the "man-in-the-middle" attack, where traffic is intercepted for security reasons, and law enforcement can use this method to intercept calls. In some countries, this is a highly monitored situation. Traffic, at least the destination and initiation IPs, is monitored, and even if the traffic is encrypted, authorities often want to record it for future use. This is all managed and directed by the firewall, which also provides additional capabilities. Take an example of NVIDIA. They have a competing SIP solution for firewalls that can handle very high terabyte bandwidth, and they can be programmed to work in conjunction with the firewall. In that case, you have a piece of software running inside FortiGate or Juniper that directs specific traffic to and from NVIDIA's platform, working with the firewall to perform certain tasks.
Pre Sales Engineer /Network Engineer at Comstar - Information Systems Associates Ltd.
Real User
2023-01-19T13:38:04Z
Jan 19, 2023
The FortiGate SNF application extends FortiGate's firewall minimum capability and services to protect the loads. Like on FortiCloud, you can access your firewall remotely from anywhere, remote location, from wherever you are. You can access multiple FortiGate features from FortiCloud, multiple devices, and hardware. We can have different devices and apply these things.
Firewall Security Management offers comprehensive control and oversight of network traffic across organizational boundaries, enhancing network security and ensuring compliance with policies. It addresses the complexity of managing firewalls through automation and centralized monitoring.
Managing firewalls effectively is essential for safeguarding digital assets. Given the increasing sophistication of cyber threats, businesses require robust solutions that facilitate real-time...
We use FortiGate firewalls for endpoint protection and communication lines, and we have some Cloud-Native and local appliances for VPN connections or multiple sites.
We are using two Fortinet firewalls. One is as an office firewall for all users behind it, configured with remote VPN for users working from home. The other firewall is for production use, with our applications behind it, ensuring PCI DSS compliance. It is deployed in AWS Cloud.
We use the solution to secure firewall security. We always implement FortiGate as a layer 3 router, but with security.
We use the solution for perimeter fiber and to control the external access.
The first thing that happens is that any incoming cyber threat is stopped. The fiber channels that are coming into the country—let's say there are five or six main channels providing all communication into the country—the first layer of protection is essentially switched. Before the data enters the fiber, load balancing occurs, allowing the system to disable one input channel and switch to another. If one device fails, the system can reroute the traffic quickly to the appropriate destination. The first application entrance is the denial of service (DoS) protection. For instance, if China is bombarding the Ministry of Defense of Morocco with traffic, and it's all targeting the same IP address, the DoS protection will recognize this as abnormal traffic and activate the necessary defenses. Each manufacturer has a different strategy to prevent such attacks. For example, in the case of Juniper, instead of outright blocking the IP, they reroute the traffic to a fake IP and server, which sends out dummy data while analyzing the traffic and user behavior. This process also filters out hidden cyber attacks to gather more information. After the initial screening, the next step involves Deep Packet Inspection (DPI). DPI examines all packets, whether they are encrypted or not, and applies specific rules to them. For example, an operator might decide that all traffic to streaming services like Netflix or Prime Video should go to a particular set of servers within the country. In the DPI section, we often use a passive split of the fiber. It's not a common technique, but in this case, before the data is sent to the firewall, the fiber is split and dispatched across several servers that will inspect the data. You can have rules applied based on the origin of the traffic—like all traffic coming from a specific country, or all voice over IP traffic being directed to a particular server. Sometimes, there are requirements from companies like Google, or specific mobile regulations, stating that traffic must be routed according to certain rules. For instance, Google Maps might require that any call coming to a certain company or individual be intercepted by law enforcement. This is usually authorized by a judge, and the telecom operator will do its best to intercept and reroute the traffic to a server that is dedicated to law enforcement in that country. In such cases, the telecom operator might treat the network as their own intranet, allowing them to intercept traffic while providing a security certificate to the end user. This is related to the "man-in-the-middle" attack, where traffic is intercepted for security reasons, and law enforcement can use this method to intercept calls. In some countries, this is a highly monitored situation. Traffic, at least the destination and initiation IPs, is monitored, and even if the traffic is encrypted, authorities often want to record it for future use. This is all managed and directed by the firewall, which also provides additional capabilities. Take an example of NVIDIA. They have a competing SIP solution for firewalls that can handle very high terabyte bandwidth, and they can be programmed to work in conjunction with the firewall. In that case, you have a piece of software running inside FortiGate or Juniper that directs specific traffic to and from NVIDIA's platform, working with the firewall to perform certain tasks.
We use the platform for virtualization, malware protection, and VPN client support.
We primarily use it for cybersecurity measures, focusing on detecting cyber incidents and maintaining overall cybersecurity hygiene.
We use FortiGate Cloud-Native Firewall as a firewall. We use the solution for IPS, IDS, UTM, routing, and VPNs.
The FortiGate SNF application extends FortiGate's firewall minimum capability and services to protect the loads. Like on FortiCloud, you can access your firewall remotely from anywhere, remote location, from wherever you are. You can access multiple FortiGate features from FortiCloud, multiple devices, and hardware. We can have different devices and apply these things.