Tag: fortinet

Trust No One: Exploring Zero-Trust Networks – Ping Podcast – Episode 55

Episode 55: Trust No One – Exploring Zero-Trust Networks

Did you know, zero-trust is among the most searched cybersecurity terms in the last couple of years. That means people are interested in adopting this security setup. But just what is it, and how do you make it happen? We welcome Fortinet Senior Director of Product Marketing Peter Newton to answer those questions and more. Peter tells us why most networks are already on the zero-trust spectrum. He also goes over some key steps to firming up a zero-trust environment. And he explains why it’s a perfect solution in the age of remote work and hybrid setups.

Read his blog, titled How to Implement a Zero Trust Security Strategy.

In headlines, hear about drama with REvil ransomware and a special kind of court. And then, learn why the EU is pointing the finger at Russia for cyber activities. Finally, we explain why state governments especially are struggling to fill cybersecurity jobs.

How to listen

Listen to Ping – A Firewalls.com Podcast using the player above…

Or just about anywhere you prefer to listen to podcasts (Apple Podcasts, Pandora, Spotify, Google Podcasts, Stitcher, Overcast, Amazon Music, TuneIn, iHeart, Pocket Cast, Castro, Castbox, PodchaserYouTube, and of course via RSS, to name a few). Moreover, please rate and review us wherever you listen. And remember to subscribe or follow where you can to get the latest episodes as soon as they’re released

Missed our previous episodes? You can get them anywhere you listen to podcasts, or go to our full episode list.

Learn even more about network security through our blog, which features new content every week, and our knowledge hub.

New episodes are usually released every other Wednesday. Have a special request for a topic or a question for our network engineers to address? Email us at podcast@firewalls.com and it could be on our next show. Thanks in advance for any listens, follows, subscribes, reviews, comments, shares, and generally spreading the word!

Wifi 6 Technology & The Best Access Points To Recommend

What Is Wifi 6

Wifi 6 refers to the latest generation of wireless technology, also known as 802.11ax. Another name for this new standard is High Efficiency Wifi. It replaces 802.11ac, which now goes by Wifi 5. Wireless access points and routers incorporating the technology are increasingly ubiquitous. And many new smartphones, tablets, laptops, and other connected devices are Wifi 6-certified to take full advantage of its performance capabilities.

Blog Banner General Buy Now Red-High-Quality

How Is Wifi 6 Different Than Wifi 5

Wifi 6 offers several advantages over Wifi 5 when it comes to speed, performance, and even security. First, speed – often referred to as throughput – can max out around 10 Gbps for a Wifi 6 device, compared to 7 Gbps for Wifi 5. While that’s an obvious upgrade, performance accounts for a significantly greater boost – some 400% in what’s called throughput per area.

What does that mean? It means more devices can connect in high-density areas with low to no latency. In other words, it’s real-world speed. Finally, security is better, too, as Wifi 6 supports WPA3 encryption standards, the most secure version of Wifi Protected Access protocol.

Why Upgrade to Wifi 6

While manufacturers seem to release new access points and routers constantly, an upgrade from a prior generation model to Wifi 6 is worth strong consideration. Wifi 6 supports more connected devices at greater speeds with better security than its predecessors. And the differences are significant. To recap:

  • Top speed more than a third better than the previous best
  • Throughput per area is 4 times better
  • And latency is 75% lower

These all represent major leaps in performance, and along with security improvements, make a strong argument for upgrading.

Which Brands Already Carry Wifi 6 Access Points

Several brands now offer Wifi 6 access points, with more on the way. Firewalls.com carries Wifi 6 access points from Fortinet, Aruba, Ruckus, and Cisco Meraki. Models range from small business/small office options to large enterprise and even stadiums and arenas. This generation of access points comes with indoor and outdoor options as well.

What Are The Recommended Wifi 6 Access Point Models

With the growing number of Wifi 6 access points now on the market, finding the right fit for a given scenario can be a challenge. So to meet that challenge and sift through the clutter, here are a few recommended Wifi 6 access points to suit varying business needs.

Blog Banner General Buy Now Red-High-Quality

For Easy Deployment

Aruba Instant On AP22

Aruba AP22

It doesn’t get much easier than instant, does it? The Aruba Instant On AP22 offers a quick way into the Wifi 6 world. As its name suggests, you can basically turn it on and have wireless ready to go. This is ideal for a small business with limited staff or small branch office scenario.

And while the ease of deployment is nice, the AP22 also comes packed full of features at an affordable price. It includes mounting hardware, simple management tools, and even built-in security features like firewalling and application control, with no need for external controllers.

Tech Specs

  • Deployment: Indoor
  • Performance: 2×2:2 MU-MIMO
  • Mesh Support: Smart Mesh Wi-Fi
  • Throughput: 1.774 Gbps
  • PoE: PoE 802.3af

For Network Integration

Fortinet FortiAP 231F

MR44

Chances are if you’re a small to mid-size business, you already have a firewall. Maybe you even have a switch and endpoint, too. And if those solutions happen to be from one of the top security vendors out there, Fortinet, then this FortiAP 231F is a good pick for your entrée into Wifi 6.

The FortiAP 231F places you firmly into the Fortinet Security Fabric, which allows all your Fortinet solutions to communicate seamlessly with one another with single-pane-of-glass management. As far as what this access point offers specifically, it includes built-in security and a third radio for beacon and location-scanning. It can also optionally be managed through the cloud and is more than capable outside the Fortinet ecosystem as well.

Tech Specs

  • Deployment: Indoor
  • Performance: 2×2:2 MU-MIMO
  • Mesh Support: Yes
  • Throughput: 1.2 Gbps
  • PoE: PoE+ 802.3at

Look to the Cloud

Cisco Meraki MR44

MR44

Cisco Meraki is pretty well-known as a pioneer in the cloud space, and you can be a pioneer both there and in Wifi 6 by choosing the MR44 access point. The MR44 comes with Meraki’s noted cloud management architecture, which eliminates the need for traditional wireless controllers. It also offers zero-touch deployment, easy visibility and control throughout the network, and seamless firmware updates.

The MR44 itself is an enterprise grade access point, so if your performance demands are a little higher, it’s a great fit. As with other APs noted in this piece, Meraki’s MR Series features built-in security, plus a dedicated extra radio. And if you’re already a Meraki customer for other solutions, it integrates especially nicely.

Tech Specs

  • Deployment: Indoor
  • Performance: 4×4:4 MU-MIMO
  • Mesh Support: Self-healing, Zero-configuration
  • Throughput: 3 Gbps
  • PoE: PoE+ 802.3af/at

Let’s Take It Outside

Ruckus T750

Our previous three access points were designed for indoor deployments, but this AP from Ruckus doesn’t care where you set it up. The T750 offers the performance of Wifi 6 with IP-67 durability to withstand rough conditions, indoors or outdoors. When it comes to deployment options, think stadiums, airports, convention centers, and the like. Each individual T750 can handle over 1,000 users at once.

Ruckus offers the T750 in the controller-less Unleashed model as well as the traditional ZoneFlex option. Both are easy to deploy and manage. And they boast other special features, like built-in IoT radios, BeamFlex antennas to optimize connectivity, and the security of the aforementioned WPA3.

Tech Specs

  • Deployment: Outdoor
  • Performance: 4×4:4 MU-MIMO
  • Mesh Support: SmartMesh
  • Throughput: 2.4 Gbps
  • PoE: PoE++ 802.3bt

So these are just a few examples to help you navigate the wonderful world of Wifi 6. But wait, there’s more! Browse all the Wifi 6 options Firewalls.com has to offer. And if you need to talk it through a bit more, chat with an expert on our site or call 866-645-2140.

What to Expect When You’re Expecting Cyber Threats in 2021 – Ping Podcast – Episode 36

Episode 36: What to Expect When You’re Expecting Cyber Threats in 2021

Start 2021 off with a bang – or a Ping in our case – as we podcast our way through some cyber threats to look out for in the new year. Andrew & Kevin go through predictions from top security experts at Fortinet’s FortiGuard Labs, Sophos, Barracuda, and WatchGuard. What did they find? Plenty of network security hazards face us in 2021, from evolving ransomware and phishing campaigns, to continued remote work vulnerabilities.

When you’re done listening, take a read through some of these predictions for yourself, from Fortinet, WatchGuard, Sophos, and Barracuda.

And for a more in depth look at WatchGuard’s predictions, check out Episode 34.

In headlines, the news about the FireEye/SolarWinds/federal government/Russia cyber breach keeps coming. And then, learn why fear may not be the right factor in cybersecurity training. Finally, hear about a new type of swatting that uses smart doorbells and home security cameras.

Oh, and Happy New Year!!

How to listen

Listen to Ping – A Firewalls.com Podcast using the player above…

Or just about anywhere you prefer to listen to podcasts (Apple Podcasts, Pandora, Spotify, Google Podcasts, Stitcher, OvercastTuneIn, iHeart, Pocket Cast, Castro, Castbox, PodchaserYouTube, and of course via RSS, to name a few). And now we’re on Amazon Music, too! Moreover, please remember to subscribe or follow where you can to get the latest episodes as soon as they’re released. And please rate and review us as well!

Missed our previous episodes? You can get them anywhere you listen to podcasts, or go to our full episode list.

Learn even more about network security through our blog, which features new content every week.

New episodes are usually released every other Wednesday. Have a special request for a topic or a question for our network engineers to address? Email us at podcast@firewalls.com and it could be on our next show. Thanks in advance for any listens, follows, subscribes, reviews, comments, shares, and generally spreading the word!

3 Best Network Switches for Business 2020

3 Best Network Switches for Business 2020

The best network switches make life easier for an IT team. Though network security can be maddeningly complicated, network switches ease the complexity. By connecting multiple devices across your network, switches allow secure data sharing over multiple appliances and endpoints.

Powerful centralized management lets administrators deep dive into network issues, deploy unified policies, and manage hundreds of sites through a single dashboard. Network switches are a bridge between devices, using MAC addresses to forward data through layer 2. In sum, they play a vital role in modern Local Area Network (LAN) deployments.

Blog Banner General Buy Now Red-High-Quality

What is a Network Switch?

secure network switch integrates all the devices on your network, allowing for seamless sharing and data transfer between them. This can include everything from firewalls and wireless access points to VoIP phones, printers, servers, and more. Further, these devices can be monitored and controlled through a centralized management platform, allowing admins to quickly and easily shift resources across the network to safeguard productivity for business-critical applications and services.

SonicWall Sonic Switch

Network switches are integral parts of a complex network, providing a wired or virtual connection to desktop computers, IoT devices, and more. For starters, every switch includes a set number of Ethernet ports which support a varying number of connected devices. On top of that, you can “stack” switches in a series, allowing your business to scale up and connect larger numbers of devices and users to the LAN.

What to Look for in a Network Switch

Network switches can be complicated, but they are necessary for seamless end-to-end network security and performance. Before deciding which network switch is best for any business, consider a few questions:

  • How many users are operating on the network? This user count includes all Internet-connected devices
  • How will the switch receive power? Power-over-Ethernet options make certain switches more appealing for complex deployments
  • What is the business’ Internet speed and how much is used? Multi-gigabit switches will help in utilizing the full ISP speeds

For more considerations to take into account, check out Buying a Network Switch: 5 Things to Consider.

Top 3 Network Switches in 2020

 

Cisco Meraki MS Series

Key Features:

  • Superior network transparency with granular visibility at the app & hostname level
  • Zero-touch provisioning allows for rapid deployment across the network
  • Packet capture & other remote diagnostic tools help troubleshoot network errors

What Makes Cisco Meraki MS Series Switches One of the Best Network Switches in 2020?

Cisco Meraki MS Switches are purpose-built for intuitive management and ease-of-use. Cisco Meraki network switches do not require a Command-Line Interface to manage ports or change configurations. As a result, network administrators get access to a centralized management platform with granular visibility and control by just plugging it in. On top of that, a simple dashboard helps admins sort through information and  track events with a detailed change and event log.

Cisco Meraki switches allow “virtual stacking.” In other words, switch port configuration changes can be made on the dashboard without the need to install and deploy additional on-premise switches. Therefore, you can start on-prem, then build up into the cloud!

 

Fortinet FortiSwitch network switchs

Fortinet FortiSwitch

Key Features:

  • Centralized access management from FortiGate firewall interface
  • Stack up to 300 switches per FortiGate
  • Great for converged environments with VoIP, data, & wireless traffic on a single network

What Makes FortiSwitch One of the Best Network Switches in 2020?

FortiSwitch secure access network switches integrate into Fortinet’s wider Security Fabric. That is to say, it ties together all Fortinet-family products on your network into a real-time threat response system managed directly through a FortiGate firewall. As a result, the single-pane-of-glass dashboard provides control over users and devices regardless of how they’re connected to your network.

Fortinet network switches support wire-speed switching protocols in addition to Store & Forward mode. On top of that, the FortiSwitch appliance is ideal for a SD-Branch deployment, further enabling businesses of any size to enjoy the benefits of digital transformation.

 

Blog Banner General Buy Now Red-High-Quality

 

SonicWall Switch (SWS)

Key Features:

  • Easy-to-manage network segmentation & compliance auditing
  • Ability to roll out devices across the network quickly & securely
  • Prioritize network traffic for superb Quality of Service for business-critical apps

What Makes SonicWall Switch One of the Best Network Switches in 2020?

When paired with a firewall, SonicWall Switches deliver end-to-end security that simplifies management and network troubleshooting. This tightly-knit security posture eliminates blind spots and gaps. In turn, it helps network administrators locate and eliminate weak points in their security infrastructure.

SonicWall Switches are flexible, high-performance networking appliances that provide high port density and Power-over-Ethernet capabilities. Additionally, they offer multi-gigabit performance at prices affordable even for small businesses.

 

But wait, there’s more…

Looking for the best protection for your small business?

Give us a call at 866-957-2975 to find the perfect fit!

Shopping for email security, endpoint, wireless access, or ransomware protection? Then you should check these out, too:

3 Best Ransomware Protection Solutions 2020

3 Best Ransomware Protection Solutions for Business 2020

Once your network is infected, ransomware encrypts files on afflicted endpoints, making it impossible to read or open them. The best ransomware protection for small businesses proactively hunts down and eliminates even never-seen-before ransomware long before an employee ever gets a chance to fall for it. Here are a few key features you should seek when comparing the best ransomware protection services available in 2020:

  • Advanced email security
  • Cloud-based sandboxing
  • Behavior-based scanning
  • Regular threat intelligence updates

Want to avoid shelling out big bitcoin to get your small business’s data back under control? Get a ransomware security solution that does more than just look out for known ransomware signatures.

What is Ransomware Protection?

The best ransomware protection for businesses scans inbound and outbound traffic across your entire network, using artificial intelligence to monitor the behavior of files as they traverse and interact with other network resources. Ransomware protection solutions spot behavior that looks similar to malicious activity and further investigate it in nanoseconds. Faster than you can say mind palace, these solutions either allow or block file access based on that verdict.

What to Look for in a Ransomware Protection Service

The best ransomware protection systems include a cloud-based sandbox where suspicious files can be sent for disarmament or detonation. In other words, if your ransomware tool is even the least bit suspicious of a file, the system safely opens and inspects it without threatening your network health.

Additionally, the best ransomware services rely on artificial intelligence and machine learning to reach threat verdicts via behavior monitoring. This means that even if a strain of ransomware has never been seen by any other endpoint in the entire world, if it walks like ransomware, talks like ransomware, or displays any other tell-tale ransomware behavior, your ransomware protection should yank it aside for closer inspection. Traditional ransomware protection services fall back on known signatures that need to be constantly refreshed and can do nothing to stop zero-day threats.

Top 3 Ransomware Protection Services in 2020

 

SonicWall Ransomware Solutions 2020

SonicWall Capture Advanced Threat Protection (ATP)

Key Features:

  • Real-time threat intelligence updates with up-to-the-minute signatures
  • High security effectiveness & low false-positive rate against zero-days
  • Real-Time Deep Memory Inspection blocks mass-market malware

What Qualifies Capture ATP as one of the Best Ransomware Protection Services in 2020?

SonicWall Capture Advanced Threat Protection (available as an add-on for all SonicWall TZ or NSa firewalls) is a powerful cloud-based sandbox with malware-analysis that can detect evasive threats. Capture ATP blocks suspicious files at the gateway until a verdict is rendered.

SonicWall combines multi-layer sandboxing, Real-Time Deep Memory Inspection, full system emulation, virtualization techniques, and more to detect more threats than any single-engine sandbox available in 2020. On top of that, the low false-positive rate means it won’t block the legitimate files you need to do business.

 

Sophos Ransomware Solutions 2020

Sophos Intercept X Advanced with EDR

Key Features:

  • Highly-acclaimed malware detection engine driven by deep learning
  • Exploit prevention stops attackers from taking advantage of vulnerable software & apps
  • Root cause analysis visualizes where threats originate & how they move on the network

What Qualifies Sophos Intercept X Advanced with EDR as one of the Best Ransomware Protection Services in 2020?

Sophos Intercept X Advanced with Endpoint Detection & Response is a mouthful. But it’s also a comprehensive, defense-in-depth tool that combines advanced techniques to squash malware, ransomware, and zero days. Intercept X also uses behavioral analysis to stop boot-record attacks.

Plus, even if a system is already infected, CryptoGuard stops the encryption process and reverts (or rolls back) files back to their pre-infection state.

 

Fortinet Ransomware Solutions 2020

Fortinet FortiEDR & FortiSandbox

Key Features:

  • Integrates with all Fortinet Security Fabric components to protect digital attack surfaces
  • Provides actionable intelligence via automation to detect & respond to advanced threats
  • HUGE accolades from third-party testers such as NSS Labs, BPS, & ICSA Labs

What Qualifies FortiEDR with FortiSandbox as one of the Best Ransomware Protection Services in 2020?

Fortinet’s EDR & FortiSandbox establish a two-step sandboxing approach centered around artificial intelligence. These services first compare at-risk files against known and emerging malware with static analysis. Then, second stage analysis uncovers the full attack lifecycle by detonating the cyber payload in a virtual, quarantined environment.

Detail analysis maps any uncovered malware to Mitre ATT&CK framework with powerful investigation tools to help admins better visualize security events.

 

Look for the best ransomware protection for your small business?

Give us a call at 866-957-2975 to find the perfect fit!

Best Endpoint Security of 2020 for Small Businesses

Best Endpoint Security of 2020 for Your Small Business

Finding the best endpoint security for your network needs can be a challenge. There are dozens of options, all supporting a myriad of advanced security features and integrations that may be impossible to navigate unless you’re an expert. Each vendor offers a unique set of services with strengths and weaknesses that will ultimately determine whether your users stay safe or not. The best endpoint security may vary from organization to organization, but here are our top picks for the best endpoint security options available in 2020.

What is Endpoint Security?

Endpoint security, end user security, endpoint protection—while the name can be flexible, its necessity for a secure network is not. Endpoint security software protects small businesses & enterprises by guarding connected devices against malware and other advanced cyberattacks. Modern endpoint security integrates with appliances and applications you already use to provide edge protection as employees and guests access your network.

Encrypted malware, ransomware, and business email compromise can spell disaster for small businesses. That’s why the ability to monitor end user activity in real time – as well as make decisions to quarantine and isolate individual machines – can mean the difference between a small, contained incident and a catastrophic breach.

In 2020, endpoint security platforms now incorporate Endpoint Detection & Response capabilities powered by AI. Guided response, rich reporting, and root cause analysis are all top-shelf features that organizations should seek in a quality endpoint security service.

What does Endpoint Security include?

The best endpoint security goes beyond the basics. Traditionally, end user protection included passive endpoint scans combined with basic antivirus capabilities. However, in 2020, the best endpoint security blow the basics out of the water with multiple advanced security features:

  • Continuous monitoring of files, applications, & connected devices
  • Automated incident detection and isolation of infected machines
  • Web content filtering to safeguard productivity and network usage
  • Auto-provisioning based on user group, OS, location, or time of day
  • Intuitive regulatory compliance controls & reporting
  • Real-time threat intelligence updates from a pedigreed threat research team

The threat landscape is always evolving. That means your end user protection must stand up to threats never-before-seen by the network security ecosystem. The ability to recognize zero day exploits based on machine learning and behavioral analysis is essential for organizations to stay secure in 2020.

What is the Best Endpoint Protection of 2020?

Here are our top picks for the best Endpoint Protection for small businesses in 2020:

SonicWall Capture Client

Key Features:

  • Continuous behavioral monitoring creates complete profile of network activity
  • Layered defense of cloud intelligence, advanced static analysis, & dynamic protection
  • Integration with Capture Advanced Threat Protection cloud-based sandboxing
  • Ability to rollback targeted endpoints to a restored state even after infection
  • Malware protection engine powered by SentinelOne

SonicWall Capture Client Endpoint Protection

What makes SonicWall Capture Client unique?

SonicWall teams up with SentinelOne to deliver a heuristic endpoint protection suite with the unique capability to mirror Microsoft shadow copies for post-infection rollbacks. This eliminates the need for manual restoration after a ransomware attack and lets admins rest easy knowing they can always restore endpoints to their pre-infection state. In addition, round-the-clock behavioral monitoring eliminates the need for scheduled system scans. In short, this minimizes network resource hogging and safeguards user productivity.

 

Fortinet FortiClient

Key Features:

  • Integrates with all Fortinet Security Fabric components
  • Automated prevention of known & unknown threats through host-based security stack
  • Intelligent patch management & vulnerability shielding
  • SSL & IPSec VPN security provides reliable access to corporate networks
  • Detects elusive memory techniques used in exploits like buffer overflows

Fortinet FortiClient Enduser Protection

What makes Fortinet FortiClient unique?

Fortinet FortiClient end user protection services simplify remote user experience with built-in user provisioning, auto-connect, and an “always-up” VPN. FortiClient works perfectly in tandem with all Fortinet devices and services on your network through the Fortinet Security Fabric. According to NSS Labs 2019 Advanced Endpoint test, FortiClient blocked 100% of malware including extremely elusive threats.

 

Sophos Intercept X Advanced with EDR

Key Features:

  • Automatically detects, prioritizes, & investigates potential threats using AI
  • Leverages deep learning analysis to analyze malware in extreme detail
  • Out-of-the-box SQL queries categorized by use case
  • Live Response provides users command line access to endpoints & servers
  • Quickly search up to 90 days of current & historical on-disk data

Sophos Intercept X Advanced with EDR for Endpoint Protection

What makes Sophos Intercept X Advanced with EDR unique?

Sophos made a huge splash with the upgrade to its original Intercept X service. It sports big changes that included Endpoint Detection & Response (EDR) capabilities in addition to its already robust real-time, integrated endpoint platform. Intercept X Advanced combines powerful endpoint protection with endpoint detection driven by machine learning. This means most threats are squashed long before they can damage your network. Artificial intelligence assists with guided response. To save your small business even more, an important note: the objective of Sophos endpoint protection is to reduce the need for added IT employees by consolidating their roles into a single automated system.

 

Cisco Meraki Systems Manager

Key Features:

  • Native Network Integration shares intelligence across all Meraki components
  • Automatic WiFi settings securely connect managed wireless devices
  • Auto-provisioning of VPN settings based on Client VPN
  • Zero-touch deployment through a self-service web portal
  • Deploy policies & changes from the cloud across the entire network

Cisco Meraki Systems Managed Endpoint Protection

What makes Cisco Meraki Systems Manager unique?

Cisco Meraki’s endpoint management solution supports a variety of platforms and operating systems, making Systems Manager a flexible option for most any deployment. Systems Manager offers cloud-based endpoint management tools that easily scale up to meet growth needs. By providing admins the ability to manage distributed deployments from anywhere in the world, Systems Manager is an endpoint security solution built for a highly mobile, highly distributed world.

 

Look for the best endpoint protection for your small business?

Give us a call at 866-957-2975 to find the perfect fit!

 

Securing State & Local Government – Ping Podcast – Episode 29

Episode 29: Securing State & Local Government

State & local government agencies are responsible for a variety of vital services, like public utilities, infrastructure, education, & election administration to name a few. That, plus financial and staffing challenges, makes cybersecurity especially tough. To learn about what governments are facing – and solutions to consider – we welcome Fortinet Field CISO Jim Richberg. Jim discusses why budgets are so tight and how evolving cybersecurity technology means better options.

See his recent article on the subject.

Our latest Ransomware Reckoning spotlights a BlackBaud supply chain attack.

In cybersecurity headlines, we discuss a death due to a hospital ransomware attack. Then, Dunkin’ gets called out in New York for mishandling a major breach. And finally, we talk TikTok as the popular video app has faced turbulence in its bid to avoid a U.S. ban.

How to listen

Listen to Ping – A Firewalls.com Podcast using the player above…

Or just about anywhere you prefer to listen to podcasts (Apple Podcasts, Pandora, Spotify, Google Podcasts, Stitcher, OvercastTuneIn, iHeart, Pocket Cast, Castro, Castbox, PodchaserYouTube, and of course via RSS, to name a few). And now we’re on Amazon Music, too! Moreover, please remember to subscribe or follow where you can to get the latest episodes as soon as they’re released. And please rate and review us as well!

Missed our previous episodes? You can get them anywhere you listen to podcasts, or go to our full episode list.

Learn even more about network security through our blog, which features new content every week.

New episodes are usually released every other Wednesday. Have a special request for a topic or a question for our network engineers to address? Email us at podcast@firewalls.com and it could be on our next show. Thanks in advance for any listens, follows, subscribes, reviews, comments, shares, and generally spreading the word!

What’s the Difference Between the FortiGate 80F & FortiGate 80E?

Fortinet’s latest models, the FortiGate 80F and 81F have just launched. With a SoC4 security processor, application-specific chips, and new WAN edge features, the 80F series is another entry in Fortinet’s steady upgrade from the excellent E Series to the faster, even more secure F Series firewalls. The FortiGate 80F follows in the footsteps of the FortiGate 40F, FortiGate 60F, & FortiGate 100F. So what exactly is the difference between FortiGate 80E UTM appliances and the FortiGate 80F next generation firewall?

The FortiGate 80F

 

FortiGate 80F Tech Specs – Datasheet

Firewall Throughput: 10 Gbps

IPS Throughput: 1.4 Gbps

NGFW Throughput: 1 Gbps

SSL VPN Throughput: 900 Mbps

Concurrent Sessions (TCP): 1,500,000

New Connections per Second: 45,000

Firewall Latency: 4 μs

Not sure what these numbers mean? Check out our post explaining firewall Tech Specs!

Blog Banner General Buy Now Red-High-Quality

FortiGate 80F Overview

The FortiGate 80F brands itself as a secure SD-WAN and security appliance. This focus on the WAN edge is growing more and more popular in the network security space as small businesses and enterprises alike step up to the challenges of digital transformation and remote work. SD-WAN provides secure, direct Internet access for the kinds of cloud-connected applications businesses now depend on like Dropbox, GitHub, Salesforce, Office 365, and more.

Fortinet’s security-driven networking approach focuses on seamless integration, simple deployment, and intuitive, feature-rich management. This is made possible by Fortinet’s SD-WAN Application-Specific Integrated Circuit (ASIC). The first-of-its-kind technology handles identification and steering for over 5,000 known cloud applications.

The FortiGate 80F joins its F-Series brethren as leaders of the SD-WAN race. For any organization looking to deploy applications, devices, or cloud environments across multiple branch locations, the WAN edge efficiency of these models should put them at the top of any shortlist.

 

The FortiGate 80E

FortiGate 80E Tech Specs – Datasheet

Firewall Throughput: 4 Gbps

IPS Throughput: 450 Mbps

NGFW Throughput: 360 Mbps

SSL VPN Throughput: 200 Mbps

Concurrent Sessions (TCP): 1,300,000

New Connections per Second: 30,000

Firewall Latency: 3 μs

Not sure what these numbers mean? How about another reminder about our post explaining firewall Tech Specs!

FortiGate 80E Overview

The FortiGate 80E is well-recognized in the industry as a powerhouse of network security, fit for most mid-sized businesses and larger branch offices. The FG-80E includes a SoC3 system-on-a-chip build that optimizes processing power and performance without sacrificing security. As part of the Fortinet Security Fabric, the FortiGate 80E integrates multiple layers of security across small business networks, letting systems communicate in real time to detect and stop advanced threats.

The FortiGate 80E is a Unified Threat Management (UTM) platform that delivers wired and wireless networking for networks up to roughly 50 users. This model also comes with variants that boast improved internal storage as well as Power-over-Ethernet capabilities. A USB port located on the rear of the appliance allows for 3G/4G compatibility that allows for additional WAN connectivity and redundancy.

Blog Banner General Buy Now Red-High-Quality

How much does the FortiGate 80F cost?

Pricing for FortiGate 80F starts with an MSRP of $1200 for the Appliance Only model (though Firewalls.com highly discourages buying “appliance only” products as a primary firewall). However, Requesting a Quote or connecting with a Firewalls.com account representative via Live Chat will immediately shave hundreds of dollars off your final price tag.

Compared to the FG-80E, the FortiGate 80F nets you four times the UTM throughput, extra space for site-to-site tunnels, and connection per second gains an order of magnitude greater than E Series counterparts. And don’t forget that whole purpose-build secure SD-WAN, too.

Visit our Fortinet FortiGate 80F/81F page to Request a Quote or Live Chat now.

What is the Fortinet Security Fabric?

The Fortinet Security Fabric: An Overview

Whether you own a Fortinet product or you’re just shopping around, the Fortinet Security Fabric is a term you’re probably seeing a lot of these days. But what is it? Just like actual fabric – many individual fibers weaved together – the Security Fabric is Fortinet’s vast security portfolio intertwined. In short, it’s an integrated solution allowing you to see, manage, and secure your network products in one place. In long? Let’s get into it.

Blog Banner General Buy Now Red-High-Quality

Fortinet Security Fabric

It Starts With the Firewall

Here at Firewalls.com, we often refer to a firewall as the cornerstone of any network setup. The Fortinet Security Fabric treats it that way as well. It’s the hub around which all the spokes of the wheel connect – forgive the mixed metaphors. In this case, with your FortiGate next generation firewall – aka NGFW – you can coordinate the behavior of other Fortinet (and partner) products. That means your FortiGate can run your security show with visibility into all corners of your network. And by the way, it can also function as a Secure SD-WAN powerhouse in case you’ve missed that news. It supports a variety of other security technologies all under the same FortiOS operating system, including:

  • Secure Wi-Fi and Switching Access
  • Network Access
  • The single-console Fabric Management Center
  • Open Fabric Ecosystems for partner integrations
  • Cloud Infrastructure
  • Business-Critical Applications
  • Security Operations for automated threat detection, prevention, & response
  • Endpoint Protection

What is the goal of the Fortinet secure access solution?

The Fortinet secure access solution as it’s sometimes termed, encompasses secure switching and wireless. The goal is network access that’s easy to manage for admins while at the same time high performing for users.

Access is a word that pops up a few times in this conversation – as both creating and controlling it is key for an optimized, secure network. The Security Fabric integrates with FortiAPs to provide and manage secure wireless access and FortiSwitches to do what switches do – essentially create a network. And speaking of access, with the Fortinet Security Fabric, you can implement a zero-trust network access policy throughout your network.

It starts with network access detection, continuous monitoring,  and control. Next, you can implement multi-factor authentication with a solution like FortiToken. Finally, ongoing visibility and access control of all your endpoints is a must – something you can accomplish with FortiClient. When implemented together, you’ll make it extremely difficult for hackers to gain access to your network – keeping your important data secure.

Blog Banner General Buy Now Red-High-Quality

How does the Security Fabric secure my network?

The Security Fabric is designed with network security as a priority. Fortinet refers to this as security driven networking. This begins with the FortiGate firewall as the front-line network protector. But it also includes the secure access solutions of the switch and wireless appliances, and dynamic cloud security to secure your cloud presence.

We’ve already discussed some of the role the FortiGate plays in the Security Fabric, but let’s expand a bit more. We already know the FortiGate is a firewall. But it also includes other critical security measures. These include a secure web gateway to help stop phishing attacks, SSL/TLS decryption to catch encrypted threats without slowing performance, and intent-based segmentation. And we can’t forget about the Secure SD-WAN component which extends this security outside the physical boundaries of the office to branch locations.

As for the cloud, the Security Fabric integrates a wide array of cloud-based security solutions. We know everyone has some type of cloud presence, so staying protected in that space is paramount. In addition to the FortiGate firewall, Fortinet offers FortiWeb web application firewalls. Email is also a major player in the cloud, and we know that email is a main entry point for malware. The good news is FortiMail is built to stop both traditional and advanced email threats.

Another note on all this security talk. The Fortinet Fabric Manager is your single console to manage all of the solutions mentioned above – and more. But the beauty is you won’t have to micromanage your security. Fortinet’s solutions heavily leverage artificial intelligence and automated security. FortiGuard AI incorporates real-time threat data gathered by FortiGuard Labs to ID and stop just about any online hazard you can think of. In essence, Fortinet Security Fabric solutions are constantly working behind the scenes to stop threats.

Who are Fortinet Security Fabric partners?

The list of Fortinet Security Fabric open fabric ecosystem partners is too numerous to include here. But these partners include heavyweights like Amazon Web Services, Google Cloud, Intel, Oracle, and Siemens to name just a few. The partners leverage the Security Fabric to offer end-to-end security solutions in partnership with Fortinet. It’s just one more way your network gets comprehensive coverage.

How do I get started with the Security Fabric?

We’ve touched on a number of aspects of the Security Fabric in this piece. But in the end, as in the beginning, it all comes back to the firewall. To get started on your Security Fabric journey, find the FortiGate firewall that’s right for your network.

 

What is FortiEDR: Real-time protection before and after infection

Introducing FortiEDR

Advanced endpoint protection is a must for any organization, and one of the most comprehensive solutions out there was built from the ground up for end to end security: FortiEDR. In case you missed it, EDR stands for Endpoint Detection and Response. But that only begins to describe the total protection you get with FortiEDR.

FortiEDR offers something far beyond first generation endpoint offerings: Real-Time Protection, pre- and post-incident. That means it’s proactively working 24/7/365 to stop infections before they start. And if you somehow get infected, it jumps all over the infection with heavy artillery to make your network whole again.

FortiEDR Discover-Predict Diagram

Pre-Infection

What does FortiEDR do to stop malware before it gets to your network? It proactively discovers any rogue endpoints and unsecure IoT (internet of things) devices – let’s face it there can be a lot. Meanwhile, it continuously scans for vulnerabilities and comes with risk-based policies that make it harder for attackers to get in. And if it finds vulnerabilities? You get virtual patches. It’l likely to catch even the wildest of wild malware with its machine learning antivirus engine and signature-less detection that can block threats before execution.

Post-Infection

If any threats do find their way through, FortiEDR is ready to stop them in – did I mention? – real-time. It automatically defuses potential threats with automated response and remediation. Defusing these threats post-infection means blocking outbound communication, and stopping data tampering, exfiltration, and even the dreaded ransomware encryption.

Any malware that’s made even the slightest dent in your network won’t have that satisfaction for long, as FortiEDR can rollback any changes its made. It’ll also remove any of those pesky bad files that try to stick around. And this remediation and rollback all occurs without interrupting your business.

With all that action taking place, you’ll want to have a play-by-play, so FortiEDR offers full visibility into attacks. That means forensic data, malware classification, a memory snapshot in case of fileless attacks, and more. Plus, admins can even customize incident response playbooks with optional MDR – or managed detection and response – service.

Integration

Another big plus for FortiEDR is its integration into the Fortinet Security Fabric. It works seamlessly with every other Fortinet protection platform, from FortiClient licenses to FortiGate firewalls to FortiSandbox sandboxing. They all speak the same language – allowing you to manage your network from a single-pane-of-glass.

How do I get FortiEDR?

FortiEDR licenses come in a variety of shapes and sizes. That means you have options. Choose your solution based on your number of users – aka assets – starting at 500, and the level of protection you desire. Offerings include Predict & Protect, Protect & Response, and Predict, Protect, & Response – which covers all we discussed here. FortiEDR’s cost depends on the combination you select. The cost to your business not to have this advanced endpoint detection and response in place when an attack comes around is immeasurable. Shop now to find the right option for you!

 

What is EDR? Automated endpoint detection & real-time response to threats

To continue our recent theme of decoding abbreviations, EDR means Endpoint Detection & Response, and that means that the age of AI is upgrading networks. This automated, real-time endpoint solution ensures that end users can work securely no matter where in the world they’re located in relation to a firewall.

With EDR, your network defenses constantly scan for the kinds of elusive malware, ransomware, and zero day threats that signature-based detection platforms miss. And in the event a security incident occurs, advanced Endpoint Detection & Response platforms such as Sophos Intercept X Advanced with EDR or FortiEDR stop attacks even if the endpoint is compromised. Guided response lets administrators easily walk through the steps of an attack to see its root cause and isolate infected machines.

EDR’s machine learning systems deter, detect, disarm, dissect, deescalate, and do away with any cyber threats you can throw its way.

Why EDR works for small businesses

Survey after survey several years running have revealed two facts: a majority of small businesses find it difficult to hire qualified IT talent–especially talent focused on network security–and their budgets often struggle to accommodate the talent they do find. Automated endpoint detection and response monitored by 24-hour machine learning intelligence adds just the kind of cybersecurity expertise that SMBs need without a higher employee headcount.

Just like modern grocery stores have self-checkout lines and autoworkers now benefit from the assistance of robotics, automation enables small businesses to do more with less to get the job done. Farm out malware expertise and incident response to the bots!

Sophos Intercept X Advanced with EDR

Intercept X Advanced has been a longstanding go-to for network admins looking to add advanced protection to their networks in a comprehensive, integrated system. Sophos Intercept X Advanced now also consolidates that industry-leading protection and EDR into a single solution. Intercept X’s advanced malware prevention significantly eases the workload on the EDR component, allowing you to utilize more of the speed and performance you pay your Internet Service Provider for.

  • Minimize staffing by automating IT tasks usually done by skilled experts
  • Prioritize potential threats & automatically detect security incidents
  • Provide visibility into attack scope, root cause, impact, & network health
  • Hunt for indicators of compromise that may leave your network vulnerable

 

Fortinet FortiEDR

FortiEDR will be made available to order on May 4th and is already boasting some big benefits and features. An EDR solution purpose-built to detect potential threats, FortiEDR stops breaches in real time, and mitigate the damage of ransomware even on machines that have already been compromised. FortiEDR also extends security to IOT devices with the ability to protect everything from PCs to servers to point-of-sale systems and more.

  • Creates very small network footprint thanks to native cloud infrastructure
  • Enjoy automated EPP with orchestrated response across platforms
  • Stop file-based malware with Fortinet’s kernel-level Next Gen AV engine
  • Eliminate dwell time & reduce post-breach expenses

 

SonicWall Capture Client

Automated endpoint detection and response is integrated into SonicWall’s Capture Client, bringing together EDR, advanced threat protection, and integrated network security. With unique ransomware rollback capabilities and intuitive attack visualizations, Capture Client offers a comprehensive endpoint protection and EDR environment for any SonicWall network.

SonicWallEDR

  • Next-generation SentinelOne malware protection engine
  • Advanced threat protection with sandbox integration
  • Behavior-based scanning powered by machine learning
  • Unique attack rollback capabilities using Volume Shadow Copy Service
  • Install & manage trusted TLS certificates to leverage DPI-SSL

 

Secure remote user credentials with multifactor authentication

Multifactor authentication secures employee credentials

Multifactor authentication – aka MFA – means the bad guys are S.O.L. even if they get your name and password. By requiring multifactor authentication for users on your network, you ensure that connection attempts provide two or more pieces of evidence before allowing a user access to any resources or applications.

Attackers are turning their attention to the vulnerabilities of remote access because working from home has become a requirement of doing business in 2020. With so many workers connecting remotely, hackers are focusing on phishing, social engineering, link spoofing, and business email compromise as ways to steal user credentials, access company resources, and exfiltrate sensitive data.

By adding multiple layers of authentication beyond the simple password (and let’s be honest, how many of your employees are really using long, complicated passwords?), you can safeguard against these vulnerabilities of human error. And with so many employees working from their home office out of the IT department’s direct line of sight, you’re going to want a few extra safeguards until we’re all back on premise.

FortiToken Mobile: One-Time Password Generator

Fortinet’s FortiToken Mobile is a one-time password generator application compatible with both Android and iOS devices. It supports both time-based and event-based password tokens, adding versatility to how users can be authenticated. The app instantly generates a single-use token right on the mobile device that users are carrying around in their pocket all day long. Even if attackers are able to steal your username and password, they’ll have to pay a visit in-person to steal your mobile phone too.

Fortinet FortiToken multifactor authentication

FortiToken Mobile is a great solution for small businesses that are looking to get started with multifactor authentication at a low price-point. SMBs can get started with licenses for as few as just five employees. Adding additional licensing is quick and easy, making the solution scalable with your needs. Plus, because FortiToken Mobile is sold as perpetual licenses, you only have to pay once. No annual renewals or subscriptions needed.

 

WatchGuard AuthPoint: Versatile cloud-based authentication

WatchGuard AuthPoint Mobile is designed to work the way your employees work. That means versatility, scalability, and ease-of-use are key. Network administrators can assign different kinds of authentication to specific users, groups, or applications.

WatchGuard AuthPoint multifactor authentication

Mobile Push Notification – AuthPoint’s mobile device option sends push notifications to a user’s phone after they attempt to log in with their username and password. By responding to this push notification, users let AuthPoint know whether to accept or deny the access attempt.

QR Code — AuthPoint supports a QR code version that works with mobile devices as well. After a user attempts to sign into a machine with name and password, a heavily-encrypted QR code is generated onscreen which can then be read by the AuthPoint app on their mobile device.

One-Time Password (OTP) — Like FortiToken, AuthPoint Mobile is able to generate unique one-time passwords that temporarily act as authentication credentials for the AuthPoint app.


 

Multifactor Authentication & VPNs

Many of us will be working from home for the foreseeable future and Firewalls.com has seen a mad dash of small businesses trying to stay connected through secure remote access, virtual private networks, and email security. Solutions like WatchGuard IPSec VPN Clients are a great way to keep remote users safely tethered to company resources and applications, but the human factor always leaves vulnerabilities. Most VPN services require only a username and password combination, making them ripe targets for credential theft and phishing attacks.

Compromised VPNs present a greater threat than any single application or endpoint being infected. Once an attacker is able to win a foothold in a remote access tunnel, they’ve got a direct pipeline right back into the heart of your network. When most of your network’s users are reaching out through dozens of VPN tunnels, multifactor authentication becomes a must-have security feature, not a convenient add-on.


 

FortiClient: Next gen endpoint protection & remote access

Advanced network security, simplified

Fortinet FortiClient is purpose-built to simplify advanced security capabilities, so even small business owners with limited IT staff or resources can roll out enterprise-grade networking. Looking to keep remote worker endpoints sanitary? FortiClient unifies all the endpoint features you expect out of a premium end user platform including secure remote access, sandboxing, and behavior-based scanning for ransomware and encrypted malware.

Fortinet brings it together with seamless Security Fabric Integration, ensuring that all of the Fortinet security fabric components such as FortiGate Firewalls, FortiAnalyzer, wireless APs, and managed switches share a unified view of every endpoint. Automated advanced threat prevention through the use of FortiSandbox catches both known and never-seen-before threats. This integrated framework is centrally managed on the single-pane-of-glass dashboard offered through a FortiGate next generation firewall. This is fast to set up, too! You’re one FortiClient download away from securing all of your endpoints, on-premise or remote. Activation codes are typically delivered next business day.

Remote access with auto-connecting FortiClient VPN

With companies rushing to get remote workers set up on secure remote connections, many small business owners are turning to FortiClient VPN which takes advantage of both SSL VPN and IPSec VPN to provide secure remote access over the fastest and most stable protocol available. This means almost any Internet-connected location can offer secure access to company applications and resources, regardless of the details of its environment. FortiClient automatically connects endpoints to VPNs and maintains an always-up connection, so remote workers require little to no training on how to connect to a VPN from home – or anywhere else.

FortiClient increases visibility & control over endpoints

FortiClient provides end-to-end visibility into all of the endpoints on a network, allowing administrators to view endpoint health at a glance. By integrating endpoints into the Fortinet Security Fabric, the endpoint protection systems, firewall, and security services on the network communicate in real-time to ensure system compromises never go unnoticed. This translates into early detection for network administrators in case of an attack, allowing IT teams to respond quickly.

The FortiOS 6.0 operating system enables endpoint telemetry intelligence, which accurately identifies Indicators of Compromise. Fortinet determines what constitutes an Indicator of Compromise by checking real-time web filter logs on each endpoint against a threat database groomed by FortiGuard Labs. If a potential match is flagged, Fortinet assigns a threat score to that endpoint, measuring overall end user health and reporting this data back to a centrally-managed dashboard through the FortiGate firewall. Plus, network administrators love the automated response capabilities that FortiClient’s telemetry allows, letting them quarantine suspicious endpoints on the fly.

Stop advanced threats like ransomware

FortiGuard Labs provides up-to-the-second threat protection based on real-world data collected from security sensors around the globe. FortiSandbox harnesses this threat intelligence for behavioral scans of all files & applications present on FortiClient endpoints. That means even if threats are hidden in encrypted data packets, FortiClient will root them out and send them to quarantine before any payloads can detonate. Email-borne threats–especially dangerous to remote workers–are blunted thanks to these real-time scans and shared intelligence.

Advanced Threat Protection with FortiClient next generation endpoint

Don’t believe us that FortiClient is a next generation endpoint service? Industry validation titans such as NSS Labs and Gartner consistently stand behind this solution, providing top marks for FortiClient in annual benchmarking tests. In the NSS Labs 2019 Advanced Endpoint Test, Fortinet’s FortiClient blocked 100% of malware thrown at it. See how to get FortiClient for your business.


 

Fortinet Cyber Threat Assessment for SD-WAN, FortiGate, & FortiMail

The Cyber Threat Assessment Program

There are exactly two ways to test your network’s security against cyber threats: run validation testing to assess precisely how your network performs or wait for the real thing to happen and draw conclusions while you’re picking up the pieces in the aftermath. While trial-by-fire is certainly a conclusive way to assess your network security, Firewalls.com strongly recommends the former option. Fortinet’s Cyber Threat Assessment Program is a convenient and non-intrusive process that lets you see where your network stands without interrupting day-to-day operations.

The assessment is free of charge, requires little to no legwork on your part, and yields results in just over a week. Check out the infographic below to see how it works, or listen to our recent podcast episode where we discuss Cyber Threat Assessments with Fortinet’s Ben Bolen.

See How Fortinet’s Secure SD-WAN Can Save You Time & Money

Been curious about SD-WAN? The very same process described in the infographic above can be used for an SD-WAN assessment as well! Fortinet’s Secure SD-WAN allows for high-speed application performance at the WAN edge, intelligently determining the ideal routes for MPLS, 3G/4G, or broadband traffic. Since traditional WAN architectures are not equipped to accommodate the high-demand workloads modern organizations who may be using applications spanning multiple cloud environments. Now you’re one FREE assessment away from seeing exactly how Secure SD-WAN can transform your network.

 

What Information Is Included In CTAP Report?

The Fortinet Cyber Threat Assessment focuses on three key areas: Security, User Productivity, & Network Utilization.

  • Security: Details network vulnerabilities and helps to identify which devices and applications are at an elevated risk so that they can be properly secured. In this section of the report you’ll get to see which vulnerabilities and threats were observed bypassing your existing security solutions.
  • User Productivity: Provides extensive visibility into peer-to-peer, messaging, and other application usage to see how users are using your network in their daily work. In this section you’ll see how spam, newsletters, and other cyber nuisances impact how your users navigate the network.
  • Utilization: Provides real-world numbers about throughput and bandwidth usage during peak traffic. In this section, you’ll get to see when your network resources are needed most and where waste can be eliminated.

No Risk, No Extra Work, No Commitments

The infographic above outlines the basic process for receiving, setting up, and reviewing your results. At no point in the process are you required to make any purchases, change any settings, or meet any deadlines. Fortinet’s Cyber Threat Assessment is a risk-free program that requires no more extra work than plugging in a cord. If at any point you decide you want to end the test, pull the cord back out! That’s it. No money changes hands, no contracts are signed, and no network settings are changed. If you want to dump your final assessment in the trash, no problem. The report is yours to use as you see fit.

Ready For Your Free Assessment?

Getting your Cyber Threat Assessment is as easy as filling out a form on our Fortinet Cyber Threat Assessment Program page. Leave us your contact info and Firewalls.com will work behind the scenes to get a test set up for you. We work closely with Fortinet to make sure the test requires as little effort on your part is possible.

 

FortiGate 40F – Secure SD-WAN for the Small Business

FortiGate 40F – Secure SD-WAN for the Small Business

Compact. Fanless. Affordable. Secure. The new FortiGate 40F from Fortinet hits all the marks when it comes to arming small businesses and branch offices with the fast, secure access necessary in 2020. Fortinet is an industry standout in the SD-WAN arena thanks to their innovative SoC4 SD-WAN ASIC processor. You may recognize this mighty, mini-sized processor from Fortinet’s other recent additions: the FortiGate 100F & FortiGate 60F. Fortinet’s best-of-breed SD-WAN allows for intelligent application steering, scalable VPN capabilities, and other advanced networking capabilities.

Blog Banner General Buy Now Red-High-Quality

The best part? While boasting all of the SD-WAN capabilities of its larger cousins, the tiny FortiGate 40F also reaches maximum throughput speeds up to 5.0 Gbps. For an appliance built with small offices in mind, those speeds are insane!

Learn more in our 40F feature review video:

FortiGate 40F Spec Snapshot

FortiGate 40F with Secure SD-WAN

Fortinet FortiGate 40F

Max Firewall Throughput: 5.0 Gbps

Threat Protection Throughput: 600 Mbps

Network Interface Ports: Multiple GE RJ45

Maximum Connections (TCP): 700,000

New Connections/Second (TCP): 35,000

Maximum Supported Wireless Access Points: 10/5 (Total/Tunnel Mode)

Hardware-Only MSRP: $495

 

“Do-It-Yourself” SD-WAN Deployments

Fortinet makes life for small business owners easy. All FortiGate Secure SD-WAN appliances are easily managed through Fortinet’s Security Fabric in the Fabric Management Center. Paired with zero touch deployment, the FG-40F is user friendly even for businesses with limited IT staff, letting you skip a burdensome manual configuration.

Blog Banner General Buy Now Red-High-Quality

Looking for More Small Business Solutions from Fortinet?

Our website is now bursting with Fortinet network security options for you to shop!

Shop FortiGate Firewalls if you’re looking for enterprise-grade protection at SMB prices.

Extend fast, secure WiFi with Fortinet’s FortiAP access points with integrated WLAN controllers.

Future-proof your setup with secure, scalable FortiSwitch Network Switches.

Or browse all of our Fortinet products to find the perfect solution for your unique network needs.

Assessing Your Security – Ping Podcast Episode 11

Episode 11: Assessing Your Security

How do you know if your network is vulnerable? Well, you could find out the hard way by getting breached. Or you could try out a free program from Fortinet, the Cyber Threat Assessment Program (CTAP) that is. On this episode of Ping: A Firewalls.com Podcast, Kevin and Andrew talk to Fortinet’s Ben Bolen about CTAP, with a special focus on the new CTAP for SD-WAN. You’ll hear how it works, what you can expect to learn, and why it can be a vital step to optimizing your network security, whether you’re already running an SD-WAN setup or not.

Learn more about the CTAP program and sign up now.

Our Network Engineer Alan Steady shares the secret to making SD-WAN management easy in our Engineer’s Minute. Check out all of the expert security services our certified engineers offer.

In our Headlines, we talk about how SD-WAN may be able to help IoT security, a survey that places cybersecurity atop a list of business concerns, and some TikTok vulnerabilities.

How to listen

Listen to Ping – A Firewalls.com Podcast using the player above…

Or just about anywhere you prefer to listen to podcasts (Apple Podcasts, Spotify, Google Podcasts, Stitcher, OvercastTuneIn, iHeart, Pocket Cast, Castro, Castbox, PodchaserYouTube, and of course via RSS, to name a few). Remember to subscribe or follow where you can to get the latest episodes as soon as they’re released, and rate and review us as well!

Missed our previous episodes? You can get them anywhere you listen to podcasts, or go to our full episode list.

New episodes are released every other Wednesday. Have a special request for a topic or a question for our network engineers to address? Email us at podcast@firewalls.com and it could be on our next show!

What are the Differences Between the FortiGate 60F and FortiGate 60E?

The FortiGate 60F arrived just last month and the network security community is already abuzz with praise for this high-tech security appliance. With its SoC4 security processor, application-specific chip set, and WAN edge capabilities, there’s a lot to get excited for. However, because firewall manufacturers tend to design and launch firewalls in successive series, there can be a bit of confusion when it comes to understanding the key differences between the FortiGate 60F and it’s predecessor, the FortiGate 60E. While the FG-60E is still one of the fastest and most secure (and most popular) firewalls in the industry, let us take a closer look at what new potential the FG-60F has in store.

 

FortiGate 60E Tech Specs at a Glance

Firewall Throughput: 3 Gbps

IPS Throughput: 400 Mbps

NGFW Throughput: 250 Mbps

SSL VPN Throughput: 150 Mbps

Concurrent Sessions (TCP): 1,300,000

New Connections per Second: 30,000

Firewall Latency: 3 μs

Blog Banner General Buy Now Red-High-Quality

FortiGate 60E Overview

The FortiGate 60E is one of the most secure Next Generation Firewalls ever designed, propelled by tons of industry awards and accolades. In fact, the FortiGate 60 series is the #1 selling firewall in the world with over 1.5 million units sold globally. Originally hitting the market in 2016, the FortiGate 60E includes a SoC3 (System-on-a-Chip) architecture that further accelerates networking performance well past the potential of previous generations. The FortiGate 60E was among the first Fortinet firewalls to be integrated into the then-emerging Fortinet Security Fabric infrastructure.

The FortiGate 60E is a Unified Threat Management (UTM) platform that delivers integrate wired and wireless networking for medium-sized organizations. This model includes built-in dual-band, dual-stream wireless with integrated internal antennas providing fast 802.11ac wireless. Further, a USB port located on the rear of the appliance allows for compatibility with 3G or 4G USB modems for additional WAN connectivity.

Though this Next Generation Firewall is a few years old, it continues to stand at the front of the pack when compared to its competitors. For any small business not particularly concerned with SD-WAN considerations, the FortiGate 60E still makes for an excellent option as a primary network firewall.

 

FortiGate 60F Tech Specs at a Glance

Firewall Throughput: 10 Gbps

IPS Throughput: 1.4 Gbps

NGFW Throughput: 1 Gbps

SSL VPN Throughput: 900 Mbps

Concurrent Sessions (TCP): 700,000

New Connections per Second: 35,000

Firewall Latency: 4 μs

Blog Banner General Buy Now Red-High-Quality

FortiGate 60F Overview

The FortiGate 60F is a high-performance SD-WAN solution in a compact fanless form factor. Designed for branch offices, remote outposts, and mid-sized businesses, the FG-60F simplifies remote access issues and helps organizations reduce long-term expenses by phasing out expensive MPLS connections. SD-WAN provides secure, direct Internet access for the kinds of cloud-connected applications that businesses now depend on like Dropbox, GitHub, Salesforce, Office 365, and more.

This security-focused WAN edge networking is made possible by Fortinet’s SD-WAN Application-Specific Integrated Circuit (ASIC). The first-of-its-kind SOC4 – first introduced in the more port-heavy, rack-mountable FortiGate 100F – delivers blazing fast application identification and steering for over 5,000 known cloud applications. Fortinet’s advanced routing capabilities mean that modern connected businesses achieve superb user experience without worrying about performance loss.

The FortiGate 60F joins its F-Series big brother the 100F as kings of the growing SD-WAN arms race and the industry’s news face of digital transformation. For any organization looking to deploy applications, devices, or cloud environments across multiple branch locations, the WAN edge efficiency of these models are just too great put them at the top of the shortlist.

Take a deeper dive into the FortiGate 60F with our video review on Youtube!

Try SD-WAN Yourself, For Free

Curious what all the hubbub about SD-WAN is about? Fortinet’s Cyber Threat Assessment Program allows you to test these new technologies in a real-world setting: your network! Get your hands on a free SD-WAN test drive and see how much time, money, and productivity your network is leaving on the table. Sign up for a free Cyber Threat Assessment today.

Reviewing Fortinet’s Desktop Secure SD-WAN device, the FortiGate 60F

FortiGate 60F – Secure SD-WAN in a Desktop

It was just a few short months ago that Fortinet introduced its new SoC4 SD-WAN ASIC processor, powering the first-of-its-kind Secure SD-WAN appliance, the FortiGate 100F. While the 100F is notable for its lightning-quick firewall performance and excellent connectivity, smaller organizations may not need a device to pack quite that much punch. Enter the Fortinet FortiGate 60F, which still offers quite a kick in providing Secure SD-WAN for small to mid-size business and branch office deployments. It boasts the same SD-WAN ASIC processor, purpose-built for security and SD-WAN in one device – and still excellent performance, at more than 15 times industry average throughput. But the FortiGate 60F does all this in a 1.9 pound, fanless desktop form factor, so you won’t need a rack mount setup to use it. Come along with us on a video feature review of the newest FortiGate to combine top-notch security and SD-WAN all-in-one. Introducing the Fortinet FortiGate 60F:

FortiGate 60F Spec Snapshot

Fortinet FortiGate 60F

Max Firewall Throughput: 10 Gbps

Threat Prevention Throughput: 700 Mbps

Network Interface Ports: 10 x 1GbE, 1 USB, 1 Console

Maximum Connections: 700,000

Maximum Connections (DPI SSL): 55,000

Maximum Supported Wireless Access Points: 30/10 (Total/Tunnel Mode)

Hardware-Only MSRP: $695

Shop the FORTIGate FG-60F

Need…More…Videos

If this video piqued your interest but you’d like to see a few other firewall models, you’re in luck! We’ve also done feature review videos for the FortiGate 100F and FortiGate 50E among Fortinet firewalls. And we haven’t forgotten other brands, with the Sophos XG 125 and new in 2019 XG 86 & 106, the SonicWall NSa 2650, the new in 2019 SOHO 250 & TZ 350, and the WatchGuard Firebox T35 and T55. Once you’ve binged the full review playlist, read through our firewall buyer’s guide series to go into even another layer of depth.

The Fortinet Buyer’s Guide

Speaking of our Buyer’s Guide series, we take a deeper dive into Fortinet’s firewall portfolio as well as the security services it offers in our Fortinet Buyer’s Guide.