FortiGate Unified Threat Management (UTM) network Security systems offer a comprehensive set of capabilities that address key challenges to deploying secure wireless LANs.
FortiGate Unified Threat Management (UTM) network Security systems offer a comprehensive set of capabilities that address key challenges to deploying secure wireless LANs. FortiGate Network Security systems can be deployed in conjunction with wireless access points from any vendor, and used to detect and eliminate content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance. In addition to providing application-level protection, FortiGate Network Security systems deliver a full range of network-level services - firewall, VPN, intrusion prevention and traffic shaping - delivering complete network protection services in a dedicated, easily managed platform.
In particular, the VPN encryption, user authentication and directory integration capabilities of FortiGate Network Security systems make it possible to mitigate the security weaknesses of current generation WLAN products and to retrofit complete, high-performance security into any WLAN deployment.
The FortiGate Network Security platform uniquely resolves key issues and concerns currently holding back rapid adoption of wireless LANs in the enterprise, including:
Security Problem with WLAN Deployment . . .
Addressed by the FortiGate Platform
No native support to enable a wireless access point to distinguish an employee’s WLAN NIC from that of a friendly visitor or malicious rogue . . .
User-level authentication and user/group policies that enable, for example, employees to have access to specific data resources and services, provides Internet access to guests for mail and Web access only, and denies service to rogues
Limited support for directory integration . . .
User authentication through internal database, Radius server or LDAP directory
No native support for terminal device authentication . . .
IP/MAC binding to enable physical authentication of access terminals
Weakness of WEP encryption . . .
Strong encryption including WPA-2 and authentication of wireless links using IPSec VPN with a choice of triple-DES or AES encryption, and SHA1 or MD5 for packet-level authentication
Content-based attacks such as virus scanning, script filtering and intrusion detection/prevention . . .
Intrusion detection and prevention, antivirus/antispyware and Web content filtering of wireless traffic
No native support for QoS to ensure appropriate allocation of shared wireless bandwidth . . .
Policy-based traffic shaping to allocate bandwidth based on user identity and type of application
Wireless LANs provide a tremendous amount of freedom and flexibility and support the increasing desire for always-on, always-available connectivity. However, wireless LANs also break down the notion of a definable "network edge," and bring significant new challenges for maintaining network security. With proper augmentation, the security deficiencies of wireless LANs can be mitigated, enabling the benefits of connectivity without compromising security.
Fortinet’s FortiGate Network Security systems add a critical layer of protection to wireless LANs, extending the life and improving the security of existing systems by providing a foundation for expanded implementations even as wireless standards evolve and mature.