Overview:
FortiProxy is a secure web proxy that protects employees against internet-borne attacks by incorporating multiple detection techniques such as web filtering, DNS filtering, data loss prevention, antivirus, intrusion prevention and advanced threat protection. It helps enterprises enforce internet compliance using granular application control. High-performance physical and virtual appliances deploy on-site to serve small, medium and large enterprises.
SSL Inspection
Powerful hardware that can perform SSL inspection to effectively remove blind spots in encrypted traffic, without compromising on performance.
Protection against sophisticated web attacks
Integration with proven FortiGuard Threat Intelligence Service and FortiSandbox Cloud to protect enterprises from the latest sophisticated threats.
Authenticated web application control
Granular application control policies to restrict access to social websites using user or group identity.
Highlights
- Advanced Protection against threats
- Integration with FortiGuard Threat Intelligence Service
- Web, DNS filtering and application control
- Integration with FortiSandbox cloud and on-premise appliance
- AV, IPS, DLP and Content Analysis
- High performance and scalability
- Custom –built security processing units for high performance
- Scalability from small to large organizations
- HA availability for redundancy
- Content Caching and WAN Optimization
- Static and dynamic content caching
- Multiple Content Delivery Network
- Decrease Network Latency
- Lower bandwidth overhead
Features:
Multi-layered Detection
FortiProxy provides multiple detection methods such as reputation lookup, signature-based detection and sandboxing to protect against known malware, emerging threats and zero-day malware.
Integration with FortiGuard Threat Intelligence
The threat landscape is rapidly evolving, requiring security teams to be continuously vigilant of new threats. FortiGuard Threat Intelligence service is a collection of services delivered by FortiGuard Labs to defend against the changing threat landscape. FortiGuard Labs comprises of more than 200 researchers across 31 countries. It offers 15 different security services and constantly discovers new threats. The following protection services offered by FortiProxy are continuously updated with the latest information from FortiGuard Threat Intelligence.
- DNS and Web Filtering
With the help of FortiGuard Threat Intelligence service, malicious, suspicious and newly generated domain names are blocked immediately. More than 150,000 websites are blocked per minute by the FortiGuard WebFiltering Service. Dynamic category-based web filtering ensure employees abide by the company’s acceptable use policy. Static whitelisting and blacklisting capabilities are also available to allow or block specific websites.
- Dynamic Analysis using Sandboxing
Top-rated FortiSandbox is integrated with FortiProxy to defend against targeted advanced attacks. Suspicious and at-risk files can automatically be sent to FortiSandbox for further analysis. The sample is analyzed in a contained environment to uncover the full attack lifecycle using system activity and call back detection. Reports provide rich threat intelligence and actionable insight for security teams to take action.
- Antivirus and DLP
Fortinet consistently receives superior effectiveness results in industry testing with AV Comparatives and Virus Bulletin. Data Loss Prevention protects against exfiltration of sensitive data. Sensitive files can be fingerprinted or watermarked and the outgoing traffic is examined to identify any data leakage.
- Content Analysis Service
FortiProxy includes content scanning technologies from Image Analyzer, the industry leader in offensive image and video detection to prevent access to inappropriate content.
- Intrusion Prevention
FortiProxy uses a combination of signature as well as signatureless engines to prevent intrusions. IPS signatures can be based on exploits, known vulnerabilities or anomaly patterns. Signature-less techniques are used to detect SQL injection, domain generation algorithm attacks, java and flash exploits. FortiGuard Labs generates more than 100 IPS rules every week, blocking more than 4 million network intrusion attempts.
Inspection of Encrypted Traffic
More than 60% of the internet traffic is encrypted and visibility is a big challenge. FortiProxy offers SSL and SSH deep inspection without requiring any additional license or appliance. It can be used to inspect encrypted traffic by acting as a man in the middle. It also has the flexibility to add exclusion categories so that banking, healthcare and other such sites won’t be monitored. When SSL Deep inspection is not possible it also supports Certificate based inspection.
Granular Application Control
With the constant increase in the usage of social apps, it’s vital for organizations to provide very granular controls. For instance, they may want to allow access but prevent specific actions like posts. FortiProxy supports all major social websites (including Facebook, LinkedIn, Twitter, Instagram), and supports more than 3000 apps. In addition, SaaS Apps can be classified using the cloud database that’s maintained by FortiGuard.
Authenticated Web Access
FortiProxy supports advanced authentication methods including SAML, Kerberos and Single Sign-on. These features are built-in without requiring a separate appliance. It also gives administrators the flexibility to configure policies based on users and roles.
WAN Optimization and Advanced Caching
Today at many locations, bandwidth is a bottleneck, and to keep operation costs low, it may be prohibitive to provide additional bandwidth. In these environments, FortiProxy is also able to greatly optimize and accelerate the network by enabling caching of content and by enabling WAN Optimization features.
Security Fabric
The Fortinet Security Fabric delivers broad protection and visibility to every network segment, device, and appliance, whether virtual, in the cloud, or on-premises. It can automatically synchronize security resources to enforce policies, coordinate automated responses to threats detected anywhere in your network, and easily manage different security solutions and products through a single console. FortiProxy integrates with key security fabric components such as FortiSandbox and FortiAnalyzer. It can also integrate with third-party security devices using ICAP and WCCP protocols.
High Performance, scalability and low TCO
FortiProxy uses specialized ASICs in order to accelerate performance of the network and security modules. FortiProxy supports proxy speeds up to 15 Gbps, and can scale from small enterprises with 500 users all the way to larger enterprises of 50,000 users. FortiProxy provides great value to customers while maintaining a low total cost of ownership.
Deployment:
FortiProxy allows you to choose from 3 modes of deployment to meet your specific requirements, while reducing infrastructure changes and service disruptions:
Inline Deployment
- Suitable for smaller enterprises (less than 500 users)
- Deployed behind the NGFW
- Interesting traffic that needs to be inspected configured on Proxy, and the remaining traffic is automatically bypassed to the NGFW.
Explicit Deployment
- Suitable for larger enterprises
- Proxy can be deployed in any location within the enterprise
- Support for multiple pac files allows flexibility
WCCP/PBR Deployment
- Suitable for larger deployments
- If distribution of pac files is not convenient, WCCP or PBR mode is supported
- Policies are configured on the NGFW/router to direct the interesting traffic to the proxy
