Fortinet Wireless LAN Solutions
FortiGate security systems offer a comprehensive set of capabilities that address the key challenges to deploying secure wireless LANs. FortiGate systems can be deployed in conjunction with wireless access points from any vendor, and used to detect and eliminate content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance. In addition to providing application-level protection, the FortiGate systems deliver a full range of network-level services — firewall, VPN, intrusion detection and traffic shaping — delivering a complete network protection services in dedicated, easily managed platforms.
In particular, the VPN encryption, user authentication and directory integration capabilities of FortiGate systems make it possible to mitigate the security weaknesses of current generation WLAN products and to retrofit complete, high-performance security into any WLAN deployment.
The FortiGate platform uniquely solves key issues and concerns currently holding back rapid adoption of wireless LANs in the enterprise, including:
| Security Problem with WLAN Deployment |
|
Addressed by the FortiGate Platform |
|
| No native support to enable a wireless access point to distinguish an employee's WLAN NIC from that of a friendly visitor or malicious rogue |
|
User-level authentication and user/group policies that enable, for example, employees to have access to specific data resources and services, provides Internet access to guests for mail and Web access only, and denies service to rogues |
|
| Limited support for directory integration |
|
User authentication through internal database, Radius server or LDAP directory |
|
| No native support for terminal device authentication |
|
IP/MAC binding to enable physical authentication of access terminals |
|
| Weakness of WEP encryption |
|
Strong encryption and authentication of wireless links using IPSec VPN with a choice of triple-DES and AES encryption, and SHA1 or MD5 for packet-level authentication |
|
| Content-based attacks such as virus scanning, script filtering and intrusion detection/prevention |
|
Intrusion detection/prevention and content filtering |
|
| No native support for QoS to ensure appropriate allocation of shared wireless bandwidth |
|
Policy-based traffic shaping to allocate bandwidth based on user identity and type of application |
|
Wireless LANs provide a tremendous amount of freedom and flexibility and support the increasing desire for always-on, always-available connectivity. However, wireless LANs also break down the notion of a definable "network edge," and bring significant new challenges for maintaining network security. With proper augmentation, the security deficiencies of wireless LANs can be mitigated, enabling the benefits of untethered connectivity without compromising security.
Fortinet's FortiGate family add a critical layer of protection to wireless LANs, extending the life and improving the security of existing systems and providing a foundation for expanded implementations even as wireless standards evolve and mature.
If you have questions or concerns about deploying Fortinet products in your environment, please feel welcome to contact us toll free: 877-386-3763.