When a client places his website, mail or other service in our cloud based on VMware, then in 90% of cases the NSX Edge virtual router is used as an edge device. This solution performs the functions of a firewall, NAT, DHCP, VPN and so on for a virtual data center.
But if, for example, a client is used to receiving advanced traffic analytics and more detailed monitoring on the firewall, then in the cloud he may need a Next Generation Firewall (NGFW). In addition, such solutions provide IPS and IDS modules, antivirus and other chips. For customers with such requests, we offer NGFW as a service based on FortiGate as one of the solutions. In this article I will show you how and why we organize the move to this service.
When to consider NGFW as a service
Most often, our customers consider alternatives to NSX Edge if they need to solve additional tasks at the firewall level:
detect and prevent intrusions - using IPS and IDS modules;
provide additional anti-virus protection;
, ;
AD IDM;
.
― . , , , . : , . , , . . : .
NGFW , . ― (VDOM’). Pay-as-you-go: , . VDOM’ : -, .
:
NGFW ― . , . : -. NAT ― .
NSX Edge : . .
" ". , .
, , NGFW .
:
,
VLAN’ ,
: routed, isolated,
,
,
,
NAT- .
.
Edge, .
: VDOM FortiGate VLAN’.
.
NAT- , IP- .
VPN-.
. VLAN’.
. , . Edge FortiGate. DNS. VLAN .
- , .
. , . . - , . - , .
. NGFW: IPS, , , ― . , . , IPS. , , . : , . .
NGFW+
NGFW , :
,
VPN-,
- (WAF),
.
, .
FortiAnalyzer NGFW . , : , - IP-. , .
NGFW syslog’ SIEM-. - IPsec.
FortiAnalyzer .
VPN- FortiClient VPN. (endpoint-). .
WAF NGFW . , WAF DDoS . NGFW :
WAF WAF. NGFW explicit proxy: , .
WAF , . NGFW , : - . NGFW : . - , NGFW .
. .
, , — NGFW WAF . -, WAF .