| certifications | security - Jon Welling
What is Fortinet?
Have you ever heard of Fortinet? What about next-gen firewalls? If you haven’t, now is a great time to learn.
Next-gen firewalls have existed since the mid-2000s. Unfortunately, though, next-gen firewalls have become much more complex than when they were created. They’ve gone through various evolutions as vendors have created tighter security ecosystems.
One of those vendors is Fortinet. Fortinet is known for its firewall, but like other network product vendors, they have grown to include a full product line of network equipment. That network equipment creates a complete data security ecosystem. So, let’s discuss what Fortinet is and what Fortinet does.
What is Fortinet?
When most people think of Fortinet, they think of firewalls. Fortinet earned its name in the IT industry through security. Fortinet is so much more than a firewall, though. Fortinet is a security ecosystem. Fortinet is a business much like Cisco, and much like Cisco, Fortinet provides a variety of different products. Only one of those products is a firewall.
Though Fortinet offers each of its products individually, they like to demonstrate its security products working as a tightly integrated ecosystem. It’s not a coincidence that Fortinet’s next-generation firewall launched roughly around the same time Fortinet introduced its wireless products.
Fortinet realized early that they need to power the IT ecosystem from the bottom up to control every aspect of network and cybersecurity. Fortinet sales reps let CIOs connect those dots, though.
For instance, Fortinet understood that they could create the best next-gen firewall on the market (even going so far as creating specialized ASIC cores designed for deep packet inspection). Still, that firewall doesn’t mean anything if networks contain other intrusion points.
For instance, wireless access points can be used as an intrusion vector that bypasses the firewall. 5G radio towers can be used the same way, too. Both types of wireless access can be used as direct attack vectors onto a network. So, Fortinet created wireless products to control those types of attack vectors.
Fortinet has other tricks up its sleeves. The company decided against a closed ecosystem early on. They realized the power of combining other services with theirs. They also learned that the cloud would play a significant role in the enterprise IT infrastructure.
With that in mind, the Fortinet ecosystem can plug into other services and clouds. For instance, Fortinet can interface with other cloud providers like AWS and GCC. Data and security events can flow both to and from those cloud providers.
That last sentence is significant. Data can flow both to and from providers. Fortinet uses RESTful and responsive APIs. Data is bi-directional, unlike other products that only offer one-way data. That means that the Fortinet ecosystem can send data out, but it can also receive data to act on it.
Fortinet can interface with other services, too. For example, IT teams use an app called ServiceNow. ServiceNow is a ticket and resource tracking system. IT teams use ServiceNow to track issues and projects within an organization. Because Fortinet interfaces with ServiceNow, Fortinet can create actionable items for humans to inspect when Fortinet sees a problem.
Still, Fortinet is known for its firewall. All of these other products make the Fortinet firewall much more robust. With the added benefits of connecting with third-party cloud providers, the firewall sitting on the network’s border suddenly becomes much more powerful.
What is a Next-Gen Firewall?
In the beginning, the IT gods said, “Let there be access lists!” That was all fine and good. Those access lists worked, but the IT gods let us engineers down. They provided an excellent and reliable way to block rogue traffic, but those access lists are an exercise in frustration.
You see, access lists work by knowing what you need to block in advance. Access lists block specific URIs, ports, IP ranges, or services. For instance, if you want to block all traffic from www.bad-website.com, your access lists need to say that explicitly. Likewise, if you’re going to allow all data coming through port 443 on your network, that needs to be defined, too.
So, after countless IT lives were sacrificed in the name of IT security, the IT gods blessed us techs with next-gen firewalls. How do they work?
For the younger iGen crowd out there, a next-gen firewall is kind of like the smart version of a firewall. So you have smartphones, and you also have smart firewalls.
That’s a bit of a misnomer, though. Next-gen firewalls don’t have their own app stores. However, next-gen firewalls have their own OSes and management platforms. They can also inspect network traffic more intelligently.
Next-gen firewalls still use traditional security measures. They still use an ACL. You can still block ports on them.
But, next-gen firewalls can now do things like deep packet inspection. That means instead of simply blocking ports and domains; these smart firewalls can understand what kind of traffic is flowing through their networks. As a result, they can better understand what’s going on. That enables these firewalls to make better decisions about allowing traffic into or out of the network. They can also use that information to adjust QoS rules automatically.
That’s a crude analogy. Next-gen firewalls are more complicated devices. Nonetheless, that gives you a frame of reference to think through when you start learning how next-gen firewalls work.
If you have never heard of or worked with Fortinet products, now is a great time to learn them. Fortinet is a primary competitor to other network security solutions. There is a good chance you will run into their products in the future.
As discussed, when you hear Fortinet, most IT techs typically think of firewalls. However, Fortinet is designed to use all of their products to control the entire security landscape. Again, it’s an ecosystem thing.
Think of it this way. Apple encourages customers to own all Apple products. When you start combining Apple products, you gain access to amazing features. For instance, an Apple Watch can be used to unlock a MacBook.
Fortinet products do that for the internal security machine. In addition, Fortinet can offer more advanced security measures by controlling everything from wireless access to firewalls and switches.