Fortinet integration with SDN environments

If you are creating your virtual Data Center or Software-Defined Data Center (SDDC) where there are virtual networks everywhere, maybe, you are thinking about working with SDN ecosystems. Today, virtualization goes forward Private Cloud, as well as going forward Public Cloud or Hybrid Cloud, where security engineers have to think about how to protect these new environments. Therefore, security infrastructures should become agile and elastic, just like compute, storage and networking, and it must also integrate with underlying SDx infrastructure such as cloud and SDN platforms.

Fortinet solutions for Software-Defined Network Security (SDNS) have a complete security ecosystem with optimized orchestration connectors for OpenStack, Cisco ACI or Nuage Networks as well as for VMware NSX which add value of security integration in SDDC thanks to L7 security, multi-tenancy, identity based policies, Micro-Segmentation, Zero Trust, control of east-west traffic, inter and intra VM security, logical security zones (multi-tier), etc, etc, etc. As we can see, Fortinet FortiGate solutions are not just stateful firewalls like Amazon EC2 Security Groups but UTM firewalls with advanced features for SDN ecosystems as well.

Fortinet Solutions for Software-Defined Network Security (SDNS)

 

For instance, if we have deployed VMware NSX into our Data Center and we want L7 security even between virtual machines of the same network, as well as control, visualization and analysis of traffic flows, we could deploy FortiGate-VMX Service Manager along with FortiGate-VMX Security Appliances for a complete security ecosystem. Therefore, service groups created in NSX Manager automatically get sent to the FortiGate-VMX and are available for policy creation.

Fortinet FortiGate-VMX Solution Interaction

 

Another SDN platform supported by Fortinet is Cisco-ACI which can be used in a CLOS/Leaf and Spine architecture instead of in a full virtualizacion platform like VMware NSX does. Fortinet has developed a device package to be imported in APIC where FortiGate configuration is managed. Thus, network configuration (VLAN, IPs, Routes, etc …) and security configuration (Firewall Policies, Security Profiles, etc) is managed from APIC.

Cisco ACI - Device Packet Integration

 

OpenStack is a software platform for cloud computing which is also supported by Fortinet. The Open Source OpenStack and Commercial OpenStack solutions like HP Helion, PlumGrid, Nuage Networks, NetCracker, BluePlanet, Nokia CloudBand and UBiqube are supported by the Fortinet SDN ecosystem. For example, we can configure an SD-WAN/Zero Touch deployment with Ubiqube and FortiGate-VM where security is delivered as a service by the service provider and enterprise security administrator can protect services easily.

Fortinet - Nuage Deployment Models

I think SDN is here to stay for a period of time, who knows till when? Meanwhile, some datacenters have already deployed SDN solutions to take advantages of auto-scaling and auto-provision for elastic workloads, Micro-Segmentation in Consolidated Data Centers, securing Inter-VM traffic in virtual environments, or SD-WAN efficiencies with service chains. Therefore, we can start thinking about how we are going to protect our services with the new paradigm of Software-Defined Network Security.

Secure Inter-VM Traffic in Virtual Environments

 

Regards my friend and remember, keep studying!!