FortiADC

Application Delivery Controllers

© Copyright Fortinet Inc. All rights reserved.

Scope/Definition of ADCs

 Eliminate unplanned downtime

» Application server
» ISP
» Data center
» Physical port Application
Servers
 Increase application performance
INTERNET

 Advanced application traffic management

» L7 content-based routing
» SSL offloading / SSL Re-encryption
» HTTP Content Caching
» HTTP Compression
» Header Rewriting
» Application Layer Health Checks
» Direct Server Return

2
ADC Drivers/Challenges

 Application availability/capacity Who Needs it?

» Support increased number of users  Any organization that hosts its own
» Support increased secure (SSL) traffic applications
» Provide low-latency and improve  Any organization hosting corporate
the user experience applications like MS Exchange, Sharepoint,
Lync, VMware VDI
 Application continuity and  Size of company less important than
disaster recovery business model
 Reduce application delivery costs/impacts
» Improve server resource utilization Who Needs it Most?
» Reduce application administration costs  E-commerce
» Minimize revenue impacts from downtime  Online Services
» Ease of use*  Financial services
 Education
 Healthcare
 MSPs/Hosting Companies
*Most customers are not looking for something
they need to get certified on to run.

3
FortiADC – Application Delivery Controllers

 Robust L4 and L7 load balancing

 Hardware and virtual appliances  Advanced L7 content rewriting and routing

 Throughputs from 2.7 to 50 Gbps  Included GSLB

 Full IPv6 support and 6in4 Tunneling
 Models with up to 8 10GE SFP+ ports  Multiple High Availability failover options
 SSL offloading with Forward Proxy
 Full featured at one low price  Gzip HTTP compression
 Web Application Firewall
 Scripting for SLB and content rewriting
 Authentication offloading
 Quality of Service
 Link Load Balancing
 Full CLI , easy-to-use GUI and REST APi
 Content Caching
 Stateful Firewall

Class-leading performance and value

almost any sized application environment

4
FortiADC Benefits

 Scale applications with Server Load Balancing and Server Health Monitoring
 Maintain connections to application servers with Persistence
 Improve secure application, server and firewall performance with SSL Offloading/Acceleration
 Reduce bandwidth needs and improve User QoE with HTTP Compression and Content Caching
 Optimize data center resources and routing with L7 Content Routing
 Disaster recovery/span multiple data centers with Global Server Load Balancing
 Mask server IPs with Content Rewriting
 Protect applications with Web Application Firewall (WAF)
 Prioritize traffic by type with Quality of Service (QoS)
 Redundancy and WAN optimization with Link Load Balancing
 Reduce hardware costs with VDOM’s

5
FortiADC Product Lineup

FAD-4000D

Performance & Scalability FAD-2000D

FAD-1500D

FAD-700D

FAD-400D

FAD-300D

FAD-200D

L4 <5GB 5 – 30GB 30 – 50GB

SSL Software ASIC ASIC

Ports GE GE/10GE GE/10GE

6
FortiADC Product Matrix
200D 300D 400D 700D 1500D 2000D 4000D
L4 /7 SLB P P P P P P P

Advanced L7 Traffic Mgmt. P P P P P P P

L4 T-put (Gbps) 2.7 5.0 10.0 15.0 20.0 30.0 50.0

LLB P P P P P P P

GSLB Included Included Included Included Included Included Included

Gzip Compression P P P P P P P

Caching P P P P P P P

QoS P P P P P P P

WAF P P P P P P P

Authentication P P P P P P P

Scripting P P P P P P P

IP Reputation P P P P P P P

Firewall/DoS P P P P P P P

VDOM n/a 10 20 30 45 60 90

8 GE, 8 GE, 8 GE, 16 GE, 16 GE,

Ethernet Connectivity 4 GE 8 GE
2 10GE 4 10GE 4 10GE 4 10GE 8 10GE

Single
Power Supply Single Single Single Dual Dual Dual
(Dual Option)

7
FortiADC Virtual Appliances

Technical
FortiADC VM01 FortiADC VM02 FortiADC VM04 FortiADC VM08
Specifications

vCPU Support (Max) 1 2 4 8

Memory Support (Max) 2GB 4GB 8GB 16GB

Network Interface
10 10 10 10
Support
Storage Support
50MB / 1TB 50MB / 1TB 50MB / 1TB 50MB / 1TB
(Min / Max)

Enterprise grade virtual ADC

 Deploy ADCs without extra hardware
 Dynamic expansion in VM environments
 VMware ESX/ESXi, Citrix XenServer,
Open Source Xen, Microsoft Hyper-V, KVM.

8
Microsoft Qualifications

 FortiADC fully Qualified

» Exchange 2010 (2013)
» Lync 2013
» Skype for Business
 Listed on Microsoft Technet
 Detailed deployment guides available
on [Link]

9
FortiADC with FortiMail and FortiCache

 Expand FortiCache
Internal
» High-volume content caching FortiCache Users
» Minimize deployment Cluster
complexity
 Expand FortiMail
» Increased capacity for email
security
» Redundancy for FortiMail
» HTTPS for secure email traffic
 Detailed deployment guides on
[Link] FortiMail
Config-only Mode
Cluster

10
SSL Forward Proxy

 Inspect secure traffic, but offload from

Internal
FortiGate firewall FortiADCs provide User
encryption and decryption
 Maintains secure traffic and certificates services and can load
with clients and external hosts balance multiple FortiGates

 FortiADC pair in front of and behind

firewall
 FortiGate load lessened and can focus
on threat detection and mitigation FortiGate inspects
unencrypted traffic (IPS,
 Load balance multiple FortiGates DLP, UTM)

 FortiGuard Web Filtering simplifies

URL management (only SSL FP)

11
FortiADC Security

 Stateful Firewall  FortiGuard Security Services

 Web Application Firewall » Award-winning threat research
services
 Authentication Offloading for web » Dynamic/automated updates for
applications (local, LDAP and RADIUS) FortiADC
» Automatic downloads
 GEO IP security and logs
» Always up-to-date
 IP Reputation (subscription required)
 Web Filtering (subscription required)
 IPv4 and 6 firewall rules
WAF Security Service IP Reputation Web Filtering
 Granular policy-based connection limiting • Application layer • Protection for automated • Manage SSL FP
signatures attacks and malicious scanning exceptions
 Syn Cookie Protection • Malicious bots
sources • Enable/disable SSL
• DDoS, Phishing, Botnet, inspection by category
• Suspicious URL pattern
 Global Server Load Balancing - DNSSec • Web vulnerability
Spam, Anonymous
proxies and infected
• Automatic updates
scanner updates sources
 GSLB - DNS Response Rate Limiting

12
FortiADC Competitive Advantages

 Kemp and Barracuda at low end

 F5/A10/Citrix in Enterprise/MSP
 Generally similar features at lowest TCO in segment ($/Gbps L4 throughput)
 Battle Cards for F5, Citrix, Radware, Kemp, Barracuda and A10

General Product Line Features and Performance

FortiADC F5 Citrix Radware A10 Kemp Barracuda
L4/L7 Load ✔ ✔ ✔ ✔ ✔ ✔ ✔
Balancing
GSLB ✔ License License License ✔ License ✔
Link LB ✔ BigIP-2000 License License Basic ✘ ✘
WAF ✔ License License License ✔ ✔ ✔
Authentication ✔ License License License ✔ ✔ ✔
VDOMs ✔ ✔ Different HW License ✔ ✘ ✘
Scripting ✔ ✔ ✘ ✔ ✔ ✘ ✘
IP Reputation ✔ License License ✘ License ✘ ✔
Stateful Firewall ✔ License ✘ ✘ ✘ ✘ ✘
Average $US/GB L4 $1,000 $4,000 $3,700 $2,600 $2,200 $1,250 $1,200
Throughput

13
Pricing/Licensing

 Purchase price includes

» Hardware: appliance, mounting hardware, etc.
» VM: downloadable software and license
 FortiCare (1, 2 and 3 year increments)
» 8x5 enhanced
» 24x7 comprehensive
 FortiGuard (1 year only)
» IP reputation
» WAF Security Services
 FortiCare and FortiGuard Bundle available

14
Questions

 Are your applications outgrowing a single server or your current server load balancer?
» All FortiADCs provide server load balancing with high-performance options to meet the needs of almost any application

 Do you need 99.999% uptime?

» FortiADC’s healthchecking, high availability and GSLB provide a 3-tier approach to cover almost any chance of downtime

 Do you have multiple data centers for disaster recovery of applications?

» GSLB on FortiADCs bridges multiple datacenters and is included at no extra cost

 Do you host Microsoft Exchange or SharePoint with over 1,000 users?

» FortiADCs are certified for load balancing Microsoft applications

 Are secure applications slowing down servers and increasing response times?
» All FortiADCs support SSL offloading with some hardware-accelerated models that offer blazing fast speed
» All FortiADCs support HTTP Compression
» All FortiADCs support Content Caching

15
Additional Resources

 White Papers  Deployment Guides

» Basics of Application Delivery: ABCs of ADCs » Microsoft Exchange 2010
» Microsoft Exchange 2013
 Solution Guides/Briefs
» Load Balancing with IIS and Apache
» Application Delivery Network Solutions
» 7 Steps to Implement Server Load Balancing
» Microsoft Applications
» Microsoft Lync/Skype for Business
» FortiADC and FortiMail
» FortiMail/FortiADC Deployment Guide
» FortiADC and FortiCache
» FortiCache/FortiADC Deployment Guide
» FortiADC and FortiGate SSL Inspection
» FortiADC with FortiGate for SSL Inspection
 Positioning Guides/Responses
» Info-Tech 2013 Vendor Landscape
» Gartner 2013 Application Delivery Controller
Magic Quadrant
» Battle Cards (F5, Citrix, A10, Radware, Brocade,
Kemp and Barracuda)

16