Manufacturer: Fortinet, Inc
Manufacturer Part Number: FWB-400D
Manufacturer Website Address: http://www.fortinet.com
Brand Name: Fortinet
Product Line: FortiWeb
Product Model: 400D
Product Name: FortiWeb Web Application Firewall
Marketing Information: Web Applications are an Easy Target
Although Payment Card Industry Data Security Standards (PCI DSS) compliance is the main reason most organizations deploy Web Application Firewalls (WAFs), many now realize that unprotected web applications are the easiest point of entry for even unsophisticated hackers. Externally-facing web applications are vulnerable to attacks such as cross site scripting, SQL injection, and Layer 7 Denial of Service (DoS). Internal web applications are even easier to compromise if an attacker is able to gain access to an internal network where many organizations think they’re protected by their perimeter network defenses. Custom code is usually the weakest link as development teams have the impossible task of staying on top of every new attack type. However, even commercial code is vulnerable as many organizations don’t have the resources to apply patches and security fixes as soon as they’re made available. Even if you apply every patch and have an army of developers to protect your systems, zero-day attacks can leave you defenseless and only able to respond after the attack has occurred.
Comprehensive Web Application Security with FortiWeb
Using an advanced multi-layered and correlated approach, FortiWeb provides complete security for your external and internal web-based applications from the OWASP Top 10 and many other threats. Using IP Reputation services, botnets and other malicious sources are automatically screened out before they can do any damage. DoS detection and prevention keeps your applications safe from being overloaded by Layer 7 DoS attacks. FortiWeb checks that the request hasn’t been manipulated using HTTP RFC validation. Requests are checked against FortiWeb’s signatures to compare them against known attack types to make sure they’re clean. Any files, attachments or code are scrubbed with FortiWeb’s built-in antivirus and antimalware services. FortiWeb’s auto-learning behavioral detection engine reviews all requests that have passed the tests for known attacks. If the request is outside of user or automatic parameters, the request is blocked. Lastly, FortiWeb provides a correlation engine where multiple events from different security layers are correlated to make a more accurate decision and help protect against the most sophisticated attacks. This combination provides near-100% protection from any web application attack, including zero-day threats that signature file-based systems can’t detect.
Product Type: Network Security/Firewall Appliance
Technical Information
Firewall Protection Supported:
- Vulnerability Assessment
- Web Application Control
- SQL Injection
- Denial of Service (DoS)
- Zero Day Event
- Malicious Source IP Address Blocking
- Distributed Denial of Service (DDoS)
- Antivirus
- Malware Protection
Interfaces/Ports
Total Number of Ports: 4
USB: Yes
PoE (RJ-45) Port: No
Number of Network (RJ-45) Ports: 4
Network & Communication
Ethernet Technology: Gigabit Ethernet
Network Standard:
- 1000Base-X
- 1000Base-T
Wireless Specifications
Wireless LAN: No
I/O Expansions
Number of Total Expansion Slots: 4
Expansion Slot Type: SFP
Number of SFP Slots: 4
Management & Protocols
Manageable: Yes
Physical Characteristics
Compatible Rack Unit: 1U
Form Factor: Rack-mountable
Height: 1.7″
Width: 17.2″
Depth: 16.4″
Weight (Approximate): 22 lb