A pair of wireless headphones makes it easier to make and attend calls, although a phone can work standalone without them. Similarly, security tools can work fine on their own, but complementing them with external help makes their job easier and provides more convenience. It is well established that a single security tool cannot provide a complete solution to protect the network. Securing a network often requires a combination of multiple tools to do different jobs in order to provide a complete solution.
Generally, the network stack and security stack go hand in hand, meaning if your network is 10G, your security tools should be as well, and if security tools are inline with the network, then any change required on those security tools would impact the network as well.
What if network and security stacks could be segregated by introducing a layer between them? Let’s call this layer a visibility layer, a layer that sees everything in your network and then has the ability to control which traffic goes to security tools. Imagine the flexibility and possibilities this could offer, like feeding traffic from 10G traffic to 1G tools, removing all noise from traffic before feeding it to tools, or removing all duplicates and reducing traffic going to tools, increasing their efficiency and ability to digest more traffic.
Fortinet has been among the leaders in the next-gen firewall space. It can work quite efficiently as a standalone solution, but when complemented by a Gigamon visibility layer, it can introduce benefits far exceeding expectations.
Imagine the nuisance caused every time maintenance is required to upgrade or make changes to any inline tool. In the case of the Fortinet Next-Gen Firewall, this would involve a maintenance window with NetOps and SecOps teams working outside business hours. With a Gigamon inline solution, this process becomes a breeze. Gigamon provides the ability to bypass traffic and send it directly back into the network, ensuring no downtime. Once changes are complete, a single click will start sending traffic right back to the firewall. Figure 1 gives a diagram of the solution and traffic flow.
This solution not only saves countless hours taken up by the maintenance window, it also provides an additional layer to prevent downtime due to tool failure or a tool hanging due to over-processing. It also helps remove any noise from traffic before sending it to the firewall for inspection. A further benefit is the ability to load balance traffic among multiple firewalls or daisy chain traffic through multiple tools, sending sanitized traffic back to the network.
For more information, read the Fortinet-Gigamon Joint Solution Brief. Gigamon is part of the Fortinet Open Fabric Ecosystem, and the joint solution provides active visibility into physical and virtual network traffic, bypass protection and traffic distribution, enabling greater efficiency, reliability and security.
WW Technology Alliances Director at Gigamon