Sometimes when there’s a big event, there’s so much going on that you can’t take in all the information. It’s like a big Thanksgiving dinner where the turkey gets all the attention. Yes, the bird may be impressive, but the table is probably also laden with other delicious dishes that are actually more appealing, depending on who you are. The vegetarians might be excited about the dressing, and the gluten-free crowd might be eyeing those mashed potatoes.
Our launch of FortiOS 7.0 earlier this year was like that. FortiOS supports dozens of products with an expansive array of advanced features and functions. And in FortiOS 7.0, we added so many enhancements that affected key areas like SD-WAN, cloud, and 5G that some people may have overlooked the Zero Trust Network Access (ZTNA) part of the announcement.
But ZTNA is a big deal, particularly if you are implementing work from anywhere strategies.
If you’re a customer who owns a FortiGate next-generation firewall (NGFW) running FortiOS 7.0, you can access ZTNA capabilities now. For free. That means that if you own a FortiGate, you don’t need to go out and buy another ZTNA solution. You already have it. FortiGate is the most deployed firewall worldwide, so free ZTNA is already available on the more than 6 million FortiGate NGFWs out there.
And yes, you read that right. ZTNA is free. All you have to do is enable it.
The Importance of ZTNA and Why it Matters
ZTNA isn’t new, but a lot of people are talking about it now because it solves a big problem for many organizations. The rise in Work from Anywhere (WFA) has forced organizations to take another look at traditional VPNs. The perimeter-based network security model used by VPNs of “inside means trusted” and “outside means untrusted” is no longer enough. In fact, Gartner predicts that by 2023, 60% of enterprises will phase out traditional VPNs and use a ZTNA model.
Implementing a zero-trust model provided by ZTNA ensures that whenever a user or device requests access to a resource, they are verified before access is given. Location is taken out of the equation. With zero trust, it doesn’t matter where the user, device, or resource is located.
You can apply ZTNA’s controlled remote access to applications to remote users, home offices, and other locations, such as retail locations. It’s easier and faster to initiate than a traditional VPN and offers a more granular set of security protections. And it doesn’t matter if applications are in the data center, private cloud, or public cloud. Users and applications can be geographically independent and still have secure and reliable connections.
Many ZTNA solutions are cloud-based, however, many people assume that ZTNA only works from the cloud. That’s not only untrue. It can lead to serious security issues and unnecessary complexity. A cloud-only solution isn’t enough; ZTNA should be everywhere.
The Fortinet Approach to ZTNA
Implementing ZTNA requires a couple of components: a client, a proxy, authentication, and security. Vendors have adopted two primary approaches to implementing ZTNA: service-initiated or “clientless” ZTNA and endpoint-initiated or “client-initiated” ZTNA.
The clientless ZTNA approach uses a reverse-proxy architecture, which uses a browser plug-in to create a secure tunnel and perform the device assessment and posture check. The most significant disadvantage of clientless ZTNA is that it’s limited to cloud-based applications.
But because most organizations have hybrid networks, with users and devices that need access to resources any place, any time, from anywhere, Fortinet uses access proxies on-premises and in the cloud. And with the release of FortiOS 7.0, your existing Fortinet infrastructure can be turned into the newest part of a zero-trust architecture. FortiGate next-generation firewalls (NGFWs) and FortiClient endpoint protection now employ ZTNA capabilities with simplified management right out of the box.
The same adaptive application access policy is used whether users are on or off the network. That’s because ZTNA is built into FortiOS, meaning it’s tightly integrated into the Fortinet Security Fabric, the industry’s highest performing cybersecurity mesh platform, to simplify management and visibility across the network. You can also implement ZTNA incrementally by simply changing select settings. That way, you can start with one application, one set of users, or one section of your network and implement specific zero-trust capabilities over time.
ZTNA is just the start. Most organizations don’t move to a zero-trust model all at once; they do it gradually. So, it’s important to select solutions that will be easy to integrate with an evolving zero trust strategy. FortiGate NGFWs are designed to be easily integrated with other solutions to help you implement zero-trust throughout your network a step at a time.
Of Course, FortiGate NGFWs Offer More than Just ZTNA
In addition to ZTNA, FortiGate NGFWs include a wide array of advanced capabilities beyond the traditional firewall and IPS functions, such as internal segmentation, SSL inspection, web filtering, and even SD-WAN and SD-Branch. FortiGate platforms seamlessly interoperate regardless of where or what form factor they are deployed in, organizations have the flexibility to implement consistent security everywhere, whether on-premises, at the branch, or as cloud-native virtual solutions in their multi-cloud environments. Processing at the edge benefits from on-premises firewalls, which can apply processing onsite rather than the “round-trip” to remote systems required by cloud-only solutions—making them more energy-efficient than virtual machines while reducing issues such as latency.
Built with custom ASICs, FortiGate NGFWs deliver up to 15X the performance of competitive solutions with similar security turned on— we believe it’s one of the many reasons Gartner has named Fortinet a Leader in both the WAN Edge and Network Firewall 2021 Magic Quadrants with the same FortiGate product. In fact, it is the only solution on the market capable of inspecting streaming video without introducing latency.
Building a cybersecurity mesh platform – what we like to call the Fortinet Security Fabric – starts with tools designed to work as part of an integrated system. Fortinet has been committed to innovating such an approach for more than a decade, built around FortiOS and the multi-faceted FortiGate platform designed to support and secure the way today’s organizations need to run their business. Now that includes the industry’s most complete WFA solution, including free ZTNA.
Gartner, Magic Quadrant for Enterprise Wired and Wireless LAN Infrastructure, 15 November 2021, Mike Toussaint | Christian Canales | Tim Zimmerman
Gartner, Magic Quadrant for Network Firewalls, 1 November 2021, Rajpreet Kaur, Jeremy D’Hoinne, Nat Smith, Adam Hils
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
GARTNER and Magic Quadrant are registered trademarks and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.
Find out how the Fortinet Security Fabric platform delivers broad, integrated, and automated protection across an organization’s entire digital attack surface to deliver consistent security across all networks, endpoints, and clouds.