Cisco Blogs
Share

New FortiGate Connector for Cisco ACI Delivers App-Centric Security Automation For Data Center Agility


October 9, 2015 - 0 Comments

Cisco’s open ACI eco-system is gaining rapid momentum in Data Centers with more than 45 leading partners developing joint solutions addressing L4-L7 network and security service use-cases along with application stack automation. Just a few weeks ago we announced a major milestone in our journey, Cisco’s 1000th ACI customer.

Some of our customers have deployed the ACI-Fortinet joint solution. In this blog, I want to talk about the integration of Fortinet FortiGate Firewall with Cisco APIC. The integration of Cisco APIC and the Fortinet FortiGate solution provides customers several benefits:

  • Consistency and transparency for workload security deployment across physical and virtual application environment.
  • Single-pane-of-glass management from Cisco APIC with full visibility on security policy enforcement
  • Predefined security policies are deployed on command and automated through complete application deployment lifecycle

Let me take you on a quick tour of some of the customer success stories.

Qbranch Case Study: Orchestrating FortiGate Security with Cisco ACI

European service provider Qbranch, part of Axians, and networking leader Cisco discuss the real-world challenges with manually provisioning firewalls and security policies, and how orchestration of Fortinet’s SDN Security framework with Cisco’s Application-Centric Infrastructure (ACI) can reduce costs and enable better service delivery in multi-tenant environments. Watch Video and Case study for details of the implementation.

Hosting Provider Zitcom Accelerates Time to Market with Cisco ACI and Fortinet

Zitcom, a premier partner-driven hosting company based out of Denmark is one of the early adopters of Cisco’s Application Centric Infrastructure (ACI). Watch Thomas Raabo, Network Operations Manager of Zitcom, share details about how Cisco ACI made Apps deployment easier, fostered collaboration between apps and network teams, and brought an overall agile application deployment environment.

There are several other customer stories featuring ACI-Fortinet solution, but I’d run out of time and space to list them all. For your easy reference visit http://www.fortinet.com/videos/index.html for more customer videos.

Let’s look in detail at the key capabilities of Fortinet-Cisco ACI solution and the benefits it brings to Data Center customers. Fortinet’s FortiGate firewall solution integrated into Cisco Application Policy Infrastructure Controller (APIC) delivers application-centric security automation in modern data centers. The solution provides automated and predefined policy-based security provisioning for next-generation firewall services. It enables location independent security services insertion anywhere in the network fabric through a single-pane-of-glass management. Cisco ACI – FortiGate solution architecture is shown below:

C22-735898-00_Figure01

 

The joint FortiGate Integration with Cisco APIC has two major components:

  • FortiGate device package for Cisco APIC
  • FortiGate physical or virtual appliances

Now let us segue to the Fortinet Device package integration with Cisco APIC. The Device package integrates with Cisco APIC through open APIs and provides per-app, per-tenant L4-L7 policy configuration and dynamic service chaining and insertion. In addition, the integrated solution also allows exchange of intelligent telemetry information between Fortinet and APIC for application and tenant visibility.

The Fortinet Device Package for Cisco ACI comprises a device Model and a device Script. The Device Model defines the functions provided by FortiGate such as firewall inspection including IP reputation, web filtering, anti-virus, DNS filtering, SSH inspection, IPS, and DDoS etc., The Device Script provides the adapter functions required for FortiGate to communicate with APIC.

I am pleased to inform that we are also having a detailed Webinar, Oct 23, on the ACI-Fortinet joint solution topic, presented by subject matter experts from Cisco and Fortinet. Register Here.

Additional Resources

Video Interviews

Solutions Brief

Press Release

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.