Securing the Remote Workforce with Fortinet Solutions

The IPsec and SSL VPNs integrated into every FortiGate NGFW offer an extremely flexible deployment model. Remote workers can either take advantage of a clientless experience or gain access to additional features through a thick client built into the FortiClient endpoint security solution. Power users and super users would benefit from deploying a FortiAP or a FortiGate NGFW for additional capabilities. Fortinet solutions are designed to be easy to use from initial purchase through end of life. FortiGate NGFWs and FortiAP wireless access points include zero-touch deployment functionality. Appliances deployed at remote sites can be pre-configured before they ship, allowing for automatic set up onsite, which ensures business continuity and support for telework. The Fortinet Security Fabric takes advantage of a common Fortinet operating system and an open application programming interface (API) environment to create a broad, integrated, and automated security architecture. With the Fortinet Security Fabric, all of an organization’s devices, including those deployed remotely to support telework, can be monitored and managed from a single pane of glass. From a FortiGate NGFW or a FortiManager centralized management platform deployed at the headquarters environment, the security team can achieve full visibility into all connected devices, regardless of their deployment situation.

Use Cases for Fortinet Products Supporting Remote Work

Basic teleworker

The basic teleworker only requires access to email, internet, teleconferencing, limited file sharing, and function specific capabilities (finance, HR, etc.) from their remote work site. This includes access to Software-as-a-Service (SaaS) applications in the cloud, such as Microsoft Office 365, as well as a secure connection to the corporate network. Basic teleworkers can connect to the organization using FortiClient integrated VPN client software and verify their identity with FortiToken for multifactor authentication. Note that power users and super users would revert to the basic teleworker profile when they roam from their remote work location.

basic teleworker

Power user

Power users are employees that require a higher level of access to corporate resources while working from a remote location. This may include the ability to operate in multiple, parallel IT environments and includes employees such as system administrators, IT support technicians, and emergency personnel. For these power users, deployment of a FortiAP access point at their alternate work site provides the level of access and security that they require. This enables secure wireless connectivity with a secure tunnel to the corporate network. FortiAPs can be deployed with zero-touch provisioning (ZTP) and will be managed by the FortiGate NGFWs in the office. Should a corporate phone need to be deployed, it can simply plug into the FortiAP for connectivity back to the main office.

power user

Super user

A super user is an employee that requires advanced access to confidential corporate resources, even when working from an alternate office location. They frequently processe extremely sensitive and confidential information. This employee profile includes administrators with privileged system access, support technicians, key partners aligned to the continuity plan, emergency personnel, and executive management. For these super users, their alternate work site should be configured as an alternate office location. While they require the same solutions as basic telecommuters and power users, they also require additional functionality. FortiAP can be integrated with a FortiGate NGFW or FortiWiFi appliance for secure wireless connectivity with built-in DLP. FortiFone provides soft client or hardware versions of telephony VoIP that is managed and secured via onsite FortiGate NGFWs or a FortiManager centralized management platform deployed at the headquarters location.

network security

Supporting a Remote Workforce

Fortinet solutions are easily deployed to remote work locations. However, an organization also requires resources onsite or in the cloud to securely support teleworkers. Many organizations already have these resources in place as they are part of their existing security architecture. A FortiGate NGFW provides a NGFW capable of inspecting encrypted and plaintext traffic at enterprise scale with minimal performance impacts. However, it also includes an integrated VPN gateway that acts as an endpoint for encrypted connections to teleworkers. The FortiGate NGFW also includes integration with common IT infrastructure, including corporate director services, such as Microsoft Active Directory (AD), and MFA and single sign-on (SSO) solutions. FortiAuthenticator provides a single, centralized integration point for authentication solutions and supports third-party solutions as well as FortiToken, which offers hard, soft, email, and mobile token options. When managing a remote and distributed workforce, centralized security visibility and management are essential. All Fortinet solutions can be integrated via the Fortinet Security Fabric. This enables the organization’s security team to achieve single-pane-of-glass visibility and control using FortiManager, perform log aggregation and security analytics with FortiAnalyzer, and rapidly detect and respond to potential threats using FortiSIEM.