FortiGate virtual appliances offer protection from a broad array of threats, with support for all of the security and networking services offered by the FortiOS operating system. In addition, the appliances offer.
- Increased visibility within virtualized infrastructure.
- Rapid deployment capability.
- Ability to manage virtual appliances and physical appliances from a single pane of glass management platform
- Simple licensing with no per-user fees.
- Support for multiple virtualization and Cloud platforms
With FortiGate virtual appliances you can have firewall services and security profiles support between different VMs in the same host and thus have micro-segmentation of the security services within the host.
Fortinet-VM works on private cloud platforms such as Microsoft Hyper-V, Citrix XenServer, KVM CentOS, OpenSource Xen, VMware ESX and public cloud platforms such as Amazon (AWS) and Microsoft Azure.
FortiGate-VMX is a VMware-specific solution. VMware vSphere, NSX or vCNS (for FortiGate-VMX v1) are required for proper integration.
Fortigate-VM (figure at left) and Fortigate-VMX (figure at right)
FortiGate-VMX and FortiGate-VM – similarities
Both the FortiGate VM and VMX are security virtual appliances. In fact, they are based on the same FortiOS firmware. The current version of FortiGate-VMX is based on FortiOS 5.2.4. Just like the FortiGate hardware appliances and FortiGate virtual appliances, FortiGate-VMX includes the following advanced functions and features:
- Application Control
- Application Security
- Anti Virus
- Data Leak Prevention
- Email Filter
- Web filtering
- Explicit Proxy
- FortiGuard Services
FortiGate-VMX and FortiGate-VM – differences
While a FortiGate-VMX functions in the same way as a FortiGate VM, securing and filtering traffic that goes through it, there are some differences which include:
- The FortiGate-VM is an edge security solution. It has features like VPN termination and NAT. The FortiGate-VMX security service secures traffic between vNICs of each VM and the virtual ports of the vSwitch they are connected to. FortiGate-VMX is a platform-centric security solution, with VMware NSX API integration to provide complete visibility and inspection for East-West inter-VM traffic across security clusters.
- FortiGate-VMX is designed to sit inside of the virtual infrastructure, not outside of it.
- FortiGate-VMX is a two component system encompassing a Service Manager and Security Nodes. Both are required for it to function properly.
- A FortiGate VM is a virtual appliance deployed from an OVF file either manually by the VM administrator or as part of an orchestrated event.It has the same feature set of the hardware version of a FortiGate. It is intended for a static environment. By comparison, the FortiGate VMX is part of an automated deployment process that is part of the VMware virtual environment through it use of an API.
- Once the FortiGate-VMX Service Manager is integrated into the SDDC, any time an ESXi host is added, a FortiGate-VMX instance will be auto deployed and self-register with the FortiGate-VMX Service Manager.
- The configuration of FortiGate-VMX instances is handled by the FortiGate-VMX Service Manager rather than by logging on to the instance itself to configure it. No manual configuration of the node is required.
- The licensing of FortiGate-VM relates to the number of vCPUs assigned to it. FortiGate-VMX is instance-based; 1 instance requires 1 license regardless of the resources assigned to it.
- The only available support options for FortiGate-VMX are the 24×7 UTM or 24×7 NGFW bundles.
- FortiGate-VM is an edge or perimeter security solution that supports a number of features which are not relevant in a FortiGate-VMX security environment:
- VPN tunnels.
- WAN optimization
- Dynamic Routing
- VDOM upgrades