Fortinet is an American company that specializes in network security appliances. Fortinet’s flagship product line is sold under the brand name of FortiGate. Fortinet was founded in 2000 by Ken Xie, the founder and former president and CEO of NetScreen and is a publicly held company (in NASDAQ under the ticker symbol FTNT, as of November 18, 2009). Fortinet's position as the revenue leader in Unified Threat Management (UTM) has been validated by IDC several times over.
 

Fortinet is an international company, headquartered in Sunnyvale, California. Fortinet distributes its systems and subscription-based services using the Channel partner sales method, having over 1,500 worldwide.

Product Overview

Fortinet offers security gateways and products that are a blend of ASIC-accelerated performance, integrated multi-threat protection, and constantly-updated[citation needed], in-depth[citation needed] threat intelligence. This delivers network, content, and application security for[citation needed] enterprises, managed service providers, and telecommunications carriers, while reducing total cost of ownership[citation needed] and providing a flexible, scalable path for expansion[citation needed]. The company offers the following product lines:
 

• FortiGate — multi-threat security appliances

• FortiMail — messaging security appliances

• FortiWeb — web application firewall

• FortiDB — database security appliance

• FortiClient — endpoint security suite

• FortiWifi — wireless security appliances

• FortiAP — thin wireless access point

• FortiAnalyzer — centralized reporting

• FortiManager — centralized management

• FortiScan — vulnerability management

• FortiPlanner — wireless access point planning tool

• FortiToken — two-factor authentication solution

• FortiCarrier — service provider security
 

 

Some Fortigate products prompt users to accept a new root level Fortigate SSL certificate then act as an intermediate instead of connecting the user directly to their intended end SSL server (e.g. Yahoo's mail server). This is necessary in a Unified Threat Management context where total control over incoming malware and viruses is a key attribute. Older corporate firewalls either blocked the HTTPS port completely (preventing users from using their internet banking from work for example), or they allowed HTTPS but could not filter the encrypted data stream for security threats such as viruses, or breaches of IT policy such as accessing porn from the office.
 

It is noteworthy, however, that this process is itself a man-in-the-middle technology approach as used by hackers of many types. While this may be a man-in-the-middle attack approved or instructed by your office IT managers, there are risks associated with asking or forcing users to accept a new root level certificate in order to achieve their expected functionality. One is privacy related: it is up to the implementing party to inform their users that their SSL protection is compromised compared to use outside the corporate network (see reference to Myanmar below). The second is a social-engineering aspect: the more users are expected to surrender their encryption protection to "trustworthy" corporate, school or hotel firewalls on regular basis, the more likely they are to get used to just pressing 'connect' when prompted with some future maliciously intended root certificate. (There is also the risk that if the Fortigate certificate itself were compromised, or its presence exploited, a malicious attacker would have full access to the user's SSL data as the user has already accepted the root level Fortigate certifate).
 

US government sanctions violation

According to the OpenNet Initiative,[4][citation needed] FortiGuard is used by the dictatorship of Myanmar to block communications critical of the regime carried over the Internet, a system known as theMyanmar Wide Web.[5] Fortinet has promised to investigate the allegations, and the implied violation of US government sanctions against the regime, noting that the software may have been sold to the regime by a third party;[6] meanwhile, the Myanmar government features its adoption of the Fortinet firewall on its official website[7] with other photos showing a Fortinet sales director presenting a gift to the Myanmar Prime Minister during a ceremony.  In 2005, after becoming aware that its product may have reached Myanmar, Fortinet conducted an exhaustive review of channel partners and their compliance with import/export controls. The company implemented additional back-end controls which now render a product useless if it is diverted without appropriate authorizations to a party located in a U.S. sanctioned country.
 

GPL violations

In 2005, the gpl-violations.org project uncovered evidence that Fortinet had used GPL code in its products against the terms of the license, and used cryptographic tools to conceal the violation. The violation was alleged to have occurred in the FortiOS system, which the gpl-violations.org project said contained elements of the Linux kernel. In response, a Munich court granted a temporary injunction against the company, preventing it from selling products until they were in compliance with the necessary license terms; Fortinet was required to make the source-code to GPL portions of their FortiOS freely available in compliance with GPL licensing.