FortiGate Virtual Machine

Home
Whitepapers
FortiGate Virtual Machine

Network security layer for IEC 61850 substations

Introduction

More and more complex applications are realized with virtualization host platforms carrying multiple virtual machines. For securing the communication, hardware-based firewalls installed in addition to the virtualization host platforms are used. These hardware-based firewalls can monitor and control the traffic coming out of/going into the virtualization host’s ethernet interfaces.

Each virtual machine in such a virtual environment has its own very specific task. This leads to different requirements when it comes to communication protocols/services. With a firewall capable only to monitor/control traffic running through the host systems interfaces, it is impossible to define rules for specific traffic for each single virtual machine. The necessary protocols and services can only be defined for the external interfaces, which in most cases will be used by several different virtual machines. Furthermore, controlling the traffic between the virtual machines inside of a virtual environment is not possible on a protocol or service basis.

We extend the virtualization host system by a specialized firewall-based security layer to be able to control and monitor traffic more specific.

Realization

A FortiGate-VM appliance installed in a virtualized environment on a Welotec RSAPC shall be used to monitor and
control the whole network-based communication.

We want to prove that the virtualized firewall is capable to control the network-communication covering the
following areas:

1. Virtual Machine <-> External networks attached to hostsystem’s ethernet ports (e.g. Internet Access)
2. Virtual Machine <-> Virtual Machine
3. Virtual Machine <-> Hostsystem (applications)
4. Hostsystem <-> External networks attached to hostsystem’s ethernet ports (e.g. Internet Access)
5. External devices <-> External Devices (traditional hardware based firewall)

Accept
Name	YouTube
Provider	Google LLC
Purpose	This website uses Youtube for marketing purposes. The data is transferred to a server in the USA and stored there. The personal data is transmitted on the basis of Art. 46 and/or Art. 49 para. 1 lit. a) GDPR.
Duration	Data is deleted as soon as it is no longer required for processing.
Further information	https://policies.google.com/privacy

Accept
Name	Google Adsense
Provider	Google LLC
Purpose
Duration	Daten werden gelöscht, sobald sie für die Bearbeitung nicht mehr benötigt werden.
Further information	https://policies.google.com/privacy

Accept
Name	Facebook Connect
Provider	Meta Platforms Ireland Ltd.
Purpose	Facebook Connect uses cookies within the framework of web tracking, which are stored on your computer and enable an analysis of the use of our website and your surfing behaviour (so-called tracking).
Duration	Data is deleted as soon as it is no longer required for processing.
Further information	https://www.facebook.com/about/privacy

Accept
Name	LinkedIn
Provider	LinkedIn Corporation
Purpose	LinkedIn Analytics uses "cookies", which are stored on your computer and which enable an analysis of your use of the website. LinkedIn uses this information to evaluate your use of the website, to compile reports on website activity for website operators and to provide other services relating to website activity and internet usage.
Duration	Data is deleted as soon as it is no longer required for processing.
Further information	https://www.linkedin.com/legal/privacy-policy

Accept
Name	Google Double Click
Provider	Google LLC
Purpose	This website uses Google Double Click to serve ads that are relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads more than once. The data is transferred to a Google server in the USA and stored there. The personal data is transmitted on the basis of Art. 46 and/or Art. 49 para. 1 lit. a) GDPR.
Duration	Data is deleted as soon as it is no longer required for processing.
Further information	https://policies.google.com/privacy

FortiGate Virtual Machine

Network security layer for IEC 61850 substations

Introduction

Realization

More topics

We use cookies

Accept
Name	User.com
Provider	User.com Sp. z o.o., ul.
Purpose	Live chat, email marketing and tracking on this website.
Duration	Daten werden gelöscht, sobald sie für die Bearbeitung nicht mehr benötigt werden.
Further information	https://user.com/en/privacy-policy/

Accept
Name	Cloudflare
Provider	CloudFlare Inc.
Purpose	Data will be deleted as soon as they are no longer needed for processing and the operator of this website uses the functions of CloudFlare. Provider is CloudFlare, Inc. 665 3rd St. 200, San Francisco, CA 94107, USA. CloudFlare offers a so-called worldwide distributed content delivery network with DNS. The personal data is transmitted on the basis of Art. 46 GDPR.
Duration	Data is deleted as soon as it is no longer required for processing.
Further information	https://www.cloudflare.com/de-de/gdpr/introduction/

Accept
Name	hellotrust
Provider	Keyed GmbH
Purpose	hellotrust stores the user's consent status for cookies on the current domain.
Duration	Data is deleted as soon as it is no longer needed for processing.
Further information	https://hellotrust.de/datenschutz

Accept
Name	Google Analytics
Provider	Google LLC
Purpose	This website uses Google Analytics to analyse website usage by users. The data is transferred to a Google server in the USA and stored there. The personal data is transmitted on the basis of Art. 46 and/or Art. 49 para. 1 lit. a) GDPR.
Duration	Data is deleted as soon as it is no longer needed for processing. As a rule, the cookies are stored by Google for a period of 2 years.
Further information	https://policies.google.com/privacy

Accept
Name	Hubspot
Provider	Hubspot Ltd.
Purpose
Duration	Daten werden gelöscht, sobald sie für die Bearbeitung nicht mehr benötigt werden.
Further information	https://legal.hubspot.com/privacy-policy

FortiGate Virtual Machine

Network security layer for IEC 61850 substations

Introduction

Realization

More topics

We have the solution for your specific case

We use cookies