Fortinet

Tigera is a Fortinet Fabric-Ready technology partner. With this partnership, Fortinet customers can extend their existing network security architecture to their Kubernetes environments. See this blog for more details

Benefits

Fortinet and Tigera have partnered to deliver container-integrated solutions for the Calico network stack. As Kubernetes pilot projects transition to enterprise-wide application rollouts, companies must be able to extend their existing enterprise security architecture into the Kubernetes environment. Maintaining two disparate security stacks introduces additional complexity and manual processes, which can lead to configuration drift and increased security exposure. Recognizing this need for a unified security approach, Fortinet and Tigera have jointly developed a suite of Calico Fortinet Fabric-Ready solutions that deliver:

  • North-south network traffic visibility and protection
  • East-west network traffic visibility and protection
  • Compliance-ready reports and evidence
  • Threat-intelligence capabilities

Calico enables platform engineers to accelerate the widespread adoption of Kubernetes across the enterprise. Addressing the needs of multiple stakeholders— end-users, application security requirements and networking and security teams—Calico enables the platform team to streamline Kubernetes deployments, resulting in faster time to market, improved scalability and availability, and agile multi/hybrid cloud flexibility while optimizing IT costs.

How It Works

The Calico Enterprise/Fortinet integration workflow gives you the ability to control traffic leaving the Kubernetes cluster, by allowing you to create perimeter firewall policies in FortiManager and FortiGate that reference Kuberetes workloads. Calico Enterprise acts as a conduit, using the tigera-firewall-controller and global network security policies to pass Kubernetes workload information to FortiManager and Fortigate devices, where policies are applied and enforced. Calico’s Fortinet Fabric-Ready suite is comprised of 4 key integrations:

  • FortiManager Calico Kubernetes Controller translates FortiManager network policies to Calico Kubernetes security policy from a centralized management platform.
  • FortiGate Calico Kubernetes Controller automatically updates FortiGate firewalls with Kubernetes pod IPs to control pod egress access, minimize firewall change orders, and eliminate error-prone manual processes.
  • FortiGuard Threat Feed enriches the Calico Enterprise threat database with global real-time threat intelligence from FortiGuard Labs, to detect rogue containers and potentially compromised Kubernetes clusters.
  • Calico FortiSIEM plug-in delivers Calico Enterprise-generated Kubernetes telemetry data, including DNS logs, flow logs, and audit logs, into the FortiSIEM to provide actionable intelligence for SecOps and iIncident Response.

Get Started

Extend Kubernetes to Fortinet Firewall Devices

Learn More

Resources

Blog

Ensuring Continuous Security Integration for DevSecOps

Learn More

Video

How Calico Enterprise Extends FortiGate NGFWs to Kubernetes

Learn More

Blog

Extending Next Generation FortiGate Firewalls to Kubernetes With Calico Enterprise

Learn More

Become a Tigera Partner