In most deployment scenarios, we recommend you deploy FortiGate to secure your network. Fortinet includes security functionality in the FortiADC system to support those cases when deploying FortiGate is impractical. FortiADC includes the following security features:
- Firewall—Drop traffic that matches a source/destination/service tuple you specify.
- Security connection limit—Drop an abnormally high volume of traffic from a source/destination/service match.
- IP Reputation service—Drop or redirect traffic from source IPs that are on the FortiGuard IP Reputation list.
- Geo IP—Drop or redirect traffic from source IPs that correspond with countries in the FortiGuard Geo IP database.
- Web application firewall—Drop or alert when traffic matches web application firewall attack signatures and heuristics.
- Denial of service protection—Drop half-open connections to protect the system from a SYN flood attack.
For detailed information, see Chapter 7: Network Security.