Skip to main content

Help us improve the Digital Marketplace - send your feedback

FullProxy Ltd

Firewall as a service ( FWaaS - FortiGate)

It's a cloud-based offering that provides firewall functionality to organizations without the need for on-premises hardware. With FWaaS, the firewall functions are delivered as a service over the internet, allowing organizations to leverage robust security features without the overhead of managing physical firewall appliances.

Features

  • Advanced packet filtering and application control
  • SSL/SSH inspection for secure traffic inspection
  • Sandboxing for advanced threat analysis
  • Application- aware routing and quality of service
  • Reporting and analytics
  • Unified visibility and control access
  • Machine learning and artificial intelligence for threat detection
  • Advanced malware protection
  • Layer 7 protection including URL and DNS filtering

Benefits

  • Comprehensive network security, multi-layered defense against threats.
  • Secure SD-WAN, optimised WAN performance, branch networking.
  • High performance, scalability, maximum uptime through clustering.
  • Centralised visibility, control, security orchestration, and automation.
  • Simplified management, lower TCO through consolidation.
  • Compliance support, regulatory adherence, granular controls.
  • Industry-leading solutions, continuous innovation, future-proof security
  • The service is supported by FortiGuard Lab’s Global Threat Intelligence

Pricing

£1,000 an instance

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at g-cloud@fullproxy.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

4 4 1 6 3 7 1 1 6 8 5 4 1 7 6

Contact

FullProxy Ltd Chris Templeton / Ewan Ferguson
Telephone: 0141 291 5500
Email: g-cloud@fullproxy.com

Service scope

Service constraints
Details provided within supplied documentation
System requirements
  • Requirements dependent upon environment in which products are deployed
  • See vendor website or documentation for details
  • Minimum requirements are available at F5.com

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Response time SLAs are negotiable with the client
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Yes, at an extra cost
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
N/A
Web chat accessibility testing
N/A
Onsite support
Yes, at extra cost
Support levels
Access to Fortinet Support differs with contract purchased. Fortinet Support are available 24x7x365.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Pre-sales consultancy Online Training User documentation
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
No user data is retained as part of the service.
End-of-contract process
Renewal notice issued 90 days prior to contract end date.

Using the service

Web browser interface
Yes
Using the web interface
Fortinet provides a web-based interface called FortiPortal for administering their Firewall as a Service (FWaaS) offering, which is part of their FortiCloud platform. FortiPortal serves as the central management console for configuring, monitoring, and managing FortiGate firewall instances deployed as a cloud-based service.
Web interface accessibility standard
WCAG 2.1 AAA
Web interface accessibility testing
N/a
API
Yes
What users can and can't do using the API
Fortinet provides an API (Application Programming Interface) to administer their Firewall as a Service (FWaaS) offering, which is part of their FortiCloud platform. The API allows administrators to programmatically manage and configure FortiGate firewall instances deployed as a cloud-based service.
API automation tools
  • Ansible
  • Chef
  • Terraform
  • Puppet
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
Command line interface
Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
  • Other
Using the command line interface
Fortinet provides a Command-Line Interface (CLI) to administer their Firewall as a Service (FWaaS) offering, which is part of their FortiCloud platform. The CLI allows administrators to interact with and manage FortiGate firewall instances deployed as a cloud-based service using command-line commands.

Scaling

Scaling available
Yes
Scaling type
  • Automatic
  • Manual
Independence of resources
The underlying resources (CPU and Memory) are under the control of the client and can be extended if required. The product is sold based on per instance therefore a client may have to purchase multiple instances if usage goes beyond initially anticipated levels.
Usage notifications
Yes
Usage reporting
  • API
  • Email
  • SMS

Analytics

Infrastructure or application metrics
No

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Fortinet

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Configuration backups, scheduled and on-demand
  • Granular restore capability allows for full or partial configuration restore
Backup controls
See vendor documentation for further detail
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users schedule backups through a web interface
Backup recovery
Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Availability of the deployed service is the responsibility of the customer
Approach to resilience
This information can be made available upon request
Outage reporting
This information can be made available upon request

Identity and authentication

User authentication
Username or password
Access restrictions in management interfaces and support channels
Role based access control
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password
Devices users manage the service through
Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
QMS International Ltd
ISO/IEC 27001 accreditation date
30/11/2022
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Security governance policies available upon request

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
F5 can provide documentation on their configuration and change management approach on request.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
F5 can provide documentation on their Vulnerability Management approach on request.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
F5 can provide documentation on their proactive monitoring approach on request.
Incident management type
Supplier-defined controls
Incident management approach
F5 can provide documentation on their Incident Management approach on request.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
No

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
Documentation on the EU code of conduct for Energy Efficient data centres can be provided upon request.

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

FullProxy's position on Social Values can be provided upon request

Covid-19 recovery

FullProxy's position on Social Values can be provided upon request

Tackling economic inequality

FullProxy's position on Social Values can be provided upon request

Equal opportunity

FullProxy's position on Social Values can be provided upon request

Wellbeing

FullProxy's position on Social Values can be provided upon request

Pricing

Price
£1,000 an instance
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
A free or trial version/PoC can be requested from FullProxy. More details can be provided upon request.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at g-cloud@fullproxy.com. Tell them what format you need. It will help if you say what assistive technology you use.