The U.S. Academic Research Fleet (ARF) has funding to outfit all vessels in fleet with FortiGate NextGen Firewalls (NGFW). Vessels in the ARF have been successfully using FortiGate firewalls for over 3 years.

As of February 2025 FortiGate firewalls are in use on the following vessels:

• Atlantic Explorer
• Endeavor
• Kilo Moana
• Sikuliaq
• Thomas G Thompson

• Revelle
• Sally Ride

The number of bad actors on the internet has increased dramatically over the last several years. Bad actors have gotten more sophisticated in their approaches to gaining unauthorized access and disrupting operations.

Modern next generation firewalls have dynamic monitoring and security capabilities. This translates to dynamic intrusion detection and prevention abilities. NGFWs enable active log monitoring by our virtual cyber security team, so we are able to receive proactive notification of suspicious activities. Often we can investigate before anyone on board notices there is an issue.

A FortiGate firewall stands out due to its powerful, multi-layered security features, excellent performance even under heavy traffic, user-friendly management interface, and integration with a comprehensive security fabric, making it a robust choice for businesses of all sizes looking for high-speed, reliable threat protection across their network.

FortiGate firewalls had a successful track record on other vessels with similar connectivity and usage profiles as ARF vessels.

FortiGate is a US company and their products comply with the congressional BABA (Build America, Buy America) Act.

FortiGate firewalls can manage both north-south (traffic between the internal network and external sources like the internet) and east-west traffic (traffic between devices or systems within the internal network). These firewalls provide advanced threat protection, intrusion prevention, and content filtering, ensuring that data flows securely between the ship’s internal networks and external systems, including shore-based research facilities. Onboard, FortiGate firewalls can manage the internal traffic between critical systems such as scientific instruments, navigation systems, and crew communication networks, enforcing segmentation and security policies.

• More automated so less effort for techs on board
• Better user experience
• Traffic aggregation across multiple WAN connections (satellite, cell, etc)
• More robust security and monitoring
• Get your vessel into compliance with upcoming regulations
• Benefits of having OmniSOC able to proactively monitor traffic for security incidents

Send an email and a team member will get back in touch with you to schedule a meeting to discuss your vessel's unique needs and next steps.

If you are interested in taking advantage of all these great benefits for your vessel we would love to hear from you. Email us at: arf-firewall-team@unols.org

FortiGate has great training available online, mostly free at: https://training.fortinet.com/

We have periodic trainings within ARF and can easily organize others as needed.

• FortiGate 7.4 Admin Guide: https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/954635/getting-started
• FortiGate 7.4 CLI Reference: https://docs.fortinet.com/document/fortigate/7.4.3/cli-reference/84566/fortios-cli-reference
• FortiGate 7.4 Log Message Reference: https://docs.fortinet.com/document/fortigate/7.4.3/fortios-log-message-reference/524940/introduction

• ARF FortiGate Project GitHub: https://github.com/arf-contrib/arf-fortigate/tree/master
• Hub Configuration: https://satnag.unols.org/doku.php?id=public:hub_configuration
• IPSec Tunnel Drops on Nautilus: https://satnag.unols.org/doku.php?id=public:ipsec_tunnel_drop
• Captive Portal: https://satnag.unols.org/doku.php?id=public:captive_portal