<img alt="" src="https://secure.weed6tape.com/193471.png" style="display:none;">
Discover our Cloud Console platform for an easy setup and management of your CloudHSM.

Learn more
Products & Solutions
Products & Solutions
Explore our portfolio of cutting-edge cybersecurity solutions, centered around our flagship Hardware Security Modules (HSMs). From encryption and key management to secure access and authentication, our products ensure robust protection for your most critical data and systems.
menu icon
Hardware Security Module (HSM)
HSM Overview What is an HSM? Primus HSM X Cyber Vault Primus HSM X-Series Primus HSM E-Series Primus HSM S-Series Primus HSM Blockchain Post-Quantum Cryptography
menu icon
Cloud Security
Securosys CloudHSM Cloud Console What is CloudHSM? CloudHSM Service Offerings Integrated Technologies HashiCorp Vault S365 DKE - add-in for Microsoft 365 Bring Your Own Key (BYOK) External Key Store (XKS) Proxy for AWS Fortinet Fortigate
menu icon
Additional Products and Services
Decanus Terminal Transaction Security Broker (TSB) Key Attestation Smart Key Attributes (SKA) Docker Image Security
Partners
Support
Support
menu icon
Support
Online Documentation Support Portal System Status Trainings
finance-institution-colourful
What is ...?
What is an HSM? What is CloudHSM? What is BYOK? What is SIC system?
About
About
Learn more about our mission, explore career opportunities, and access our resources. Discover how we’re shaping the future of cybersecurity and how you can be part of it.
menu icon
Securosys SA
About Us Events News Career
menu icon
Resources
Online Documentation Blog Articles Stories and Paper Video Gallery
document-lock-b&w
Certifications
Security Certifications Safety & Compliance Certifications Company Certification
Contact us
  • There are no suggestions because the search field is empty.

Challenge

SSL/TLS encryption plays a crucial role in securing network traffic, but it also poses a challenge: firewalls must decrypt and re-encrypt traffic to inspect it thoroughly. The Fortinet FortiGate NGFW provides robust, multi-layered security for this process. However, the effectiveness of this protection depends on the secure handling of private keys. If these keys are not adequately safeguarded, the entire security framework can be compromised. Ensuring the highest level of protection for private keys is therefore essential to maintaining network integrity and security.

Solution

Solution

Fortinet and Securosys have collaborated to deliver enhanced security using the industry-leading Fortinet FortiGate Next-Generation Firewall (NGFW). With native support for Securosys Primus HSM and CloudHSM, FortiGate ensures that sensitive digital key material is securely offloaded and protected within tamper-resistant hardware security modules, providing a robust layer of security. This partnership embeds trusted key protection directly within FortiGate’s SSL/TLS inspection processes, delivering high availability, seamless integration, and compliance with stringent security standards.

Solution

Key Benefits

locket-circle-blocks-b&w
Unmatched SSL/TLS Proxy Performance
Optimized for mission-critical applications, ensuring high-availability.
vault-b&w
Robust Key Protection
Keys remain secure within the HSM, and are never exposed externally.
shield-b&w
Advanced Security Standards
Compliance with FIPS 140-2 Level 3 and Common Criteria EAL4+ certifications.
blocks-b&w-3
Seamless Integration
Fully compatible with FortiGate, simplifying setup and management.
shield-locket-b&W-2
Flexible Deployment Options
Available for on-premises (Primus HSM) and cloud (CloudHSM) environments.

Use Cases

colourful-background-patterns-2 Secure Key Generation and Storage Securosys Primus HSM and CloudHSM offer high-entropy, hardware-based true random number generation and tamper-resistant environments for secure key generation and storage. Offloading key management to Securosys HSMs enhances the security of FortiGate’s SSL/TLS inspection.
colourful-background-patterns-3 Compliance with Security Standards Regulatory requirements like PCI-DSS, HIPAA, and GDPR demand strict control over cryptographic key management. Integrating FortiGate with Securosys Primus HSM or CloudHSM centralizes key management and meets these compliance standards with certified hardware, reducing risks of key compromise.

Solution Integration 

The integration of Securosys Primus HSM with FortiGate enhances security by offloading critical cryptographic key data to a tamper-resistant environment. The HSM securely generates, stores, and manages private keys. During SSL/TLS inspection, short-lived server certificates are issued using these protected keys on the HSM to decrypt the SSL/TLS encrypted traffic. After inspection – and any necessary security remediation by FortiGate – the traffic is re-encrypted before being transmitted to its destination. This approach ensures that private keys remain secure and are never exposed outside the HSM, thereby significantly reducing the risk of key compromise and bolstering the overall integrity of the security architecture. 

Securosys Hardware Security Modules are available as on-premises solutions (Primus HSM) or as cloud service (CloudHSM). CloudHSM minimizes customers’ time for evaluation, setup, operation, redundancy, and maintenance of the HSM infrastructure. Moreover, it is scalable according to customer needs.  

Fortinet Solution Brief - Graphic 2

 

Resources

FortiGate Quick Start Installation Prerequisites API Providers FortiGate Configuration