Fortinet FortiGate-400

The multifunction security appliance is gaining in popularity, with many vendors offering a variety of products that deliver a wide choice of services. The ServGate EdgeForce Plus offers firewall and VPN features that can be easily upgraded to include anti-virus and web cacheing. Even Fortinet's baby FortiGate-50 appliance delivers firewall and anti-virus measures for a little over £500.

The FortiGate-400 is Fortinet's entry point into the enterprise sector, and its sleek 1U-high chassis delivers a cornucopia of features. Start with a stateful packet-inspection firewall, anti-virus measures, email-attachment scanning and website-content filtering, add a pinch of IPSec VPNs and a healthy dollop of intrusion detection and prevention and you have what looks to be a tasty combination of security measures.

Internally, the system is well built and most of the hard work is carried out by Fortinet's custom ASIC, which runs its ABACAS (accelerated behaviour and content analysis system). The main FortiOS 2.5 operating system is supplied on a 64MB CompactFlash card, while the internal 2.5in 20GB Toshiba hard disk is used as an anti-virus file quarantine location and for storing the system logs. No less than four network ports are provided, which can be used for a range of scenarios. The most common will be using the first three for connections to your local network, Internet router and DMZ (demilitarized zone), while the fourth can be used for connection to another network or as a high availability link with a second FortiGate appliance.

By default, the firewall allows access from the internal network to the Internet but blocks all other traffic. Further control is achieved by creating policies, and the FortiGate offers plenty of options. Zones are a powerful feature, as these group specific interfaces and VLANs together to simplify policy creation. Multiple policies may be used simultaneously to control different types of traffic and you can place them in order of priority. Policy schedules decide how the appliance behaves at a particular time of day and you're able to assign traffic-shaping rules that determine how much bandwidth each policy is allowed.

In its most basic form, the FortiGate-400 will require a considerable amount of manual labour to configure, as all filter lists are empty. URLs or related IP addresses must be entered to block access to specific sites and keywords can be used to filter out undesirable web pages. Users who attempt to access blocked sites will receive a simple message in their browser explaining why access has been denied. As with the FortiGate-50, you can download and apply lists from squidGuard, but the 400 also supports the optional Cerberian web-filter list service. Fortinet's anti-virus experience is an unknown quantity, so the fact that it provides its own signature files means it's unlikely to be as sophisticated as products that use third-party signatures, such as those from Sophos.

The FortiGate-400 offers a comprehensive range of features, but surprisingly this doesn't make it difficult to configure, as we found the web interface to be very intuitive. Larger businesses should seriously consider this appliance if they're looking for a complete enterprise-level, network-security solution.

Author: Dave Mitchell