UTM 2.0: FortiGate 620B

The FortiGate 620B emphasizes scalability with support for up to 14-slot chassis for large enterprises.

What's attention-grabbing about this device, and a potential key for VARs, is that it fights threats that have broken through the security perimeter of the average network, including threats posed by mobile devices that often pass through traditional security defenses.

Fortinet has designed this device from the ground up, delivering the goods on both the hardware and the software fronts. Hardware specs of the 620B base unit include hardware acceleration with up to 20-Gbps firewall bandwidth and 15-Gbps VPN. The unit comes with 20 10/100/1000 interfaces, which are expandable up to 24 ports. There is an expansion slot to rev up acceleration even further, or to connect a hard drive for a log archive.

The software is the latest, version 4.0. Core applications include firewall, Web content filtering, antimalware, intrusion protection, VPN (both IPSec and SSL) and two additional critical components: data leak prevention and granular application control.

The management interface is well-designed, and full of information and configuration options. The device is easy to deploy but for optimal configuration purposes, a solution provider would be well-advised to become familiar with the setting options, policies and rules before configuring them. Although Fortinet emphasizes there is no learning curve with this product, the FortiGate is a sophisticated device, and not one that a network administrator would want to breeze blithely through while setting it up.

The management interface includes a series of widgets that can be added, changed and moved around. One widget gives all information about licensing and FortiGuard subscriptions (the software components like IPS definitions, antivirus Definitionsetc.) For review purposes, we set up a Protection Profile that had Web content filtering, logging and IM blocked. The appliance did a good job of instantly stopping what we specified to be blocked or logged. By default, when the Web content filtering blocks a client from accessing a particular site, the user is given the option to have the rating of the Web page re-evaluated. A form, filled out online by the user is sent to the administrator for review of the request.

The firewall is robust in that it is not only a Layer 2 firewall but Layer 3 as well.

Security features include client or server side encryption, plus authentication against LDAP, RADIUS or Active Directory. The FortiGate also has provisions for endpoint security. It's nice to see that feature bundled with the traditional core applications of a UTM. Endpoints are added to the list when it uses a firewall policy that has "Endpoint Compliance Check" enabled. Endpoints can be filtered by a range of parameters, including host name, IP address, OS version and AV Signature file. You can also configure software detection to determine whether endpoints have a specific application installed. The application is specified by the text pattern that matches the application's name in the computer's registry.

To help sift through the potentially dizzying array of options, the FortiGate's management interface has intuitive help guides. The help topic relates to the specific area of the interface you are in, a feature that is so helpful and so woefully lacking in other UTMs we have tested.

Fortinet's FortiGate is a well-engineered product, but it doesn't come cheap. The appliance lists for $15,995. The hardware, bundled with one year of antivirus, IPS, Web filtering and antispam subscription services, costs $23,195. However, subscription services and SSL features are not limited by the number of users.

Value propositions for partners include enhanced security, hardware, maintenance and subscription services. Subscription renewals go to the partner, so there is a constant revenue stream there.

The partner perks, not to mention the robust security of this device, offset the initial price of the appliance. In the backdrop of today's threat landscape and the potential devastating losses a company could face, the price seems well worth it indeed.