Review: Putting UTM To The Test

Fortinet FortiGate 1000A
Fortinet's FortiGate 1000A has one of the most comprehensive set of UTM services on the market. While many vendors embed services they have OEMed from other technology partners, Fortinet does everything in-house. It also goes one step further to embed dedicated security chips in its enterprise UTM solutions. The Fortinet chip technology is designed for complex UTM deployments where sanitized traffic can cause unnecessary delays.

Like WatchGuard, FortiGate's UTM policies are derived from its firewall policies. FortiGate can define multiple policies for each of its ports. Essentially, each line item in the firewall interface describes individual policies that define a rule for a physical interface.

FortiGate 1000A's router supports BGP, OSPF and RIP router protocols. With BGP, FortiGate is able to integrate with existing routers. Managed service providers offering UTM services have to know how to create external routing bridges between customers' routers and FortiGate. Connecting routers using BGP is a valuable service that requires expertise. Although FortiGate was not designed to replace a router, it can be used as a standalone router on small networks. The routing features work in conjunction with the other FortiGate services.

Configuring firewall policies takes a couple of minutes. Fortinet has made the firewall interface easy to understand and follow. In addition to port restrictions, FortiGate provides a list of predefined services to simplify the selection process.

These services are common Web-enabled applications such as messaging and peer-to-peer programs, which require external connections through predefined logical ports. If partners cannot find what they need, they can quickly create their own rules.

In addition, solution providers can set up IPSec or SSL VPN tunnels in the firewall policies. Like routers, FortiGate firewall policies provide network address translations (NAT) to hide internal network addresses. The firewall also provides traffic shaping to control network bandwidth that is passing through interfaces. For instance, solution providers can curtail bandwidth going to AOL chat clients and increase it for Web surfing. FortiGate's traffic shaping options guarantee certain bandwidth for services, including what traffic priorities are given to applications.

FortiGate maps firewall services with its UTM services using a feature called Protection Profile. A profile defines UTM services. Solution providers simply have to decide to turn on services such as Web filtering, antispam, intrusion protection and antivirus. Once created, profiles are then applied to firewall policies.

Out of the box, FortiGate comes with predefined profiles to filter content that enters a network. If a customer only wants to run FortiGate's antivirus UTM service, solution providers can simply turn off all profiles except for the one that covers antivirus protection.

FortiGate provides interfaces for each of its UTM services. Under the antivirus options, solution providers can select various protocols such as HTTP and FTP to scan for viruses. In addition, the box provides a method to quarantine files for further inspection.

Each of the services can be configured in separate protection profiles. The method simplifies configuration because one profile can be tied to multiple policies. Likewise, multiple profiles can be implemented at different times for each firewall policy. The combinations are based on a simple hierarchical configuration, allowing solution providers to quickly put together a customized UTM solution.

FortiGate's 1000A comes with all of Fortinet's UTM offerings built in but the services are not included in the 1000A appliance at the $14,995 price. Customers are charged a flat fee for a service bundle after purchasing a UTM appliance so that they do not have to subscribe to individual services to receive the latest signature files.

Fortinet only charges for service bundles for each FortiGate UTM appliance, so there's no per-user licensing required. The bundles have all of the features turned on as well. Therefore, solution providers can associate many profiles with many users without being charged for these connections. This is an ideal price model for managed service providers.

FortiGate arrives with content-level security to block Web sites based on predefined topics. According to Fortinet's Knowledge Center, content security filters use regular expressions to block suspect messages or Web sites. FortiGate's regular expressions support wildcard symbols to identify generic patterns in content.

Fortinet has its own global security team, the FortiGuard Center, which is responsible for identifying threats and responding to vulnerabilities. The team pushes new malware signatures into its UTM appliances often faster than third-party security vendors.

The FortiGuard Center also maintains categorized lists of Web sites that can pose security risks. Appliances that have the FortiGuard services turned on also are able to classify Web pages based on the categorization rules used by the Web-filtering database.

FortiGate supports in-memory logging, syslogs and offline logs. However, FortiGate logging features do not have the realtime capabilities of WatchGuard's Traffic Monitor. Fortinet also offers a logging appliance called FortiAnalyzer that can track network traffic across multiple FortiGate appliances.

FortiAnalyzer comes with more than 100 reports that are divided into 14 types of network activities such as antivirus, intrusions, FTP, VPN and mail. The reports generate detailed summaries of each activity, including sessions that are accepted and rejected, types of applications that are being executed and the user names associated with each activity. FortiAnalyzer also comes with a search engine.

Next: Untangle Professional