Fortinet FortiGate-111C review
The most security features we’ve seen in an SMB appliance, it’s easy to deploy and manage, and the price is right too
Sitting at the top of Fortinet’s family of SMB appliances, the FortiGate-111C offers a remarkable range of security measures. At its foundation is the standard fare of SPI firewall plus IPsec and SSL VPNs, to which it adds intrusion prevention, antivirus, anti-malware, anti-spam, web filtering and P2P app controls.
Then there’s data leak prevention (DLP), integrated management of Fortinet’s FortiAP wireless APs, endpoint protection and vulnerability scanning. And an optional 64GB SSD can be used for high-speed web caching, logging, DLP archiving and quarantining.
Pairs of appliances can be used for high availability, and with one at each end of a site-to-site link they can perform WAN optimisation. The 111C has eight switched 10/100 Ethernet LAN ports and a pair of Gigabit WAN ports. It supports both NAT and transparent modes, and we used the latter to drop it between the lab’s LAN and internet connection. The cooling fans are very noisy, so the appliance will need to go in a cabinet.
Fortinet quotes impressive performance figures, with an intrusion prevention system (IPS) throughput of 450Mbits/sec. We tested this using the lab’s Ixia Optixia XM2 chassis equipped with two Xcellon-Ultra NP blades, and saw throughput settle at almost 460Mbits/sec.
The web interface opens with a smart dashboard, which can be customised with widgets. These include traffic history graphs for selected interfaces, tables for top applications and sessions, licence information, cache usage and system resources.
Firewall policies comprise sources, destinations, schedules, services and actions, and you can assign various UTM profiles to each. Antivirus profiles define which protocols you want scanned and whether you want infections to be removed or quarantined.
Fortinet’s own URL filtering database provides eight main categories and almost 80 subcategories. You can block or allow entire categories or subcategories, activate logging for each entry, apply usage quotas and enable a global Safe Search feature.
Application control policies use sensors for selected apps, and Fortinet provides almost 2,000 from which to choose. The FortiGuard anti-spam measures are also controlled with policies that decide which mail protocols to scan, and how spam is handled.
|Server configuration||Desktop chassis|
|Hard disk configuration||Optional 64GB SSD|
|10/100 LAN ports||8|