Fortinet FortiGate-111C review

Dave Mitchell Read more June 12, 2012

Image 1 of 7

£2930

Price when reviewed

Sitting at the top of Fortinet’s family of SMB appliances, the FortiGate-111C offers a remarkable range of security measures. At its foundation is the standard fare of SPI firewall plus IPsec and SSL VPNs, to which it adds intrusion prevention, antivirus, anti-malware, anti-spam, web filtering and P2P app controls.

Then there’s data leak prevention (DLP), integrated management of Fortinet’s FortiAP wireless APs, endpoint protection and vulnerability scanning. And an optional 64GB SSD can be used for high-speed web caching, logging, DLP archiving and quarantining.

Pairs of appliances can be used for high availability, and with one at each end of a site-to-site link they can perform WAN optimisation. The 111C has eight switched 10/100 Ethernet LAN ports and a pair of Gigabit WAN ports. It supports both NAT and transparent modes, and we used the latter to drop it between the lab’s LAN and internet connection. The cooling fans are very noisy, so the appliance will need to go in a cabinet.

Fortinet quotes impressive performance figures, with an intrusion prevention system (IPS) throughput of 450Mbits/sec. We tested this using the lab’s Ixia Optixia XM2 chassis equipped with two Xcellon-Ultra NP blades, and saw throughput settle at almost 460Mbits/sec.

The web interface opens with a smart dashboard, which can be customised with widgets. These include traffic history graphs for selected interfaces, tables for top applications and sessions, licence information, cache usage and system resources.

Firewall policies comprise sources, destinations, schedules, services and actions, and you can assign various UTM profiles to each. Antivirus profiles define which protocols you want scanned and whether you want infections to be removed or quarantined.

Fortinet’s own URL filtering database provides eight main categories and almost 80 subcategories. You can block or allow entire categories or subcategories, activate logging for each entry, apply usage quotas and enable a global Safe Search feature.

Application control policies use sensors for selected apps, and Fortinet provides almost 2,000 from which to choose. The FortiGuard anti-spam measures are also controlled with policies that decide which mail protocols to scan, and how spam is handled.

For testing, we created a policy that tagged suspect messages and passed them on to our Outlook clients. At the end of a three-week test we saw an impressive spam detection rate of almost 99%, with only eight false-positives.

DLP policies scan traffic for file types, file sizes, fingerprints, conditions or expressions such as credit card and social security numbers. To use fingerprinting, upload files to the appliance or point it to a remote location, and it generates a checksum for each.

DLP sensor policies can only monitor and log activity, but for sensitive documents you can block the transfer or quarantine the user, IP address or appliance interface on which the traffic was spotted.

For vulnerability scans you use asset definitions based on IP addresses and ranges, and each entry can be assigned Windows and Unix authentication details. Manual or scheduled scans can be run on selected definitions, and those scans can run on three levels: port 80, all common application ports, or the full range.

Managing wireless networks with Fortinet’s access points couldn’t be easier, since the appliance automatically detects them. We tested with FortiAP 220 and 222 models and could create multiple SSIDs, each with unique security and encryption settings, and assign them to specific APs.

Along with rogue detection, it handles suppression. When a rogue is spotted, it joins a list on the web interface monitoring page, where it can be selected and suppressed. The appliance’s wireless controller then sends deauth messages to the rogue and any clients trying to associate with it.

The appliance provides local logging and reporting, to view event, UTM, traffic and scan logs and check the quarantine store. Graphical reports can be generated for bandwidth, application, web, email and VPN usage, and displayed as high-quality web reports with an introductory page and even a table of contents.

For more detailed reporting we recommend the optional Analysis & Management Service (FAMS). The appliance can be set to upload selected logs regularly to your account on this hosted service, and they’re then used to present an extensive range of detailed reports.

The FortiGate-111C has every security angle covered. It offers a truly remarkable range of features at an affordable price, and Fortinet’s centralised management options make it well suited to both SMBs and remote branch deployments.