Fortinet FortiGate-50 - What Network Security should be
Network Security is time-consuming. Appliances make the work
somewhat easier, but each firmware-based appliance usually targets
a narrow range of security needs. The alternative is a robust,
configurable integrated appliance, usually based on a PC platform.
But the most highly integrated appliances are expensive and
complicated to manage, and still only deliver on a certain set of
Fortinet's FortiGate line of security appliances sets new
standards for price, performance, and functionality. These devices
boast standard security capabilities such as firewall, NAT (network
address translation), VPN, and intrusion detection. They also fend
off DoS (denial of service) and DDoS (distributed DoS) attacks, and
they perform traffic-shaping to give streaming packets higher
priority. The units also break open network data packets to scan
for viruses, worms, banned text, cookies, scripts, and blacklisted
Four qualities set FortiGate devices apart from other
appliances: speed, cost, expandability, and breadth of standard
features. The FortiGate series is a fantastic entry point into the
world of security appliances. What soon becomes apparent, is the
room Fortinet has reserved for future capabilities. This is not a
one-shot appliance that you'll have to replace in a year. It is an
extensible platform with lots of room to grow.
The Fortinet FortiGate line of security appliances is unique in
many ways. These firmware-based devices are as versatile and
configurable as any PC-based solution, but they enjoy the greater
reliability, reduced size, and the power/cooling conservation only
Fortinet's architecture performs even demanding tasks such as
3DES (Data Encryption Standard) and AES (Advanced Encryption
Standard) encryption at network speeds that most PC-based platforms
can't touch. What sets this appliance apart, is that all of
FortiGate's features are enabled out of the box.
The FortiGate-50 splits your network into user-defined zones
(internal and external by default) for flexible configuration. Most
security settings and policies are applied according to connections
For example, you can apply a tight set of firewall rules to
traffic flowing between the internal and external zones (egress
filtering), or a looser set between the external zone and the
internal zone (ingress filtering). The firewall, anti-virus, and
VPN features use zone-based configurations. Intrusion detection
watches a single specified port, whereas banned words, URL blocks,
and script/cookie filters are applied to all ports and zones.
It's reasonable to expect a firmware-based device to have
limited capabilities compared with a PC security platform.
Surprisingly with this appliance, that's not the case.
When configured, the FortiGate downloads updated virus
signatures and intrusion/DoS/DDoS rules nightly. The anti-virus
engine tracks HTTP, SMTP, POP, and IMAP traffic, not only cracking
packets on the fly but reassembling them so that the entire
transferred file can be examined. The device identifies thousands
of viruses, worms, and network attacks, with lots of room for
expansion. The banned-word list and URL blacklist are empty by
default. You can upload and download these lists at will, and the
lists can be huge. Also a nice feature, is the ability to configure
schedule's for network access. If say, your business is open 24
hours a day, but your inside sales department is 9 - 5, you can
deny network activity to that network segment by entering a group
assignment based on date and time. And because of this nifty
feature, Fortinet has also included a one-time scheduled event to
compliment this, in case an employee stays late one-night.
Most security appliances, whether they are bought preconfigured
or built using Linux or BSD, degrade network performance so badly
that companies limit their use to the perimeter of the network.
Internet connections usually run at a fraction of the internal
LAN's speed, so the degradation is acceptable. But ISP links are
getting faster, and some companies want to monitor, filter, and
prioritize traffic passing from one LAN segment to another in there
trusted (internal) network segment.
For example, you might want to put a FortiGate between your
desktop LAN and your server farmnetwork, or between users handling
classified information and those who do not. You wouldn't do that
with most appliances, but with the enterprise-grade FortiGate
units, you could. It's hard to find a fault with the FortiGate-50.
The Web-based configuration interface can be a little cumbersome to
navigate, but there are so many settings, we can't think of a
Overall, the FortiGate is an unbelievably affordable,
expandable, and powerful little box. There is no reason to wait.
The FortiGates are worth buying for what they can do now. With a
list price of $495.00 for the Fortigate-50 for 10 users or 695.00
for unlimited users throughput, this is perfect appliance for the
SOHO or small business environment. Add to this the $175.00 for a
1-year signatures/firmware update subscription service, and the
FortiGate-50 is my appliance of the year.
For more product information please visit their website at
articles, comments, book reviews or opinions here!© June 2003 Michael Desrosiers All rights
Got something to add? Send me email.
Increase ad revenue 50-250% with Ezoic
More Articles by Michael Desrosiers
© 2009-11-07 Michael Desrosiers