Fortinet FortiGate-3810A

An enterprise UTM appliance that’s big on features, performance and expansion potential, but is it good value as well?

IT Pro Verdict

The FortiGate-3810A delivers an impressive range of security features, with port expansion high on the agenda. Fortinet’s VDOM feature is a great idea as you can create multiple virtual appliances each with their own separate security policies. Performance is also a key feature, but for the price the hardware specification could be more up to date and the IM and P2P controls are fairly basic.

Fortinet has traditionally focused on total network security solutions and its latest FortiGate-3810A targets enterprises looking for a modular chassis based UTM appliance that can be expanded as demand increases. The 3810A offers a good mix of protection measures, which include firewalling, anti-virus, web content filtering, traffic management and IDS/IPS. The review unit was also supplied with the anti-spam option but Fortinet advised us that at this level of the market it prefers to offer its FortiMail appliance as a separate point solution.

This 2U chassis has an industrial look and feel to it and although its base specification is unimpressive it does offer plenty of upgrade options. As standard you get an octet of copper Gigabit ports and a pair of fibre ones and the four expansion bays above support a good selection of expansion cards. These include Gigabit SFP and copper modules plus a dual port 10GbE version and all have onboard hardware acceleration. An optional module with an 80GB hard disk for internal log storage is also on offer, although the 2,200 asking price is a bit steep.

All security measures are handled by firewall policies but Fortinet's VDOMs (virtual domains) and zones add extra layers of flexibility. VDOMs enable you to create separate virtual appliances within a physical unit where each has their own dedicated zones, users and policies. These enable you to assign different virtual appliances to departments making for easier management. Within each VDOM you create zones, which are groupings of ports and VLANs and you can keep them completely separate by blocking intra-zone traffic.

Initial installation in the lab was simple enough as we opted for a single VDOM with all ports grouped into a single zone. The appliance's web interface is well-designed and its status page provides plenty of information on general system activity, subscription services and alert messages. It also provides a statistics table showing HTTP and HTTPS URLs visited and blocked, FTP site visits and downloads, incoming and outgoing mail and virus counts. The attack table below provides information about IPS performance such as detected attacks and blocked web sites.

Security policies are applied at the zone level and contain source and destination zones and addresses, the services to be controlled and an action. Policies can also be run to a schedule and protection profiles determine how all the other features for a policy should behave. At this level you can also apply traffic shaping with values for guaranteed and maximum bandwidth. User authentication can also be added to individual policies and you can use the appliance's local user and group database or go for AD or LDAP with RADIUS or TACACS+ servers.

Dave Mitchell

Dave is an IT consultant and freelance journalist specialising in hands-on reviews of computer networking products covering all market sectors from small businesses to enterprises. Founder of Binary Testing Ltd – the UK’s premier independent network testing laboratory - Dave has over 45 years of experience in the IT industry.

Dave has produced many thousands of in-depth business networking product reviews from his lab which have been reproduced globally. Writing for ITPro and its sister title, PC Pro, he covers all areas of business IT infrastructure, including servers, storage, network security, data protection, cloud, infrastructure and services.