Fortinet's compact FortiGate 111C appliance has a remarkable range of security measures at an affordable price. In this exclusive review, Dave Mitchell puts it on test to see if it really does have every security angle covered.
Representing the top of Fortinet’s family of SMB appliances, the FortiGate 111C brings together an impressive range of security measures that the competition will be hard pushed to match, let alone beat.
What makes it stand out is Fortinet’s ASIC-based FortiOS operating system and the latest v4.0 introduces a heap of new features. At its foundation is the standard fare of SPI firewall plus IPSec and SSL VPNs, to which you can add intrusion prevention, anti-virus, anti-malware, anti-spam, web filtering and P2P app controls.
There’s a lot more, though, as you have data leak prevention (DLP), integrated management of Fortinet’s FortiAP wireless access points plus rogue AP detection, endpoint protection and vulnerability scanning.
We haven’t finished yet as the 111C supports an optional 64GB SSD for high speed web caching, logging, DLP archiving and quarantining. There’s still more as pairs of appliances can used for high availability and with one at each end of a site-to-site link they can perform WAN optimisation.
The 111C has eight, switched Fast Ethernet LAN ports and a pair of Gigabit WAN ports. It supports both NAT and transparent modes and we used the latter to drop it in between the lab’s LAN and Internet connection. The cooling fans are very noisy so the appliance will need to go in a cabinet.
Fortinet quotes impressive performance figures for the 111C with an IPS throughput of 450Mbps. We tested this using the lab’s Ixia Optixia XM2 chassis equipped with two Xcellon-Ultra NP blades and saw throughput settle comfortably at nearly 460Mbps.
The appliance’s web interface opens with a smart dashboard which can be customised with widgets. These include traffic history graphs for selected interfaces, tables for top applications and sessions, license information, cache usage and system resources.
Each firewall policy comprises source, destination, schedule, service and action objects and you can assign various UTM profiles to each one. Anti-virus profiles define which protocols you want scanned and if you want infections to be removed or quarantined.
Fortinet provides its own URL filtering database and its eight main categories cover nearly eighty subcategories. You can block or allow entire categories or select options at the subcategory level, activate logging for each individual entry, apply usage quotas and enable a global Safe Search feature.
Application control policies use sensors for selected apps and Fortinet provides nearly 2,000 to choose from. Each policy can simply monitor and log usage or you can block them, reset the connection or apply a traffic shaper object created within your firewall policies.
The FortiGuard anti-spam measures are also controlled using policies which decide which mail protocols to scan, how spam is handled and which FortiGuard functions should be applied. For testing we created a policy that scanned all mail protocols for spam but only tagged suspect messages and passed them on.
We configured our Outlook clients to move tagged messages to a separate folder and left the appliance scanning live email for three weeks. At the end of the test we saw an impressive spam detection rate of nearly 99 per cent with only eight false positives.
DLP policies are used to scan traffic for file types, file sizes, fingerprints, conditions or expressions such as credit card and social security numbers. To use fingerprinting you upload files to the appliance or point it to a remote location and it will generate a checksum for each one.
DLP sensor policies can include any of these criteria and be used to monitor and log activity. For highly sensitive documents, you can set the policy to block the transfer or quarantine the user, the IP address or even the interface on the appliance the traffic was spotted on.
For vulnerability scans you use asset definitions based on IP addresses and ranges and each entry can be assigned Windows and Unix authentication details. Manual or regularly scheduled scans can be run on selected definitions and three levels allow scans to be run on port 80, all common application ports or the full port range.
Managing wireless networks with Fortinet’s access points couldn’t be easier as the appliance automatically detects them. We tested this with FortiAP 220 and 222 models and found we could create multiple SSIDs each with unique security and encryption settings and assign them to specific APs.
Along with rogue detection you also have the option of suppressing them. When a rogue is spotted it is listed in the web interface monitoring page where you can select it and activate suppression. The appliance’s wireless controller then sends deauth messages to the rogue and any clients trying to associate with it.
The appliance provides local logging and reporting where you can view event, UTM, traffic and vulnerability scan logs and check on the quarantine store. Graphical reports can also be generated for bandwidth, application, web, email and VPN usage and displayed as high quality web reports with an introductory page and even a table of contents.
For more detailed reporting we recommend the optional FortiGuard Analysis and Management Service (FAMS). The appliance can be set to upload selected logs regularly to your account on this hosted service which are used to present an extensive range of detailed reports.
The FortiGate 111C provides the most comprehensive range of security measures we’ve yet seen in an SMB level appliance. It’s easy to deploy and affordable as well with a bundle including the SSD, anti-virus, IPS, anti-spam and web filtering costing £3,543.
Chassis: Desktop/rack mount
CPU: Fortinet FortiASIC
Network: 8 x switched 10/100 (LAN), 2 x Gigabit (WAN)
Storage: 64GB SATA SFF SSD (optional)
Ports: 2 x USB, RJ-45 console
Management: Web browser, CLI
Software: Fortinet FortiOS 4.0