Fortinet FortiGate-3810A

An enterprise UTM appliance that’s big on features, performance and expansion potential, but is it good value as well?

Price
£33,997

Fortinet has traditionally focused on total network security solutions and its latest FortiGate-3810A targets enterprises looking for a modular chassis based UTM appliance that can be expanded as demand increases. The 3810A offers a good mix of protection measures, which include firewalling, anti-virus, web content filtering, traffic management and IDS/IPS. The review unit was also supplied with the anti-spam option but Fortinet advised us that at this level of the market it prefers to offer its FortiMail appliance as a separate point solution.

This 2U chassis has an industrial look and feel to it and although its base specification is unimpressive it does offer plenty of upgrade options. As standard you get an octet of copper Gigabit ports and a pair of fibre ones and the four expansion bays above support a good selection of expansion cards. These include Gigabit SFP and copper modules plus a dual port 10GbE version and all have onboard hardware acceleration. An optional module with an 80GB hard disk for internal log storage is also on offer, although the 2,200 asking price is a bit steep.

All security measures are handled by firewall policies but Fortinet's VDOMs (virtual domains) and zones add extra layers of flexibility. VDOMs enable you to create separate virtual appliances within a physical unit where each has their own dedicated zones, users and policies. These enable you to assign different virtual appliances to departments making for easier management. Within each VDOM you create zones, which are groupings of ports and VLANs and you can keep them completely separate by blocking intra-zone traffic.

Initial installation in the lab was simple enough as we opted for a single VDOM with all ports grouped into a single zone. The appliance's web interface is well-designed and its status page provides plenty of information on general system activity, subscription services and alert messages. It also provides a statistics table showing HTTP and HTTPS URLs visited and blocked, FTP site visits and downloads, incoming and outgoing mail and virus counts. The attack table below provides information about IPS performance such as detected attacks and blocked web sites.

Security policies are applied at the zone level and contain source and destination zones and addresses, the services to be controlled and an action. Policies can also be run to a schedule and protection profiles determine how all the other features for a policy should behave. At this level you can also apply traffic shaping with values for guaranteed and maximum bandwidth. User authentication can also be added to individual policies and you can use the appliance's local user and group database or go for AD or LDAP with RADIUS or TACACS+ servers.

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Most Popular

46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020
macOS Big Sur is bricking some older MacBooks
operating systems

macOS Big Sur is bricking some older MacBooks

16 Nov 2020
How computing has revolutionised Formula 1
Sponsored

How computing has revolutionised Formula 1

11 Nov 2020