An enterprise UTM appliance that’s big on features, performance and expansion potential, but is it good value as well?
Fortinet has traditionally focused on total network security solutions and its latest FortiGate-3810A targets enterprises looking for a modular chassis based UTM appliance that can be expanded as demand increases. The 3810A offers a good mix of protection measures, which include firewalling, anti-virus, web content filtering, traffic management and IDS/IPS. The review unit was also supplied with the anti-spam option but Fortinet advised us that at this level of the market it prefers to offer its FortiMail appliance as a separate point solution.
This 2U chassis has an industrial look and feel to it and although its base specification is unimpressive it does offer plenty of upgrade options. As standard you get an octet of copper Gigabit ports and a pair of fibre ones and the four expansion bays above support a good selection of expansion cards. These include Gigabit SFP and copper modules plus a dual port 10GbE version and all have onboard hardware acceleration. An optional module with an 80GB hard disk for internal log storage is also on offer, although the 2,200 asking price is a bit steep.
All security measures are handled by firewall policies but Fortinet's VDOMs (virtual domains) and zones add extra layers of flexibility. VDOMs enable you to create separate virtual appliances within a physical unit where each has their own dedicated zones, users and policies. These enable you to assign different virtual appliances to departments making for easier management. Within each VDOM you create zones, which are groupings of ports and VLANs and you can keep them completely separate by blocking intra-zone traffic.
Initial installation in the lab was simple enough as we opted for a single VDOM with all ports grouped into a single zone. The appliance's web interface is well-designed and its status page provides plenty of information on general system activity, subscription services and alert messages. It also provides a statistics table showing HTTP and HTTPS URLs visited and blocked, FTP site visits and downloads, incoming and outgoing mail and virus counts. The attack table below provides information about IPS performance such as detected attacks and blocked web sites.
Security policies are applied at the zone level and contain source and destination zones and addresses, the services to be controlled and an action. Policies can also be run to a schedule and protection profiles determine how all the other features for a policy should behave. At this level you can also apply traffic shaping with values for guaranteed and maximum bandwidth. User authentication can also be added to individual policies and you can use the appliance's local user and group database or go for AD or LDAP with RADIUS or TACACS+ servers.
The IT Pro guide to Windows 10 migration
Everything you need to know for a successful transitionDownload now
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Software-defined storage for dummies
Control storage costs, eliminate storage bottlenecks and solve storage management challengesDownload now
6 best practices for escaping ransomware
A complete guide to tackling ransomware attacksDownload now