Fortinet FortiGate-3810A

An enterprise UTM appliance that’s big on features, performance and expansion potential, but is it good value as well?

Within a profile you can activate virus scanning on HTTP, FTP, IMAP, POP3, SMTP, IM and NNTP, add your own file filters and block email attachments over a certain size. Two options are provided for web filtering, where the first enables you to apply keyword matching plus black and white URL lists. You can also add the usual blocks for Java, ActiveX and cookies from here. The FortiGuard feature provides URL filtering and the eight main categories cover around eighty subcategories. You can block or allow entire categories or select options at the subcategory level and activate logging for each individual entry.

Advertisement - Article continues below

FortiGuard worked well during testing. With the gambling sub-category blocked we Googled for on-line bingo sites and gave up after the appliance blocked us from the first 100 hits. With social networks such a big issue in the workplace we tested this and found access to sites such as Facebook and MySpace could be easily blocked. Finding the right category can be tricky but Fortinet has this covered as you enter a URL on its main web site and it'll tell you what into which category it fits.

Profiles include your Intrusion Prevention System (IPS) settings, where you assign a predefined sensor or create your own. For testing we opted for the default sensor with a filter that covered all targets, operating systems, protocols and applications and merely logged all activity. However, it's easy enough to create custom sensors for selected systems, application and protocols and decide whether to block, allow or log them.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

IM and P2P usage needs to be controlled in the workplace and the 3810A has a modest range of facilities for controlling these. For P2P you can choose from five main types, including Bittorent and eDonkey and allow, block or apply rate limits. From the IM and P2P menu option you also get a page of statistics showing logged in IM users, chat sessions and file downloads, whilst for P2P you can see how much network bandwidth is being sucked up.

Initially, we had some problems controlling our clients using Windows Live Messenger. Merely selecting the MSN option in the profile immediately blocked all further logins although we hadn't specifically requested this. After a chat with Fortinet's helpful support it transpired that the appliance is set to automatically block all unknown users for AIM, MSN and so on. With this total block now lifted we could allow our clients to log in but stop them from downloading files or using video.

Advertisement - Article continues below

We tested the P2P controls using one client running a Bittorent download and found that you can't passively monitor this type of activity. With our profile set to pass Bittorent traffic the statistics screen showed zero activity. We could block this traffic but only when we applied rate limits could we see usage figures in the statistics screen. Fortinet advised us that it believes with the profile set to pass Bittorent traffic the appliance won't activate its proxy for this so can't see what's occurring.

For sheer features the FortiGate-3810A has a lot going for it and we found it easy enough to install and deploy in the lab. The use of VDOMs, zones, policies and protection profiles make it extremely versatile but you'll also need to factor in the cost of anti-spam measures and possibly the additional FortiAnalyzer reporting systems.

Verdict

The FortiGate-3810A delivers an impressive range of security features, with port expansion high on the agenda. Fortinet’s VDOM feature is a great idea as you can create multiple virtual appliances each with their own separate security policies. Performance is also a key feature, but for the price the hardware specification could be more up to date and the IM and P2P controls are fairly basic.

Chassis: 2U rack CPU: 2 x 1.8GHz AMD Opteron 265HE Memory: 2GB 400MHz DDR Expansion: 4 x expansion slots Network: 10 x Gigabit Ethernet (8 x copper, 2 x SFP) Power: 2 x 600W hot-plug supplies Management: Web browser

Featured Resources

How inkjet can transform your business

Get more out of your business by investing in the right printing technology

Download now

Journey to a modern workplace with Office 365: which tools and when?

A guide to how Office 365 builds a modern workplace

Download now

Modernise and transform your sales organisation

Learn how a modernised sales process can drive your business

Download now

Your guide to managing cloud transformation risk

Realise the benefits. Mitigate the risks

Download now
Advertisement

Most Popular

Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/security/34616/the-top-ten-password-cracking-techniques-used-by-hackers
Security

The top ten password-cracking techniques used by hackers

10 Feb 2020
Visit/operating-systems/microsoft-windows/354739/windows-7-bug-blocks-users-from-shutting-down-their-pcs
Microsoft Windows

Windows 7 bug blocks users from shutting down their PCs

10 Feb 2020
Visit/hardware/354723/coronavirus-starts-to-take-its-toll-on-the-tech-industry
Hardware

Coronavirus starts to take its toll on the tech industry

6 Feb 2020