Fortinet FortiGate-3810A

An enterprise UTM appliance that’s big on features, performance and expansion potential, but is it good value as well?

Within a profile you can activate virus scanning on HTTP, FTP, IMAP, POP3, SMTP, IM and NNTP, add your own file filters and block email attachments over a certain size. Two options are provided for web filtering, where the first enables you to apply keyword matching plus black and white URL lists. You can also add the usual blocks for Java, ActiveX and cookies from here. The FortiGuard feature provides URL filtering and the eight main categories cover around eighty subcategories. You can block or allow entire categories or select options at the subcategory level and activate logging for each individual entry.

Advertisement - Article continues below

FortiGuard worked well during testing. With the gambling sub-category blocked we Googled for on-line bingo sites and gave up after the appliance blocked us from the first 100 hits. With social networks such a big issue in the workplace we tested this and found access to sites such as Facebook and MySpace could be easily blocked. Finding the right category can be tricky but Fortinet has this covered as you enter a URL on its main web site and it'll tell you what into which category it fits.

Profiles include your Intrusion Prevention System (IPS) settings, where you assign a predefined sensor or create your own. For testing we opted for the default sensor with a filter that covered all targets, operating systems, protocols and applications and merely logged all activity. However, it's easy enough to create custom sensors for selected systems, application and protocols and decide whether to block, allow or log them.

Advertisement - Article continues below
Advertisement - Article continues below

IM and P2P usage needs to be controlled in the workplace and the 3810A has a modest range of facilities for controlling these. For P2P you can choose from five main types, including Bittorent and eDonkey and allow, block or apply rate limits. From the IM and P2P menu option you also get a page of statistics showing logged in IM users, chat sessions and file downloads, whilst for P2P you can see how much network bandwidth is being sucked up.

Initially, we had some problems controlling our clients using Windows Live Messenger. Merely selecting the MSN option in the profile immediately blocked all further logins although we hadn't specifically requested this. After a chat with Fortinet's helpful support it transpired that the appliance is set to automatically block all unknown users for AIM, MSN and so on. With this total block now lifted we could allow our clients to log in but stop them from downloading files or using video.

Advertisement - Article continues below

We tested the P2P controls using one client running a Bittorent download and found that you can't passively monitor this type of activity. With our profile set to pass Bittorent traffic the statistics screen showed zero activity. We could block this traffic but only when we applied rate limits could we see usage figures in the statistics screen. Fortinet advised us that it believes with the profile set to pass Bittorent traffic the appliance won't activate its proxy for this so can't see what's occurring.

For sheer features the FortiGate-3810A has a lot going for it and we found it easy enough to install and deploy in the lab. The use of VDOMs, zones, policies and protection profiles make it extremely versatile but you'll also need to factor in the cost of anti-spam measures and possibly the additional FortiAnalyzer reporting systems.


The FortiGate-3810A delivers an impressive range of security features, with port expansion high on the agenda. Fortinet’s VDOM feature is a great idea as you can create multiple virtual appliances each with their own separate security policies. Performance is also a key feature, but for the price the hardware specification could be more up to date and the IM and P2P controls are fairly basic.

Chassis: 2U rack CPU: 2 x 1.8GHz AMD Opteron 265HE Memory: 2GB 400MHz DDR Expansion: 4 x expansion slots Network: 10 x Gigabit Ethernet (8 x copper, 2 x SFP) Power: 2 x 600W hot-plug supplies Management: Web browser

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now

Most Popular


Apple confirms serious bugs in iOS 13.5

4 Jun 2020

The UK looks to Japan and South Korea for 5G equipment

4 Jun 2020

Tycoon ransomware discovered using Java image files to target software firms

5 Jun 2020