Fortinet FortiGate-3810A

An enterprise UTM appliance that’s big on features, performance and expansion potential, but is it good value as well?

Within a profile you can activate virus scanning on HTTP, FTP, IMAP, POP3, SMTP, IM and NNTP, add your own file filters and block email attachments over a certain size. Two options are provided for web filtering, where the first enables you to apply keyword matching plus black and white URL lists. You can also add the usual blocks for Java, ActiveX and cookies from here. The FortiGuard feature provides URL filtering and the eight main categories cover around eighty subcategories. You can block or allow entire categories or select options at the subcategory level and activate logging for each individual entry.

Advertisement - Article continues below

FortiGuard worked well during testing. With the gambling sub-category blocked we Googled for on-line bingo sites and gave up after the appliance blocked us from the first 100 hits. With social networks such a big issue in the workplace we tested this and found access to sites such as Facebook and MySpace could be easily blocked. Finding the right category can be tricky but Fortinet has this covered as you enter a URL on its main web site and it'll tell you what into which category it fits.

Profiles include your Intrusion Prevention System (IPS) settings, where you assign a predefined sensor or create your own. For testing we opted for the default sensor with a filter that covered all targets, operating systems, protocols and applications and merely logged all activity. However, it's easy enough to create custom sensors for selected systems, application and protocols and decide whether to block, allow or log them.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

IM and P2P usage needs to be controlled in the workplace and the 3810A has a modest range of facilities for controlling these. For P2P you can choose from five main types, including Bittorent and eDonkey and allow, block or apply rate limits. From the IM and P2P menu option you also get a page of statistics showing logged in IM users, chat sessions and file downloads, whilst for P2P you can see how much network bandwidth is being sucked up.

Initially, we had some problems controlling our clients using Windows Live Messenger. Merely selecting the MSN option in the profile immediately blocked all further logins although we hadn't specifically requested this. After a chat with Fortinet's helpful support it transpired that the appliance is set to automatically block all unknown users for AIM, MSN and so on. With this total block now lifted we could allow our clients to log in but stop them from downloading files or using video.

Advertisement - Article continues below

We tested the P2P controls using one client running a Bittorent download and found that you can't passively monitor this type of activity. With our profile set to pass Bittorent traffic the statistics screen showed zero activity. We could block this traffic but only when we applied rate limits could we see usage figures in the statistics screen. Fortinet advised us that it believes with the profile set to pass Bittorent traffic the appliance won't activate its proxy for this so can't see what's occurring.

For sheer features the FortiGate-3810A has a lot going for it and we found it easy enough to install and deploy in the lab. The use of VDOMs, zones, policies and protection profiles make it extremely versatile but you'll also need to factor in the cost of anti-spam measures and possibly the additional FortiAnalyzer reporting systems.

Verdict

The FortiGate-3810A delivers an impressive range of security features, with port expansion high on the agenda. Fortinet’s VDOM feature is a great idea as you can create multiple virtual appliances each with their own separate security policies. Performance is also a key feature, but for the price the hardware specification could be more up to date and the IM and P2P controls are fairly basic.

Chassis: 2U rack CPU: 2 x 1.8GHz AMD Opteron 265HE Memory: 2GB 400MHz DDR Expansion: 4 x expansion slots Network: 10 x Gigabit Ethernet (8 x copper, 2 x SFP) Power: 2 x 600W hot-plug supplies Management: Web browser

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020
Labour Party donors caught up in Blackbaud data breach
data breaches

Labour Party donors caught up in Blackbaud data breach

31 Jul 2020