Fortinet FortiGate 111C

Fortinet's compact FortiGate 111C appliance has a remarkable range of security measures at an affordable price. In this exclusive review, Dave Mitchell puts it on test to see if it really does have every security angle covered.

ITPRO Recommended award

What makes it stand out is Fortinet's ASIC-based FortiOS operating system and the latest v4.0 introduces a heap of new features. At its foundation is the standard fare of SPI firewall plus IPSec and SSL VPNs, to which you can add intrusion prevention, anti-virus, anti-malware, anti-spam, web filtering and P2P app controls.

Advertisement - Article continues below

There's a lot more, though, as you have data leak prevention (DLP), integrated management of Fortinet's FortiAP wireless access points plus rogue AP detection, endpoint protection and vulnerability scanning.

We haven't finished yet as the 111C supports an optional 64GB SSD for high speed web caching, logging, DLP archiving and quarantining. There's still more as pairs of appliances can used for high availability and with one at each end of a site-to-site link they can perform WAN optimisation.

The 111C has eight, switched Fast Ethernet LAN ports and a pair of Gigabit WAN ports. It supports both NAT and transparent modes and we used the latter to drop it in between the lab's LAN and Internet connection. The cooling fans are very noisy so the appliance will need to go in a cabinet.

Fortinet quotes impressive performance figures for the 111C with an IPS throughput of 450Mbps. We tested this using the lab's Ixia Optixia XM2 chassis equipped with two Xcellon-Ultra NP blades and saw throughput settle comfortably at nearly 460Mbps.

Advertisement - Article continues below
Advertisement - Article continues below

The appliance's web interface opens with a smart dashboard which can be customised with widgets. These include traffic history graphs for selected interfaces, tables for top applications and sessions, license information, cache usage and system resources.

Each firewall policy comprises source, destination, schedule, service and action objects and you can assign various UTM profiles to each one. Anti-virus profiles define which protocols you want scanned and if you want infections to be removed or quarantined.

Fortinet provides its own URL filtering database and its eight main categories cover nearly eighty subcategories. You can block or allow entire categories or select options at the subcategory level, activate logging for each individual entry, apply usage quotas and enable a global Safe Search feature.

Application control policies use sensors for selected apps and Fortinet provides nearly 2,000 to choose from. Each policy can simply monitor and log usage or you can block them, reset the connection or apply a traffic shaper object created within your firewall policies.

Advertisement - Article continues below

The FortiGuard anti-spam measures are also controlled using policies which decide which mail protocols to scan, how spam is handled and which FortiGuard functions should be applied. For testing we created a policy that scanned all mail protocols for spam but only tagged suspect messages and passed them on.

We configured our Outlook clients to move tagged messages to a separate folder and left the appliance scanning live email for three weeks. At the end of the test we saw an impressive spam detection rate of nearly 99 per cent with only eight false positives.

DLP policies are used to scan traffic for file types, file sizes, fingerprints, conditions or expressions such as credit card and social security numbers. To use fingerprinting you upload files to the appliance or point it to a remote location and it will generate a checksum for each one.

Advertisement - Article continues below

DLP sensor policies can include any of these criteria and be used to monitor and log activity. For highly sensitive documents, you can set the policy to block the transfer or quarantine the user, the IP address or even the interface on the appliance the traffic was spotted on.

Advertisement - Article continues below

For vulnerability scans you use asset definitions based on IP addresses and ranges and each entry can be assigned Windows and Unix authentication details. Manual or regularly scheduled scans can be run on selected definitions and three levels allow scans to be run on port 80, all common application ports or the full port range.

Managing wireless networks with Fortinet's access points couldn't be easier as the appliance automatically detects them. We tested this with FortiAP 220 and 222 models and found we could create multiple SSIDs each with unique security and encryption settings and assign them to specific APs.

Along with rogue detection you also have the option of suppressing them. When a rogue is spotted it is listed in the web interface monitoring page where you can select it and activate suppression. The appliance's wireless controller then sends deauth messages to the rogue and any clients trying to associate with it.

Advertisement - Article continues below

The appliance provides local logging and reporting where you can view event, UTM, traffic and vulnerability scan logs and check on the quarantine store. Graphical reports can also be generated for bandwidth, application, web, email and VPN usage and displayed as high quality web reports with an introductory page and even a table of contents.

For more detailed reporting we recommend the optional FortiGuard Analysis and Management Service (FAMS). The appliance can be set to upload selected logs regularly to your account on this hosted service which are used to present an extensive range of detailed reports.

The FortiGate 111C provides the most comprehensive range of security measures we've yet seen in an SMB level appliance. It's easy to deploy and affordable as well with a bundle including the SSD, anti-virus, IPS, anti-spam and web filtering costing 3,543.


SMBs that want a security appliance that covers every possible network security requirement need look no further than the FortiGate 111C. It’s very simple to install and manage, can be customised to suit with a wide range of optional packages, provides plenty of quality reporting tools and is offered at a sensible price.

Chassis: Desktop/rack mount

CPU: Fortinet FortiASIC

Network: 8 x switched 10/100 (LAN), 2 x Gigabit (WAN)

Storage: 64GB SATA SFF SSD (optional)

Ports: 2 x USB, RJ-45 console

Management: Web browser, CLI

Software: Fortinet FortiOS 4.0

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Putting a spotlight on cyber security

An examination of the current cyber security landscape

Download now

The economics of infrastructure scalability

Find the most cost-effective and least risky way to scale

Download now

IT operations overload hinders digital transformation

Clearing the path towards a modernised system of agreement

Download now



University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular


How to find RAM speed, size and type

24 Jun 2020

Microsoft releases urgent patch for high-risk Windows 10 flaws

1 Jul 2020

The top 12 password-cracking techniques used by hackers

12 Jun 2020