ITEXPO begins in:   New Coverage :  Asterisk  |  Fax Software  |  SIP Phones  |  Small Cells

Product Reviews
June 2003


Fortinet, Inc.
3333 Octavius Dr.
Santa Clara, CA 95054
Tel: 408-235-7700
Web site: www.fortinet.com

Price: $7,995

Editor's Choice Award

Installation: 5
Documentation: 4.5
Features: 4.75
GUI: 4
Overall: A-

With so many viruses, hacker intrusion attempts, peer-to-peer file sharing network hogs, and other network security issues, an IT administrator�s job of protecting the network can be a daunting task. Fortunately, with Fortinet�s ASIC-powered 1U Fortigate-400 appliance you can have firewall functionality, filter Web traffic, VPN, virus and worm protection, intrusion detection, bandwidth throttling, and much more for a very reasonable $7,995 price tag. It also supports a �high availability port� to support redundant configurations, which is ideal for mission-critical applications. And did we mention that it supports H.323 over NAT to support VoIP applications? The ability to support VoIP is a neat feature that many firewalls cannot support.

TMC Labs tested the Fortinet-400 and we were very impressed with its feature-set. The Fortigate-400 can detect and eliminate content-based threats from e-mail and Web traffic such as viruses, worms, intrusions, inappropriate Web content, and more in real time -- without degrading network performance. FortiGate Antivirus Firewalls employ Fortinet�s unique FortiASIC content processing chip. Fortinet claims that their Fortigate systems are the only systems in the world that are triple-certified by the ICSA (for antivirus, IPSec, and firewall functionality). Often times an organization may already have a firewall or VPN setup, so they wouldn�t need or require all of FortiGate�s advanced functionality. No problem. The FortiGate systems can be set to a �stand alone� mode and can be deployed for antivirus protection and content filtering alone and used in conjunction with the existing firewall, VPN, and related devices. If you decide later on to replace all the disparate network systems and use just the FortiGate for your firewall, VPN, virus protection, and content filtering, it�s a very simple configuration change. For this reason, TMC Labs was impressed with the level of flexibility of the FortiGate platform.

The FortiGate system can perform quite demanding tasks such as 3DES (Data Encryption Standard) and AES (Advanced Encryption Standard) encryption without breaking a sweat. In addition, the FortiGate features four auto-sensing 10/100 Base-T ports. In addition it features flexible deployment options allowing administrators to customize the ports and assign route and NAT mode options to individual interfaces. The FortiGate 400 provides very granular security through multi-zone capabilities, which allows administrators to segment their network into zones and create policies between zones. Each security zone may contain several subnets, and the firewall policy will let you select if you want to apply a rule only to one network or to a group of networks inside a zone instead of to the entire zone. In addition, the FortiGate-400 fully supports Remote Access via VPN using Fortinet�s Remote VPN client.

TMC Labs was quite impressed with the ability to perform content filtering on the FortiGate-400. The content filtering feature is completely policy-based, so it can be applied to specific users or IP addresses and of course can be scheduled. Thus, you can block certain material during work hours, and then relax it during off hours. It supports URL blocking, keyword/phrase blocking, URL exempt list, and can block Java applets, cookies, or ActiveX controls. One thing that we did determine was missing was the ability to use wildcards in the URL block list, such as www.sex*.com, or *.org. It would be nice if Fortinet provided some sample templates of keywords to blocked, as well as a comprehensive list of objectionable sites to block, which could be imported into the device and updated regularly from their Web site. This would make this a very cost-effective solution versus expensive solutions such as Websense, a popular content filtering program that costs $5,000 per year for 50 users.

We tested the traffic-shaping, which lets you set the guaranteed and maximum bandwidth in each policy. As a test, we defined a policy stating that HTTP traffic cannot exceed 20 KB/s. Immediately, our Web downloads dropped from 200 KB/s to approximately 19 KB/s. One nice capability is that you can create schedules for when the traffic-shaping policy is in effect.

Finally, we tested the H.323 over NAT feature by testing the Fortinet firewall with Quintum�s Tenor CMS H.323-compatible gateway. During our tests, we were only able to get voice in one direction, which indicated a firewall NAT issue. After a few attempts at reconfiguring the firewall, we still couldn�t resolve the issue. This is not to say the Fortigate-400 does not support H.323, but it was not as seamless as we would have liked.


  • Provides complete network protection functionality through a combination of network-based antivirus, Web content filtering, firewall, VPN, and network-based intrusion detection (IDS), and traffic shaping.
  • Eliminate viruses and worms from real-time traffic without degrading network performance.
  • Front panel LCD and keypad ease deployment by setting basic system parameters without an external console.
  • High-availability option supports transparent failover for mission-critical applications.
  • Multi-zone support allows granular network segmentation into zones with individual security and access control policies.
  • Delivers excellent performance and reliability from hardware accelerated, ASIC-based architecture.
  • Automatically downloads the latest virus and attack database and can accept instant �push� updates from the FortiResponse Network.
  • Underlying FortiOS is ICSA-certified for Antivirus, Firewall, and IPSec VPN.
  • Easy to use and deploy -- quick and easy configuration wizard walks administrators through initial setup with graphical user interface.
  • Web-based GUI and content filtering support multiple languages.

TMC Labs was very impressed with the performance of the Fortigate-400, especially considering what you get for your money. With its plethora of features, including virus-protection, intrusion detection, policies, and more, the Fortinet�s Fortigate-400 sets the benchmark for appliance-based firewall devices.

[ Return To The June 2003 Table Of Contents ]

Today @ TMC
Upcoming Events
ITEXPO West 2012
October 2- 5, 2012
The Austin Convention Center
Austin, Texas
The World's Premier Managed Services and Cloud Computing Event
Click for Dates and Locations
Mobility Tech Conference & Expo
October 3- 5, 2012
The Austin Convention Center
Austin, Texas
Cloud Communications Summit
October 3- 5, 2012
The Austin Convention Center
Austin, Texas