Mar 10 2009

Security At The Gate

Fortinet serves up one UTM box to rule them all.

Given the demand for spam filtering, firewalls, intrusion detection, antivirus and secure remote connectivity, something typically gets short shrift when resources are limited. Thus was born the idea of unified threat management.

A UTM device — the use of stateful packet inspection to examine traffic for malicious intent — by integrating the ability to perform:

  • on-the-fly antivirus and phishing protection;
  • spam and web filtering;
  • routing and virtual private network management.

The result is one box that rules all facets of a layered security approach.


Fortinet created its UTM tool with a realization: If a device were to do all these things without melting down under the CPU load, it would need to run on a processor built specifically for the purpose. The FortiGate family is powered on application-specific integrated circuits to maximize performance and reduce cost.

For the core mission of firewall protection and intrusion prevention, the FortiGate UTM devices are highly effective. They feature stateful packet inspection and come preloaded with a large database of attack profiles. Fortinet updates the antivirus and intrusion attack profiles through a subscription service on a push basis, as opposed to the more typical client pull method, which allows an organization to get new attack profiles into the field quickly and makes its units responsive to zero-day attacks.

Why It Works for IT

All Fortinet products run the FortiOS, currently in Version 3.0, and all share a common command line and web administration syntax. The web administration tool is attractive, simply constructed and consistent in performance. Web administration can be handled through HTTP or HTTPS over either internal or external interfaces. External web administration is disabled by default, and the device accepts only the Secure Shell protocol out of the box.

For text-oriented users, the FortiGate devices can be configured on the command line through the console, SSH or web browser.

Web filtering services are also highly configurable. Users can define URL allow/deny lists by hand, by keyword content blocking or by using the Fortinet subscription web-filtering service to restrict by content category or service type (such as peer-to-peer file sharing, streaming media or chat). Exception lists can also be created with Server Message Block authentication or manual lists.

The FortiGate 200A is rated for 150 megabit-per-second firewall throughput and 70Mbps VPN throughput. It can support 200 dedicated VPN tunnels and 400,000 concurrent sessions and can create or tear down 4,000 sessions per second. The firewall can handle 2,000 policy rules.

Inbound/outbound file scanning, limited to 10 megabytes by default, can be increased to 50MB. Be sure to review the default setting during install because larger files will be allowed through without inspection.

The system’s broad-based configurability also exists in its antispam feature. Administrators can manually block by regular expressions, by domain allow/deny or by using the subscription spam filter.


The spam filter is probably the weakest feature. In real-world use, the device reduced spam levels by between 40 percent and 55 percent.

Additionally, the web interface has a fairly steep learning curve. This is pretty common, however, in UTM hardware because of the broad feature set and high degree of configurability of these products.

Although the FortiGate appliance functions well as a firewall/VPN solution out of the box, you will need to sign up for the subscription service to receive attack signature updates and web- and spam-filtering services. But Fortinet’s subscriptions are well priced, which plays a part in the value proposition of its products.