Fortinet has taken their proven UTM (Unified Threat Management) firmware and hardware experience and combined those with a 24-port network switch -- the FortiGate-224B. The switch is fully managed and offers security and network administrators' full control over each port and, therefore, potentially each user machine that is connected to the switch. This further convergence of security device with networking can be a benefit particularly if your organisation needs very granular control.
There has often been criticism over the ever increasing convergence of security technologies, from the early days when firewalls started adding features like routing, modems, spam/virus/spyware gateway systems, content filters, intrusion detection and prevention systems and VPN technologies. Critics often suggest the theory that no single vendor could be the top in each area, or that one subsystem may be left behind, therefore the best and most secure deployments are serviced by individual products coming from a number of different vendors.
This may well be the case in enterprise, where the risk of a successful security breach is high or the cost of a compromise outweighs the cost of the many security components used to protect the data. However, for many small- to medium-sized organisations, the attached cost generally leaves them with no option but to consider converged security, and evaluation revolves around key factors critical to their business, with other components of the integrated security device being "bonus" protection of some degree.
How We Tested
We were supplied a Fortinet FortiGate-224B, which takes the concept of UTM to another level by adding a 24 port managed secure network switch. There are at least twelve different features that we could test and benchmark individually from a network and security perspective they certainly wouldn't within the scope of this review.
We therefore took this product and consider it from the perspective of its physical characteristics, installation, configuration and administration as well as some of the devices unique features. Overall we consider the ease-of-use and usability of this quite technically complex device, which is of prime concern when it comes to security products -- if mis-configured they could leave the organisation with an increased and unacceptable risk of exposure.
The 224B is a 1RU (rack unit) form factor housed in a sturdy metal casing. The front of the unit has 24 10/100Mbps RJ45 network ports in two banks of 12. There is also two RJ45 1Gbps ports labelled 25 and 26 for use in cascading switches or switch redundancy, there are also two RJ45 10/100Mbps ports for Wide Area Network (WAN) connectivity.
A console port for access to the Command Line Interface (CLI), a small power light and two USB port (for connection with a FortiUSB key or modem) round out the front of the unit. Each of the RJ45, LAN and WAN ports have individual status and activity LED indicators. The rear of the unit has an IEC power socket, power switch, small fan and ventilation grill (each side of the chassis also has grills).
Internally the device is very neat, with plenty of space for airflow. There is another fan internally, which is connected to the end of a very large heatsink. There is also a memory socket, which is populated with a 512MB RAM module, and there is also a compact flash socket which was populated with a 128MB module.
Once powered on, administration can be via an Internet browser or console port direct to the CLI. The device we were supplied with came with an interim build of the firmware. One of the first things we noticed was the speed of the interface. In the lab we are in contact with literally hundreds of different network-connected appliances from many vendors, and we have never seen a device with an administrative interface as quick as the FortiGate-224B.
Considering the amount of features packed into this device, the interface is excellent, very clear, concise and easy to use, however administrators given the task of configuring and deploying this appliance definitely need advanced experience in networking and security systems.
Features range from the individual control of each network port; through to its advanced functions as a router, firewall, antivirus, antispam, IPS, Web filter, IM, P2P and VoIP filter; as well as advanced user support, (Local, RADIUS, LDAP, AD etc) and VPN capabilities (IPSEC, PPTP and SSL).
One stand out feature -- and we have seen iterations of this on earlier Fortinet products -- is the main System Status page, which gives the operator access to a wide range of at-a-glance information from the unit's operation. This includes a visual display of ports and their status, through to the system resources (CPU and memory usage).
There is also a window that hooks into the CLI. Logging is also another area where Fortinet has obviously put a lot of thought into and the clear path for any organisation deploying these devices is to also put a FortiAnalyzer in there -- your security and audit departments will thank you forever.
Just when you thought UTMs could not pack in any more convergent security technology, the Fortinet FortiGate-224B comes along adding a 24-port switch to the mix and enabling even more granular control over each and every network port and user.
|With well over 10 areas of specific network/security functionality (including managed network switching) it provides excellent interoperability.|
|Good connections available for external authentication and logging systems.|
|At a shade under AU$8,500 (inc. GST) this device is very good value for money when one considers the individual network and security areas it can service.|
|1 year warranty, 90 day subscription service (AntiVirus, Web Content Filtering, AntiSpam, IPS, technical support and access to firmware updates) -- subscription service can be extended, and warranty can also be extended up to 3 years (additional cost).|