Strengths: Secure and affordable, lots of UTM features
Weaknesses: VPN functionality and features are limited
Verdict: This appliance is a great buy if you want its other functions as well as a VPN. But if all you need is a VPN, give it further thought
The FortiGate-500A-HD is a united threat management (UTM) appliance with SSL VPN capability. The web interface covers a lot of ground, but is not too overwhelming. We found that setting up the VPN on this device was a little complicated, due to the fact that the functionality is tied to the firewall and there are extra configurations that need to take place. We found the configuration of the appliance to be awkward at certain points.
This device is not strictly an SSL VPN, as it is also a full UTM. The virtual private network is very basic and does not include a lot of features you will find in other products in this category. The focus of the FortiGate VPN is primarily based on restricting and securing access rather than on creating application access on a web portal. The product does have a web portal of its own, but only allows access to web, telnet, ftp and Samba servers. We have reviewed the FortiGate in the past (SC, August 2006) and, generally, we liked it as a multipurpose appliance. Like many such all-in-one tools, however, it has its strengths and weaknesses. In this case, the VPN, while competent, does not always ascend to the level of a dedicated VPN device.
This device offers a lot of security thanks to its UTM base. Authentication methods include Radius, LDAP, local database, SecureID and X-Auth support for IPSec Clients. Also available are UTM features such as an intrusion prevention system and anti-virus protection. From the standpoint of vulnerability, this box is rock-solid.
Documentation for the FortiGate box is well-organized and comes complete with diagrams and screen shots. It provides easy-to-follow step-by-step instructions for setup and deployment. The manuals also give setup examples and fields to enter specific configuration information specific to the environment, so it is all in one place. The quickstart guide shows simple setup steps using various options such as web-based or command line.
The support center on Fortinet's website offers telephone and email asistance as well as an online knowledge base. We also found information on training and a place to download updates.
If a UTM is what you're after, this is a great buy. However, if you are looking for a full-service SSL VPN device, this isn't it. While its security is high, its VPN capability is limited. Almost all of that functionality is tied, in one way or another, to the other capabilities of the overall product.