Strengths: A powerful multifunction enterprise appliance.
Weaknesses: Some features such as the anti-spam are relative basic.
Verdict: This scalable powerful multifunction unit manages to combine ease of setup and management with enterprise-class power.
This device covers all the bases in the multifunction security device stakes by offering firewall, web filtering, VPN, IPS AV and anti-spam.
While not the noisiest unit tested, its relatively high degree of fan noise means it would have to be deployed in a server room. It supports 400,000 concurrent sessions with a firewall throughput of 1Gbps.
Configuration is via a web-based GUI, which makes it very easy to create new policies, but we liked the way it boasts the same kind of easy setup wizard as the 500, which we recently tested.
From the web-based management console we first set up the DHCP server, the unit’s internal and external IP addresses. Then we specified the IP addresses of the associated web server and email servers on our local test network.
This carefully designed ease of use is continued with the unit’s very simple anti-virus set tool, which lets users set protection levels to high, medium or none.
For anti-spam, the unit ships with its own FortiGuard service, a blacklist that can be configured to block specific addresses, based on an RBL subscription. Single words can also be filtered out.
The firewall configuration page allows users to create policies, banks of addresses, and define which service ports can receive or send traffic. You can also authenticate users against a local database or Radius or LDAP servers.
The management tool suite makes it simple to create VPN gateways and tunnels, while the very clear monitoring tool allows administrators to keep track of dial up and IP tunnels in realtime.
For IPS management, the unit provides a comprehensive range of pre-defined signatures, but administrators are also able to add in custom signatures to meet their individual requirements.
To keep the signatures for all the different security function modules, the device provides a dedicated update center. If an update is pending, administrators are notified by the presence of a flashing graphical warning.
A very useful status dashboard provides a single overview of the entire system and notifies administrators of any problems.