: The URL and e-mail filtering facilities are a useful addition.
: The help system is not related to the screen content.
: This is a capable firewall that is simple to set up and provides a number of useful extras.
SummaryFortinet's FortiGate-3000 Firewall provides a wide range of firewall services, including content filtering, intrusion detection and VPN facilities, as well as antivirus protection, packaged into a 2 U rack mountable chassis. The front panel contains the network connections, serial connection, LCD panel and four control buttons. The only printed documentation was a quick start sheet, with all the other documentation covering installation and management being provided on the accompanying CD-ROM.
The unit has two distinct operating modes, NAT/Route mode and Transparent mode. In NAT/Route mode the device acts as a gateway between the LAN and the Internet, with the option of routing or NAT controlled by the security policies, while in Transparent mode the device operates behind a router or another firewall. The device looses its VPN capability in Transparent mode.
There are two main configuration methods available, a browser-based interface and a Command Line Interface. Some interface addresses can be configured from the front panel control buttons, which is useful for changing the operating mode and the management interface address before connecting the device to the management device. The default configuration allows internal network access to the Internet, but blocks all access from the Internet to the LAN. The system provides a wizard to set up the system initially, helping to configure interface addresses and adding any servers that might be on the network. The online help is comprehensive but is not related to the screen being displayed. There are a number of logging and reporting options, and the system can send e-mail alert notifications for various events including virus and intrusion incidents. Rule maintenance is straightforward.
The device did not respond to port scanning attempts but neither did it did log them at the default settings. The scanning attempts did appear in the traffic log however, so it would be possible to determine that scanning had occurred. The VPN management facility includes the ability to manage local and Certificate Authority certificates.
The unit supports Cerberian URL filtering as well as having its own internal lists.
E-mail can be filtered for banned words and addresses, and any that are intercepted by the system are not dropped but are forwarded to the intended recipient with a warning tag attached to the subject line.