High-availability options and a well-designed management interface.
Single power supply.
An effective and flexible device that could fit a number of networking requirements.
Fortinet's FortiGate-800 offers eight Ethernet connections in its 1U height chassis, and four of these are 10/100/1000 Base-T connections. Three of the high-speed connections are designated for internal, external and DMZ networks, with the fourth reserved for a high-availability connection to other FortiGate 800 devices.
There are three configuration methods for this system. You can use the front panel LCD and four push buttons, a command line interface over a serial connection, or a browser-based interface over an SSL link.
The front panel option is useful for making the initial settings of addresses and modes, while the other two options offer access to these and all the rest of the configuration and management options.
The browser-based management interface provides an online help system, although it is not context-sensitive. It uses a similar layout to Windows help files.
The system's VPN capabilities are part of a stateful inspection firewall with intrusion detection and prevention, along with content filtering capabilities. Its high-availability option allows it to be deployed in those situations where service interruptions cannot be tolerated, although it only has one power supply.
System logging is extensive and logs can be sent to remote syslog servers as well as being maintained locally.
The management interface has facilities that allow the user to view and search log entries as well as specify the types of data recorded.
It is possible to set up filters to record data relating to specific IP addresses and services if required. Certain events, such as intrusion attempts or disk full conditions can be configured to send email alerts to specific email accounts.
The VPN client (which is sold separately) is the native Windows software implementation. Fortinet provide instructions for setting up both L2TP and PPTP types of connections on Windows 2000 and Windows XP clients. These worked well in practice, and we had no problems establishing VPN connections between our client and the target server.