The Fortinet FortiGate family of enterprise security appliances is very threatening in the enterprise firewall and VPN market. Fortinet has established itself as a strong competitive threat and a pioneer in the unified threat management market segment, and it has solidified its position with a combination of products and services that have generated strong customer momentum and raised the profile of Fortinet across the market. All of that puts growing pressure on the market incumbents from a feature, functionality, and security services perspective. Fortinet is not only setting the bar with comprehensive integrated threat defense solutions, but it has also built a broad portfolio that has led to many customer wins against major competitors in significant accounts.

Fortinet’s FortiGate series of appliances combine the full features of a firewall and VPN appliance with many advanced integrated services, including IPS/IDS, anti-virus, QoS/bandwidth shaping, and content filtering (URL and anti-spyware), as well as advanced features such as SSL VPN functionality and routing capabilities. Fortinet offers real-time (subscription-based) protection services via its push-based FortiGuard services that keep threat signatures and virus definitions up to date automatically. Fortinet is well positioned to compete across multiple markets, from SOHO to enterprise and MSSP, and against far larger and more entrenched competitors. In October 2010, the company introduced virtual appliance versions of FortiGate, and it will follow with virtualized versions of its FortiManager and FortiAnalyzer management and reporting tools.

Fortinet’s FortiOS 4.0 upgrade added four major new capabilities, including WAN optimization, data loss prevention, application control, and SSL inspection, along with hundreds of other improvements. Fortinet’s portfolio includes a carrier-class platform that scales to the largest of enterprises and hosting/ISP/carrier applications, enabling it to compete with the small handful of vendors that offer ultra-high-capacity UTM offerings for that market. Additionally, Fortinet’s virtualization capabilities position it well for the emerging virtualized security appliance universe towards which the industry is headed.

• Fortinet offers a full range of remote access mechanisms including both traditional IPSec VPN as well as an SSL VPN access mode, and it supports a dedicated desktop client with client security features and policy management capabilities.

• Fortinet’s security offering is amongst the broadest in the industry for a single-device appliance. Support for firewall, IPSec and SSL VPN, anti-virus, anti-spyware, anti-spam, intrusion detection and prevention, content (URL) filtering, and deep, protocol-aware inspection techniques gives Fortinet an edge over many competitors that must address these challenges via a multi-box solution.

• Fortinet offers protocol-based inspection support for a broad range of protocols, which contributes to stronger security and potentially more accurate threat/intrusion detection and prevention. Fortinet also provides a competitive response to the “deep packet inspection” message of competitors. New protocols that Fortinet supports include several VoIP protocols, SIP and SCCP. Fortinet further augments its deep inspection with signature and anomaly-based threat detection engines.

• The 3950B series products are capable UTM devices that support firewall/VPN, IPS, AV, Web filtering, application control, DLP and anti-spam. Fully outfitted, the 3950B can deliver 120 Gbps of firewall throughput (100 Gbps for the 3951B), 48 Gbps of IPSec VPN throughput (40 Gbps for the 3951B), 10 Gbps of IPS throughput (10 Gbps for the 3951B), and 1.5 Gbps of AV throughput (1.5 Gbps for the 3951B).

• Fortinet continues to expand the functional footprint of its appliances. FortiOS 4.0 supports several important new features. These include: WAN optimization, application control, data leakage prevention, and SSL inspection. The FortiOS 4.0 MR 2 release includes richer AV support, VoIP support, deeper integration with FortiClient, and new integration with FortiMobile SSL VPN client.

• Fortinet has documented performance metrics for encryption on each of its enterprise appliances. However, these performance metrics are chiefly based on 3DES benchmarking numbers, not AES-128 or AES-256 benchmarks. Fortinet claims to accelerate all encryption in hardware. High-end performance is 48 Gbps on the FortiGate 3950B (with a Fortinet Mezzanine Card).

• Fortinet has demonstrated proven performance in multiple public tests that have examined various aspects of the solutions’ performance, including basic firewall/VPN performance, IDS/IPS performance, and multi-service threat prevention performance.

• FortiOS 4.0 addressed a critical blind spot for enterprises by adding the ability to act as an SSL proxy, decrypt traffic to inspect it, and then apply policies before re-encrypting legitimate traffic and sending it along. Malware writers are using encryption to hide the communication between bots and command and control servers, so this capability addresses a newer threat type.

• Fortinet offers multiple tools designed to simplify device deployment, policy management, log collection, and analysis. These products are broken up into two platforms: FortiManager and FortiAnalyzer. Fortinet released v4.0 updates to both products in June 2009.

• FortiManager deals with the management of an enterprise-wide multi-device Fortinet deployment from a device and policy perspective. FortiManager can manage up to 4,000 FortiGate appliances on the high end. The FortiManager family runs from the FortiManager 3000B to the FortiManager 100. The product enables the creation and management of security policies based on individual users and groups of users. Enhancements in v4.0 include improved disaster recovery features and improved workflow that allows a single policy to be deployed across all managed devices.

• FortiAnalyzer is a purpose-built security logging platform that collects data and events from Fortinet appliances and offers a reporting and security event analysis system designed to create management-level reports of enterprise-wide security events. The v4.0 release of FortiAnalyzer includes a vulnerability management component. The device provides recommendations for protecting against found vulnerabilities. One FortiAnalyzer box can log up to 2,000 FortiGate appliances on the high end. The FortiAnalyzer family runs from the FortiAnalyzer 4000A to the FortiAnalyzer 100B.

• Individual Fortinet appliances can be managed from a command line interface or via a Web interface. The Fortinet Web interface has received good marks for ease of use, though there are some challenges, specifically regarding correlating events from the IPS/IDS engine with specific policies and rules, as well as some challenges in managing a large enterprise rule set from the Web management interface. In particular, managing a rule set of greater than 100 rules becomes more cumbersome via the Web interface.

• Fortinet offers multiple technical support programs. These include a choice of 8x5, 24x7, and Premier levels of support. Software updates are available online 24x7. Hardware maintenance programs are also available.

• The FortiGate family of products is large and growing. Fortinet positions products in this family from service provider down to SMB. The 5000 series of FortiGate blade chassis products targets MSSPs and large enterprises. Fortinet positions its mid-market offerings as running from the FortiGate-200B up to the FortiGate-1240B. The SMB products run from the FortiGate 110C to the FortiGate 50B.

• Fortinet is beginning to leverage a new generation of customized ASIC processors. This allows Fortinet to deliver impressive performance and a “pay as you grow” flexibility in hardware requirements. The 3950B, for example, supports five mezzanine card expansion slots and the 3951B supports four expansion slots. Each mezzanine card is designed to provide a combined physical port and processing resource. Each card can host FortiASIC NP4 or SP2 modules. The NP4, which was introduced last year, is a network processor, and the SP2, which is just being introduced, is a multi-core, multi-threaded security processor.

• Fortinet delivers impressive port density in its appliances. For example, the 3950B supports up to 12 total network interfaces (16 for the 3951B), up to 12 10GbE SFP interfaces (10 for the 3951B), four GbE interfaces (three for the 3951B), and two 10/100/1000 interfaces (two for the 3951B). Both products include two SR SFP+ transceivers. The 3040B has a total of 20 ports on the system comprised of modular SFP+ (eight), SFP (ten), and traditional RJ-45 (two) ports.

• Fortinet accelerates its VPN, firewall, and content inspection functions in a custom-designed ASIC. Fortinet’s rated performance number, like most products in this segment, is based on simple firewall operation, not an “all-on” configuration. However, Fortinet has added significant horsepower to its mid-market offerings in the expectation that they will increasingly be used as UTM devices.

• The higher-end FortiGate appliances support advanced mezzanine card (AMC) modules. Available double-width modules are: ADM-XB2, two-port 10GigE FortiASIC Module; ADM-XE2, two-port 10GigE Security Processing Module; ADM-FB8, eight-port GigE FortiASIC Module; and ADM-FE8, eight-port GigE Security Processing Module. Available single-width modules are: ASM-FB4, four-port GigE FortiASIC Module; ASM-CE4, four-port GigE Security Processing Module; ASM-S08, 80GB Hard Disk Storage Module; ASM-CX4, four-port GigE TX By-Pass Module; ASM-FX2, two-port GigE SX By-Pass Module; and ASM-ET4, four-port T1/E1 WAN Module. Fortinet also supports several Fortinet Mezzanine Cards (FMC): FMC-XD2, two-10GbE port 20GbE SFP Firewall Acceleration Module; FMC-XG2, tw0-10BbE port IPS Acceleration Module; and the FSM-064, 64GB SSD module.

• Fortinet offers both active-active and active-passive high-availability modes, but advanced stateful failover is only available in the active-passive mode.

• Fortinet’s devices are competitively priced and frequently offer better performance at a comparable price or equal performance at a lower price when compared to other appliance manufacturers. Fortinet also has one of the broadest appliance portfolios available on the market. The company prides itself on filling every conceivable niche in functionality and performance from SOHO to service providers. Fortinet is currently rolling out new appliances that leverage its next generation of ASIC processors. These new devices are delivering impressive improvements in performance and port density.

• Fortinet has a very straightforward pricing model of one fixed price per box and one fixed price per update service for that box. There is no complex per-user or capacity-based licensing that obscures TCO and frustrates customers.

• Fortinet develops its own remote access and remote security client, dubbed FortiClient. FortiClient is licensed on a per-user basis. The full client supports anti-X, IPSec VPN, personal firewall, anti-spam, Web content filtering, logging, central management and support. A single user license is $15.95, while 1,000 user licenses can be bought for $2.95 per client. Fortinet offers a free version of FortiClient, what it calls a “Demo” version, that provides the same functionality but without the logging, management, and support.

• Content security updates (anti-virus, anti-spam, content filtering, URL blacklists, etc.) are licensed on a yearly, per-service basis. Pricing for content security updates is relatively high, running anywhere from 15% (for AV/IDS) to 40% (for content filtering) of list price per service. (Fortinet also offers a services bundle that combines all subscription services. This package typically ranges between 40% and 45% of the list price of the product.) While straightforward, these services add significantly to the overall TCO of the solution. However, when compared to deploying an external solution, these prices are actually significantly lower in TCO. When contrasted with competitors, customers must consider the frequency of updates, the mechanism for delivering the updates (manual or automated), the cost of the service, and the impact on network performance from enabling the protection.