Re: Firewall/VPN/IDS/IPS security appliances - any recommendations?

[Mark Rogowski <m.rogowski () UWINNIPEG CA>]

We have a FortiGate 400A running in transparent mode behind an aging PIX
cleaning the junk that comes through the Internet connection (30Mbps).
CPU utilization never goes above 5%.  If I had my way the PIX would be
gone.

FortiGate works real well as IDS/IPS.  The traffic shaping is a bit
weak, but I'm comparing that to Packeteer.  If you don't need too heavy
of shaping it should work ok for you.

Make sure to look at the FortiAnalyzer as well.  Its great for dredging
log input from the FortiGate and from what I can tell, will accept info
from other systems too.  I just received ours so I'm a bit weak on the
features.


Mark Rogowski
IT Security
Technology Solutions Centre
University of Winnipeg
Ph: (204) 786-9034

> > > David () BVU EDU 05/25/06 11:34 PM >>>
We're looking at the Fortigate 500A for our environment, and it
appears
to be a good fit. Does anyone have any experience with these or
similar
alternatives? I'd appreciate not getting any replies from vendors who
might monitor this group.

We currently have a 20Mbit WAN connection and are planning for the
possibility of having 90-100Mbps in 3-5 years, and we'd like the
appliance to have the capacity to handle that increase. We would put
the
device at our perimeter.

We're looking primarily for firewall, traffic shaping, HTTP/FTP/IM
virus scanning, blocking of phishing sites, and IDS/IPS. Being able to
function as a router would be a plus.


Your feedback and suggestions are appreciated.

David Boyer
Buena Vista University