Re: Fortinet unified threat management evaluation feedback needed

[Cal Frye <cjf () CALFRYE COM>]

Jere Retzer wrote:
> One caution: be sure
> to evaluate carefully your throughput needs as IPS and virus scanning
> seem to drop throughput by around 90%. I also wonder what are the
> lantency and other impacts on VOIP and h.323.
>
> > > > Christian.Heroux () ETSMTL CA 2/27/2007 9:22 AM >>>
> I am worry to put all my eggs in one basket. I know
> they use ASIC instead of CPU but I would like to see all eight
> functions activated (firewall, antivirus, anti-spam, IPS, IDS,
> traffic shaping, VPN)

We've seen that just stacking individual devices inline can raise
latency to unacceptable levels. I have no experience with the Fortigate,
but you're right to be worried.

Have them send you a largish unit for evaluation -- you'll never know
how it works with your traffic until you try it out. The times I've done
this, I often haven't changed vendors, but frequently have discovered we
needed a more capable box than we evaluated (wishful thinking, every time).

--
Regards,
-- Cal Frye, Network Administrator, Oberlin College

   www.calfrye.com,  www.pitalabs.com


"Even if you win the rat race, you're still a rat."