Re: Fortinet unified threat management evaluation feedback needed

[Jere Retzer <retzerj () OHSU EDU>]

You might also consider Snort as an open source solution. Doesn't include virus scanning but is billed these days as an 
intrusion prevention as well as detection system. Of course, putting anything inline can impact performance

> > > cjf () CALFRYE COM 2/27/2007 2:18 PM >>>
Jere Retzer wrote:
> One caution: be sure
> to evaluate carefully your throughput needs as IPS and virus scanning
> seem to drop throughput by around 90%. I also wonder what are the
> lantency and other impacts on VOIP and h.323.
>
> > > > Christian.Heroux () ETSMTL CA 2/27/2007 9:22 AM >>>
> I am worry to put all my eggs in one basket. I know
> they use ASIC instead of CPU but I would like to see all eight
> functions activated (firewall, antivirus, anti-spam, IPS, IDS,
> traffic shaping, VPN)

We've seen that just stacking individual devices inline can raise
latency to unacceptable levels. I have no experience with the Fortigate,
but you're right to be worried.

Have them send you a largish unit for evaluation -- you'll never know
how it works with your traffic until you try it out. The times I've done
this, I often haven't changed vendors, but frequently have discovered we
needed a more capable box than we evaluated (wishful thinking, every time).

-- 
Regards,
-- Cal Frye, Network Administrator, Oberlin College

   www.calfrye.com,  www.pitalabs.com 


"Even if you win the rat race, you're still a rat."