Educause Security Discussion mailing list archives
Re: Fortinet unified threat management evaluation feedback needed
From: jkaftan <jkaftan () UTICA EDU>
Date: Thu, 1 Mar 2007 09:34:19 -0500
We just went through the process of buying two Fortigate 1000As for our edge network. We are going to set them up as separate networks, student and admin. We will also have two ISPs (student and admin). Each box will be configured as two virtual boxes student and admin. During production the admin side will route to one physical Fortigate and the students to the other. In each case half of the Firewall will be a passive standby for the other. If a firewall or edge router or ISP goes down traffic will fail-over to the other side. We are going to have two 30 Mb internet connections (admin and student) and the 1000A is rated at 2 Gb throughput (firewall only). We like what we've been told regarding the Fortigate and are thinking these two boxes are way overkill for our application. We'll see. We will make sure we schedule update during the night. We are planning on running AV and IPS as well as Firewall. I'll keep you posted. -----Original Message----- From: Jere Retzer [mailto:retzerj () OHSU EDU] Sent: Tuesday, February 27, 2007 6:41 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Fortinet unified threat management evaluation feedback needed You might also consider Snort as an open source solution. Doesn't include virus scanning but is billed these days as an intrusion prevention as well as detection system. Of course, putting anything inline can impact performance
cjf () CALFRYE COM 2/27/2007 2:18 PM >>>
Jere Retzer wrote:
One caution: be sure to evaluate carefully your throughput needs as IPS and virus scanning seem to drop throughput by around 90%. I also wonder what are the lantency and other impacts on VOIP and h.323.Christian.Heroux () ETSMTL CA 2/27/2007 9:22 AM >>>I am worry to put all my eggs in one basket. I know they use ASIC instead of CPU but I would like to see all eight functions activated (firewall, antivirus, anti-spam, IPS, IDS, traffic shaping, VPN)
We've seen that just stacking individual devices inline can raise latency to unacceptable levels. I have no experience with the Fortigate, but you're right to be worried. Have them send you a largish unit for evaluation -- you'll never know how it works with your traffic until you try it out. The times I've done this, I often haven't changed vendors, but frequently have discovered we needed a more capable box than we evaluated (wishful thinking, every time). -- Regards, -- Cal Frye, Network Administrator, Oberlin College www.calfrye.com, www.pitalabs.com "Even if you win the rat race, you're still a rat."
Current thread:
- Fortinet unified threat management evaluation feedback needed Christian Hroux (Feb 27)
- <Possible follow-ups>
- Re: Fortinet unified threat management evaluation feedback needed Jere Retzer (Feb 27)
- Re: Fortinet unified threat management evaluation feedback needed Mark Rogowski (Feb 27)
- Re: Fortinet unified threat management evaluation feedback needed Cal Frye (Feb 27)
- Re: Fortinet unified threat management evaluation feedback needed Gary Flynn (Feb 27)
- Re: Fortinet unified threat management evaluation feedback needed Botelho Marla (Feb 27)
- Re: Fortinet unified threat management evaluation feedback needed Jere Retzer (Feb 27)
- Re: Fortinet unified threat management evaluation feedback needed jkaftan (Mar 01)
- Re: Fortinet unified threat management evaluation feedback needed John Kemp (Mar 09)