Fortinet FortiGate Firewalls are Secure SD-WAN-ready security platforms designed to protect home offices, SMBs, mid-sized, distributed enterprises, and branches. Highly efficient security processors optimize network performance with deep visibility and security effectiveness that routinely wins praises and recommendations from third-party benchmark tests.
FortiGate firewalls are available in many sizes, so finding a Fortinet FortiGate that fits your needs is simple. Fortinet’s most popular firewalls belong to the D Series, E Series, & F Series. F Series is the latest generation of FortiGate firewalls.
FINDING YOUR NEXT FORTIGATE FIREWALL
Recommended User Counts – The most important consideration when buying a Fortinet next-gen firewall is the number of users your network must support. User counts means more than just the number of employees in your organization. A user is defined as any desktop, laptop, printer, phone, tablet, or other Internet-connected device operating on your organization’s network.
For optimal security, get an accurate count of every user in your system. Firewalls.com recommends leaving extra room for additional users in case your business grows or if you need to accommodate guest users. This also ensures there’s plenty of bandwidth for resource-heavy applications.
Throughput Speeds – A firewall’s throughput is a measure of the volume of Internet traffic that can pass through the firewall at any one time, based on the processing power of the hardware. Throughput is measured in Mbps (megabits per second) and Gbps (gigabits per second). Fortinet datasheets list a variety of throughput statistics based on the types of security services, traffic, and protocols that the firewall is handling.
Max Firewall Throughput – Max Firewall Throughput is the highest throughput statistic you will see on any datasheet because it denotes the maximum possible processing speed of the hardware when no additional services are deployed. This is the “out of the box” speed and, for most usage cases, does not reflect how a firewall will perform in a real-world scenario.
SSL VPN Throughput – Secure Socket Layer (SSL) and Virtual Private Networks (VPN) refer to communication protocols that govern how information is encrypted and transmitted between a source and its destination. Utilizing SSL VPN tunnels is the most secure means for remote workers, outposts, and branch offices to access resources from the primary database. Because a VPN is a private connection, throughput speeds are dependent on the kinds of data being transferred as well as the performance potential of the gateway encrypting and decrypting the traffic that passes through it.
IMIX Throughput – IMIX, or Internet Mix, refers to simulated traffic passing through a firewall to emulate how the hardware would perform in a real-world environment. IMIX throughputs represent the performance a firewall was able to achieve while handling a variety of packet sizes and traffic patterns. Internet Mix profiles are based on real-world samples captured by a selection of Internet routers and security sensors. This statistic will closely reflect the actual performance you can expect on your network.
Site-to-Site VPN Tunnels – Site-to-site VPN tunnels allow fixed-location Local Area Networks (LANs) to extend secure conduits to the main office intranet. DPI-SSL is included standard with any current generation Fortinet FortiGate firewall. FortiGate datasheets outline the maximum number of tunnels that a firewall can accept from remote LANs. These system specification tables will also include the max number of IPSec VPN clients supported.
Form Factor – The form factor of an appliance is the size and shape of the hardware. Most firewalls will have either a desktop form factor or rackmount form factor. Desktop form factor indicates that the firewall is a compact appliance, small enough to comfortably sit atop a desktop, while rackmount form factor specifies that the appliance was designed to be secured in a standard 19-inch server rack. Rackmount-sized appliances will sometimes indicate how many rack units (RU) the device occupies.
Wireless Support – Some organizations prefer wireless firewall solutions in lieu of appliances that must be connected via Cat5E/Cat6 cabling. Wired networking solutions are generally considered more reliable and more stable, especially because signals are not influenced or impeding by other connections. Wired appliances are generally much faster with data transfer speeds constantly improving thanks to the introduction of Gigabit interfaces. Wireless solutions such as FortiWifi wireless firewalls, however, do carry the benefit of additional mobility and flexibility of deployment, being able to reach any location without the limitations of physical cables. Wireless environments can also be installed more easily as they require less equipment and planning.
Saving Money with Fortinet
Fortinet bundles their best-selling solutions together in comprehensive bundles so that customers can save money. Offered in 1-year, 3-year, and 5-year terms, bundles are progressively discounted to shave dollars off your expenses when you plan for long-term security.
In almost all situations, buyers should be looking to bundle their firewall with additional services or support. Appliance only purchases are typically only advisable if the hardware is going to be added to an existing network and should never be used for primary firewall protection.
Unified Threat Protection – Unified Threat Protection bundles are a basic suite of FortiGuard security services designed to extend your security infrastructure past the baseline of traditional firewalling. This entails 24×7 FortiCare support, along with App Control, IPS, AMP, Web Filtering, and AntiSpam.
Enterprise Protection – Extend enterprise-grade protection to small and mid-sized businesses with the Enterprise Protection bundle which included everything found in the Unified Threat Protection option, plus additional FortiGuard services like Security Rating Services, Industrial Controls ideal for manufacturers, & services that detect unknown Internet of Things (IoT) devices.
LICENSING FORTIGATE WITH ADVANCED SECURITY
Fortinet offers a wide variety of security add-ons & upgrades to guarantee your business data is always safe. Offers may be either a one-time upgrade or a recurring subscription. Similar to bundled solutions, customers can save substantially by opting for 3-Year or 5-Year subscriptions. Below you will find brief overviews of the standalone services offered by Fortinet. All of these services are included in some or all of the bundles outlined above.
FortiGuard App Control Service – Quickly create policies to allow, deny, or restrict access to applications or categories of applications
FortiGuard IPS Service – Stop both known & zero-day attacks like malware that attempt to breach your network defenses
FortiGuard Advanced Malware Protection – Combine Fortinet’s AntiVirus service with FortSandbox Cloud for robust core protection
FortiGuard Web Filtering Service – Subscription-based managed web filtering solution that sorts billions of webpages & sites into categories to be allowed, restricted, or blocked
FortiGuard AntiSpam Service – Use both send IP reputation & known spam signature databases to detect & block a wide variety of spam emails
FortiGuard Security Rating Service – Provides real-time risk & vulnerability data to audit system configurations & processes for improved network operations
FortiGuard Industrial Service – Monitor & regulate common ICS/SCADA protocols for visibility & control
FortiGuard IoT Detection – Subscription service that allows detection of unknown IoT devices that would not be found via regular local Device Database (CIDB)