Home page logo

educause logo Educause Security Discussion mailing list archives

Re: Fortinet unified threat management evaluation feedback needed
From: Cal Frye <cjf () CALFRYE COM>
Date: Tue, 27 Feb 2007 17:18:06 -0500

Jere Retzer wrote:
One caution: be sure
to evaluate carefully your throughput needs as IPS and virus scanning
seem to drop throughput by around 90%. I also wonder what are the
lantency and other impacts on VOIP and h.323.

Christian.Heroux () ETSMTL CA 2/27/2007 9:22 AM >>>
I am worry to put all my eggs in one basket. I know
they use ASIC instead of CPU but I would like to see all eight
functions activated (firewall, antivirus, anti-spam, IPS, IDS,
traffic shaping, VPN)

We've seen that just stacking individual devices inline can raise
latency to unacceptable levels. I have no experience with the Fortigate,
but you're right to be worried.

Have them send you a largish unit for evaluation -- you'll never know
how it works with your traffic until you try it out. The times I've done
this, I often haven't changed vendors, but frequently have discovered we
needed a more capable box than we evaluated (wishful thinking, every time).

-- Cal Frye, Network Administrator, Oberlin College

   www.calfrye.com,  www.pitalabs.com

"Even if you win the rat race, you're still a rat."

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]