Educause Security Discussion
mailing list archives
Re: Fortinet unified threat management evaluation feedback needed
From: Jere Retzer <retzerj () OHSU EDU>
Date: Tue, 27 Feb 2007 15:40:31 -0800
You might also consider Snort as an open source solution. Doesn't include virus scanning but is billed these days as an
intrusion prevention as well as detection system. Of course, putting anything inline can impact performance
cjf () CALFRYE COM 2/27/2007 2:18 PM >>>
Jere Retzer wrote:
One caution: be sure
to evaluate carefully your throughput needs as IPS and virus scanning
seem to drop throughput by around 90%. I also wonder what are the
lantency and other impacts on VOIP and h.323.
Christian.Heroux () ETSMTL CA 2/27/2007 9:22 AM >>>
I am worry to put all my eggs in one basket. I know
they use ASIC instead of CPU but I would like to see all eight
functions activated (firewall, antivirus, anti-spam, IPS, IDS,
traffic shaping, VPN)
We've seen that just stacking individual devices inline can raise
latency to unacceptable levels. I have no experience with the Fortigate,
but you're right to be worried.
Have them send you a largish unit for evaluation -- you'll never know
how it works with your traffic until you try it out. The times I've done
this, I often haven't changed vendors, but frequently have discovered we
needed a more capable box than we evaluated (wishful thinking, every time).
-- Cal Frye, Network Administrator, Oberlin College
"Even if you win the rat race, you're still a rat."