Introducing Fortinet's FortiGate-90D
We are continuing a series of publications on the topic of providing comprehensive network protection using unified threat management devices, they are also UTM devices. In this article, we will get acquainted with the new FortiGate-90D model from Fortinet.
The manufacturer, holding its position in the market, seeks to meet current trends in increasing bandwidth, as well as the number of network devices and users of corporate networks of enterprises, and most importantly - the rapidly growing number of threats to network security. And all this is happening against the backdrop of the active implementation of BYOD and cloud technologies.
')
The object of our consideration today - FortiGate-90D, has “out of the box” a variety of functions inherent in modern UTM-devices, as they say, including but not limited to the following:
- Router (static, dynamic routing RIP, OSPF, BGP, PIM);
- Firewall;
- Intrusion Prevention System (IPS);
- Antivirus and Antispam;
- Application Control;
- Built-in wireless controller;
- Web / content filtering;
- Failover / clustering mode;
- Support: IPv6, VLAN;
- VPN IPSec and SSL, VPN concentrator;
- Shaping traffic;
- Optimization of WAN traffic;
- Inspection of SSL traffic;
- Data leakage prevention (DLP);
- Balancing server load;
- Division into virtual devices (domains) (VDOM);
- Endpoint control;
- User authentication in LDAP, RADIUS, TACACS +, Single Sign-On in Active Directory and eDirectory
In addition to the functionality, I would like to say about the positioning of the FortiGate-90D model. In the line it is almost at the junction between the SMB sector and the initial Enterprise. In general, due to its novelty (the “D” line is the newest from the manufacturer) and the improved second generation Fortinet System on Chip (SoC) technology - SoC2, which accelerates traffic processing, VPN and UTM functions through its own development of FortiASIC ​​processors, The model will definitely become competitive in combination with price / size / performance. In general, this is most likely a previously prepared replacement of the FortiGate-80C model.
And on performance and performance characteristics in general, to your attention there will be a curious table:
If we compare it with the previous C-SoC2 line, as we can see, the firewall has an increased bandwidth and the number of simultaneous / competitive sessions, and the speed of IPsec VPN has increased, let alone the number of interfaces, which are 16 gigabit in total ( someone and the switch is not useful :). By the way, the division into FortiGate's WAN and LAN interfaces is very conditional, since only a few initial models do not support splitting the built-in switch into separate interfaces and reassembling them back into the switch, for example, with fewer ports. 15 WAN in DHCP mode, static address or PPPoE and one LAN-interface is like “Eight pies and one candle” in Carlson, but it’s quite real.
By differences from below and higher models, there is a matrix of functions of the current version of the FortiOS operating system, where the advantages are: generation of basic local reports "out of the box" (without FortiAnalyzer help), logging to disk is enabled by default and is present in the web interface (lower models have it, but through the CLI command line), SSL offloading, optimizing WAN traffic in the web interface. Among the drawbacks is the lack of support for Link Aggregation (starting from model 100D and above), the ability to configure protection against DoS only through the CLI and the lack of support for ARIA cryptographic algorithms for IPSec.
Having finished a detailed description, instead of pictures from datasheets, we will spoil our readers with live photos, focusing on the topic of the article, mainly on unpacking our new model.
So, let's get started, we need nothing more, and we need to pre-prepare a box with FortiGate-90D, supplied by the manufacturer in its original form.
Opening it, we see the delivery set:
Here are:
- FortiGate-90D device - 1 pc .;
- Power supply with a three-fingered connector (12V, 3A at the output) - 1 pc .;
- Power cord with "euro" socket to the power supply - 1 pc .;
- UTP Cat5e network patch cord with RJ-45 connectors - 1 pc;
- USB-cable with miniUSB-to-USB connectors for configuration via a PC (via FortiExplorer );
- Rubber pads for the bottom of the stand for desktop placement - 4 pcs .;
- “Mounting kit” in the form of a pair of self-tapping screws for fastening on a wall and a pair of dowels — 2 pcs .;
- QuickStart Guide - a brief manual in English on the completeness, connection and configuration of the device.
Here is what the bundle looks like removed from the box:
The device itself is considered separately and closer. Front panel "for inspection":
Here we see from left to right:
- Console connection connector (Console);
- Indication lamps: PWR (power), STA (status), ALARM (accident), HA (high-availability, also cluster mode, if such is configured).
The following is an indication of interface ports - WAN1, WAN2 and LAN 1-14.
The back is as follows:
Here from left to right are:
- DC + 12V (power connector);
- USB MGMT (miniUSB for configuration);
- connector for ground terminal (above USB MGMT);
- USB 1-2 (standard USB for 3G / 4G modems or flash drives, as well as for configuration via iPhone / iPad using FortiExplorer for iOS);
- Interfaces - WAN1, WAN2 and LAN 1-14 with RJ-45 connectors.
Note the modest dimensions of the device, they make W x D x B: 233x223x44 in millimeters and x 9.17x8.78x1.72 in inches, which corresponds to about half the size of a 19 ”unit of the server rack.
From the rest, you can also note the presence of ventilation holes on the top cover of the device.
In the depths of the extensive FortiGate line, there is a version of the same device with a built-in WiFi access point (2.4 / 5GHz 802.11a / b / g / n dual-band module (2x2 MIMO)), called FortiWiFi-90D.
Summing up, we consider it necessary to emphasize once again that the model turned out to be successful in combining its speed characteristics with dimensions, as well as at a price not much higher than the level of the “experienced” fellow FortiGate-80C, but featuring a large number of ports, interfaces and capabilities. And the stated performance indicators certainly mark the Enterprise segment.
More links:
Initial setup and capabilities of FortiGate UTM devices for small businesses
Fortigate - a worthy replacement for the outgoing Microsoft Forefront TMG
Authorized Fortinet Training Courses
MUK-Service - all types of IT repair: warranty, non-warranty repair, sale of spare parts, contract service
The manufacturer, holding its position in the market, seeks to meet current trends in increasing bandwidth, as well as the number of network devices and users of corporate networks of enterprises, and most importantly - the rapidly growing number of threats to network security. And all this is happening against the backdrop of the active implementation of BYOD and cloud technologies.
')
The object of our consideration today - FortiGate-90D, has “out of the box” a variety of functions inherent in modern UTM-devices, as they say, including but not limited to the following:
- Router (static, dynamic routing RIP, OSPF, BGP, PIM);
- Firewall;
- Intrusion Prevention System (IPS);
- Antivirus and Antispam;
- Application Control;
- Built-in wireless controller;
- Web / content filtering;
- Failover / clustering mode;
- Support: IPv6, VLAN;
- VPN IPSec and SSL, VPN concentrator;
- Shaping traffic;
- Optimization of WAN traffic;
- Inspection of SSL traffic;
- Data leakage prevention (DLP);
- Balancing server load;
- Division into virtual devices (domains) (VDOM);
- Endpoint control;
- User authentication in LDAP, RADIUS, TACACS +, Single Sign-On in Active Directory and eDirectory
In addition to the functionality, I would like to say about the positioning of the FortiGate-90D model. In the line it is almost at the junction between the SMB sector and the initial Enterprise. In general, due to its novelty (the “D” line is the newest from the manufacturer) and the improved second generation Fortinet System on Chip (SoC) technology - SoC2, which accelerates traffic processing, VPN and UTM functions through its own development of FortiASIC ​​processors, The model will definitely become competitive in combination with price / size / performance. In general, this is most likely a previously prepared replacement of the FortiGate-80C model.
And on performance and performance characteristics in general, to your attention there will be a curious table:
If we compare it with the previous C-SoC2 line, as we can see, the firewall has an increased bandwidth and the number of simultaneous / competitive sessions, and the speed of IPsec VPN has increased, let alone the number of interfaces, which are 16 gigabit in total ( someone and the switch is not useful :). By the way, the division into FortiGate's WAN and LAN interfaces is very conditional, since only a few initial models do not support splitting the built-in switch into separate interfaces and reassembling them back into the switch, for example, with fewer ports. 15 WAN in DHCP mode, static address or PPPoE and one LAN-interface is like “Eight pies and one candle” in Carlson, but it’s quite real.
By differences from below and higher models, there is a matrix of functions of the current version of the FortiOS operating system, where the advantages are: generation of basic local reports "out of the box" (without FortiAnalyzer help), logging to disk is enabled by default and is present in the web interface (lower models have it, but through the CLI command line), SSL offloading, optimizing WAN traffic in the web interface. Among the drawbacks is the lack of support for Link Aggregation (starting from model 100D and above), the ability to configure protection against DoS only through the CLI and the lack of support for ARIA cryptographic algorithms for IPSec.
Having finished a detailed description, instead of pictures from datasheets, we will spoil our readers with live photos, focusing on the topic of the article, mainly on unpacking our new model.
So, let's get started, we need nothing more, and we need to pre-prepare a box with FortiGate-90D, supplied by the manufacturer in its original form.
Opening it, we see the delivery set:
Here are:
- FortiGate-90D device - 1 pc .;
- Power supply with a three-fingered connector (12V, 3A at the output) - 1 pc .;
- Power cord with "euro" socket to the power supply - 1 pc .;
- UTP Cat5e network patch cord with RJ-45 connectors - 1 pc;
- USB-cable with miniUSB-to-USB connectors for configuration via a PC (via FortiExplorer );
- Rubber pads for the bottom of the stand for desktop placement - 4 pcs .;
- “Mounting kit” in the form of a pair of self-tapping screws for fastening on a wall and a pair of dowels — 2 pcs .;
- QuickStart Guide - a brief manual in English on the completeness, connection and configuration of the device.
Here is what the bundle looks like removed from the box:
The device itself is considered separately and closer. Front panel "for inspection":
Here we see from left to right:
- Console connection connector (Console);
- Indication lamps: PWR (power), STA (status), ALARM (accident), HA (high-availability, also cluster mode, if such is configured).
The following is an indication of interface ports - WAN1, WAN2 and LAN 1-14.
The back is as follows:
Here from left to right are:
- DC + 12V (power connector);
- USB MGMT (miniUSB for configuration);
- connector for ground terminal (above USB MGMT);
- USB 1-2 (standard USB for 3G / 4G modems or flash drives, as well as for configuration via iPhone / iPad using FortiExplorer for iOS);
- Interfaces - WAN1, WAN2 and LAN 1-14 with RJ-45 connectors.
Note the modest dimensions of the device, they make W x D x B: 233x223x44 in millimeters and x 9.17x8.78x1.72 in inches, which corresponds to about half the size of a 19 ”unit of the server rack.
From the rest, you can also note the presence of ventilation holes on the top cover of the device.
In the depths of the extensive FortiGate line, there is a version of the same device with a built-in WiFi access point (2.4 / 5GHz 802.11a / b / g / n dual-band module (2x2 MIMO)), called FortiWiFi-90D.
Summing up, we consider it necessary to emphasize once again that the model turned out to be successful in combining its speed characteristics with dimensions, as well as at a price not much higher than the level of the “experienced” fellow FortiGate-80C, but featuring a large number of ports, interfaces and capabilities. And the stated performance indicators certainly mark the Enterprise segment.
More links:
Initial setup and capabilities of FortiGate UTM devices for small businesses
Fortigate - a worthy replacement for the outgoing Microsoft Forefront TMG
Authorized Fortinet Training Courses
MUK-Service - all types of IT repair: warranty, non-warranty repair, sale of spare parts, contract service
Source: https://habr.com/ru/post/212253/
All Articles