Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Fortinet's fortigate 100 devices

from [Jonathan Lebowitsch] Network Security [Permanent Link]
Subject: RE: Fortinet's fortigate 100 devices
Date: Mon, 2 Jan 2006 14:02:51 -0800 
 
Joel, what Fortigate model do your numbers refer to? Is it
the 3600 that you reviewed?

thanks

-----Original Message-----
From: Joel M Snyder [mailto:Joel.Snyder@Opus1.COM] 
Sent: Thursday, December 29, 2005 8:18 AM
To: squid@oranged.to; focus-ids@securityfocus.com
Subject: Re: Fortinet's fortigate 100 devices



- Has anyone got any advice regarding the network

performance of these 

devices in real world environments. During my testing I

noticed they 

are using a Realtek 8139 based NIC. I personally have

never had any 

issues with Realtek 8139 cards in environments ranging

from slow to 

medium/high bandwidth utilization (40-50Mbps) however any

feedback 

about how the Realtek network cards perform in the

Fortigate would be 

greatly appreciated.


I did a test of Fortinet products and found them to be
highly CPU-bound once you turn on all features.  For example
(TPS = HTTP transactions per
second):

        only firewall turned on:        2000 TPS/70 Mbps
        IDS turned on:                  1000 TPS/39 Mbps
        IDS+IPS turned on:              1000 TPS/39 Mbps
        IDS+IPS+A/V turned on:          100 TPS/2 Mbps
        IDS+IPS+A/V+VPN tunnels:        50 TPS/1 Mbps


- I noticed that the system has got HA functionality. It

appears to be 

very similar to the way in which VRRP works. However it

does not state 

that its actually VRRP (licensing issues perhaps). Does

anyone have 

any feedback as to how good the fail over/fail back/

redundancy issues 

are on these devices?


It works quite well, for some values of "quite well."  See
my writeup in Network World last week:
http://www.networkworld.com/reviews/2005/121905-ssl-ha.html?
review=sslvpn

The situation is that the HA is really an availability
thing, not a HIGH availability thing.  Fortinet is not
sharing all the state information across the active/active
pair, which means that when you have an HA event, you'll
failover to the new device, but many of the transactions
might have to be restarted (such as, for example, requiring
users to re-authenticate).  They have an internal load
balancer, which looks slick in the glossy brochures, but
once you get to testing it, you'll see that they are not
load-balancing everything.  As I remember, only A/V is
really load balanced (which, as you can see by the numbers
above, is the single most significant drag on system
performance).


- Any overall opinions or feedback from anyone that has

used the 

device in any production environments would be fantastic.

Also if 

anyone knows of any competing products I would like be

very interested 

to know about them.


I found that their SSL VPN features were buggy and
incomplete.  I have severe reservations about their QA
process.  In the past, they have "announced" features (like
their 2.8 release) and then have them sit in beta or 'not
generally available' for months at a time.  For example,
they told me that their SSL VPN feature (in 3.0) was
shipping and ready to go, but in fact it's only available on
specific request to technical support.  In other words, they
often say "you can get this on our web site," but in fact,
you have to beg technical support for it.

I don't know what the situation is with their internal
software QA and development process, but from the outside,
it has a certain malingering odor to it that I would be
suspicious of.

All that being said, I have talked to folks who have used
them for in-line A/V and are very happy.  Since this is the
oldest and most stable feature of the product, if that's
your goal, then I'd go for it. 
  But since you're writing to Focus-IDS (and not
Focus-Antivirus), I would be a bit more suspicious of their
capabilities in the IDS+IPS space, and I would test them
much more carefully.



- I am also interested to know how everyones experiences

are in 

regards to Fortinet support?


I have only one data point.  On 20-November, I sent in a
ticket asking for copies of the 3.0 manuals (only 2.8 is on
the web site) and the newest 3.0 software.  On 28-November,
I got a response saying that they would research that, and
on 29-November, I got a response telling me how to download
3.0beta build 89 (although the build that had been shipped
to me was build 111).

jms

--
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Phone: +1 520 324 0494 (voice)  +1 520 324 0495 (FAX)
jms@Opus1.COM    http://www.opus1.com/jms    Opus One

------------------------------------------------------------
------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world
attacks from CORE IMPACT.
Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_
040708
to learn more.
------------------------------------------------------------
------------


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-users] BASE Project Lead, Kevin Johnson
Next by Date:  Testing IDS/IPS Solutions, Jimmy Stewpot
Previous by Thread:  Re: Fortinet's fortigate 100 devices, Joel M Snyder
Next by Thread:  Re: Fortinet's fortigate 100 devices, hank . schupp
Indexes:  [Date] [Thread] [Top] [All Lists]