Need help choosing firewall. Any real-world experience with Fortigate 310b?

I run a school network with about 400 users, although only 50-100 active at any one time with about 250 computers.  10 up /10 down Internet pipe.  We need to replace our existing (aging) firewall with something that is better at stopping proxies and malware sites.

Additionally, I need a very granular approach to creating firewall rules (we have several categories of users, faculty, staff, students and guests, etc.), which is why I was attracted to the Fortigate 310b.  I also like that I can firewall my network segments with the 310b and scan internal network traffic for IPS/IDS problems.

Furthermore, it needs to be compatible with eDirectory (Novell).

I have read lots and lots about the Fortigate and like what I've read so far.

However, I'd like to know any real-world issues that people are having now (especially with the latest 4.0 firmware).  Any slows?  Does this Fortigate have an achilles heel?

I know that virus scanning is best limited to 10MB files and lower because of memory limitations on the box.  Just curious if this plays out to any consequence in the real world.

Is there any particular feature of the Fortigate 310b that doesn't work well or that stresses the platform?  SSL decryption, perhaps?

Anyway, as you can see I'm trying to locate someone that has been in the trenches with this Fortigate model and can tell me what they like/don't like about it.

Who is Participating?
ecsrdConnect With a Mentor Commented:
I have seen - on the Fortigate 60 - which we use at our spoke locations - that during a Virus outbreak (staff and their USB sticks from home...argh), that the Fortigate 60s pretty much had heart attacks dealing with the scanning on their level.  However, the 310b didn't actually have any issues, even after I had to turn off the AV at the spoke units and let the 310b handle everything.  Its a pretty robust unit compared to any of their older style equipment.  Like I said, the only thing that (in my mind) wasn't an improvement on their older 300As (which we used to have) is that 802.1Q is no longer supported...

Note: while we have 5000 users on our network, we only have 1800 stations, and those are distributed across 10 sites in our hub and spoke architecture.  The 310b is only servicing inter-site traffic and internet traffic.  Thats only about 10-12 thousand concurrent connections.  If you put all of your 400 users behind the 310b directly and it services everything, you'll probably be at about 8-9 thousand concurrent since it will be servicing all traffic.

I can't say I've noticed any slowdowns with IPS/AV/AS enabled.  In fact, I just looked at my logs and the highest CPU and Memory usage on the unit (during our virus outbreak) was only 64%.
We are a school division, and we use the Fortigate 310b.  It is an excellent device for granular control, and there aren't any issues I've come across.  The only issue I have is that the 310b is not capable of 802.1Q trunking as each port is treated as a separate entity (at least with the firmware I'm using).  I cannot speak to interoperability with Novell, however Fortigate sales and support should be able to answer that easily if you call them.

We are a division with 5000 users, a hub and spoke setup on a 40Mbit fibre MPLS interconnect.  I just had a look and our 310b has been up for 306 days without needing a restart - the device is VERY stable.

Hope that answers at least most of your real-world questions.
PhireWallAuthor Commented:
Great. Excellent response.  Any comment on the antivirus capability/speed?  That's one of the main liabilities I've read.  It can't easily scan files greater than 10MB, and it must load each file into memory to examine it.  Thus, if several people are downloading files, it could overwhelm the system or stress the memory.

Fortinet counters that most virused files are less than 10MB so that they spread rapidly, and that in the real world they will capture most of the viruses entering the network even with this 10MB limit.  (Desktop/enterprise AV should take care of anything larger that makes it through.)  Makes sense, I supposed, but wondering how it plays out with real users.

Also, I read that "heuristic detection" needs to be turned on in the CLI in order to get very good virus detection.  Was wondering if this slows it down.

I also read that turning on a lot of the UTM features (antivirus, IPS, URL filtering) slows the box down way below the specs of about 160mbps for virus detection and 800mbps for IDS/IPS.

Are these bogus claims from the competition?  Without running some really hardcore tests on my own, it's hard to evaluate these concerns.  

(If you're successfully running 5000 users on the 310b, I would think it would be overkill for my 400 users, though.)

I realize this amplifies my original request quit a bit, so if this needs to be broken out as a separate question, please let me know.

P.S.  I verified that the 310b does indeed support Novell.
PhireWallAuthor Commented:
Thanks again.  The 310b looks like a reliable device. Appreciate your rapid help here.  I'll keep the 802.1q problem in mind if/when we make our final decision.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.