All of the expected security services are in the 400A, and as opposed to Astaro and WatchGuard, Fortinet allows anti-virus scanning to be assigned to traffic other than SNMP. Services are enabled and assigned specific actions in a Protection Profile. Profiles can be a specific mix of services tailored to a type of traffic. For example, I created a profile only with anti-virus and IPS enabled and used it as a protection policy for FTP traffic. Admins can create many different profiles, each for a specific need. 

The anti-virus service, although better than most, has its limitations. There is an upper limit on the maximum file size that can be scanned as it passes through the FortiGate. If the file exceeds 50MB — the upper limit for the model I tested — admins have the choice of denying the transfer completely or ignoring the oversized file and passing it without scanning it. This size limitation applies to all forms of traffic.

Fortinet maintains its own signature lists for anti-virus, IPS, Web, and spam filters, and updates can be scheduled hourly to make sure the latest definitions are online. In addition to signatures, the IPS uses anomaly detection to protect exposed systems. Admins can create custom signatures or simply use the included list. As with all of the solutions tested here, Core Impact couldn’t find a crack in Fortinet’s IPS.

Reporting and logging services are average. Five different logs are included, but for the best results, admins will want to ship the information off to either a Syslog or WebTrends server. For centralized management, Fortinet’s FortiManager is the platform to use. It allows for direct remote management as well as report and log aggregation.

ServGate EdgeForce M30

ServGate’s EdgeForce M30 appliance comes with three 10/100Mbps interfaces and a 20GB hard drive used for Web caching and many of its core security services. Setup and configuration of the M30 was straightforward; I had the unit online with a default outbound policy in less than 30 minutes. The M30 came in as the lowest-cost appliance in our group, and policy creation and maintenance were not overly difficult.

The M30 is based on purpose-built hardware. At its heart is a stateful inspection firewall that provides good all-around protection. As do Fortinet and WatchGuard, ServGate provides dynamic routing, such as RIP v1 and v2, and static routing, as well as dynamic DNS. QoS is included, but it isn’t nearly as complete as the support found in Fortinet. VLAN support will be available in the next release of the ServGate OS.

VPN services are also well supported with various flavors of site-to-site IPSec and PPTP, and ServGate’s VPN client handling client-to-site chores. Admins can choose between cipher strengths up to 3DES and AES256.

Creating inbound policy for my protected resources required first defining a virtual IP alias for each service and then plugging them in to the appropriate IP mapping policy. Part of the policy creation includes what content filter to apply to the inbound traffic. ServGate’s content filters are based on IPS rules and the additional security services such as anti-virus.

For example, I was able to create a “test” content filter for my exposed Web server using a predefined Web server IPS policy and then by choosing to add anti-virus filtering. Admins can use the canned IPS and content filter rules or create new ones to meet specific needs. My only complaint is that I had to hop among three different areas of the admin console in order to manipulate and assign a content filter.

The security services available in the M30 are very good, using a mix of best-of-breed and in-house developed services. For anti-virus and anti-spam, ServGate uses McAfee’s scanning engines. For Web filtering, SurfControl is included. All licensing for these third-party tools is handled by ServGate and included in the total price. Because the M30 has a local hard drive, files and messages can be quarantined instead of simply discarded.

As opposed to WatchGuard’s Firebox Core, ServGate’s EdgeForce M30 provides anti-virus scanning for SMTP, HTTP, POP3, and FTP traffic. The M30 passed my anti-virus test with flying colors, managing the 160MB file transfer and stripping out the virus.