Just bought 5 of these bad boys

Post by **dzjepp** » Thu Feb 09, 2006 4:56 pm

Cool. Who do you work for?

Post by **AmIdYfReAk** » Thu Feb 09, 2006 10:29 pm

i just installed a fortigate 60 at my workplace about ~9 months ago. and i do like it, the interface could use a little work.. but other then that, i have been happy with it..

ohh, and btw, the Anti-virii sercive on it kinda sucks... and yea, filtering is quite good

Post by **AmIdYfReAk** » Thu Feb 09, 2006 10:39 pm

its set to auto update

yet it hasent loaded.. interesting..

i will load it tonight..

funny thing that i noticed.. i have it configured like so:

Code: Select all

SDSL-> Forti - ( 3 lines ) -> 3 Servers
          |_->Unmanaged Switch -> Clients

and with ~15 clients, and 4 VPN tunnels open, its eating 80% of the on board mem... and i mean the traffic is about ~15/ksec and its simple SQL or HTTP transactions going through the thing..

Meh, Lets see what the new firmware has in store for me..

thanks for the heads up, and have fun with your new toys.

Post by **GODLIKE** » Thu Feb 09, 2006 11:14 pm

Interesting.. Is that MIME filtering? File types at the App layer?

Cos if so, it's pretty tasty for the price point..

Post by **AmIdYfReAk** » Thu Feb 09, 2006 11:56 pm

btw, i cant find the 3.0 Firmware... :/

btw godlike, yes and yes.

Post by **AmIdYfReAk** » Fri Feb 10, 2006 2:42 am

i will just wait for it to hit there FTP as per usuall, No big rush

Post by **Tormentius** » Fri Feb 10, 2006 5:36 pm

This might just be the product I've been looking for. Thanks Riddla :icon14:

Post by **Underpants?** » Fri Feb 10, 2006 7:40 pm

nice package... not really a fan of subscriptions, but it seems you can't stray from them these days. What happens if it lapses? Do you manage your own content filters or does the feature become disabled? I like the deep packet inspectionish filtering too.
Oooh, 100 MBPS throughput with 40 3DES for a sub 2000 tag? hmm not bad...

Post by **AmIdYfReAk** » Sat Feb 11, 2006 1:03 am

thus far, i have not had a hiccup fro mthe thing.. then again the most stressfull thing that it has to do is VPN tunnel's

it gives quite a bit of configurability, it also allows AutoFirmware update, Auto Virii updates ( for routers and clients.. it will store it in its cach ), etc etc..

it bascially a we'll managed Micro Unix box.

Post by **Tormentius** » Sat Feb 11, 2006 4:18 am

How extensive is the content filtering? Is the list of blocked sites definition-based? Can you define categories to be blocked (eg. webmail, porn, hacking sites, etc)?

Post by **AmIdYfReAk** » Sat Feb 11, 2006 5:19 am

pictures worth 1000 words

Post by **AmIdYfReAk** » Sat Feb 11, 2006 5:04 pm

btw, you dont need to do anything really to get the filters working, no routing process's, No nothing, they are pritty much ready to go in the box and they watch the traffic that pass's through it and catches it..

it also gives the option to not allow certan file Extentions to be blocked. ( I.E .BAT, .EXE, .ZIP, .torrent etc

)

if you guys have any more q's or anything, i can log in ( through the pwn ass remote web interface ) and take some screenies

Post by **AmIdYfReAk** » Sat Feb 11, 2006 6:28 pm

[lvlshot]http://img434.imageshack.us/img434/3060/fortweb2oz.jpg[/lvlshot]

Post by **+JuggerNaut+** » Sat Feb 11, 2006 7:10 pm

Post by **Underpants?** » Tue Feb 14, 2006 2:46 am

right on amidy, ups for you guys sharing this, I'm getting ready to toss my Pix 515e because of hardware issues and am more interested the further I dig into this thing. Both seem to have enterprise-level protection for a low-budget system. Amidy, what's a yearly subscription cost for the whole 9 yards on a 60 and how many vpn client licenses do you get? Looks like it's unlimited IKE peers (remote vpn gateways) as well as internal clients, have you tried setting up off-brand peer tunnels, or just the vpn portion?

Post by **AmIdYfReAk** » Tue Feb 14, 2006 2:52 am

allllright, back up!

we have 15 VPN licences, So that allows for 15 VPN Tunnels to me made ( i.e. install the app as much as you want, only 15 tunnels can be used at once

)

i am not sure about the $$ as the boss got this, and dropped it on my lap.

Post by **AmIdYfReAk** » Tue Feb 14, 2006 2:54 am

all the cost's are here mang

http://www.fortiwall.com/productcart/pc ... tegory=666

Post by **Underpants?** » Tue Feb 14, 2006 4:01 pm

AmIdYfReAk wrote:all the cost's are here mang

http://www.fortiwall.com/productcart/pc ... tegory=666

thanks :icon14: that got me what I needed.

Post by **R00k** » Fri Feb 24, 2006 6:00 am

Looks nice. :icon14:

Is the memory util. so high because you don't have a disk dedicated to log storage possibly?

Post by **Underpants?** » Fri Feb 24, 2006 3:32 pm

I've got a 60M on order for a remote site :iconthumbsup:

Post by **AmIdYfReAk** » Sun Feb 26, 2006 5:33 pm

nice eh?

i love it when i had msn blocked... people where less then pleased.

Post by **AmIdYfReAk** » Sun Feb 26, 2006 10:29 pm

*waits for the new fiemware to hit the 60's*

Post by **Underpants?** » Wed Mar 15, 2006 5:30 pm

very happy with the 60 overall.. some observations:
keyword/url filtering should not implicitly override 'allow all from host' rules (which by the way have no effect if there's a deny from all hosts below it--very different from checkpoint or cisco).
In 3.0 I hope they tweak the spam filters, and maybe include pop3s and imaps proxy filters, as well.
other than that, with dumped syslog data every day, it's every bit as effective as any solution I've used short of ssl-based proxy/vpn aggregators.

and the firmware upload via https is brilliant.

Post by **Underpants?** » Wed Mar 15, 2006 11:54 pm

do you know if there's compression being used? Due to the latency-crushing kickassedness of zlib, I'm torn between the reluctance to sacrifice an openvpn solution and my nagging fear of the grim PChardware Reaper. If you're not sure don't sweat it, man-- I'll do some searching this weekend.

Post by **Underpants?** » Thu Mar 16, 2006 1:50 pm

thanks :icon11: