Fortinet this week is announcing an enterprise access switch that also functions as a small-office WAN router and multifunction security platform, reducing the number of devices that need to be managed in branch offices.

The Fortigate-224B security platform blends access control, enforced at switch ports, with other gateway protection methods including antivirus, intrusion prevention, antispam, antispyware and URL filtering.

PCs and other LAN devices plug into it directly, so with just 24 ports, it is meant for small offices or departments. The switch has 24 10/100Mbps Ethernet LAN ports, two Gigabit Ethernet ports and two 10/100Mbps WAN ports.

The upside of the device is that it lets branch offices be outfitted with a single managed device that provides networking and security, says Mike Rothman, president of Security Incite. Rather than putting in a WAN router with security features and a LAN switch, customers could install just one of these. “It’s one box vs. two,” he says.

The downside is that if customers are looking for a full-featured NAC device, this might not fit the bill, Rothman says. “I don't view the Fortinet box as a true NAC box,” he says. To be a true NAC device, it must contain a check of the integrity of devices before they are admitted to the network, manage flows of traffic after the device is admitted and have an intrusion-prevention system to shut down worm activities if they start up, Rothman says.

Rothman says products from companies including Caymas Systems, ConSentry Networks and Nevis Networks fit into the category of true NAC devices.

The Fortinet-224B runs in two modes. If strict mode is turned on, devices trying to log on are diverted to a Web portal where the switch analyzes the security posture of the devices. This check requires no agent on the endpoints.

If dynamic mode is turned on, devices logging in are granted access based on preset policies, without the endpoint check. If a policy violation or specific threat is detected later, the device can cut back access to a quarantine virtual LAN until the detected problem is dealt with.

The company differentiates between admission control, which checks the state of the endpoint to determine if it gets access, and access control, which authenticates a person in conjunction with a machine and grants access to a predetermined set of network resources. The company says it provides the latter.

Whitepapers

• The Trend from UNIX to Linux in SAP(r) Data Centers
• Network-Wide Change Management Visibility with Route Analytics
• A Comparative Study of CDN Architectures
• Best Practices for HP Servers and HP Enterprise Virtual Array in a Microsoft Exchange
• REMOTE CONTROL: How to Reduce the Cost, Complexity and Risk of Managing Your Distributed IT Infrastructure
• Best Practices for WAN Optimization with Data Replication

View more LANS & WANS whitepapers

Webcasts

• Branch Office Trends and Best Practices
• Correlating granular network and application visibility
• Migrating to an MPLS-Based Network
• Round Table Webcast with Forrester Research
• Best Practices for Deploying WAN Optimization for Disaster Recovery
• WAN Optimization Editorial Webcast

View more LANS & WANS webcasts

Special Reports

• Ehternet Services: WAN options mature
• Keeping Spam at Bay
• Network World Executive Guide: The Virtualization Equation
• Get More From Your WAN
• WAN Optimization: How to rev up sluggish applications
• Network World Executive Guide: Perfecting Application Performance Management

View more LANS & WANS special reports