• United States
Neal Weinberg
Contributing writer, Foundry


Sep 28, 20043 mins

* A look at Fortinet's FortiGate-60 dual WAN router

Fortinet’s FortiGate-60 is a dual WAN router that features four ports of 10/100Base-T for local connections, two WAN ports and even a DMZ port, plus USB ports for USB modem backups.

The quick-start guide is an 11- by 17-inch sheet of paper filled front and back with data, defusing the quick portion of the name. The guide demands Internet Explorer, but Mozilla’s Firefox browser worked (except for a few display oddities) although you must use HTTPS for a secure link.

Management screens use the left menus with submenus and tabbed pages. After initial configuration, we discovered that although instructed to gather DNS details from the ISPs and pass them along to the clients, the FortiGate-60 didn’t do that reliably, meaning clients couldn’t resolve Internet addresses properly. Only by loading DNS addresses deep in the configuration could we guarantee that every client learned the proper DNS addresses necessary to reach sites on the Internet.

The management screen gave no clue about the performance of the WAN links because there are no statistics available. You can see if the links are connected, but you can only tell which broadband connection carries the load by watching lights flash on the front of the box. Also, traffic won’t leave the internal network out to the Internet using the second WAN link unless you make a specific firewall policy addition. Until you take this extra step, there’s no failover support.

After going through the firewall policy steps and configuring the distance parameter to tell the system which route is preferred, failover started working reliably and quickly.

Although the manual doesn’t say it, the failover route (in our case WAN2) must be set higher than the default route’s number 1, such as 10. This tells the system to use WAN2 when WAN1 dies. If the distance numbers are the same, both WAN links will be used concurrently, but there is no load balancing as such. When configured, the FortiGate-60 failed over quickly and reconnected back to WAN1 quickly (about 5 seconds).

The only indication on the administrative program is on a Routing Monitor page that shows WAN2 as the static, default route. The Status page still showed WAN1 as connected, but Fortinet says that’s by design and represents the administrative setting. We expected actual WAN link status on the Status page.

The feature list for the FortiGate-60 is impressive, including expected VPNs, a firewall with 50 services predefined in the drop-down menu, and virus checking for files and e-mail (with the services enabled and updated from Fortinet).

For the full report, go to