Fortinet uncorks security mgmt. app

Fortinet this week is introducing a management appliance that claims to make it simpler for customers to configure, create policies for and administer the large groups of the company’s multifaceted FortiGate security appliances.

SANTA CLARA – Fortinet this week is introducing a management appliance that claims to make it simpler for customers to configure, create policies for and administer the large groups of the company’s multifaceted FortiGate security appliances.

Called FortiManager, the appliance can manage 5,000 security appliances, which include firewall, VPN, antivirus, intrusion-detection, content-filtering and traffic-shaping software.

The FortiGate security appliances monitor traffic at the junction of the WAN and LAN where they enforce policies on packets. Using a graphical interface on the FortiManager appliance, users can set policies for any security applications the device supports.

Each FortiManager can be accessed by up to 12 separate Java-based consoles so multiple administrators can use the box at the same time. The device also can be divided into different management domains, with each domain limited to a subset of the FortiGate security appliances being managed. This lets network executives give access only to certain administrators, for example, to the FortiGate that guards a corporate server farm, while a larger group might have access to those FortiGates at remote sites.

Previously, customers managed FortiGate boxes one at a time via Secure HTTP Web interfaces. “That’s fine if you have a few boxes, but that’s not fine if you have a lot of them,” says Michel Merle, regional manager for PSINet-France, which beta-tested the new gear. He says it enables setting up restricted access for users that want authority to shape traffic so, for example, videoconferences have enough bandwidth, but not to alter firewall settings.

Merle says the device could benefit from a tool that lets users create policy templates such as time-of-day restrictions for use of peer-to-peer applications. That would make it even simpler to configure large numbers of FortiGate appliances, he says.

The common management platform for the multiple functions that the FortiGate boxes support can reduce the amount of training IT staffs need to learn management platforms. Using the multifunction boxes also cuts the setup costs vs. buying separate security wares, says Eric Ogren, an analyst with The Yankee Group.

Matthew Kovar, another analyst with The Yankee Group, says the Fortinet gear falls into a category of equipment he calls security switches. Competitors include Crossbeam, Symantec and TippingPoint Technologies. Such equipment performs deep packet inspection, then imposes multiple policies that can be based on any network layer. So the device can perform as a network-layer firewall, but also screen for banned content at Layer 7 based on an examination of a packet.

Fortinet says it will upgrade FortiGate appliances later this year so each can support multiple virtual systems, meaning each device can support multiple security policies for the same application. For instance, one FortiGate could have two sets of firewall policies, one for a server farm and one for corporate desktops.

Pricing for FortiManager starts at $12,000 for a box that supports 25 FortiGate units and ranges to $53,000 for one that supports 1,000 units.