Fortinet Utilization

For those of you who don’t know I work for a school district in Columbia, SC. The Children’s Internet Protection Act (http://www.fcc.gov/cgb/consumerfacts/cipa.html) requires us to filter our internet connection. When I started about 8 months ago we decided to switch from Smart Filter monitoring to Fortinet. As a Security Admin of course this was my task. The Smart Filter, known to most of us as Bess, was not functioning properly and quite frankly a piece of junk. Smart Filter is run from a server, in our case it was a Windows Server 2003 machine. The device logs were inaccessible when I came in and it was even difficult just to log into the machine. We did away with the device and sprung for the Fortinet equipment two Fortiguard boxes and a nice new Fortianalyzer box. These are dedicated physical devices that do not have a Windows based operating system. The two Fortiguard devices operate in a failover mode so we have one as back-up if the other box has a problem.


I was a bit skeptical that a physical device could handle the traffic that we see daily. This device is a Firewall, Internet Filter, IPS/IDS, VPN router, proxy, packet shaper and an endpoint solution manager. It seemed a lot to have this one device handle all of these, I was of course proved wrong. Immediately during installation we were able to stop use of our Packeteer saving us the task of troubleshooting it. Installation was easy having our vendor come in and help us. Our connection was down for about 10 minutes total.

We started off slowly letting the Fortiguard handle the packet shaping and filtering. We had to enter about 30 custom entries. In the next months we turned on the proxy server which yielded a constant 20% traffic reduction on out WAN line. We are in the process of changing from Cisco ASA firewalls to the Fortiguard system. I am currently testing the Forticlient endpoint antivirus which seems to be pretty powerful.

Fortinet customer support is amazing they offer web-chat and toll free phone support. We have had minimal problems with this device(ill go over those and how to troubleshoot in a separate post). This is a great device I recommend it to anyone who is in the security field and is looking to save money and have a reliable piece of equipment. Currently we are utilizing only 40% of the CPU and 29% of the memory, that’s pretty good for 13000 computers and about 500 servers.