Easy Read Time: 4 Minutes

UTM or SMB multifunctional firewalls, provide small to medium-sized businesses and distributed businesses with various security capabilities within a single system. The market for unified threat management (UTM) is defined as multifunction firewalls used by small to medium-sized businesses (SMBs). Mid-size businesses typically have between 100 and 1,000 employees. UTM vendors are increasingly introducing new features to UTM systems, thereby encompassing many other network security options, including Fireworks, Centralized management consoles, Advanced malware detection, Intrusion prevention systems (IPSs), VPNs and Secure web gateways (SWGs)

Browser-based control, ease of deployment, embedded reporting, VPN, customized applications, outstanding partner support, and documentation are not particularly appealing to large enterprises but are highly valued in this market by SMBs. There are very different demands for the firewall markets from large-scale enterprises and office branches. Generally, these require more complex network security functionality and are tailored for very different criteria of selection.

Fortinet

Fortinet is a security and network player, headquartered in Sunnyvale, California. With recent additions such as FortiWeb (the webserver firewall), FortiMail, FortiSandbox, FortiSIEM, and FortiCASB it is expanding its product range regularly. Its other portfolio products address network security, endpoint protection, wireless access points, and switches. FortiGate firewalls continue to be the most successful and widest-selling product. Recent updates include the expansion of Fortinet ‘s support to multiple public IaaS platforms including Google, IBM, Oracle. It has also introduced its appliances for the E-Series firewall. In addition, major updates include the launching of FortiOS 5.6 in and FortiOS 6.0. Fortinet is prominent on the UTM shortlists of SMB customers searching for good wireless security features. It is also a good shortlist option for SMBs looking to consolidate for other network security needs, such as web application firewalls, and security information and event management (SIEM), toward a single vendor. The vendor also wins deals where the introduction of SD-WAN is the main use case. The integrated wireless controller feature in the UTM solution from Fortinet is a strong and desirable feature for SMB’s. Fortinet has integrated a complete wireless controller into the firewall, thus allowing wireless network management as part of the security solution.  FortiCloud and FortiManager fully manage this. Fortinet UTM lacks built-in support for the quarantine and encryption of end-user emails. To get those features, customers must use FortiMail, which is a separate product. Fortinet offers the FortiGuard Industrial Security Program, which delivers signature patches for common ICS/supervisory control and data acquisition protocols (SCADA); This comes with a separate subscription, that SMBs running such systems will use. FortiCloud, the unified cloud-based management interface, has restricted flexibility relative to on-site control tools and lacks granular functionality.

Features and Benefits

Fortinet UTM Applications offer users the ability to see network-crossing applications. That allows the administrator to determine whether to accept or reject traffic based on this new information. FortiGate allows administrators to block or allow skype for specific machines only. This is an incredible power that gives real granularity to what your network is about to cross. This not only allows application-based decisions to be made, but UTM also opens up web filtering, protection against intrusion, prevention of data loss, and SSL intercept worm cans.

Overview of security profiles

The FortiGate line combines several security features to protect your network from threats, ranging from the FortiGate ® -30 series for small businesses to the FortiGate-5000 series for large businesses, service providers, and carriers. These features, as a whole, are referred to as Security Profiles when included in a single Fortinet security appliance. Data Profiles apps that include the theme FortiGate are:

  • AntiVirus
  • Intrusion Prevention System (IPS)
  • ICAP
  • Web filtering
  • E-mail filtering, including protection against spam and grayware
  • Data Leak Prevention (DLP)
  • Application Control

Firewall policies restrict access, and while this and similar features are essential to protect the network, this document does not include them. In this section the following topics are covered:

  • Security Profiles/lists/sensors
  • Traffic inspection
  • Security Profiles components
  • Content inspection and filtering

Traffic inspection

When the FortiGate unit examines one packet of network traffic at a time for IPS signatures, traffic analysis is performed. That is unlike content processing, where the traffic is buffered before all scripts, email addresses, web sites, and other data are compiled and checked. DoS policies use traffic monitoring by keeping records of packet type and size, and their source and destination addresses. Application control uses traffic analysis to decide what application the packet was generated.

Signatures IPS

IPS signatures can detect malicious traffic over the network. For example, a vulnerability in the Microsoft IIS web server has been targeted by Code Red worm. The IPS system on the FortiGate can monitor traffic seeking to manipulate this vulnerability. IPS can also detect instructions when compromised systems communicate with servers.

Suspicious traffic attributes

Network traffic itself can be used as a vector of attack or as a means to test a network before an attack. For example, flags SYN and FIN should never appear in the same TCP packet together. The SYN flag is used to start a TCP session and after a TCP session, the FIN flag signals the termination of the data transmission. The FortiGate unit has IPS signatures that recognize the attributes of irregular and suspicious traffic. The combination SYN/FIN is one of the suspicious combinations of flags detected by the signature TCP.BAD.FLAGS in TCP traffic.

Controlling applications

Although applications can sometimes be disabled by the ports they use, application control enables easy management of all supported applications, including those not using specified ports. Application control by default requires the programs not listed in the access control list. You may want to change this behavior for high-security networks so that only the applications that are explicitly allowed are allowed.

Inspection and filtration of the content

Once the FortiGate system buffers packets that contain data, email addresses, web pages, and other related items to be reassembled before examining them, an inspection of content is taken out. On the other hand, traffic inspection is carried out by the FortiGate unit which analyses individual network traffic packets as they are received.

Filtering Emails

FortiGuard AntiSpam is a subscription service, which includes a blacklist of IP addresses, a blacklist of URLs, and a database of email checksum. These resources are updated every time you receive new spam messages, so you don’t need to maintain any lists or databases to ensure accurate spam detection. To allow or deny addresses, you can use your IP address lists and email address lists, based on your own needs and circumstances.

Pricing Licensing and support

On a per-device basis, Fortinet licenses UTM network security features, called FortiGuard; customers do not incur additional license costs when adding modules or users. Usually, UTM appliances are bought with a FortiGuard bundle which includes a standard support package for FortiCare. A Fortinet FortiGate 30D appliance and one-year FortiGuard package lists for $640 at the low end but rises to nearly $3,300 for the FortiGate 100D. The cost of a FortiGate 800C appliance and a one-year FortiGuard bundle license is approximately $16,500 for a midrange environment. The cost of the 5101C appliance for Fortinet FortiGate and the full UTM bundle for FortiGuard cost around $130,000.

Customers may purchase FortiCare Premium Gold and Premium Global Gold support contracts beyond the standard FortiCare support plan. Key Gold-level services include a designated technical account manager (TAM), on-site visits on a quarterly basis, expanded software support, and enhanced service-level agreements — priority service. As well as additional site visits and global TAM availability, the Global Gold plan includes the same services as the Gold plan.

References:

https://www.fortinet.com/products/smallbusiness/utm

https://www.fortinetguru.com/2016/05/fortinet-utm-features/

https://www.gartner.com/technology/media-products/newsletters/sophos/1-5GVMBMU/gartner.html

https://searchsecurity.techtarget.com/feature/Fortinet-FortiGate-UTM-Product-overview