Professional Documents
Culture Documents
Battle Card
Cost / Speeds&Feeds / Features XTM 515 XTM 525 XTM 535 XTM 545 FG-100D FG-200B FG-300C AV Throughput** IPS Throughput** Drag and Drop VPN Number of Reports Application Proxies
1.5 Gbps 1.6 Gbps Yes 50+ Yes 1.7 Gbps 1.7 Gbps Yes 50+ Yes 1.8 Gbps 1.8 Gbps Yes 50+ Yes 2 Gbps 1.9 Gbps Yes 50+ Yes 300 Mbps 95 Mbps 200 Mbps
Example comparison AV Throughput** IPS Throughput** Drag and Drop VPN Number of Reports Application Proxies
XTM 810
2 Gbps 2.1 Gbps Yes 50+ Yes
XTM 820
2.1 Gbps 2.4 Gbps Yes 50+ Yes
XTM 830
2.3 Gbps 2.7 Gbps Yes 50+ Yes
FG-600C
1.3 Gbps 4.0 Gbps No <5 No
FG-1000C
1.7 Gbps 6.0 Gbps No <5 No
* Fortinet does not publish UTM throughput, but advises customers wishing to run multiple security services to size based on the lowest performance number, typically Anti-Virus (AV) throughput.
Battle Card
Points of Emphasis
L ow Speed: Fortinet ASIC technology is GOOD for firewall performance, but very POOR for Content Inspection performance. Fortinets own internal sales literature advises using the slowest speedtypically AVin sizing boxes for customer networks. For example FortiGate 620B offers a Firewall with 16,000 Mbps, but only 250 Mbps AV ONLY throughput! M ore Expense: Fortinet charges for items that WatchGuard bundles. Central Management & logging cost extra with Fortinet. The three year TCO for Fortinet solutions compared to WatchGuard looks like this: ~ Average 3.11x for appliance + MVPN clients ~ Average 2.32x for UTM bundle ~ Average 2.93x for UTM bundle + MVPN clients Other additional costs: ~ Central Management appliance $2,254 extra ~ Logging appliance $1640 extra
L ess Usability: Fortinet does not offer much in the way of useability or network visibility tools, unlike WatchGuard, which includes full centralized management and logging/ reporting functionality with every XTM Series appliance. Their solutions do not include: Drag and Drop VPN, HostWatch or Traffic Monitor. There are two included reports unlike the 65+ provided standard with WG XTM solutions. Anti-virus lock-in: Fortinets strategy is to lock users into a single set of AV protection by deploying the same proprietary AV at the endpoint and the gateway. WatchGuard deploys a best-in-class AV solution at the XTM appliance, and allows customers to choose a different vendor at the endpoint for double protection.
2000
Throughput (Mbps)
Fortigate 1000C
1600
800
400
$0
$2,000
$4,000
$6,000
$8,000
$10,000
$12,000
$14,000
$16,000
$18,000
$20,000
Price
WatchGuard
Fortinet
This chart includes models for which this information is published by the vendor. There may be other models sold by the vendor for which UTM throughput or price was unavailable at the time of this publication.
Battle Card
Application Proxies
Application Control
Drag and Drop VPN Full suite of reporting tools included Encrypted, TCP-based logging with no extras to buy Next-Generation anti-spam and included quarantine
Makes creation of site to site tunnels a snapand everything you need is included with the product.
Reporting is a costly add-on for Fortinet; the appliances come with only a small handful of reports, compared to WatchGuards over 50 included reports.
TCP ensures messages arent lost; encryption provides security. Fortinet only supports encrypted logging with the FortiAnalyzer (separate purchase).
WatchGuards spamBlocker uses a next-generation anti-spam technology that makes it highly effective, language- and content-independent, and extraordinarily easy to configure. It also includes a full-featured quarantine server package, whereas Fortinets spam quarantine requires the FortiAnalyzer (separate purchase). WatchGuard is the only UTM to offer web reputation defense as a fully integrated security subscription. This cloud-based reputation service aggregates data from multiple feeds for realtime protection and for optimization of anti-virus processing; tests show a reduction of up to 50% in AV processing overhead. Protect your users from malicious web content while reducing web processing time with Reputation Enabled Defense.
Battle Card
Webblocker uses a url database from Websense, the #1 stand-alone security company with $370 million in revenue, and a specialist in url filtering and web security. Websense has earned the most web security revenue four years in a row, as measured by IDC, and they were chosen by Facebook as their url filtering solution. Commtouch, antiSpam:
Websense accolades:
In business since 1991, Commtouchs patented RPD technology in the Cloud provides spamBlocker with the only effective antispam solution for low footprint UTM appliances. Commtouch reviews over 4 billion messages per day looking for spam outbreaks. BroadWeb, Application Control: Application Control Signatures and behavioral detection are provided by Broadweb, with over 1800 applications included. This solution provides broader coverage than other UTM vendors, and includes a unique drill down capability for application sub-functions. BroadWeb, IPS: A comprehensive set of signatures is also provided by Broadweb. Every signature update is tested with industry leading, MuDynamics test equipment.
Stream
Regular (Proxy)
Extended (buffer)
Standard
Along with providing more comprehensive signature sets, the WatchGuard engine also incorporates heuristics capabilities to detect new viruses that signatures alone cannot catch.
Summary
Fortinet has FEWER administrative tools. Fortinet has LIMITED Multi-WAN support. Fortinet has WEAK QoS support. Fortinet has HUGE performance degradation with security on. Fortinet is MORE EXPENSIVE over time.
No express or implied warranties are provided for herein. All specifications are subject to change and expected future products, features or functionality will be provided on an if and when available basis. 2012 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, and LiveSecurity are registered trademarks of WatchGuard Technologies, Inc. in the United States and/or other countries. All other tradenames are the property of their respective owners. Part No. WGCE66772_052512