Fortinet this week is announcing an enterprise access switch that also functions as a small-office WAN router and multifunction security platform, reducing the number of devices that need to be managed in branch offices.
The Fortigate-224B security platform blends access control, enforced at switch ports, with other gateway protection methods including antivirus, intrusion prevention, antispam, antispyware and URL filtering.
PCs and other LAN devices plug into it directly, so with just 24 ports, it is meant for small offices or departments. The switch has 24 10/100MbpsEthernet LAN ports, two Gigabit Ethernet ports and two 10/100Mbps WAN ports.
The upside of the device is that it lets branch offices be outfitted with a single managed device that provides networking and security, says Mike Rothman, president of Security Incite. Rather than putting in a WAN router with security features and a LAN switch, customers could install just one of these. "It's one box vs. two," he says.
The downside is that if customers are looking for a full-featured NAC device, this might not fit the bill, Rothman says. "I don't view the Fortinet box as a true NAC box," he says. To be a true NAC device, it must contain a check of the integrity of devices before they are admitted to the network, manage flows of traffic after the device is admitted and have an intrusion-prevention system to shut down worm activities if they start up, Rothman says.
The Fortinet-224B runs in two modes. If strict mode is turned on, devices trying to log on are diverted to a Web portal where the switch analyses the security posture of the devices. This check requires no agent on the endpoints.
If dynamic mode is turned on, devices logging in are granted access based on preset policies, without the endpoint check. If a policy violation or specific threat is detected later, the device can cut back access to a quarantine virtual LAN until the detected problem is dealt with.
The company differentiates between admission control, which checks the state of the endpoint to determine if it gets access, and access control, which authenticates a person in conjunction with a machine and grants access to a predetermined set of network resources. The company saysit provides the latter.
Pricing for the Fortigate-224B platform starts at US$4,000, which doesn't include the non-NAC security services. The price for the device with virus protection, intrusion prevention, Web filtering and spam screening costs US$5,800.