Fortinet Fortiwifi 60D review
1)Intro
2)Features
3)Setup
4)Wireless configuration
5)Throughput tests (Wireless/Wired)
6)Closing Notes
Intro: The Fortinet 60D is a enterprise level office security appliance that is a robust full featured enterprise router/firewall that is somewhat affordable for small to medium businesses, has lots of features and can tolerate a lot of heavy usage that enterprises require.
Features: The 60D features the following:
1) Layer 7 firewall controls with tons of site blocking presets to help block against P2P, sports, social media, video streaming sites and more as well as custom hostnames and expressions.
2) 7 wired Gigabit LAN ports
3) 2 x 3.5dBi dual band external SMA antennas with 17dBm output power
4) SSIDs with configurable VLANs for each one providing more security then standard guest networks
5) Dual band 2.4Ghz or 5Ghz operation with 2 x 2 MIMO connectivity at up to 300Mbps
6) Full VLAN configuration
7) Per port VLAN
8) Full and extremely detailed traffic shaping (QoS) and firewall controls
9) Full client connectivity details and monitoring.
10) Network wide bandwidth monitoring. You can see how much bandwidth all clients in the network are using as well as the WAN interface.
11) Fixed and DHCP client address assignments
12) Cellular 3G/4G failover via the USB port with seperate firewall and traffic shaping
13) Fully customizable user/group policies
14) WAN uplink selection based on traffic type
15) And lots more
2) 7 wired Gigabit LAN ports
3) 2 x 3.5dBi dual band external SMA antennas with 17dBm output power
4) SSIDs with configurable VLANs for each one providing more security then standard guest networks
5) Dual band 2.4Ghz or 5Ghz operation with 2 x 2 MIMO connectivity at up to 300Mbps
6) Full VLAN configuration
7) Per port VLAN
8) Full and extremely detailed traffic shaping (QoS) and firewall controls
9) Full client connectivity details and monitoring.
10) Network wide bandwidth monitoring. You can see how much bandwidth all clients in the network are using as well as the WAN interface.
11) Fixed and DHCP client address assignments
12) Cellular 3G/4G failover via the USB port with seperate firewall and traffic shaping
13) Fully customizable user/group policies
14) WAN uplink selection based on traffic type
15) And lots more
Setup:
You have to manually add the WAN interface using the policies and assigning a static IP to the WAN interface per this guide http://docs-legacy.fortinet.com/cb/html/index.html#page/FOS_Cookbook/Install-basic/cb_install-nat.html This REALLY should have been specified in the quick start guide. A small business owner That gets this firewall is going to overlook this and have to call up the company. I also had issue with the WAN interface so I had to get an RMA on this unit, as the rep said it should not have issues with a cable modem connection and should have automatically obtained the IP address.
1)Power brick was very thoughtfully designed. It has the brick inline like a laptop’s power connector rather then it being on the plug itself so you don’t have to block an outlet on your power strip/UPS!
2)Could not configure to our cable modem connection with the first test unit. Had to get an RMA since the rep told me it should not have issues at all.
3)New unit: it is working. Got it quick as well with overnight from CA.
You have to manually add the WAN interface using the policies and assigning a static IP to the WAN interface per this guide http://docs-legacy.fortinet.com/cb/html/index.html#page/FOS_Cookbook/Install-basic/cb_install-nat.html This REALLY should have been specified in the quick start guide. A small business owner That gets this firewall is going to overlook this and have to call up the company. I also had issue with the WAN interface so I had to get an RMA on this unit, as the rep said it should not have issues with a cable modem connection and should have automatically obtained the IP address.
1)Power brick was very thoughtfully designed. It has the brick inline like a laptop’s power connector rather then it being on the plug itself so you don’t have to block an outlet on your power strip/UPS!
2)Could not configure to our cable modem connection with the first test unit. Had to get an RMA since the rep told me it should not have issues at all.
3)New unit: it is working. Got it quick as well with overnight from CA.
Let's take a look at the really helpful status page that tells us all our status. It also shows CPU usage memory usage, and disk usage.
Let's take a look at the really helpful Traffic report page that tells us what uses the most traffic on the network:
Also the WLAN radio is very underpowered at only 17dBm while the Meraki MX60W was 30dBm and the Amped RTA15 was 27dBm
Here’s the WLAN config screens:
Radio Settings:
One thing I do wish the 60D had was simultaneous dual band operation. The operation is either 2.4Ghz OR 5Ghz and NOT both. However, it runs at 40Mhz (5Ghz) allowing for higher throughput.
One thing I will note that it has something called “wireless profiles” which has pre-done settings for several other Fortinet products. However, in order to adjust some wireless settings you have to configure them in the profile and they are missing from the main WLAN config screen. This could be messy and hard to keep track of.
Also if you want to set a static IP or alter the DHCP lease times you can NOT edit them using the GUI. It must be edited with the CLI.
Found a really odd bug in the Fortinet. it lets you have a different internal IP address than the range you define on the "DHCP settings" area on the setup wizard, then you go to correct it in the web GUI to the correct one it won't let you and displays a message "IP address is the same as the others" and doesn't let you correct with CLI till you re-run the wizard again and correct it and have to redo the other settings! How did they NOT catch that??!! .
Support experience:
Had a call scheduled for in between 1-2PM eastern time zone. Rep called on time and 1:16PM. Rep was nice enough. We had a gotomeeting session and he took remote control and was able to confirm some settings. One thing he did note that the wizard did not give a good configuration for one of the interfaces so he helped me change that. Rep did not really seem to care about the Firefox issue though. Support experience 7.2/10
Firewall Config options:
Policies:
Services:
Traffic Shaping:
You can do traffic shaping to make sure each client has equal bandwidth and also to make sure certain clients that are more important have more bandwidth then other clients like important servers, mission critical workstations, etc. Very useful.
You can do traffic shaping to make sure each client has equal bandwidth and also to make sure certain clients that are more important have more bandwidth then other clients like important servers, mission critical workstations, etc. Very useful.
Throughput Tests: (Wireless)
I will be using LAN Speed test for the throughput tests and PRTG to generate the graphs. It also is a comprehensive enterprise level network monitoring software and it can record uptime, transfer rates, errors, etc.
Test environment: (Set 1)
Specs of Building: This is going through about 32 ft through 2 walls, a solid all-wood dresser, and a chimney. The room has plaster walls in some places.
Specs of server :(my machine in the same room as the60D): Intel i5 3570K/16GB Corsair XMS3 DDR3 1600 RAM/Nvidia Geforce 650Ti/Samsung 840 120GB SSD/Windows Server 2012 Standard/Realtek GBE NIC
Specs of client: (remote machine in other room): AGNXAndrakon/AMD Phenom 9650/4GB Corsair XMS2 DDR2 RAM/Nvidia Geforce 650Ti/Samsung 840 120GB SSD/Windows Server 2012 Standard/Amped Wireless ACA1 USB WLAN connection:USB3 via a PCI-Express addon card.
Test environment: (Set 1)
Specs of Building: This is going through about 32 ft through 2 walls, a solid all-wood dresser, and a chimney. The room has plaster walls in some places.
Specs of server :(my machine in the same room as the60D): Intel i5 3570K/16GB Corsair XMS3 DDR3 1600 RAM/Nvidia Geforce 650Ti/Samsung 840 120GB SSD/Windows Server 2012 Standard/Realtek GBE NIC
Specs of client: (remote machine in other room): AGNXAndrakon/AMD Phenom 9650/4GB Corsair XMS2 DDR2 RAM/Nvidia Geforce 650Ti/Samsung 840 120GB SSD/Windows Server 2012 Standard/Amped Wireless ACA1 USB WLAN connection:USB3 via a PCI-Express addon card.
5Ghz 802.11n mode: Channel 161 -62dBm
LAN speed test: 25 stream 6GB file: 4Mbytes/sec or 32Mbits/sec
2.4 GHz 802.11n mode: Channel 6 -64dBm
LAN speed test: 25 stream 6GB file: 3Mbytes/sec or 24Mbits/sec
Test environment: (Set 2)
Specs of Building Test Run 1: 16Ft away thru a wood door hallway right outside the office where the 60D is located.
Specs of server (my machine in the same room as the60D): Intel i5 3570K/16GB Corsair XMS3 DDR3 1600 RAM/Nvidia Geforce 650Ti/Samsung 840 120GB SSD/Windows Server 2012 Standard/Realtek GBE NIC
Specs of client: HP2000-412NR/AMD E300/8GB DDR3 RAM/300 GB HDD/AMD RADEON 6310/Windows 7 x64 Home Premium/RalinkRT5390 WLAN
2.4 GHz 802.11n mode: Channel 11 -38dBm
Specs of server (my machine in the same room as the60D): Intel i5 3570K/16GB Corsair XMS3 DDR3 1600 RAM/Nvidia Geforce 650Ti/Samsung 840 120GB SSD/Windows Server 2012 Standard/Realtek GBE NIC
Specs of client: HP2000-412NR/AMD E300/8GB DDR3 RAM/300 GB HDD/AMD RADEON 6310/Windows 7 x64 Home Premium/RalinkRT5390 WLAN
2.4 GHz 802.11n mode: Channel 11 -38dBm
LAN speed test: 25 stream 6GB file: 4Mbytes/sec or 32Mbits/sec
Throughput tests (Wired):
Specs of client: GrumpyCat/AMD Phenom 9550/4GB DDR2 RAM/500GB SSHD /Nvidia Geforce 8800GT/Windows 8.1 Enterprise 64 bit /NVIDIA nForce Networking Controller
LAN speed test: 25 stream 6GB file: 115Mbyes/sec or 920Mbits/sec
Conclusion:
The Fortinet 60D Security Appliance is
Pros:
Ø High wired performance throughput
Ø Excellent management software with lots of options
Ø Very robust security controls and options
Ø 3G/4G failover via USB dongle
Cons:
Ø Harder to get WAN connectivity than the Meraki MX60W which was instant
Ø Pricey
Ø Low WLAN performance and throughput and not very powerful transmit
Ø No USB storage
Ø Not concurrent dual band WLAN. Must be 5 or 2.4Ghz and not both at the same time.
Ø UI seems to be a bit dated, and clunky at times with Firefox issues.
Rating: 5/10
Recommended: No
Comments
Post a Comment
We are sorry we currently had to disable Disqus comments till further notice, as they currently have issues with this platform. For now feel free to use (but NOT ABUSE) this temporary comment system. We will be able to re-import into the previous comment system once the transition is complete. Thank you.
Please note: All comments are subject to moderation before appearance on this site.