Fortinet's FortiGate-800 is the company's mid-range firewall. It uses FortiOS 3.0 (this is a correction from the incorrect v2.5 printed in the original article) and comes with antivirus and intrusion prevention as standard, both regularly updated.
However, for an additional license fee you can also upgrade to include web filtering. The service is then integrated into the firewall policy management system.
The process can be managed using the excellent web-based management or, for multiple FortiGates, the FortiManager centralized management package.
We stuck with the web-based management. With the web filtering component enabled, we could access the options by creating a new security profile. This is good, as you can tailor entire security settings, including firewall, antivirus and web filtering for users or IP address ranges.
Like the other products on test, web filtering is based on a simple category system – for each category of website simply choose to allow, block or monitor.
Fortinet provides a decent list of categories and sub-categories, including web mail and pornography, but it's not quite as comprehensive as other products. There's also no simple way to put time restrictions on the filtering.
One neat feature is the ability to block image, audio and video searches. This is more relevant in environments such as schools where you don't want users to even happen across illicit content.
The web filtering options beyond this are quite basic, but you can create your own database entries to block sites that aren't currently categorized. You can also block web pages based on keywords using Posix regular expressions. However, there's little help and no default entries, so you need to be careful when using this setting.
The 800 blocked all our test sites and http-Tunnel traffic.
As an all-in-one product the FortiGate-800 is excellent, providing all the protection you need in one box. However, there are more accomplished standalone products here, which will fit better in existing infrastructure.