Fortinet FortiGate 111C

Fortinet's compact FortiGate 111C appliance has a remarkable range of security measures at an affordable price. In this exclusive review, Dave Mitchell puts it on test to see if it really does have every security angle covered.

IT Pro Verdict

SMBs that want a security appliance that covers every possible network security requirement need look no further than the FortiGate 111C. It’s very simple to install and manage, can be customised to suit with a wide range of optional packages, provides plenty of quality reporting tools and is offered at a sensible price.

ITPRO Recommended award

What makes it stand out is Fortinet's ASIC-based FortiOS operating system and the latest v4.0 introduces a heap of new features. At its foundation is the standard fare of SPI firewall plus IPSec and SSL VPNs, to which you can add intrusion prevention, anti-virus, anti-malware, anti-spam, web filtering and P2P app controls.

There's a lot more, though, as you have data leak prevention (DLP), integrated management of Fortinet's FortiAP wireless access points plus rogue AP detection, endpoint protection and vulnerability scanning.

We haven't finished yet as the 111C supports an optional 64GB SSD for high speed web caching, logging, DLP archiving and quarantining. There's still more as pairs of appliances can used for high availability and with one at each end of a site-to-site link they can perform WAN optimisation.

The 111C has eight, switched Fast Ethernet LAN ports and a pair of Gigabit WAN ports. It supports both NAT and transparent modes and we used the latter to drop it in between the lab's LAN and Internet connection. The cooling fans are very noisy so the appliance will need to go in a cabinet.

Fortinet quotes impressive performance figures for the 111C with an IPS throughput of 450Mbps. We tested this using the lab's Ixia Optixia XM2 chassis equipped with two Xcellon-Ultra NP blades and saw throughput settle comfortably at nearly 460Mbps.

The appliance's web interface opens with a smart dashboard which can be customised with widgets. These include traffic history graphs for selected interfaces, tables for top applications and sessions, license information, cache usage and system resources.

Each firewall policy comprises source, destination, schedule, service and action objects and you can assign various UTM profiles to each one. Anti-virus profiles define which protocols you want scanned and if you want infections to be removed or quarantined.

Fortinet provides its own URL filtering database and its eight main categories cover nearly eighty subcategories. You can block or allow entire categories or select options at the subcategory level, activate logging for each individual entry, apply usage quotas and enable a global Safe Search feature.

Application control policies use sensors for selected apps and Fortinet provides nearly 2,000 to choose from. Each policy can simply monitor and log usage or you can block them, reset the connection or apply a traffic shaper object created within your firewall policies.

The FortiGuard anti-spam measures are also controlled using policies which decide which mail protocols to scan, how spam is handled and which FortiGuard functions should be applied. For testing we created a policy that scanned all mail protocols for spam but only tagged suspect messages and passed them on.

We configured our Outlook clients to move tagged messages to a separate folder and left the appliance scanning live email for three weeks. At the end of the test we saw an impressive spam detection rate of nearly 99 per cent with only eight false positives.

DLP policies are used to scan traffic for file types, file sizes, fingerprints, conditions or expressions such as credit card and social security numbers. To use fingerprinting you upload files to the appliance or point it to a remote location and it will generate a checksum for each one.

DLP sensor policies can include any of these criteria and be used to monitor and log activity. For highly sensitive documents, you can set the policy to block the transfer or quarantine the user, the IP address or even the interface on the appliance the traffic was spotted on.

For vulnerability scans you use asset definitions based on IP addresses and ranges and each entry can be assigned Windows and Unix authentication details. Manual or regularly scheduled scans can be run on selected definitions and three levels allow scans to be run on port 80, all common application ports or the full port range.

Managing wireless networks with Fortinet's access points couldn't be easier as the appliance automatically detects them. We tested this with FortiAP 220 and 222 models and found we could create multiple SSIDs each with unique security and encryption settings and assign them to specific APs.

Along with rogue detection you also have the option of suppressing them. When a rogue is spotted it is listed in the web interface monitoring page where you can select it and activate suppression. The appliance's wireless controller then sends deauth messages to the rogue and any clients trying to associate with it.

The appliance provides local logging and reporting where you can view event, UTM, traffic and vulnerability scan logs and check on the quarantine store. Graphical reports can also be generated for bandwidth, application, web, email and VPN usage and displayed as high quality web reports with an introductory page and even a table of contents.

For more detailed reporting we recommend the optional FortiGuard Analysis and Management Service (FAMS). The appliance can be set to upload selected logs regularly to your account on this hosted service which are used to present an extensive range of detailed reports.

The FortiGate 111C provides the most comprehensive range of security measures we've yet seen in an SMB level appliance. It's easy to deploy and affordable as well with a bundle including the SSD, anti-virus, IPS, anti-spam and web filtering costing 3,543.


SMBs that want a security appliance that covers every possible network security requirement need look no further than the FortiGate 111C. It’s very simple to install and manage, can be customised to suit with a wide range of optional packages, provides plenty of quality reporting tools and is offered at a sensible price.

Chassis: Desktop/rack mount

CPU: Fortinet FortiASIC

Network: 8 x switched 10/100 (LAN), 2 x Gigabit (WAN)

Storage: 64GB SATA SFF SSD (optional)

Ports: 2 x USB, RJ-45 console

Management: Web browser, CLI

Software: Fortinet FortiOS 4.0

Dave Mitchell

Dave is an IT consultant and freelance journalist specialising in hands-on reviews of computer networking products covering all market sectors from small businesses to enterprises. Founder of Binary Testing Ltd – the UK’s premier independent network testing laboratory - Dave has over 45 years of experience in the IT industry.

Dave has produced many thousands of in-depth business networking product reviews from his lab which have been reproduced globally. Writing for ITPro and its sister title, PC Pro, he covers all areas of business IT infrastructure, including servers, storage, network security, data protection, cloud, infrastructure and services.