NEXT GENERATION FIREWALL (NGFW) Test Report: Fortinet FortiGate 600D FortiOS v5.4.4 GA Build 1117

Update 7/21/17: Fortinet has resolved earlier identified issues and submitted the associated fixes to NSS Labs for a follow-on test. NSS Labs has completed follow-on testing and that report is now available in the Research Library:  NGFW Follow-On Test Report – Fortinet FortiGate 600D FortiOS v5.4.4 GA Build 1117_170209 IPS Engine Version 3.418.  

TECHNOLOGY DESCRIPTION:

NSS Labs defines a firewall as a mechanism used to protect a trusted network from an untrusted network while allowing authorized communications to pass from one side to the other. With the emergence of new web applications and security threats, however, firewalls are further evolving. Next generation firewalls (NGFWs) have traditionally been deployed to defend the network perimeter, but enterprise deployment options are expanding to include internal segmentation.
NSS research indicates that NGFW devices are typically deployed to protect users rather than data center assets, and that the majority of enterprises will not separately tune intrusion prevention system (IPS) modules within their NGFWs.

PRODUCT EVALUATED:

NSS Labs performed an independent test of the Fortinet FortiGate 600D FortiOS v5.4.4 GA Build 1117. The product was subjected to thorough testing at the NSS facility in Austin, Texas, based on the Next Generation Firewall (NGFW) Test Methodology v7.0, which is available at nsslabstage.wpengine.com. This test was conducted free of charge and NSS did not receive any compensation in return for Fortinet’s participation.
PRODUCT TESTED IN THE FOLLOWING AREAS:

• Security Effectiveness – Ability to provide a trusted internal interface, an untrusted external (Internet) interface, and at least one DMZ interface

• Performance – Ability to provide effective firewall security policy enforcement with performance metrics such as raw packet processing (UDP), latency, maximum capacity, and HTTP connections with “real-world” traffic mix
• Stability and Reliability – Ability to maintain security and reliability under normal load conditions while enforcing security policies
• Total Cost of Ownership – Costs associated with purchase, installation, and ongoing management

As with all NSS Labs group tests, there was no fee for participation. In addition, the test methodology applied is in the public domain to provide transparency and to help enterprises understand the test results.