The FortiGate 620B is the follow-up to the company’s 310B security appliance, which was designed for smaller enterprises. The 620B offers roughly double the performance and port density of the 310B and is better positioned to protect a larger enterprise.

The performance increase is due to the integration of a purpose-built security processing ASIC, which offers near line speed throughput on each of the unit’s gigabit Ethernet ports.

The basic unit offers 20 10/100/1000 Ethernet ports and can be increased to 24 ports with the addition of an expansion module. Sixteen of those ports (20 with the expansion module) are hardware accelerated and can be set up as segmented LAN interfaces. Those ports can be segmented into groups or individual ports to meet different needs, such as creating more secure and less secure subnets, each with granular security and policy driven controls. That allows administrators to define subnets that are physically separate, yet can communicate with each other through the firewall, backed by all of the associated security services offered by the unit.

The segmentation capabilities offer another example of how the 620B can be used to replace multiple devices at the edge of the network, while still offering complete security in a unified environment.

The firewall is rated for 20 Gbps throughput for raw traffic. VPN connections reduce the throughput to 15 Gbps, which should still be more than adequate for most installations and for site-to-site encrypted connections.

The FortiGate 620B takes a multilayered approach to securing traffic and uses hardware acceleration to push traffic through each security layer. Each layer handles a different security function, allowing full scanning to take place, independently of each security process, again showing that the 620B is more than capable of replacing multiple devices with a single unit.

Administrators will find the device straightforward to install and configure, at least for the basic functions. For the more advanced features, such as granular policy definition or segmentation, solution providers will need a good understanding of the network environment and familiarity with the appliance's advanced menus. The same complexities can be encountered when upgrading or adding services to the unit. Luckily, if you have configured other Fortigate products, then the 620B should not pose any unconquerable challenges.

Fortinet includes excellent documentation and good technical resources. Registered partners also have access to advanced technical support services and the ability to escalate support requests.

When it comes to UTM appliances for the enterprise, Fortinet’s FortiGate 620B doesn’t really offer anything new. The benefits are derived from the performance of the unit and the high level of integration. The low entry point price of under $16,000 makes the 620B a strong contender for edge security chores on an enterprise network.

Regrettably, Fortinet does not reveal margins or other profit elements, making it difficult to determine if the company’s products can be a gold mine or a financial burden for approved solution providers.