fortigate vs watchguard
TRANSCRIPT
WATCHGUARD VS FORTINET
FIREWALL
NITHIN.V.S Network security consultant Secure Network solutions
Dear sir,
With reference to your requirement for UTM-Firewall would like to produce
before you what all advantages you can have ,,with a watchguard purchase over Fortigate
firewall. Also given a brief insight into features of watchguard.
POINTS OF SIGNIFICANCE:
1.)BETTER UTM PERFORMANCE
Performance of fortinet severly drops-down once utm features are in effect due its ASIC
architecture.
2.)INBUILT LOGGING & REPORTING
Watchguard offers In-built Logging & Reporting features.I.E you can have complete logs &
reports regarding network usage at no extra cost.In case of fortinet you would have to go for a
seperate device ―FORTI-ANALYZER‖(Around 80,000 extra).
3 ) ” SCALABILITY”
Watchguard is the only UTM vendor offering SCALABILITY.I.E suppose in 2 years your
network users increased in event of a new lab set-up etc,In case of fortinet the only option
would be to replace existing box and buy a new box.But with watchguard you can have
upgrade from existing box to any higher model in series by a ―SUBSCRIPTION
UPDATE‖.You thus save a box-purchase.
Nithin.V.S
Secure Network Solutions,
Kerala
WATCHGUARD ADVANTAGE
WatchGuard and Fortinet offer similar overall capabilities; however, WatchGuard offers an
unbeatable combination of performance, security, and ease of use. Fortinet’s UTM product
strategy is based heavily on its ASIC technology. The custom silicon allows their boxes to
run very fast for packet filtering and VPN, but at a considerable penalty for general-purpose
tasks such as AV and IPS scanning,I.e the entire box performance goes doen antivirus/IPS
enabled.
WATCHGUARD UTM BUNDLE
1.)GATEWAY-ANTIVIRUS
2.)SPAM BLOCKER
3.)WEB-BLOCKER
4.)APPLICATION CONTROL
5.)REPUTATION ENABLED DEFENSE
6.)INTRUSION PREVENTION
GATEWAY-ANTIVIRUS
Gateway AntiVirus (GatewayAV) is a fully integrated security subscription for
WatchGuard XTM appliances and comes from industry leader ―AVG‖. It works in tandem
with the application layer content inspection of the XTM to provide real-time protection
against known viruses, trojans, worms, spyware, and rogueware. Gateway AV scans traffic
on all major protocols, using continually updated signatures to detect and block all types of
malware. And because Gateway AV is integrated with WatchGuard XTM security
appliances, you have an easy-to-manage, cost-effective solution without additional hardware
to
purchase and maintain.
FEATURES:
Flexible administrator control
Have the flexibility to define the action to be taken when malware is identified – enabling the
network to allow, block, quarantine, or lock questionable traffic based on type, user/group, and
protocol.
You shall not pass
Scans all major protocols, including HTTP, HTTPS, FTP, TCP, SMTP, and POP3 to block all types
of malware.
Dynamic analysis Dynamic heuristic analysis uses code emulation to identify polymorphic viruses and dangerous
code that signatures don't catch.
Stronger security for web surfing
Multi-layered inspection of HTTP traffic indentifies spyware, adware, keyloggers, and dialers.
Compressed file scanning
Compressed and encoded files are decompressed for inspection, with comprehensive compression
format support.
Quarantine suspect traffic Suspect email can be flagged to go into quarantine, where administrator can restrict access or allow
users to review quarantined files through automatic email alerts.
Optimized for better network performance
Buffered scanning process ensures optimum performance for in-line HTTP scanning.
SPAM-BLOCKER
Spam-blocker in watchguard comes from industry leader ―COMMTOUCH‖ with patented
R.P.D technology and offers significant advantages over fortinet Spam detection.Later in
H.N.L we couldnt block incoming spam mails in your mail-server as fortinet offers only
means to ―TAG‖ spam mails.But with watchguard Spam-blocker we have options to
Block,quarantine,and also Tag spam mails.SpamBlocker provides real-time spam detection
for immediate protection from outbreaks. It's the best solution in the industry at
distinguishing legitimate communication from spam in real time, blocking nearly 100% of
unwanted emails. Spam accounts for up to 95% of global email and remains the most
common method of spreading viruses. It bogs down network traffic and leads unsuspecting
users to malicious web sites designed to steal sensitive personal and company information.
Pervasive as it is, you still have the ability to stop spam cold by adding a spamBlocker
subscription to your WatchGuard® XTM security solution
FEATURES:
Flexible administrator control Decide how messages will be processed, and which users and groups can receive bulk mail. Use
whitelists and blacklists to allow mail from trusted domains. Block, allow, and tag mail for easy
identification and forwarding to dedicated Exchange folders. Works on both SMTP and POP3.
Strong protection Best in the industry at distinguishing legitimate communication from spam outbreaks in real time,
blocking nearly 100% of unwanted email before it reaches the internal mail server.
Virus outbreak detection
New! A powerful layer of real-time anti-virus protection employs RPD technology to recognize
and stop malware with excellent accuracy.
Spam quarantine Users can create a safe, full-featured quarantine for spam, bulk mail, and suspect email messages.
Granular control allows for custom configuration.
Optimized for better network performance
Requires minimal bandwidth and CPU power because most of the processing is done outside the
Internet gateway.
WEB-BLOCKER
Web-blocker in watchguard comes from ―WEB-SENSE‖.It's a fully integrated security
subscription for all WatchGuard XTM appliances. It allows IT administrators to manage
web access and content for stronger security and control of web surfing. WebBlocker blocks
malicious sites to keep your network protected from risky web content. It helps conserve
network bandwidth, prevent legal liability from inappropriate content, and increase
employee productivity while it guards the network against malicious attacks from rogue
websites. And because WebBlocker is integrated with the WatchGuard security appliance,
you have an easy-to-manage, cost-effective solution with no additional hardware to buy.
FEATURES:
Strong administrative control
Configure up to 54 web categories to stop the sites and web tools you most want to block.
Daily incremental database updates
URL database is updated daily to give you the most current protection available.
Flexible configuration
Configure web access by users, groups, domains, time of day, and department requirements to meet
specific business and user needs.
Customizable open-access policies Create custom "Allowed" exception lists for certain web sites, host addresses, or URLs so you can
keep mission-critical access open.
Local override
Administrators can enter a password to temporarily override blocked sites.
Acceptable Use enforcement
Allows you to enforce your acceptable use policies to protect your business from legal liabilities.
Centralized logging and reporting Generate graphical reports of web access, usage, and time of day for the data you need to make
security policy decisions.
APPLICATION-CONTROL
Application-control enables IT administrators to monitor and control access to web and
business applications to enforce policy, and protect productivity and network bandwidth.
Application Control makes it simple to create and enforce acceptable use policies at your
company. With Application Control, you can selectively allow, block, or restrict access to
applications based on a user's department, job function, and time of day. Once you establish
your policy, Application Control allows you to see in real-time what's being accessed on
your network and by whom. You can use this information to demonstrate compliance,
evaluate employee need, and refine acceptable use policies.
FEATURES
Intuitive and Effective Exercise fine-grained control over more than 1,800 applications, organized by category. Application
Control lets you drill down from application category ("P2P") to application name ("Facebook")
and down to application function ("Facebook Chat")..
Signatures...and then Some Sophisticated Behavioral Analysis works overtime, regardless of destination address or L7 protocol,
to ensure applications that exhibit certain patterns of behavior don't escape the gaze of Application
Control — including encrypted applications that are specifically designed to bypass ordinary
security measures.
Dynamic Updates
New applications and new versions are released constantly. Application Control stays current
with regular application signature updates.
Reporting Out of the Box Real-time reporting and monitoring are included. That means no additional software to buy in order
to have complete visibility into network activity.
REPUTATION-ENABLED DEFENSE
Reputation scores from Kaspersky database.
INTRUSION PREVENTION SERVICE
Intrusion Prevention Service (IPS) is a fully integrated security subscription for all
WatchGuard XTM appliances. It works in tandem with the application layer content
inspection of the XTM to provide real-time protection against network threats, including
spyware, SQL injections, cross-site scripting, and buffer overflows. IPS scans traffic on all
major protocols, using continually updated signatures to detect and block all types of
threats. And because IPS is integrated with WatchGuard XTM security appliances, you
have an easy-to-manage, cost-effective solution without additional hardware to purchase
and maintain.
FEATURES Flexible administrator control Have the flexibility to define the action to be taken when malware is identified – enabling the
network to allow, block, or lock questionable traffic based on type, user/group, protocol, and
severity.
Comprehensive threat signatures Signatures cover a broad range of threats, including SQL injections, cross-site scripting (XSS),
buffer overflows, denial of service, and remote file inclusions.
Continually updated database Signatures are updated without interruption as new threats emerge, so you never have to leave your
network exposed.
Highly effective scanning
Scans all protocols, including HTTP, HTTPS, FTP, TCP, UDP, DNS, SMTP, and POP3 to
block network, application, and protocol-based attacks.
Granular control Assign specific actions to take depending on the level of the threat – each signature has a severity
assigned.
Automated source blocking
IP addresses identified as the source of an attack are automatically blocked to prevent further
malicious traffic from entering your network.
REAL-TIME TRAFFIC MONITORING TOOLS With watchguard unlike fortigate we can now have a complete understanding of what is
happening in your network.
TOOLS TO LOOK OUT 1.)Firebox system-Manager
a.)Traffic-Monitor
Can used for real-time network traffic-analysis and monitoring and is a powerful tool for
trouble-shooting.
b.)Bandwidth Meter Shows real-time bandwidth consumption of all interfaces.
c.)Service Watch
Shows real time traffic-usage of all services used(http,https etc).
2.)Host-watch
Shows real-time visualisaton of all connections from your network.
In Fortigate no possible way to have real-time analysis other than tedious
command-line monitoring.
WATCHGUARD LOGGING & REPORT SERVER Unlike Fortinet which requires expensive FORTI-ANALYZER for watchguard log &
report server are in-built.Every traffic in network is stored in log-server which report server
collects and prepares scheduled as well as On-demand reports.More than 55 categories of
reports are available .
Highlighting the one's of significance as far as H.N.L is concerned. 1.)PER-CLIENT BANDWIDTH USAGE
Reports the bandwidth usage of every internet connected systems in network.
APPLICATION-USAGE REPORTS
Displays appication usage trend in network.
PER-CLIENT AUDIT REPORTS
Displays complete list of all web-sites requested by every user in network.
10.0.1.16/IT-MANAGER
TRAFFIC-TREND REPORTS
Displays internet bandwidth usage and connections in a 24 hour interval/hour.
MAIL-SEND REPORTS
Displays complete list of mails send from the network,with recepient details,size of mail and
time of sending.
NOTE:For demonstration only,complete suite of reporting includes 58 type of reports.
For any queries please contact: Nithin.V.S
Network Security Consultant
Secure Network Solutions
Kerala,Ph:08129400133