SOHO (Small Office Home Office) is a name describing a solution that will satisfy all IT requirements faced by small enterprises in an end-to-end and cheap manner. This article is devoted to the smallest devices from the FortiGate and FortiWiFi series, manufactured by the leading supplier of IT security solutions: Fortinet. If you are considering to buy, replace or expand the router functionality for your small enterprise or home, this article is exactly for you.
SOHO devices are expected to offer a rich functionality at an attractive price, all in one device. What components should be included in such kind of equipment? Router with at least one WAN port (Internet) and a few LAN ports (internal switch), Wi-Fi, VPN, Firewall, sometimes PoE. Such kind of devices are intended only for a small number of users due to the performance of the components of which they are built.
2. FortiGate, FortiWiFi routers
The 40F, shown in Fig. 1, is the smallest router at present. FortiWiFi differs from FortiGate in that it has the WiFi feature, which allows saving space and a port in the switch. Thanks to them you don’t need a PoE or an additional socket to power the AP.
Performance of the device based on the manufacturer’s documentation:
Footnotes 2, 4 and 5 refer to the applied Firewall inspections, which were checked during tests:
2 – measurement with the use of IPS (Intrusion Prevention System), Application Control, NGFW and Threat Protection together with the event logging function,
4 – measurement with the use of Firewall, IPS, Application Control,
5 – measurement with the use of Firewall, IPS, Application Control and Malware Protection.
Important parameters include NGFW Throughput and Threat Protection Throughput. This is why it is recommended that these values are comparable with the parameters of the Internet link you intend to use for communication.
Afterwards, think about the number of Ethernet (Eth) ports you require. The FWF40F has 5 Eth ports. Each port can be configured individually, regardless of its description. If you are not planning to connect a large number of devices using an Eth cable, then an FWF40F should be sufficient. And even if it is necessary in the future, you can also add a small switch. Nowadays, WiFi is far more popular than cable for the end user.
Many configuration options are offered by FortiOS software. The most important ones include SD-WAN, which allows aggregation of multiple WAN links and their adjustment to your own requirements. You can also use Eth ports and the USB port (by connecting a 3G/4G modem). SD-WAN enables monitoring the link availability with the use of SLA performance. Load balancing is possible on the WAN thanks to the advanced options of SD-WAN and Policy Routes.
WiFi 5 is available in this model (IEEE 802.11a/b/g/n/ac-W2). It uses Multiple (MU) MIMO 3×3 (3 antennas in the device). The maximum transmission power is 20 dBm. The gain of the antennas for the bands is 3.5 dBi (5 GHz) and 5 dBi (2.4 GHz), respectively. These are popular parameters for such type of devices. The maximum declared bit rates are 1300 Mbps (5 GHz) and 450 Mbps (2.4 GHz). All depends on the environment in which you work. Such values can’t be expected during tests at the office or at home. Devices using the WiFi 6 standard can already be found on the market.
The biggest advantages of the FortiWiFi and FortiGate series is NGFW (Next Generation FireWall). ForitiOS makes it possible to apply many useful functions that allow protection of the office and home, such as:
- SSL Inspection
- IPS (Intrusion Prevention System)
- AntiVirus (detecting malicious code)
- WEB Filter (filtering contents)
- Application Control (filtering applications)
- DNS Filter (filtering DNS queries)
- File Filter (filtering files based on type – metadata, with the use of DLP sensors)
For application in traffic rules on the firewall and for correct running of the above options, the device must have a FortiGuard subscription, which you receive along with the licence. FortiGuard delivers signatures on an ongoing basis, thanks to which the device is continually updated and has latest security features.
FGT/FWF60F and FGT/FWF80F are other devices in the series. Their small size makes them desktop devices. FGT100, FGT200 FGT300 etc. don’t have the WiFi and are intended for installation in racks. These devices are designed for larger networks.
The 60F has more Eth ports than its predecessor, 40F. The device functionality remains the same, but the performance increases:
Performance of FGT60F
In the successive model, 80F, the number of device ports does not change relative to 60F. SFP fibre-optical ports shared with Eth ports are added. This means that one of two Eth or SFP ports can be used. The WiFi parameters are not changed. This model features an additional power socket.
The performance of this device is higher than of its predecessors:
61F and 81F models are noteworthy: they have an internal 128 GB SSD memory. They are used for gathering e.g. logs from the device, if you don’t send them to a syslog server.
The advantages of the above routers include the possibility to:
- Configure IPsec VPN tunnels (between locations) for connecting the company’s branch. ADVPN is an interesting option (dynamic tunnels set up only on the moment of sending traffic in the Hub and Spoke topology).
- Configure remote work with the use of the popular SSL VPN. Additionally 2FA, with the use of FortiTokens (separate licence required). If you don’t want to purchase another licence, you can use the email option instead of tokens. Thanks to such functions the infrastructure security level increases.
- To configure dynamic routing: BGP, OSPF, RIP.
SOHO class devices will be developed continually in terms of security and performance. This is why it’s worth thinking about end-to-end security of your company, office or home already today. Check the functionality of your network and see how you can streamline it.
Administrator Sieci w Support Online