Threat Research

On balance, is it still UTM?

By Carl Windsor | March 04, 2010

Inside-FortiOS_Blog_Logo-150pxWith all of the features available in the FortiGate operating system, such as our antivirus, web filtering, IPS and antispam, together with the newer additions such as SSL VPN, DLP, WAN Optimization, etc., it is easy to overlook some of the lesser known features our solution provides.

I wanted to mention our load balancing capability as another one of those surprising Fortinet free features.

Of course in the current economic climate, consolidation, something Fortinet has pioneered for the past decade, is always being sought and the more features that a unified solution can provide the better. Realists will always point out, however, that consolidation only works when the features being offered are of a sufficient quality compared with other solutions on the market. This is where the little known FortiGate load balancing feature often surprises.

The Fortinet load balancing feature set contains all of the features you would expect of a server load balancing solution. Traffic can be balanced across backend servers based on multiple methods including static (failover), round robin, weighted to account for different sized servers, or based on the health and performance of the server including round trip time, number of connections. The load balancer supports HTTP/S, SSL or generic TCP/UDP or IP protocols. Session persistence is supported based on the SSL session ID or based on an injected HTTP cookie. The load balancing feature is supported on all devices from the FG50B upwards and supports 10,000 virtual servers on the high end systems.

In addition to the load balancing features, there is also a range of heavy duty options including:

  • SSL Offload where the decryption process is offloaded to the FortiGate custom ASIC to accelerate performance

  • HTTP Multiplexing where multiple HTTP streams are pipelined into a single request to the backend server

  • Intrusion Prevention performed on the traffic before distribution out to the servers, protecting them from attack.

Quite the UTM appliance...

Join the Discussion