WATCHGUARD VS FORTINET FIREWALL

NITHIN.V.S Network security consultant Secure Network solutions

Dear sir, With reference to your requirement for UTM-Firewall would like to produce before you what all advantages you can have ,,with a watchguard purchase over Fortigate firewall. Also given a brief insight into features of watchguard.

POINTS OF SIGNIFICANCE:

1.)BETTER UTM PERFORMANCE Performance of fortinet severly drops-down once utm features are in effect due its ASIC architecture.
2.)INBUILT LOGGING & REPORTING

Watchguard offers In-built Logging & Reporting features.I.E you can have complete logs & reports regarding network usage at no extra cost.In case of fortinet you would have to go for a seperate device FORTI-ANALYZER(Around 80,000 extra). 3 ) SCALABILITY Watchguard is the only UTM vendor offering SCALABILITY.I.E suppose in 2 years your network users increased in event of a new lab set-up etc,In case of fortinet the only option would be to replace existing box and buy a new box.But with watchguard you can have upgrade from existing box to any higher model in series by a SUBSCRIPTION UPDATE.You thus save a box-purchase.

Nithin.V.S Secure Network Solutions, Kerala

WATCHGUARDADVANTAGE
WatchGuard and Fortinet offer similar overall capabilities; however, WatchGuard offers an unbeatable combination of performance, security, and ease of use. Fortinets UTM product strategy is based heavily on its ASIC technology. The custom silicon allows their boxes to run very fast for packet filtering and VPN, but at a considerable penalty for general-purpose tasks such as AV and IPS scanning,I.e the entire box performance goes doen antivirus/IPS enabled.

WATCHGUARD UTM BUNDLE

1.)GATEWAY-ANTIVIRUS 2.)SPAM BLOCKER 3.)WEB-BLOCKER 4.)APPLICATION CONTROL 5.)REPUTATION ENABLED DEFENSE 6.)INTRUSION PREVENTION

GATEWAY-ANTIVIRUS
Gateway AntiVirus (GatewayAV) is a fully integrated security subscription for WatchGuard XTM appliances and comes from industry leader AVG. It works in tandem with the application layer content inspection of the XTM to provide real-time protection against known viruses, trojans, worms, spyware, and rogueware. Gateway AV scans traffic on all major protocols, using continually updated signatures to detect and block all types of malware. And because Gateway AV is integrated with WatchGuard XTM security
appliances, you have an easy-to-manage, cost-effective solution without additional hardware

to purchase and maintain. FEATURES:

Flexible administrator control Have the flexibility to define the action to be taken when malware is identified enabling the network to allow, block, quarantine, or lock questionable traffic based on type, user/group, and protocol. You shall not pass Scans all major protocols, including HTTP, HTTPS, FTP, TCP, SMTP, and POP3 to block all types

of malware. Dynamic analysis Dynamic heuristic analysis uses code emulation to identify polymorphic viruses and dangerous code that signatures don't catch. Stronger security for web surfing Multi-layered inspection of HTTP traffic indentifies spyware, adware, keyloggers, and dialers. Compressed file scanning Compressed and encoded files are decompressed for inspection, with comprehensive compression format support. Quarantine suspect traffic Suspect email can be flagged to go into quarantine, where administrator can restrict access or allow users to review quarantined files through automatic email alerts. Optimized for better network performance Buffered scanning process ensures optimum performance for in-line HTTP scanning.

SPAM-BLOCKER Spam-blocker in watchguard comes from industry leader COMMTOUCH with patented R.P.D technology and offers significant advantages over fortinet Spam detection.Later in H.N.L we couldnt block incoming spam mails in your mail-server as fortinet offers only means to TAG spam mails.But with watchguard Spam-blocker we have options to Block,quarantine,and also Tag spam mails.SpamBlocker provides real-time spam detection for immediate protection from outbreaks. It's the best solution in the industry at distinguishing legitimate communication from spam in real time, blocking nearly 100% of unwanted emails. Spam accounts for up to 95% of global email and remains the most common method of spreading viruses. It bogs down network traffic and leads unsuspecting users to malicious web sites designed to steal sensitive personal and company information. Pervasive as it is, you still have the ability to stop spam cold by adding a spamBlocker subscription to your WatchGuard XTM security solution

FEATURES:
Flexible administrator control Decide how messages will be processed, and which users and groups can receive bulk mail. Use whitelists and blacklists to allow mail from trusted domains. Block, allow, and tag mail for easy identification and forwarding to dedicated Exchange folders. Works on both SMTP and POP3.

Strong protection Best in the industry at distinguishing legitimate communication from spam outbreaks in real time, blocking nearly 100% of unwanted email before it reaches the internal mail server. Virus outbreak detection New! A powerful layer of real-time anti-virus protection employs RPD technology to recognize and stop malware with excellent accuracy. Spam quarantine Users can create a safe, full-featured quarantine for spam, bulk mail, and suspect email messages. Granular control allows for custom configuration. Optimized for better network performance Requires minimal bandwidth and CPU power because most of the processing is done outside the Internet gateway.

WEB-BLOCKER Web-blocker in watchguard comes from WEB-SENSE.It's a fully integrated security subscription for all WatchGuard XTM appliances. It allows IT administrators to manage web access and content for stronger security and control of web surfing. WebBlocker blocks malicious sites to keep your network protected from risky web content. It helps conserve network bandwidth, prevent legal liability from inappropriate content, and increase employee productivity while it guards the network against malicious attacks from rogue websites. And because WebBlocker is integrated with the WatchGuard security appliance, you have an easy-to-manage, cost-effective solution with no additional hardware to buy. FEATURES:
Strong administrative control Configure up to 54 web categories to stop the sites and web tools you most want to block. Daily incremental database updates URL database is updated daily to give you the most current protection available. Flexible configuration Configure web access by users, groups, domains, time of day, and department requirements to meet specific business and user needs. Customizable open-access policies Create custom "Allowed" exception lists for certain web sites, host addresses, or URLs so you can keep mission-critical access open. Local override Administrators can enter a password to temporarily override blocked sites. Acceptable Use enforcement Allows you to enforce your acceptable use policies to protect your business from legal liabilities.

Centralized logging and reporting Generate graphical reports of web access, usage, and time of day for the data you need to make security policy decisions.

APPLICATION-CONTROL Application-control enables IT administrators to monitor and control access to web and business applications to enforce policy, and protect productivity and network bandwidth. Application Control makes it simple to create and enforce acceptable use policies at your company. With Application Control, you can selectively allow, block, or restrict access to applications based on a user's department, job function, and time of day. Once you establish your policy, Application Control allows you to see in real-time what's being accessed on your network and by whom. You can use this information to demonstrate compliance, evaluate employee need, and refine acceptable use policies.

FEATURES Intuitive and Effective Exercise fine-grained control over more than 1,800 applications, organized by category. Application Control lets you drill down from application category ("P2P") to application name ("Facebook") and down to application function ("Facebook Chat").. Signatures...and then Some Sophisticated Behavioral Analysis works overtime, regardless of destination address or L7 protocol, to ensure applications that exhibit certain patterns of behavior don't escape the gaze of Application Control including encrypted applications that are specifically designed to bypass ordinary security measures. Dynamic Updates New applications and new versions are released constantly. Application Control stays current with regular application signature updates. Reporting Out of the Box Real-time reporting and monitoring are included. That means no additional software to buy in order to have complete visibility into network activity.

REPUTATION-ENABLEDDEFENSE

Reputation scores from Kaspersky database.

INTRUSIONPREVENTIONSERVICE Intrusion Prevention Service (IPS) is a fully integrated security subscription for all WatchGuard XTM appliances. It works in tandem with the application layer content inspection of the XTM to provide real-time protection against network threats, including spyware, SQL injections, cross-site scripting, and buffer overflows. IPS scans traffic on all major protocols, using continually updated signatures to detect and block all types of threats. And because IPS is integrated with WatchGuard XTM security appliances, you have an easy-to-manage, cost-effective solution without additional hardware to purchase and maintain. FEATURES
Flexible administrator control Have the flexibility to define the action to be taken when malware is identified enabling the network to allow, block, or lock questionable traffic based on type, user/group, protocol, and severity. Comprehensive threat signatures Signatures cover a broad range of threats, including SQL injections, cross-site scripting (XSS), buffer overflows, denial of service, and remote file inclusions.

Continually updated database Signatures are updated without interruption as new threats emerge, so you never have to leave your network exposed. Highly effective scanning Scans all protocols, including HTTP, HTTPS, FTP, TCP, UDP, DNS, SMTP, and POP3 to block network, application, and protocol-based attacks. Granular control Assign specific actions to take depending on the level of the threat each signature has a severity assigned. Automated source blocking IP addresses identified as the source of an attack are automatically blocked to prevent further malicious traffic from entering your network.

REAL-TIMETRAFFICMONITORINGTOOLS With watchguard unlike fortigate we can now have a complete understanding of what is happening in your network. TOOLS TO LOOK OUT 1.)Firebox system-Manager a.)Traffic-Monitor

Can used for real-time network traffic-analysis and monitoring and is a powerful tool for trouble-shooting.

b.)Bandwidth Meter Shows real-time bandwidth consumption of all interfaces.

c.)Service Watch Shows real time traffic-usage of all services used(http,https etc).

2.)Host-watch Shows real-time visualisaton of all connections from your network.

In Fortigate no possible way to have real-time analysis other than tedious command-line monitoring.

WATCHGUARD LOGGING & REPORT SERVER

Unlike Fortinet which requires expensive FORTI-ANALYZER for watchguard log & report server are in-built.Every traffic in network is stored in log-server which report server collects and prepares scheduled as well as On-demand reports.More than 55 categories of reports are available . Highlighting the one's of significance as far as H.N.L is concerned. 1.)PER-CLIENT BANDWIDTH USAGE Reports the bandwidth usage of every internet connected systems in network.

APPLICATION-USAGE REPORTS Displays appication usage trend in network.

PER-CLIENT AUDIT REPORTS Displays complete list of all web-sites requested by every user in network. 10.0.1.16/IT-MANAGER

TRAFFIC-TREND REPORTS Displays internet bandwidth usage and connections in a 24 hour interval/hour.

MAIL-SEND REPORTS Displays complete list of mails send from the network,with recepient details,size of mail and time of sending.

NOTE:For demonstration only,complete suite of reporting includes 58 type of reports.

For any queries please contact: Nithin.V.S Network Security Consultant Secure Network Solutions Kerala,Ph:08129400133