Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Installation of the device was easy enough as it ships with mounting hardware for both two-post and four-post rack configurations. It also included Ethernet and console cables, which was pleasant to see. Configuration was tricky, though. There was very little context-sensitive help on the device itself, so we had to review both the installation guide and the administrator's guide very carefully in order to make sense of the myriad options presented. Much like a firewall, policy order is vital. We found ourselves briefly frustrated while trying to set up an encryption rule before we realized that the test message also matched the criteria for a different rule we set up higher in the list. Once we began thinking of the device as a firewall for email, everything fell into place. There were some glitches. We were unable to get certain features to work without a call to support. Once we did have it working, though, the device functioned beautifully.
The device supports S/MIME, transport layer security (TLS) and identity-based encryption (IBE). Support is present for both self-signed certificates and existing public key infrastructure (PKI) implementations. The IBE implementation was a pleasure to see, especially considering that it is hosted entirely on the device itself - there is no need for users to authenticate to a third-party server, unlike many other venders' offerings. It provides all of its email routing and manipulation features through a series of policies and profiles, which can be linked together in multiple ways to provide a desired function. For example, policies can be set that will encrypt an outgoing message if it comes from a user in a particular Active Directory group, addressed to a specific external email address, contains a particular word or phrase or any combination of the three. Content filtering is achieved in the same way - by combining a series of conditions, actions and dictionaries into a policy, email can be sorted, redirected, modified and/or anti-virus scanned.
Documentation comes on a CD and Fortinet also hosts a knowledge base and user forums. The installation and administrators guides are detailed, providing screen shots and step-by step instructions for configuring each module. Due to the complexity of the way each module interacts with the others, however, we would have liked to see some sample scenarios documented. As it was, we had to rely on the Fortinet support team to connect some of the dots for us.
Fortinet offers the 400C as a standalone device or with eight-hours-a-day/five-days-a-week or 24/7 hour support. It also offers a remote installation service for $750 that users may want to consider as the complexity of the device can be daunting.
The offering retails for $6,995 as a standalone unit with no support, $9,145 with one year of eight-hours-a-day/five-days-a-week hardware/software support, or $10,177 with one year of 24/7 hardware/software support. Fortinet uses a flat rate pricing scheme for its FortiMail devices, there is no per user charge, and no component- or module-based pricing. All FortiMail devices come with all feature sets.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.