Comparison Fortinet FortiGate 40F vs Fortinet FortiGate 30E

How the router connects to the Internet or other external network.

Almost all modern routers have ethernet network connectors for this purpose, however, in addition to them, other connection options can be provided — both wired ( ADSL, SFP / SFP + optics) and wireless (mobile access via 3G / 4G modem or SIM card). Here are the features of each option:

— Ethernet. A standard LAN network cable connector (“twisted pair”) is the most popular modern wired connection format in computer networks. Widely used both in "local" and to provide access to the Internet. This standard is somewhat inferior to SFP / SFP + (see below) in terms of speed and noise immunity, but it is much cheaper. The speed of work in modern versions of Ethernet can reach 10 Gbps (see "Connection speed of WAN ports"), theoretically, a further increase in throughput is possible.

— SFP / SFP + (optics). A connector for transmitting network traffic over a fiber optic cable. The main advantage of such a cable is complete insensitivity to electromagnetic interference. And data transfer rates can reach 2.7 Gbps in the original SFP and 16 Gbps in SFP+. At the same time, maintaining this standard is not cheap, and the benefits mentioned are not often needed in fact. Therefore, SFP / SFP + is found mainly in mid-range a...nd top-level routers.

— ADSL. Connecting to the Internet through a fixed telephone network using ADSL technology. The key advantage of this connection is the ability to use existing networks without laying additional wires; at the same time, Internet access is completely separated from telephone communication and traffic does not interfere with voice calls. On the other hand, the bandwidth of ADSL is very low by modern standards (less than 24 Mbps), moreover, the data transmission speed is noticeably lower than the reception speed. This can create problems for video communication and some other specific tasks. So nowadays ADSL is used less and less.

— 3G/4G modem (USB). Internet connection via mobile network using a separate 3G or 4G modem connected to the USB port. This feature can be useful where there is no full-fledged wired connection (for example, in rural areas), and also as a fallback option in case the main communication channel fails. And the type of network supported depends mainly on the modem used (the compatibility of the router with different models needs to be specified separately, but most often there are no problems with this). As for specific types of networks, most 3G modems work in UMTS networks (the same ones that are massively used by mobile phones); the data transfer rate in such networks can reach 75 Mbit / s (however, usually it is much lower). Less common are 3G modems for EV-DO networks based on CDMA — this standard has lower speeds (up to 14.7 Mbps) and not as extensive coverage as UMTS, however, both the equipment and the connection itself can be cheaper. And the designation "4G" means only one type of networks — LTE; it provides speeds up to 173 Mbps, but is not as widespread as 3G.

— SIM card. Another option for connecting to the Internet via mobile networks is its own SIM card slot provided in the design of the router. This option is convenient because you do not need to buy an additional device (modem) for mobile Internet — you just need to purchase an operator's SIM card. On the other hand, due to the built-in mobile communication modules, such routers themselves are more expensive than analogues for USB modems. In addition, the connectivity options in them are limited by the characteristics of the module: for example, a router for 3G networks will not be able to fully use 4G networks (whereas a USB modem can usually be changed to a more advanced one). As a result, this option is relatively rare in modern equipment.

The number of standard Gigabit Ethernet RJ-45 network connectors provided in the device design.

As the name suggests, these connectors provide data transfer rates up to 1 Gbps. Initially, Gigabit Ethernet was considered a professional standard, and even now the real needs for such speeds arise mainly when performing special tasks. Nevertheless, even relatively inexpensive computers are now equipped with gigabit network adapters, not to mention more advanced technology.

As for the number of connectors, it corresponds to the number of network devices that can be connected to the "switch" directly, without the use of additional equipment. At the same time, it is worth noting that in some "switches" individual connectors of this type are combined with optical SFP or SFP +. Such connectors are marked "combo" and are taken into account both when counting RJ-45 and when counting SFP / SFP +.

In this case, dedicated LANs mean directly marked network connectors designed for wired connection of LAN devices - PCs, servers, additional access points, etc. The number of ports corresponds to the number of devices that can be directly connected to the equipment by wire.

Performance of a Firewall type device (see "Type") in intrusion prevention mode.

Intrusion protection is carried out on the same principle as the general processing of traffic by a firewall — by checking the received and transmitted data. However, the principles of filtering are somewhat different: Firewall cuts off certain types of traffic, preventing them from reaching network devices, while intrusion protection allows all traffic, but checks it for suspicious activity. Actions upon detection of such activity can be different: in some models, protection only notifies the administrator about the attack, in others, it independently takes retaliatory measures. Anyway, fine-grained traffic inspection is more resource-intensive than running a firewall in normal mode, which is why the performance in intrusion prevention mode is inevitably lower than the overall performance of the Firewall.

Note that this parameter is specified for optimal conditions — in particular, for those types of traffic that do not require a large amount of resources for scanning. So the real throughput of the firewall will inevitably be lower than the claimed one, and when choosing according to this indicator, it is worth taking a certain margin — at least 10 – 15%.

Performance of a Firewall type device (see "Type") in intrusion prevention mode.

Intrusion protection is carried out on the same principle as the general processing of traffic by a firewall — by checking the received and transmitted data. However, the principles of filtering are somewhat different: Firewall cuts off certain types of traffic, preventing them from reaching network devices, while intrusion protection allows all traffic, but checks it for suspicious activity. Actions upon detection of such activity can be different: in some models, protection only notifies the administrator about the attack, in others, it independently takes retaliatory measures. Anyway, fine-grained traffic inspection requires more resources than running a firewall in normal mode, which is why the performance in intrusion prevention mode is inevitably lower than the overall performance of the Firewall.

Note that this parameter is specified for optimal conditions — in particular, for those types of traffic that do not require a large amount of resources for verification. So the real throughput of the firewall will inevitably be lower than the claimed one, and when choosing according to this indicator, it is worth taking a certain margin — at least 10 – 15%.

The performance of a device of the Firewall type (see "Type") when operating in VPN mode — namely, when building a virtual private network using a firewall as a VPN server. It is indicated by the maximum volume of traffic that the device can process per second with such a connection.

For more information about VPN in general, see "Basic Features". Here we note that in this format of operation, the Firewall must additionally encrypt the transmitted traffic and decrypt the received, which creates an additional load on the device. Therefore, throughput in VPN mode is inevitably less than the overall performance of the Firewall (see above). It is worth choosing according to this indicator with a certain margin — at least 10 – 15%; this will give an additional guarantee in case of abnormal loads.

As for specific figures, VPN bandwidth up to 1 Gbps is considered relatively small, more than 1 Gbps is considered high.