Installation of the device was easy enough as it ships with mounting hardware for both two-post and four-post rack configurations. It also included Ethernet and console cables, which was pleasant to see. Configuration was tricky, though. There was very little context-sensitive help on the device itself, so we had to review both the installation guide and the administrator's guide very carefully in order to make sense of the myriad options presented. Much like a firewall, policy order is vital. We found ourselves briefly frustrated while trying to set up an encryption rule before we realized that the test message also matched the criteria for a different rule we set up higher in the list. Once we began thinking of the device as a firewall for email, everything fell into place. There were some glitches. We were unable to get certain features to work without a call to support. Once we did have it working, though, the device functioned beautifully.
The device supports S/MIME, transport layer security (TLS) and identity-based encryption (IBE). Support is present for both self-signed certificates and existing public key infrastructure (PKI) implementations. The IBE implementation was a pleasure to see, especially considering that it is hosted entirely on the device itself - there is no need for users to authenticate to a third-party server, unlike many other venders' offerings. It provides all of its email routing and manipulation features through a series of policies and profiles, which can be linked together in multiple ways to provide a desired function. For example, policies can be set that will encrypt an outgoing message if it comes from a user in a particular Active Directory group, addressed to a specific external email address, contains a particular word or phrase or any combination of the three. Content filtering is achieved in the same way - by combining a series of conditions, actions and dictionaries into a policy, email can be sorted, redirected, modified and/or anti-virus scanned.
Documentation comes on a CD and Fortinet also hosts a knowledge base and user forums. The installation and administrators guides are detailed, providing screen shots and step-by step instructions for configuring each module. Due to the complexity of the way each module interacts with the others, however, we would have liked to see some sample scenarios documented. As it was, we had to rely on the Fortinet support team to connect some of the dots for us.
Fortinet offers the 400C as a standalone device or with eight-hours-a-day/five-days-a-week or 24/7 hour support. It also offers a remote installation service for $750 that users may want to consider as the complexity of the device can be daunting.
The offering retails for $6,995 as a standalone unit with no support, $9,145 with one year of eight-hours-a-day/five-days-a-week hardware/software support, or $10,177 with one year of 24/7 hardware/software support. Fortinet uses a flat rate pricing scheme for its FortiMail devices, there is no per user charge, and no component- or module-based pricing. All FortiMail devices come with all feature sets.
If you have time to comb through documentation, or have a small amount of money in your budget for the remote installation service, the FortiMail 400C will serve your enterprise extremely well.