Wi-Forti-FiBy CWNP On 03/12/2010 - 21 Comments
Way back in the days before 802.11i, Wi-Fi security was immature. WEP was the best the industry had to offer and WLAN education was in its infancy. Features like SSID hiding and MAC filtering became popular, and Wi-Fi inherited a reputation like the nervous kid in high school: insecure. As we all know, Wi-Fi uses a shared and openly accessible medium, so it has some inherent security needs, but thankfully there are more than adequate answers to the problem. In fact, many WLANs are more secure than wired LANs due to the extra diligence taken to protect them. No less, Wi-Fi security is always a hot topic and it will continue to be a hot topic… for-ever, for-ever… (ever seen The Sandlot?).
Since security is a big ticket consideration for any network, it is no surprise that security-focused companies are jumping into the game. Case in point, Aerohive’s current management team is largely a who’s who from Netscreen, which was a firewall company sold to Juniper in 2004 (I believe). Anyway, since hyper-awareness to security sells things like dedicated WIPS solutions, it should come as no surprise that Fortinet is jumping into the Wi-Fi game as well. Yep, that’s right… Fortinet. They’ve announced new FortiAP controller-based APs that will be managed by existing FortiGate firewall appliances. Since the FortiGate appliances are already deployed in production networks, Fortinet is providing software upgrades to turn them into multi-purpose firewalls/WLAN controllers.
No less, the big sell is that Wi-Fi is insecure. For that reason, they will say, you should push all wireless data through a firewall and perform top-to-bottom inspection. This looks a bit like Aruba’s heavy filtering approach, no? Of course, they should have a jump start on the security piece of the puzzle, as this is their specialty. I know processor, memory, and purpose-built ASIC capabilities are pretty stout these days, but I’m still eager to see their real-world throughput numbers when they’re pushing all data through thorough inspection like this. It makes me think of a cavity search team at an airport. If everyone is getting thorough inspection, traffic will slow up some, right?
As for the APs, they’re starting off simple with 2 models, the 210 and 220. They’re both 2x2:2. The 210 is single radio, dual band and the 220 is dual radio, dual band. I presume that the highly security conscious customers—Fortinet’s target audience—will opt for the 220 to include dedicated WIPS scanning with the second radio. I’m sure everyone’s excited by now, but you’ll have to wait until Q3 for product shipment. In the meantime, it’s good to know what’s in the hopper. Welcome to Wi-Fi, Fortinet.
Blog Disclaimer: The opinions expressed within these blog posts are solely the author’s and do not reflect the opinions and beliefs of the Certitrek, CWNP or its affiliates.