Remote FortiDevice by EnBITCon - The cost-effective solution for the home office

Did you know that you can use any Fortinet access point to connect a home office to your corporate network? The access point can establish a DTLS or IPSec encrypted connection to a FortiGate. A second FortiGate as VPN client is then not necessary. This allows you to easily and conveniently integrate a home office securely into your company network. It would still be cost-effective and an attractive alternative to other solutions from other manufacturers.

What is the RemoteFortiDevice suitable for?

The Remote FortiDevice would be suitable for simple office tasks. It not only has a WLAN radio that can offer 2.4 and 5 GHz WLAN, but also three additional Ethernet interfaces, one of which even has PoE, provided the access point is supplied with a PoE+ source via the WAN interface. You can then connect a PoE-capable IP telephone to this port, for example, and save yourself an additional power source and only need one socket. When using a (separately available) power supply unit, the PoE functionality is omitted.

The unit can then independently establish an encrypted connection to a FortiGate. So there is no need for a separate FortiGate as a VPN client in the home office.

What about encryption?

For encryption, you can choose DTLS or IPSec. However, the use of IPSec would be recommended here. With a FortiGate, you can process this hardware-accelerated via the content processor and thus relieve the processor of the device. The security of the encryption is guaranteed with IPSec using AES256/SHA256. To crack such an encryption, one would have to guess a 256-bit key.

In short, a 256-bit key corresponds to 2^256 possibilities. That's a number with 78 digits before the decimal point. So an incredibly large number with an incredibly large number of possibilities. Trying through these to find the one key is not feasible with current resources. It would simply take too long.

With an IPSec connection to a FortiGate, you can expect transfer rates of up to 20 megabits per second with a FortiAP C24JE. This is sufficient for less demanding office work, especially if split-tunnelling is used and only the network traffic that is needed passes through the VPN tunnel.

For example, normal internet surfing can continue to run over the employee's internet line and access to internal resources or even VoIP telephony can run over the VPN tunnel. This not only relieves the VPN tunnel, but also the FortiGate.

What can we at EnBITCon offer?

We advise you and accompany you, from planning to execution.

We offer certified technicians with expertise who can not only set up the solution for you, but also explain how you can manage it yourself. For example, to connect additional access points.

In doing so, we can create a configuration that enables zero-touch deployment. This means that an administrator or technician does not have to hold the device in his hand. For example, it could be delivered directly to an employee. The employee would only have to connect the device. The access point would then connect to the FortiGate on its own and establish the encrypted connection.

If you are interested in a Fortinet product and would like advice or even a trial, please feel free to contact us by phone, email or our contact form.