USA
Catalog   /   Computing   /   Networking   /   Routers & Firewalls

Comparison Cisco Meraki Go GX20 vs Fortinet FortiGate 60F

Add to comparison
Cisco Meraki Go GX20
Fortinet FortiGate 60F
Cisco Meraki Go GX20Fortinet FortiGate 60F
from $295.65 
Outdated Product
from $319.95 
Expecting restock
TOP sellers
TypeFirewallFirewall
Mountdesktopdesktop
Ports
Connections
Ethernet
 
Ethernet
3G/4G modem (USB)
Gigabit Ethernet5 pcs
10 pcs /1 DMZ port/
Of which dedicated WANs1 pcs2 pcs
Of which dedicated LAN4 pcs8 pcs
USB ports11
Console port
 /RJ45/
Features
Control
 
 
Web interface
 
SSH
Telnet
Web interface
SNMP
Basic features
DHCP server
 
 
 
VPN
 
DHCP server
load balancing
channel reservation
port forwarding
VPN
DDNS
Security
Security
 
 
web content filtering
 
 
 
MAC address filtering
DoS protection
web content filtering
antivirus
antispam
DMZ
Firewall performance250 Mbps10000 Mbps
Intrusion prevention1400 Mbps
VPN performance6500 Mbps
VPN tunnels
500 /gateway-gateway up to 200/
PoE
PoE (output)802.3af
PoE outputs1 pcs
General
PSUexternalexternal
Operating temperature0 °C ~ +40 °C0 °C ~ +40 °C
Dimensions (WxDxH)174x112x24 mm216x160x39 mm
Weight310 g1010 g
Added to E-Catalogaugust 2022april 2020

Connections

How the router connects to the Internet or other external network.

Almost all modern routers have ethernet network connectors for this purpose, however, in addition to them, other connection options can be provided — both wired ( ADSL, SFP / SFP + optics) and wireless (mobile access via 3G / 4G modem or SIM card). Here are the features of each option:

— Ethernet. A standard LAN network cable connector (“twisted pair”) is the most popular modern wired connection format in computer networks. Widely used both in "local" and to provide access to the Internet. This standard is somewhat inferior to SFP / SFP + (see below) in terms of speed and noise immunity, but it is much cheaper. The speed of work in modern versions of Ethernet can reach 10 Gbps (see "Connection speed of WAN ports"), theoretically, a further increase in throughput is possible.

— SFP / SFP + (optics). A connector for transmitting network traffic over a fiber optic cable. The main advantage of such a cable is complete insensitivity to electromagnetic interference. And data transfer rates can reach 2.7 Gbps in the original SFP and 16 Gbps in SFP+. At the same time, maintaining this standard is not cheap, and the benefits mentioned are not often needed in fact. Therefore, SFP / SFP + is found mainly in mid-range a...nd top-level routers.

— ADSL. Connecting to the Internet through a fixed telephone network using ADSL technology. The key advantage of this connection is the ability to use existing networks without laying additional wires; at the same time, Internet access is completely separated from telephone communication and traffic does not interfere with voice calls. On the other hand, the bandwidth of ADSL is very low by modern standards (less than 24 Mbps), moreover, the data transmission speed is noticeably lower than the reception speed. This can create problems for video communication and some other specific tasks. So nowadays ADSL is used less and less.

— 3G/4G modem (USB). Internet connection via mobile network using a separate 3G or 4G modem connected to the USB port. This feature can be useful where there is no full-fledged wired connection (for example, in rural areas), and also as a fallback option in case the main communication channel fails. And the type of network supported depends mainly on the modem used (the compatibility of the router with different models needs to be specified separately, but most often there are no problems with this). As for specific types of networks, most 3G modems work in UMTS networks (the same ones that are massively used by mobile phones); the data transfer rate in such networks can reach 75 Mbit / s (however, usually it is much lower). Less common are 3G modems for EV-DO networks based on CDMA — this standard has lower speeds (up to 14.7 Mbps) and not as extensive coverage as UMTS, however, both the equipment and the connection itself can be cheaper. And the designation "4G" means only one type of networks — LTE; it provides speeds up to 173 Mbps, but is not as widespread as 3G.

— SIM card. Another option for connecting to the Internet via mobile networks is its own SIM card slot provided in the design of the router. This option is convenient because you do not need to buy an additional device (modem) for mobile Internet — you just need to purchase an operator's SIM card. On the other hand, due to the built-in mobile communication modules, such routers themselves are more expensive than analogues for USB modems. In addition, the connectivity options in them are limited by the characteristics of the module: for example, a router for 3G networks will not be able to fully use 4G networks (whereas a USB modem can usually be changed to a more advanced one). As a result, this option is relatively rare in modern equipment.

Gigabit Ethernet

The number of standard Gigabit Ethernet RJ-45 network connectors provided in the device design.

As the name suggests, these connectors provide data transfer rates up to 1 Gbps. Initially, Gigabit Ethernet was considered a professional standard, and even now the real needs for such speeds arise mainly when performing special tasks. Nevertheless, even relatively inexpensive computers are now equipped with gigabit network adapters, not to mention more advanced technology.

As for the number of connectors, it corresponds to the number of network devices that can be connected to the "switch" directly, without the use of additional equipment. At the same time, it is worth noting that in some "switches" individual connectors of this type are combined with optical SFP or SFP +. Such connectors are marked "combo" and are taken into account both when counting RJ-45 and when counting SFP / SFP +.

Of which dedicated WANs

The number of ports designated as WAN by the manufacturer. They are intended for wired connection of the device to the Internet or other external networks (to solve some specific problems).

Of which dedicated LAN

In this case, dedicated LANs mean directly marked network connectors designed for wired connection of LAN devices - PCs, servers, additional access points, etc. The number of ports corresponds to the number of devices that can be directly connected to the equipment by wire.

Console port

The presence of a console port in the router. This connector is used to control the device settings from a separate computer, which plays the role of a control panel — a console. The advantage of this format of operation is that access to the functions of the router does not depend on the state of the network; in addition, special utilities can be used on the console that provide more extensive capabilities than a regular web interface or network protocols (see "Management"). An RS-232 connector is often used as a console port, but in modern routers this role can also be played by a separate Ethernet input (not used for any other purpose).

Control

Management methods and protocols supported by the router.

SSH. Abbreviation for Secure Shell, i.e. "Safe shell". The SSH protocol provides a fairly high degree of security, because. encrypts all transmitted data, including passwords. Suitable for managing almost all major network protocols, but requires a special utility on the host computer.

Telnet. A network management protocol that provides configuration via a text-based command line. It does not use encryption and does not protect transmitted data, and is also devoid of a graphical interface, which is why in many areas it has been supplanted by more secure (SSH) or more convenient (web interface) options. However, it is still used in modern network equipment — in particular, as a means of managing FTP servers.

Web interface. This function allows you to open the router's management interface in a regular Internet browser. Thus, to access the settings, you do not need special software — just a regular computer or even a smartphone / tablet is enough (modern mobile browsers are close to desktop ones in terms of capabilities).

SNMP. Abbreviation for Simple Network Management Protocol, i.e. "simple network control protocol". It is a standard part of the common TCP/IP protocol on which both the Internet and many local networks are built. I...t uses two types of software — "managers" on control computers and "agents" on managed computers (in this case, on a router). The degree of security is relatively low, but SNMP can be used for simple management tasks.

Note that this list is not exhaustive — some routers have other, more specific management capabilities (such as the EEM event manager in Cisco devices).

Basic features

The basic capabilities of the router — that is, the functions directly related to the work for the main purpose. The most common of these features are DHCP server, load balancing, link reservation, port forwarding, MAC address cloning, VPN and DDNS support. Here is a detailed description of each item:

— DHCP server. A feature that makes it easy to assign IP addresses to devices connected to the router. An IP address is necessary for correct operation in TCP / IP networks (and this is the entire Internet and the vast majority of modern “local sites”). In the presence of DHCP, this process can be carried out completely automatically, which makes life much easier for both users and administrators. However, the administrator can also set additional DHCP options — for example, specify a range of available IP addresses (to prevent errors) or limit the time of using one address. If necessary, you can even manually enter a specific address for each device on the network, without automatically adding new devices — DHCP also simplifies this procedure, as it allows you to carry out all operations on the router without delving into the settings of each subscriber device.

— Load balancing. A feature found on models that have two or...more channels to connect to the Internet (and other external networks); most often these are two or more WAN ports, but there is another option — one port, supplemented by support for 3G / 4G mobile networks. Anyway, the idea of balancing is to use several channels for external connection at the same time, dividing the load between them in one way or another. This allows you to increase the efficiency of the connection, achieving maximum data transfer speeds and at the same time avoiding unnecessary congestion. For example, a channel for online games can be separated from the rest of the connection, minimizing lags and reducing the likelihood of failures. As for load distribution, it can be either automatic (when the router itself determines the optimal channel for each device, depending on the current traffic consumption), or manual (when specific channels are prescribed for different network devices, applications, or even types of traffic).

— Channel reservation. Another feature related to the simultaneous use of several channels to connect to the Internet (or other external network). In redundancy mode, the router constantly uses the main channel (or several channels) for external connection, and in case of failures on this channel, it automatically switches to the spare (spare). This relieves the administrator of the need to manually organize the connection when the main connection fails; and the spare channel works only when it is indispensable, which in some cases allows you to avoid unnecessary costs. A typical example of working with redundancy in everyday life is the use of a wired Internet connection as the main channel and a 3G / 4G modem as a spare; although, of course, other, more specific options are possible.

— Port forwarding. The ability to redirect traffic from the router's own ports to the address of a specific computer (or other device) on the local network. When working in this mode, such a computer “outside” will look like it is connected to the Internet directly, without a router. This mode may be needed to use some specific functions — for example, working in HTTP server mode or participating in P2P networks.

— Cloning the MAC address. The ability to copy the MAC address of one of the devices connected to it to the router — so that when accessing the router, it is the address of this device that is visible, and not the router itself. The MAC address is a unique identifier assigned to each device with a WAN port. And the need to clone this identifier arises from the fact that some Internet providers use not only a login / password, but also the MAC address of a specific computer connected directly to the network to authenticate users. If, however, such a computer is supplemented with a router, then the provider's equipment will see a new, unfamiliar device, and will not give access to the network. Cloning the MAC address allows you to fix this situation as quickly and simply as possible.

— VPN support. Support for the VPN function of the router — virtual private networks. One of the key principles behind this feature is the transmission of encrypted data over open networks, primarily the Internet. A VPN is used mainly in two formats:
  • Creating virtual networks based on an Internet connection. Thus, it is possible, for example, to combine branches of one company located in different cities or even countries into one logical network. At the same time, thanks to traffic encryption, the entire network remains closed to outsiders, although data is transmitted over an open channel. For this format, devices of the Firewall type (see "Type") are mainly used, while such a device actually plays the role of a VPN server.
  • Internet connection through an external VPN server. The functions of such a server are in many ways similar to a proxy: it serves as an "intermediary" in the exchange of traffic and replaces the user's IP address with its own address. The latter, in particular, allows you to bypass regional restrictions: nowadays, servers with IP addresses related to almost any country in the world are available. However, a VPN server, unlike a proxy, additionally encrypts the traffic transmitted to the user — this, again, has a positive effect on security and privacy. This mode is also available in regular routers.
Note that the connection to the VPN server can also be “raised” on individual devices on the network (for example, through tools in some Internet browsers). However, using this feature on a router is often more convenient: you only need to set up a VPN once, you don’t have to fiddle with options for each individual subscriber, and any network device can use such a connection (including those that do not have their own VPN tools) . On the other hand, the connection speed when working through a VPN can drop noticeably, and enabling and disabling this feature on a router is usually more difficult than on user devices.

— DDNS. Short for Dynamic DNS — "dynamic DNS". This feature allows you to assign a permanent domain name to a device with a dynamic IP address. A domain name is the name of a device on the local network or the address of a site on the Internet (for example, m.ua or e-katalog.ru). An IP address is service information in the form of a digital code; it is thanks to her that network equipment can find the desired device and issue the required data from it. Actually, IP is the primary network "coordinates"; however, remembering addresses as a sequence of numbers is quite difficult, so domain names appeared — they are much more convenient for a person. Both on the Internet and in local networks, the connection between a domain name and an IP address is responsible for the so-called DNS servers: for each domain in the database of such a server, its own IP is registered. However, for technical reasons, situations often arise when the router has to use a dynamic (changing) IP; accordingly, in order for information to be constantly available on the same domain name, it is necessary to update the data on the DNS server with each IP change. It is this update that the DDNS function provides.

Security

The security features provided by the device. Among the most common features of this kind are MAC address filtering, web content filtering, DoS protection, antivirus, antispam, and DMZ. Here is a more detailed description for each item:

— MAC address filtering. The ability to restrict network access for individual devices using data about their MAC addresses. Recall that the MAC address is a unique identifier assigned to each network device. And this function allows, for example, to open Internet access only for certain computers in the office, or to limit the connection to a closed corporate network for devices that are not on the “white list”.

— Protection against DoS attacks. A set of tools (software and sometimes hardware) to protect against DoS attacks. DoS (Denial Of Service — "denial of service") in a simplified form can be described as an attack on a computer system using a huge number of requests that the system cannot handle; as a result, access is difficult or impossible for ordinary users. Protection against such attacks can be carried out, in particular, by filtering suspicious requests or limiting the number of responses to requests per unit of time. However, the specific functionality and features of this protection should be specified s...eparately.

— Web content filtering. This function allows you to restrict or completely prohibit access of local computers to certain web resources. At the same time, filtering can be configured according to different criteria: by domain names, by categories (“adult” content, high traffic consumption, entertainment topics, etc.), by the type of content on the page (video, large images, certain scripts, etc.). n.) and others. Specific filtering features should be specified separately; however, anyway, this function allows you to set additional access rules. For example, it can be used to block access to non-work-related sites for employees in the office, or enable a parental filter on a home network.

— Antivirus. Antivirus — a tool for detecting and neutralizing malware — installed directly on the router. It is mainly used to analyze and filter network traffic, while many antiviruses are able to work in two directions — both for incoming and outgoing traffic. This allows not only to protect the network from outside attacks, but also to detect already infected local devices and prevent the distribution of confidential information, virus copies and other unwanted data. On the other hand, this feature increases the load on the router and can significantly slow down the connection speed. Therefore, it makes sense to use an antivirus on a router mainly in cases where individual devices on the network are poorly protected (or not protected at all), or if maximum protection is fundamentally important. It is also worth considering that the specific capabilities of the antivirus may be different, for each model they should be specified separately.

— Antispam. A built-in set of tools that allows you to analyze incoming mail traffic for spam and automatically filter these messages at the router level, preventing them from passing any further. This not only reduces the load on mail systems in the local network and facilitates mail filtering, but also has a positive effect on security: messages with malicious content simply do not reach the recipients. Note that when talking about antispam, they usually mean protection for classic email; for other communication methods (Viber, Telegram, etc.), such tools are not used for a number of reasons.

— DMZ. An abbreviation that stands for "demilitarized zone". By itself, this function allows you to create a segment in the local network that is open to external access; such a segment may host, for example, the company's Internet services. In its classic form, the DMZ is separated from the rest of the local network by a firewall, which provides the necessary security. At the same time, in some routers, this term may mean DMZ-host mode — a kind of "simplified version". When operating in this mode, the server open for external access is not separated from the local network, which simplifies setup, but reduces security; therefore, the DMZ host is found mainly among low-cost models designed for home use and small businesses.

Firewall performance

Performance of a Firewall type device (see "Type") in intrusion prevention mode.

Intrusion protection is carried out on the same principle as the general processing of traffic by a firewall — by checking the received and transmitted data. However, the principles of filtering are somewhat different: Firewall cuts off certain types of traffic, preventing them from reaching network devices, while intrusion protection allows all traffic, but checks it for suspicious activity. Actions upon detection of such activity can be different: in some models, protection only notifies the administrator about the attack, in others, it independently takes retaliatory measures. Anyway, fine-grained traffic inspection is more resource-intensive than running a firewall in normal mode, which is why the performance in intrusion prevention mode is inevitably lower than the overall performance of the Firewall.

Note that this parameter is specified for optimal conditions — in particular, for those types of traffic that do not require a large amount of resources for scanning. So the real throughput of the firewall will inevitably be lower than the claimed one, and when choosing according to this indicator, it is worth taking a certain margin — at least 10 – 15%.
Fortinet FortiGate 60F often compared