We are moving a high traffic site (20Mb/s - 80Mb/s) to a co-location instead a dedicated server at a hosting company. As part of the infrastructure build-out we are deciding between buying a FortiGate 110C or a capable used 1U Server and installing pfSense on it.
There are obvious cost differences between the latter option but FortiGate seems to be safer solution. Is there anything that I should be taking into consideration when making this decision that might push me one direction or another.
UPDATE 2009/12/23:
I have decided to go with the FortiGate option. I like the idea of pfSense and may try that out later. FortiGate was the safer (and more expensive) choice. However, I have 2 weeks to get this up and going and that seemed to be the smart move considering.
Well I'll bite with an answer.
Assuming the 1U is a quality server and under support I think both solutions are viable. It boils down to how comfortable you are with setting each of these up properly. As the security these provide is directly related to how well they are configured.
I happen to like the Fortigates that I run. Despite being an appliance they are pretty flexible and configurable. The entire product family shares the same features and web and cli interfaces which makes them pretty easy to manage. I've been satisfied with their support the few times that I've needed it. Fortigate/Fortinet also operates a bunch of honeypots spread around the world which they monitor and based on what they are seeing they roll out IDS and Anti-X updates quickly to address any new threats.
Any halfway recent server-grade system will handle a few hundred Mbps of traffic without any problem. I wouldn't touch the Fortigate with thick gloves and a mask.