NA — Fortinet

J

JGoodish

Cleared for Takeoff
Joined
Jun 10, 2006
Messages
1,419
Display Name
Display name:
JGoodish
Does anyone have experience with Fortinet products? It appears that they are one of the big firewall/network security hardware vendors, but I’ve heard horror stories about their support and less-horror-but-not-great stories about their software. Although, that statement would probably apply to the likes of Cisco, CheckPoint, etc. as well.


Thanks,
JKG



Sent from my iPhone using Tapatalk Pro
 
I've been working with a VOIP phone system made by fortinet.

My biggest gripe with them is that when I needed to download the software required to configure the system they wouldn't give it to me without buying a support contract. I could understand not providing tech support but not providing a download link for a simple configuration tool that you must have for certain tasks seemed pretty shady to me.
 
I've replaced Cisco ASAs with Fortigate and like the Fortigates. It's not all peaches and cream but as a Cisco guy, I'm happy with the Fortigates.

One issue is that it's tougher to create exceptions to the webfiltering rules than I'd hoped. You can't just add people to an exception rule, you also have to create a separate policy for that exception rule. It gets complicated when people belong to different exception groups (e.g. Jane can access linked in and dropbox. Kendra can access dropbox and outlook.com and Terry can access outlook.com and Twitter turns into a separate policy for each exception (4 rules)).

But we tied our exceptions and userlist to AD via LDAP which makes it easy to add people to groups using AD without having to ask the security team to make the exceptions. It's great not to have to manage two sets of users (one for authentication and one for authorization).

The devices themselves are great performers, and come with plenty of interfaces.

I'm happier with the price point for Fortinet over Palo Alto and not sure that there's any feature the PAs have that the Fortigates lack.
 
I support a consulting client who has a fortigate.. I would much rather see him with an ASA, a Meraki MX or a sonicwall.. Getting even the simplest things like a routing table out of the device is a pain in the tush. That said, they're not too shabby
 
We use Fortigate firewalls price point is better than most on the market and has the features we need. No major issues.
 
Thanks guys. It seems that all manufacturers have good, bad, and ugly. I have experience with Cisco and although I like Cisco, I’ve seen plenty of Cisco ugly over the years. It sounds as though Fortinet stuff is competive with Cisco and Palo Alto (at a lower price point), but with its own quirks.


JKG
 
You must log in or register to reply here.
Back
Top