NA — Fortinet

Discussion in 'Technical Corner' started by JGoodish, Oct 15, 2017.

  1. JGoodish

    JGoodish Cleared for Takeoff

    Joined:
    Jun 10, 2006
    Messages:
    1,262
    Display Name:

    Display name:
    JGoodish
    Does anyone have experience with Fortinet products? It appears that they are one of the big firewall/network security hardware vendors, but I’ve heard horror stories about their support and less-horror-but-not-great stories about their software. Although, that statement would probably apply to the likes of Cisco, CheckPoint, etc. as well.


    Thanks,
    JKG



    Sent from my iPhone using Tapatalk Pro
     
  2. cowman

    cowman En-Route

    Joined:
    Aug 12, 2012
    Messages:
    3,298
    Location:
    Danger Zone
    Display Name:

    Display name:
    Cowman
    I've been working with a VOIP phone system made by fortinet.

    My biggest gripe with them is that when I needed to download the software required to configure the system they wouldn't give it to me without buying a support contract. I could understand not providing tech support but not providing a download link for a simple configuration tool that you must have for certain tasks seemed pretty shady to me.
     
  3. Justin M

    Justin M Pre-takeoff checklist

    Joined:
    Oct 23, 2016
    Messages:
    277
    Display Name:

    Display name:
    JM
    I've replaced Cisco ASAs with Fortigate and like the Fortigates. It's not all peaches and cream but as a Cisco guy, I'm happy with the Fortigates.

    One issue is that it's tougher to create exceptions to the webfiltering rules than I'd hoped. You can't just add people to an exception rule, you also have to create a separate policy for that exception rule. It gets complicated when people belong to different exception groups (e.g. Jane can access linked in and dropbox. Kendra can access dropbox and outlook.com and Terry can access outlook.com and Twitter turns into a separate policy for each exception (4 rules)).

    But we tied our exceptions and userlist to AD via LDAP which makes it easy to add people to groups using AD without having to ask the security team to make the exceptions. It's great not to have to manage two sets of users (one for authentication and one for authorization).

    The devices themselves are great performers, and come with plenty of interfaces.

    I'm happier with the price point for Fortinet over Palo Alto and not sure that there's any feature the PAs have that the Fortigates lack.
     
  4. sferguson524

    sferguson524 Pattern Altitude

    Joined:
    Feb 8, 2011
    Messages:
    1,603
    Location:
    Las Vegas
    Display Name:

    Display name:
    FormerSocalFlyer
    I support a consulting client who has a fortigate.. I would much rather see him with an ASA, a Meraki MX or a sonicwall.. Getting even the simplest things like a routing table out of the device is a pain in the tush. That said, they're not too shabby
     
  5. DFH65

    DFH65 Cleared for Takeoff

    Joined:
    Jun 29, 2013
    Messages:
    1,466
    Display Name:

    Display name:
    DFH65
    We use Fortigate firewalls price point is better than most on the market and has the features we need. No major issues.
     
  6. JGoodish

    JGoodish Cleared for Takeoff

    Joined:
    Jun 10, 2006
    Messages:
    1,262
    Display Name:

    Display name:
    JGoodish
    Thanks guys. It seems that all manufacturers have good, bad, and ugly. I have experience with Cisco and although I like Cisco, I’ve seen plenty of Cisco ugly over the years. It sounds as though Fortinet stuff is competive with Cisco and Palo Alto (at a lower price point), but with its own quirks.


    JKG