Networking-Forums.com

General Category => Forum Lobby => Topic started by: config t on October 28, 2016, 07:43:24 AM

Title: Fortinet
Post by: config t on October 28, 2016, 07:43:24 AM
Do any of you gentlemen have experience with Fortinet platforms? If so, what are your thoughts?
Title: Re: Fortinet
Post by: deanwebb on October 28, 2016, 08:47:17 AM
Really nice GUI, but you need a default route out to the Internet for them to work, and we don't believe in default routes out to the Internet at Massive Global Multinational.
Title: Re: Fortinet
Post by: Nerm on October 28, 2016, 02:32:44 PM
Done a good bit of work with them and basically my opinion is "poor man's Juniper".
Title: Re: Fortinet
Post by: wintermute000 on October 28, 2016, 04:35:12 PM

Do not trust the throughput numbers. Any NGFW features hit cpu and the throughout tanks. Their central reporter is not in the same league as Palo Panorama or Juniper Security Director.




Otherwise yeah they are compelling from a price and feature POV. Like I said though ignore whatever they say re: throughput, run your PoC with the features in your design turned on. When we do HLD/scoping we halve whatever fortinet tell us as a rule of thumb, then round it down


deanwebb do you mean the mgt can't grab signature updates etc. via explicit proxy?
Title: Re: Fortinet
Post by: Dieselboy on October 28, 2016, 10:38:44 PM
I've worked on them when we've taken on new customers with existing equipment. They easy enough to manage from what I can remember. Not touched one in 5 years or more.

Quote from: deanwebb on October 28, 2016, 08:47:17 AM
Really nice GUI, but you need a default route out to the Internet for them to work, and we don't believe in default routes out to the Internet at Massive Global Multinational.

Didn't know you work for MGM! ;)
Title: Re: Fortinet
Post by: burnyd on October 31, 2016, 07:21:05 AM
I like them but never used them for anything other than a stateful firewall.
Title: Re: Fortinet
Post by: deanwebb on October 31, 2016, 08:37:20 AM
Quote from: wintermute000 on October 28, 2016, 04:35:12 PM

deanwebb do you mean the mgt can't grab signature updates etc. via explicit proxy?

That was our experience in early 2015. We have no default route, so their PoC went into the weeds really fast and never got out of those weeds, since every sentence about feature discussions pretty much started with, "Well, if we had Internet access, we could show you..."