I am the IT director of an oil and energy company.
We are currently evaluating Fortinet FortiGate. What are the advantages and disadvantages of this solution? Would you recommend it?
Thanks! I appreciate your help.
Since always its "all in one" box called FortiGate always has been a good solution for the network needs. About the advantages of this solution, I think the most important is that all the technology embedded from Fortinet is totally proprietary (AntiVirus, WebFilter, IPS, Application Control, Anti-SPAM, Wireless Controller just to mention some) because it does not have alliances with other brands; all of this explains why Fortinet is cheaper than their principal competitors and the operation costs are not so higher as you could think. About disadvantages maybe their support (sometimes slow and poor) or that this brand "always press" to you to update their firmware versions and suddenly with considerable bugs.
I'd tell you that instead of the common thought that Fortinet has the best-price performance. Fortinet list price looks cheap, but support pricing is expensive. Price TCO over five years for price comparisons. For performance: Throughput and application security requires a specific amount of compute power, which will be used when needed. Limited application security inspection throughput does not support its efficiency argument. Fortigate is constantly maxed out on performance due to hardware constraints; if all features are enabled at once, it pushes the firewall to its performance limit, forcing customers to upgrade or turn off critical features like anti-spam, anti-virus, IPS, etc.
And as far as I recall, Fortinet does not offer enough flexibility for further growth, forcing customers to buy new appliances. Think always on a modular platform for an easier scale.
Juniper SRX firewalls are cost-effective NGFW that are addressing all these boundaries from common brands, by simplifying cloud-scale deployments and lowering TCO withing a cost-effective SDN-enabled platform. (Let's adapt to new technologies like SDN)
Check this out: https://www.juniper.net/us/en/products-services/security/srx-series/
Fortinet is a great firewall with more threat engineers than any other security company besides Cisco. You can add sandboxing, FortiAnaylzer, and FortiMail for additional security in a layered approach. Because it's all Fortinet they communicate with each other when a threat happens to have the lease mitigating impact to your environment. This firewall gives you the most bang for your buck from any other firewall on the market today.
FortiNet FortiGate firewalls in my opinion are are great NGFW for the price. They have a vast array of complimentary supporting products as well beyond the firewall. If my decision was based more heavily on cost than say full feature set for application filters I would definitely go with FortiNet over any other vendor at this time. The most mature feature set out there is Palo Alto Networks but they are twice the cost of the FortiNets. The FortiGate firewalls are great firewalls based on security and features vs price and you will not regret purchasing them. The support for FortiNet is good, not great, but getting better all of the time and they have an excellent training program with many of their classes free online. Work with your FortiNet sales engineer to make sure you get exactly what you will need for the next 3 years, never ever just buy to get by with your firewalls.
A great near single-pane of glass solution that is easier to manage than any of the competitors' products while retaining a state of the art advantage.
We also do TSCM work (bug sweeps) and the FortiGate products do what we need in this realm. We almost always throw out competitors' products to get our gear in to do this job, even if for short periods of time.
If you are evaluating the Fortinet product line I would need a little more info to make a recommendation: Multi-site? how many users per site? what is your strategic choice for networking?
As a rule, I would look at the change in firewalls as a chance to really look at the security at the access level all the way to the internet.
Where are you with remote access and what is your desktop/laptop/handheld device security posture?
I highly recommend FortiGate on many levels but I would see how their threat detection and other security features fit in with your network security strategy.
They are very expensive if you want HA though. It's basically double the licensing/support cost, which is the downside. But, their support is normally amazing and is much better than Cisco, Sophos, or WatchGuard.
I highly recommend FortiGate Firewall to you. FortiGate Firewall can be used as UTM firewall and SDWAN Router in your network. In short, below is the advantages and disadvantages.
1) Most cost effective firewall and SDWAN router in the market
2) Listed as Leader in UTM firewall and SDWAN Router in Gartner Magic Quadrant
3) Easy to configure through GUI interface
4) Single equipment, multi-function
5) Fortinet provides comprehensive security solution more than just UTM firewall
1) Easily configure through GUI but some advance setting needs command line configuration.
I found the interface to be dated. It is a powerful product, there are others out there that are better, Sonicwall, or Cisco Meraki is very powerful, but limited. Sonicwall would be my choice for a full featured UTM appliance. if looking for Firewall only, I would investigate PaloAlto or Juniper.
Apart from the Pros and Cons pointed out in this discussion, I would add one that a separate virtual machine is required to manage a Cisco NGFW or Checkpoint box, but ForitGate doesn't. In 2016, my colleague and I selected PA as the university perimeter firewall, but two years later, I turned to FortiGate in my new job. I made this decision after consulting a group of network experts in my employer's home university - Technion Israel. It is certain that they made the recommendation based on not only their sophisticated experience, also the more weight factor of my business needs.
There are pros and cons for almost every product. Now it depends upon the requirement, critical nature of the network or application plus how much your are going invest .. Fortinet is an excellent choice keeping in mind robustness of the hardware and certain features and the costing you are getting it. There are still certain features may not be of such importance at this point or in use and hence investing in such features is not a good decision .. So if the requirement is fulfilled with the good features with best in class hardware and within the budget. Please go ahead. .. Or else you can explore PA or CheckPoint solutions if budgets are not a concern and security or various security features are if more concern. Fortunes has ASIC for speed and has good performance on VPN and for FW.. Thanks
Yes, 100% recommend. Between Fortinet and Palo Alto, those are the big boys on the block. As far as disadvantages, I would say it would have to be w/ their SD-WAN integration. There are still some limitations. IMO I feel that when either an SD or FW provider try to add the other to their core competency it becomes more of a "me too" vs a solid offering. But as far as Fortigate FW's, they are rock solid with a lot of nextgen features and functionality. The other question then becomes, who is going to manage it? Whether you have a staff up to speed on it or outsource to a 3rd party, NEED to make sure whomever it is, really understands the device and stays on top of it. Too many things happening in the world today to let an update/security patch lapse...
OK, first up, declaration of interest- we sell Fortigate alongside other brands, so have a broad view of this space. Advantages are high speed for low cost, large feature set in a single box, and a large portfolio of integrated products, beyond just firewall, marketed as "Security Fabric". Disadvantages are that appliances are proprietary hardware (custom ASICs for speed) so sparing/parts are vendor-controlled, and a lot of the value-add stuff like IPS/web filtering requires an ongoing subscription. Would recommend, particularly high-speed/high-volume/low latency applications, VPN or 10Gbps+ throughput.
FortiGate is a very good firewall. It is made easy for the administrator and the additional features bring more richness to the solution.
The basic components are enough to defend almost all areas of malicious activity. If you believe in security-driven networking then Fortinet and its products are the answer.
Price is also relatively fair compared to other vendors with similar offerings.
This is a tricky question as this will depend on a few things.
The satisfactory performance would depend on the functions you need and the sizing based on your organization size.
Generally speaking, NGFW has a few differences from the others and most are proprietary in nature. Sizing is key in taking advantage of all functionalities.
Price-wise; you can evaluate that based on our projected TCO,
However, in order to make the most out of this security solution, you may want to go for the rest of the other stuff such as Endpoint Protection, NAC, SASE, and others.
Mixing and matching solutions from one to the other is most of the time a nightmare!
At the moment to deploy all security features (proxy mode on) the throughput and performance decrease a lot. Because of that TCO is really high. I recommend checking a public analysis (done by Miercom) where you can get valuable information and the explanation of each test they did and how the performance and throughput os affected.
Besides that, they are still thinking about the IP-Port-Protocol model. That’s not enough. Visibility and control at the applications layer is the best option right now.
Can anyone explain the main differences in features between Sophos XG and FortiGate 80F?
Thanks and I appreciate your help!
I am the owner of a retailer company with 1-10 employees.
We host websites on Windows 2008 R2 servers and Norton Business Protection. We are looking for recommendations for the best network firewall.
Thanks! I appreciate the help.