Fortinet FortiGate Review

• Performances
• VDOM
• UTM
• Consolidated Management
• FortiGuard

• Endpoint control of mobile devices with Security Profiles compliancy checking, captive portal redirection, Antivirus, IPS and Web Filtering enabled on outgoing traffic (coupled to FortiClient solution)
• Identity-based policies used to authenticated and profile users and guests whatever the media used to access the network (ie. Wired and WiFi)
• Dynamic BGP routes injections to divert traffic requiring UTM inspection or DDOS mitigation
• Two-Factor Authentication VPN SSL for itinerant users (coupled to FortiToken solution)
• Active/Active cluster load-balancing http/https traffic
• GTP tunnels inspections over GPRS backbones for pure-player telco operators
• Distributed WiFi infrastructure with UTM enabled and managed from the central console like signatures and firmware updates
• Classical IP/IPv6 Firewall with consolidated-management

• Fix all pending bugs present in 5.0.x branch
• Improve the testing process of newly published firmware like using real and representative configurations submitted to consequent traffic load during a while
• Support SNMPv3 INFORM requests
• Uniform the scheduled backup between FortiGate, FortiManager and FortiAnalyzer
• Integrate graphical troubleshoot tools for policies based on devices or user identities

4.5 years

Some few non-blocking bugs present in the latest release and which are now solved. In the past I encountered serious bug regarding SCTP and GTP supports. Fortinet helped me to qualify the bug, implement a temporary workaround and then published appropriate patches rapidly.

No. I always used the latest qualified-stable firmware recommended by Fortinet and check by own testing methods the stability of HW and SW before deploying anything into customer premises.

With design and dimensioning parts well achieved I never encountered scalability issue. However it happened I had to troubleshoot some slowness and latency issues on existing projects already running live. Most of the time they were due to some design issues and non-optimized configurations like for instance “in” and “out” ports not handled by the same NP, policy rules non-optimized and non-used features enabled.

Very good.

Very good.

• CISCO ASA: Too expensive, performances issues, non-consolidated management between traditional ASA and inspection ASA CX, not the best security engines
• Checkpoint: Very expensive but good solutions, not the leader in UTM segment
• Juniper: Expensive but good solutions, not the leader in UTM segment
• Cyrberoam: Attractive prices but not yet tested, looks like promising
• Arkoon/Netasq: Obsoletes (Stormshield not yet tested)

It was quite simple if you have at least a minimum of experiment with Firewalls integration. It is now even simpler thanks to the FortiExplorer application.

In-house.

Taking into account the price criteria, nowadays Fortinet always wins offers in front of competitors like CISCO and Checkpoint. Mixing this key-point with other success keys like UTM features and performances.

Contact Fortinet or Fortinet’s partner and ask for a POC.