What is the difference between FortiGate-VM and the physical (hardware) FortiGate firewall?
Purpose-built appliances offer tested performance measures and provide proven results for the specified traffic and service configuration.
VM can only provide vCPUs, RAM, and hard disk resources. However, in some cloud environments, you only have the VM option, no appliances accepted.
We have several Fortigate VM firewalls operating for 3 years now in the cloud and appliances in our centers that handle the traffic just fine. We have not had to increase the resources above the recommendations and they work just fine.
Fortigate appliance is purpose built with NPU and SPUs designed to increase throughput while maximizing the ability to decrypt packets in search of malware.
VM deployments are software only and do not include the NPU and SPUs.
The root of all is VM. A virtual environment is software running on someone else machine/s. Welcome to the the cloud. Sadly, no one stops to think but with the excuse of "lower costs" many fall for it. Performance is the key word. Avoid VMware and the likes. What appears cheap may have a big price in the end. There is no way performance on your own physical machine will be close to the cloud, and there are heaps more things in the equation. Fortinet appliances have their own semiconductors chips to handle in hardware traffic and other duties. Harry Potter does not exist. Costs or prices, are figures in invoices, but the coefficient of elasticity with time may be a surprise. Needless to say the networking traffic handling and the security implication in multi tenancy instances. Yes, in some things could work, but I personally avoid them as much as I can.
I'm currently researching Fortinet FortiGate 5001E and GajShield Next-Generation Firewall and I want to figure out the difference in features and costs of those two products.
Dear community members, could you please share your insights?
Should one go for a URL Filtering as an add-on to NGFW or just deploy a Web proxy, instead?I am one who advocates that firewalls with URL Filtering can't serve better than Web security solutions (i.e., a Web proxy).
What's your opinion?