I am the IT director of an oil and energy company.
We are currently evaluating Fortinet FortiGate. What are the advantages and disadvantages of this solution? Would you recommend it?
Thanks! I appreciate your help.
I'd tell you that instead of the common thought that Fortinet has the best-price performance. Fortinet list price looks cheap, but support pricing is expensive. Price TCO over five years for price comparisons. For performance: Throughput and application security requires a specific amount of compute power, which will be used when needed. Limited application security inspection throughput does not support its efficiency argument. Fortigate is constantly maxed out on performance due to hardware constraints; if all features are enabled at once, it pushes the firewall to its performance limit, forcing customers to upgrade or turn off critical features like anti-spam, anti-virus, IPS, etc.
And as far as I recall, Fortinet does not offer enough flexibility for further growth, forcing customers to buy new appliances. Think always on a modular platform for an easier scale.
Juniper SRX firewalls are cost-effective NGFW that are addressing all these boundaries from common brands, by simplifying cloud-scale deployments and lowering TCO withing a cost-effective SDN-enabled platform. (Let's adapt to new technologies like SDN)
Check this out: https://www.juniper.net/us/en/products-services/security/srx-series/
Since always its "all in one" box called FortiGate always has been a good solution for the network needs. About the advantages of this solution, I think the most important is that all the technology embedded from Fortinet is totally proprietary (AntiVirus, WebFilter, IPS, Application Control, Anti-SPAM, Wireless Controller just to mention some) because it does not have alliances with other brands; all of this explains why Fortinet is cheaper than their principal competitors and the operation costs are not so higher as you could think. About disadvantages maybe their support (sometimes slow and poor) or that this brand "always press" to you to update their firmware versions and suddenly with considerable bugs.
Fortinet is a great firewall with more threat engineers than any other security company besides Cisco. You can add sandboxing, FortiAnaylzer, and FortiMail for additional security in a layered approach. Because it's all Fortinet they communicate with each other when a threat happens to have the lease mitigating impact to your environment. This firewall gives you the most bang for your buck from any other firewall on the market today.
FortiNet FortiGate firewalls in my opinion are are great NGFW for the price. They have a vast array of complimentary supporting products as well beyond the firewall. If my decision was based more heavily on cost than say full feature set for application filters I would definitely go with FortiNet over any other vendor at this time. The most mature feature set out there is Palo Alto Networks but they are twice the cost of the FortiNets. The FortiGate firewalls are great firewalls based on security and features vs price and you will not regret purchasing them. The support for FortiNet is good, not great, but getting better all of the time and they have an excellent training program with many of their classes free online. Work with your FortiNet sales engineer to make sure you get exactly what you will need for the next 3 years, never ever just buy to get by with your firewalls.
I highly recommend FortiGate Firewall to you. FortiGate Firewall can be used as UTM firewall and SDWAN Router in your network. In short, below is the advantages and disadvantages.
1) Most cost effective firewall and SDWAN router in the market
2) Listed as Leader in UTM firewall and SDWAN Router in Gartner Magic Quadrant
3) Easy to configure through GUI interface
4) Single equipment, multi-function
5) Fortinet provides comprehensive security solution more than just UTM firewall
1) Easily configure through GUI but some advance setting needs command line configuration.
I found the interface to be dated. It is a powerful product, there are others out there that are better, Sonicwall, or Cisco Meraki is very powerful, but limited. Sonicwall would be my choice for a full featured UTM appliance. if looking for Firewall only, I would investigate PaloAlto or Juniper.
Apart from the Pros and Cons pointed out in this discussion, I would add one that a separate virtual machine is required to manage a Cisco NGFW or Checkpoint box, but ForitGate doesn't. In 2016, my colleague and I selected PA as the university perimeter firewall, but two years later, I turned to FortiGate in my new job. I made this decision after consulting a group of network experts in my employer's home university - Technion Israel. It is certain that they made the recommendation based on not only their sophisticated experience, also the more weight factor of my business needs.
There are pros and cons for almost every product. Now it depends upon the requirement, critical nature of the network or application plus how much your are going invest .. Fortinet is an excellent choice keeping in mind robustness of the hardware and certain features and the costing you are getting it. There are still certain features may not be of such importance at this point or in use and hence investing in such features is not a good decision .. So if the requirement is fulfilled with the good features with best in class hardware and within the budget. Please go ahead. .. Or else you can explore PA or CheckPoint solutions if budgets are not a concern and security or various security features are if more concern. Fortunes has ASIC for speed and has good performance on VPN and for FW.. Thanks
Yes, 100% recommend. Between Fortinet and Palo Alto, those are the big boys on the block. As far as disadvantages, I would say it would have to be w/ their SD-WAN integration. There are still some limitations. IMO I feel that when either an SD or FW provider try to add the other to their core competency it becomes more of a "me too" vs a solid offering. But as far as Fortigate FW's, they are rock solid with a lot of nextgen features and functionality. The other question then becomes, who is going to manage it? Whether you have a staff up to speed on it or outsource to a 3rd party, NEED to make sure whomever it is, really understands the device and stays on top of it. Too many things happening in the world today to let an update/security patch lapse...
OK, first up, declaration of interest- we sell Fortigate alongside other brands, so have a broad view of this space. Advantages are high speed for low cost, large feature set in a single box, and a large portfolio of integrated products, beyond just firewall, marketed as "Security Fabric". Disadvantages are that appliances are proprietary hardware (custom ASICs for speed) so sparing/parts are vendor-controlled, and a lot of the value-add stuff like IPS/web filtering requires an ongoing subscription. Would recommend, particularly high-speed/high-volume/low latency applications, VPN or 10Gbps+ throughput.
I am looking for a firewall suitable for my company (size: < 500). I've been researching the Palo Alto Networks NG Firewall and the Fortinet FortiGate one.
Can you please tell me whether the Fortinet firewall has any AI (Artificial Intelligence) capabilities as it seems Palo Alto does have them?
I appreciate your inputs.
I am the owner of a retailer company with 1-10 employees.
We host websites on Windows 2008 R2 servers and Norton Business Protection. We are looking for recommendations for the best network firewall.
Thanks! I appreciate the help.