Fortinet

[config t]

Do any of you gentlemen have experience with Fortinet platforms? If so, what are your thoughts?

[deanwebb]

Really nice GUI, but you need a default route out to the Internet for them to work, and we don't believe in default routes out to the Internet at Massive Global Multinational.

[Nerm]

Done a good bit of work with them and basically my opinion is "poor man's Juniper".

[wintermute000]

Do not trust the throughput numbers. Any NGFW features hit cpu and the throughout tanks. Their central reporter is not in the same league as Palo Panorama or Juniper Security Director.




Otherwise yeah they are compelling from a price and feature POV. Like I said though ignore whatever they say re: throughput, run your PoC with the features in your design turned on. When we do HLD/scoping we halve whatever fortinet tell us as a rule of thumb, then round it down


deanwebb do you mean the mgt can't grab signature updates etc. via explicit proxy?

[Dieselboy]

I've worked on them when we've taken on new customers with existing equipment. They easy enough to manage from what I can remember. Not touched one in 5 years or more.

Really nice GUI, but you need a default route out to the Internet for them to work, and we don't believe in default routes out to the Internet at Massive Global Multinational.

Didn't know you work for MGM!

[burnyd]

I like them but never used them for anything other than a stateful firewall.

[deanwebb]

deanwebb do you mean the mgt can't grab signature updates etc. via explicit proxy?

That was our experience in early 2015. We have no default route, so their PoC went into the weeds really fast and never got out of those weeds, since every sentence about feature discussions pretty much started with, "Well, if we had Internet access, we could show you..."