Fortinet Experiences

Kelly

I'm doing the good ole firewall shopping thingy, and one of the vendors is pitching a Fortinet system at me. I have zero experience with it. Have any of you all worked with them and have any input as to the quality of the product/software?

No, pfSense is not on the table as an option

Dashrender

What features do you need?

I have no experience with Fortinet, but I hear they are pretty good.

brianlittlejohn

I seem to remember them having a pretty big security flaw not too long ago...not positive though.

JaredBusch

@Kelly I do not recommend them, but I have had clients over time that have had them existing and they seem to work without any major issues.

What feature of the Fortinet is being pushed?

It is no secret that I am a fan of the Ubiquiti gear. But when people want more than just router and firewall in the edge device, Ubiquiti is not the right tool for the job.

Kelly

My primary outlying requirement is I need FIPS 140-2 compliance on any encryption used. Otherwise it is just your standard SMB requirements: VPN; firewall; IPS; site-to-site; etc.

Kelly

@JaredBusch said in Fortinet Experiences:

@Kelly I do not recommend them, but I have had clients over time that have had them existing and they seem to work without any major issues.

What feature of the Fortinet is being pushed?

It is no secret that I am a fan of the Ubiquiti gear. But when people want more than just router and firewall in the edge device, Ubiquiti is not the right tool for the job.

@JaredBusch Why would you not recommend them?

Kelly

@brianlittlejohn said in Fortinet Experiences:

I seem to remember them having a pretty big security flaw not too long ago...not positive though.

I'm not finding anything doing basic searches, e.g. fortinet cva

JaredBusch

@Kelly said in Fortinet Experiences:

@brianlittlejohn said in Fortinet Experiences:

I seem to remember them having a pretty big security flaw not too long ago...not positive though.

I'm not finding anything doing basic searches, e.g. fortinet cva

http://thehackernews.com/2016/01/fortinet-firewall-password-hack.html

Kelly

@JaredBusch said in Fortinet Experiences:

@Kelly said in Fortinet Experiences:

@brianlittlejohn said in Fortinet Experiences:

I seem to remember them having a pretty big security flaw not too long ago...not positive though.

I'm not finding anything doing basic searches, e.g. fortinet cva

http://thehackernews.com/2016/01/fortinet-firewall-password-hack.html

Ouch

JaredBusch

@Kelly said in Fortinet Experiences:

@JaredBusch said in Fortinet Experiences:

@Kelly I do not recommend them, but I have had clients over time that have had them existing and they seem to work without any major issues.

What feature of the Fortinet is being pushed?

It is no secret that I am a fan of the Ubiquiti gear. But when people want more than just router and firewall in the edge device, Ubiquiti is not the right tool for the job.

@JaredBusch Why would you not recommend them?

I do not recommend UTM functionality to clients. So I have no need for any feature of the gear beyond routing and firewall.

There is no reason to pay $400 (CDW price) for the lowest model unit, the Fortinet FortiGate 30E, when I can buy the Ubiquiti EdgeMAX PoE for $150, or the LITE for $90.

JaredBusch

@Kelly said in Fortinet Experiences:

@JaredBusch said in Fortinet Experiences:

@Kelly said in Fortinet Experiences:

@brianlittlejohn said in Fortinet Experiences:

I seem to remember them having a pretty big security flaw not too long ago...not positive though.

I'm not finding anything doing basic searches, e.g. fortinet cva

http://thehackernews.com/2016/01/fortinet-firewall-password-hack.html

Ouch

Not as bad as it sounds when you read all the details. It was supposedly fixed in 2014, but never published or announced. Either way, it is resolved now, and there was never more than a proof of concept hack built prior to the announcement, that any one knows of.

scottalanmiller

We've also had bad luck with fortinet. Like Jared we don't recommend UTMs as a product category and Fortinet as a vendor we had issues with stability. Plus the security issue. Definitely not someone I'd choose.

JaredBusch

@scottalanmiller said in Fortinet Experiences:

We've also had bad luck with fortinet. Like Jared we don't recommend UTMs as a product category and Fortinet as a vendor we had issues with stability. Plus the security issue. Definitely not someone I'd choose.

Don't say also when no one else has stated anything about bad luck.

scottalanmiller

@JaredBusch said in Fortinet Experiences:

There is no reason to pay $400 (CDW price) for the lowest model unit, the Fortinet FortiGate 30E, when I can buy the Ubiquiti EdgeMAX PoE for $150, or the LITE for $90.

Yeah, and I'd consider the EdgeMAX to be a vastly superior product. One that I would certainly trust more from a support and security perspective. That it is cheaper is just the icing.

JaredBusch

@scottalanmiller said in Fortinet Experiences:

@JaredBusch said in Fortinet Experiences:

There is no reason to pay $400 (CDW price) for the lowest model unit, the Fortinet FortiGate 30E, when I can buy the Ubiquiti EdgeMAX PoE for $150, or the LITE for $90.

Yeah, and I'd consider the EdgeMAX to be a vastly superior product. One that I would certainly trust more from a support and security perspective. That it is cheaper is just the icing.

Support from 3rd party, yes. Support from UBNT is email only still. So, that affects things for some.

scottalanmiller

@JaredBusch said in Fortinet Experiences:

@scottalanmiller said in Fortinet Experiences:

@JaredBusch said in Fortinet Experiences:

There is no reason to pay $400 (CDW price) for the lowest model unit, the Fortinet FortiGate 30E, when I can buy the Ubiquiti EdgeMAX PoE for $150, or the LITE for $90.

Yeah, and I'd consider the EdgeMAX to be a vastly superior product. One that I would certainly trust more from a support and security perspective. That it is cheaper is just the icing.

Support from 3rd party, yes. Support from UBNT is email only still. So, that affects things for some.

Fortinet support and documentation was bad and wrong when we tried to use them. Email support from UBNT is, IMO, better.

BRRABill

@JaredBusch said i

Support from 3rd party, yes. Support from UBNT is email only still. So, that affects things for some.

Is the Unifi line different?

I've used the LIVE CHAT option on the controller before.

Deleted74295

@BRRABill said in Fortinet Experiences:

@JaredBusch said i

Support from 3rd party, yes. Support from UBNT is email only still. So, that affects things for some.

Is the Unifi line different?

Hugely different. EdgeMax Pro can do much more than the USG for example but the Unifi line gives you all of your devices from a single management tool with tracking and stats between devices seamlessly, also the alerts and reporting is good.

EdgeMax and other devices outside the Unifi range you have to treat like traditional stand alone devices but you get more performance and features as a result.

JaredBusch

@Breffni-Potter said in Fortinet Experiences:

@BRRABill said in Fortinet Experiences:

@JaredBusch said i

Support from 3rd party, yes. Support from UBNT is email only still. So, that affects things for some.

Is the Unifi line different?

Hugely different. EdgeMax Pro can do much more than the USG for example but the Unifi line gives you all of your devices from a single management tool with tracking and stats between devices seamlessly, also the alerts and reporting is good.

EdgeMax and other devices outside the Unifi range you have to treat like traditional stand alone devices but you get more performance and features as a result.

UniFi = Meraki style cloud management that you don't pay for because it is on a controller you set up instead of on theirs.

EdgeMax = Traditional stand alone router and switches.

Kelly

Unfortunately UBNT and none of their products show up on the FIPS validated list that I am required to use.