Opinion on Fortinet

[e2346437]

Have been a SonicWALL partner forever, but support is awful and raw throughput is lacking.

A customer with 4 branches is looking for new firewalls and I'm toying with the idea of jumping into Fortinet. Anyone have any experience? Need devices with multiple WAN; one WAN connects to public Internet, the other WAN would need NAT and firewall disabled and would be used strictly for routing out to a private WAN that carries VOIP traffic.

Customer requests fast response tech-support that speak English fluently.

 

[4ycr]

Hi e, I have used fortinet with one client, it had 2 wan ports but I only used one. I have connected a VPN thought their client software for someone in the field but that is all with the VPN. For support I have been using my reseller. They have been good with me and very helpful.

 

[YeOldeStonecat]

Solid quality hardware.
Interesting web interface/dashboard.
Stability good, site to site VPN tunnels good.
However effectiveness as a UTM in blocking spam and malware is just "average" at best.

 

[Nerm]

Solid quality hardware.
Interesting web interface/dashboard.
Stability good, site to site VPN tunnels good.
However effectiveness as a UTM in blocking spam and malware is just "average" at best.

Agree with everything said there. I just want to add that you will find Fortinet support is way better than Sonicwall. In my opinion Sonicwall has some of the worst support in the industry.

 

[YeOldeStonecat]

Agree with everything said there. I just want to add that you will find Fortinet support is way better than Sonicwall. In my opinion Sonicwall has some of the worst support in the industry.

I'll agree I do not like Sonicwall support.....back in the Sonicwall days, or even under Dell now.

I have not had to push Fortinet support.....the clients I've had with them (or still have them)...they got them from a reseller which supports them directly. I've logged in and played with them doing things like port forwarding. But straight up issues with them, the reseller did it directly.

 

[putz]

Have been a SonicWALL partner forever, but support is awful and raw throughput is lacking.

A customer with 4 branches is looking for new firewalls and I'm toying with the idea of jumping into Fortinet. Anyone have any experience? Need devices with multiple WAN; one WAN connects to public Internet, the other WAN would need NAT and firewall disabled and would be used strictly for routing out to a private WAN that carries VOIP traffic.

Customer requests fast response tech-support that speak English fluently.

Out of all the clients we have had, 1 of them has used Fortinet which was installed by a prior company. Did it do the job they required? yes. Was I impressed with it, not really. Ive never really had to use their support so cant really speak on that.

When it comes to needing a firewall, Cisco usually is my first choice (not Small Business aka linksys). The ASA is a great firewall and cisco does a great job with support, and configuring the devices is simple and fast through the CLI. Although im not sure the Dual wan configuration you are looking for is supported. But im also not sure if it would be supported on other brand firewalls. Most dual wan interfaces on Firewalls are used for Failover/High-Availability or Load Balancing. The algorithms you get with the load balancing from my experience dont necessarily let you choose based on source where the traffic goes.

I think what you are looking for is more of a Router with Dual Wan that support Policy Based Routing. This will allow you to direct traffic from specific sources to specific destinations through specific interfaces.

Either way it sounds like a unique setup to me.

Good Luck!

 

[Nerm]

Out of all the clients we have had, 1 of them has used Fortinet which was installed by a prior company. Did it do the job they required? yes. Was I impressed with it, not really. Ive never really had to use their support so cant really speak on that.

When it comes to needing a firewall, Cisco usually is my first choice (not Small Business aka linksys). The ASA is a great firewall and cisco does a great job with support, and configuring the devices is simple and fast through the CLI. Although im not sure the Dual wan configuration you are looking for is supported. But im also not sure if it would be supported on other brand firewalls. Most dual wan interfaces on Firewalls are used for Failover/High-Availability or Load Balancing. The algorithms you get with the load balancing from my experience dont necessarily let you choose based on source where the traffic goes.

I think what you are looking for is more of a Router with Dual Wan that support Policy Based Routing. This will allow you to direct traffic from specific sources to specific destinations through specific interfaces.

Either way it sounds like a unique setup to me.

Good Luck!

Just wanted to point out that multiple WAN's are supported on the ASA platform. They do not support PBR, but it is possible to do an emulated PBR for specific destinations and services. With that being said unless I misread the OP I don't believe PBR would be needed.

 

[tom11011]

I work with all the firewalls mentioned above.

In my opinion, the best firewall for the money on the market right now is Sophos UTM (formerly Astaro UTM).

 

[YeOldeStonecat]

I work with all the firewalls mentioned above.

In my opinion, the best firewall for the money on the market right now is Sophos UTM (formerly Astaro UTM).

Darned good product....have tried it a few times, ran it at home a few times. Very polished, mature. Back in the Astaro days...they nagged me like mad to come onboard as a reseller. Didn't do it..already in bed with Untangle. But will state Astaro is damned good too!

 

[tom11011]

Darned good product....have tried it a few times, ran it at home a few times. Very polished, mature. Back in the Astaro days...they nagged me like mad to come onboard as a reseller. Didn't do it..already in bed with Untangle. But will state Astaro is damned good too!

I can tell you years back I hated Astaro. The product was immature and always underpowered. But that is what a larger company I was working with was running so I had to learn it. I go back as far as version 6. My biggest gripe at the time other than being underpowered was it seemed they would release patches without fully testing.

But those days were over a few years ago and I have really grown to love the product. I've always been a cisco person over the years but I do like the Sophos UTM better than the ASA. It's a very, very well laid out interface and easy for even a novice to use. You can have a site to site vpn up in minutes.

Astaro 6 was basically just a firewall but today the product is a UTM which means firewall, spam, sip proxy, web filter, and more. They can be setup as an HA pair or as a N+1 cluster. Currently, in my datacenter we are running 2 in an HA pair in vmware (ie our firewall capability is running exclusively virtual on vmware).

Shameless plug- yes I sell them

 

[gikstar]

We take a older dual core computer, install a number of nics and then install PfSense. In some cases we install a wireless card in the computer. Works great for small businesses and households.

 

[freedomit]

I work with all the firewalls mentioned above.



In my opinion, the best firewall for the money on the market right now is Sophos UTM (formerly Astaro UTM).

Interesting you say that as I've always wondered about trying Sophos UTM's. My main reason for not trying them is that most customers run Sophos AV and I thinks it's best to have protection from a different security vendor. Same reason we run GFi for email filter rather than Puremessage, if GFI doesn't detect then hopefully Sophos will and vice versa.

 

[marley1]

Look at Zyxel. Very reliable firewall

Have plenty running multiple sites

 

[marley1]

Sophos utm looks good. What's the warranty like on them? What about yearly services?

 

[tom11011]

Sophos utm looks good. What's the warranty like on them? What about yearly services?

There is 2 support levels: Standard and Premium. Premium support basically gets you upfront replacement of defective hardware. Here is the packages you can activate on the Sophos copied right out of my UTM. The minimum license is Network Protection.

Network Protection


Status: enabled
Exp. Date: 07 July 2015
Description: This subscription enables the Intrusion Prevention System (IPS) incl. pattern updates, DoS/Flood Protection, SSL & IPsec based VPN and Remote Access, Advanced Routing, WAN Link Balancing and detailed Network Protection Reporting.



Email Protection


Status: enabled
Exp. Date: 07 July 2015
Description: This subscription enables mail filtering with dual antivirus incl. pattern updates, Reputation and Fingerprint based Spam Filtering, transparent Email Encryption (OpenPGP & S/MIME), End-User Quarantine Management and detailed Mail Usage Reporting.



Web Protection


Status: enabled
Exp. Date: 07 July 2015
Description: This subscription enables web traffic analysis with Virus and Spyware Filter incl. pattern updates, URL filter by Category, AD/eDir SSO Authentication, HTTPS filtering, Application Control and detailed Web Usage Reporting.



Webserver Protection


Status: enabled
Exp. Date: 07 July 2015
Description: This subscription enables protection of servers behind UTM from modern attacks and exploits. Keep your Web and Mail servers safe using defenses against Cross-Site Scripting (XSS), SQL Injection, Application Attacks, Cookie Tampering, and more. Webserver Protection supports standard HTTP and encrypted HTTPS (SSL) connections.



Wireless Protection


Status: enabled
Exp. Date: 07 July 2015
Description: This subscription enables Wireless Protection.



Endpoint AntiVirus


Status: enabled
Exp. Date: 07 July 2015
Max. Users: 60 ( 50 licensed Users + 10 free Users )
Description: This subscription enables Endpoint Protection incl. Antivirus, HIPS and Device Control.



BasicGuard


Status: disabled
Exp. Date: not licensed
Description: This subscription enables basic functions for Network, Email, Web and Wireless Protection. If you want to use more advanced functions in your UTM like RED, HTML5 VPN portal, Wireless Hotspot vouchers, two AV scanners, and others, you can easily upgrade to a fully featured FullGuard license via our MyUTM licensing portal.