Fortinet Experiences
-
My primary outlying requirement is I need FIPS 140-2 compliance on any encryption used. Otherwise it is just your standard SMB requirements: VPN; firewall; IPS; site-to-site; etc.
-
@JaredBusch said in Fortinet Experiences:
@Kelly I do not recommend them, but I have had clients over time that have had them existing and they seem to work without any major issues.
What feature of the Fortinet is being pushed?
It is no secret that I am a fan of the Ubiquiti gear. But when people want more than just router and firewall in the edge device, Ubiquiti is not the right tool for the job.
@JaredBusch Why would you not recommend them?
-
@brianlittlejohn said in Fortinet Experiences:
I seem to remember them having a pretty big security flaw not too long ago...not positive though.
I'm not finding anything doing basic searches, e.g. fortinet cva
-
@Kelly said in Fortinet Experiences:
@brianlittlejohn said in Fortinet Experiences:
I seem to remember them having a pretty big security flaw not too long ago...not positive though.
I'm not finding anything doing basic searches, e.g. fortinet cva
http://thehackernews.com/2016/01/fortinet-firewall-password-hack.html
-
@JaredBusch said in Fortinet Experiences:
@Kelly said in Fortinet Experiences:
@brianlittlejohn said in Fortinet Experiences:
I seem to remember them having a pretty big security flaw not too long ago...not positive though.
I'm not finding anything doing basic searches, e.g. fortinet cva
http://thehackernews.com/2016/01/fortinet-firewall-password-hack.html
Ouch
-
@Kelly said in Fortinet Experiences:
@JaredBusch said in Fortinet Experiences:
@Kelly I do not recommend them, but I have had clients over time that have had them existing and they seem to work without any major issues.
What feature of the Fortinet is being pushed?
It is no secret that I am a fan of the Ubiquiti gear. But when people want more than just router and firewall in the edge device, Ubiquiti is not the right tool for the job.
@JaredBusch Why would you not recommend them?
I do not recommend UTM functionality to clients. So I have no need for any feature of the gear beyond routing and firewall.
There is no reason to pay $400 (CDW price) for the lowest model unit, the Fortinet FortiGate 30E, when I can buy the Ubiquiti EdgeMAX PoE for $150, or the LITE for $90.
-
@Kelly said in Fortinet Experiences:
@JaredBusch said in Fortinet Experiences:
@Kelly said in Fortinet Experiences:
@brianlittlejohn said in Fortinet Experiences:
I seem to remember them having a pretty big security flaw not too long ago...not positive though.
I'm not finding anything doing basic searches, e.g. fortinet cva
http://thehackernews.com/2016/01/fortinet-firewall-password-hack.html
Ouch
Not as bad as it sounds when you read all the details. It was supposedly fixed in 2014, but never published or announced. Either way, it is resolved now, and there was never more than a proof of concept hack built prior to the announcement, that any one knows of.
-
We've also had bad luck with fortinet. Like Jared we don't recommend UTMs as a product category and Fortinet as a vendor we had issues with stability. Plus the security issue. Definitely not someone I'd choose.
-
@scottalanmiller said in Fortinet Experiences:
We've also had bad luck with fortinet. Like Jared we don't recommend UTMs as a product category and Fortinet as a vendor we had issues with stability. Plus the security issue. Definitely not someone I'd choose.
Don't say also when no one else has stated anything about bad luck.
-
@JaredBusch said in Fortinet Experiences:
There is no reason to pay $400 (CDW price) for the lowest model unit, the Fortinet FortiGate 30E, when I can buy the Ubiquiti EdgeMAX PoE for $150, or the LITE for $90.
Yeah, and I'd consider the EdgeMAX to be a vastly superior product. One that I would certainly trust more from a support and security perspective. That it is cheaper is just the icing.
-
@scottalanmiller said in Fortinet Experiences:
@JaredBusch said in Fortinet Experiences:
There is no reason to pay $400 (CDW price) for the lowest model unit, the Fortinet FortiGate 30E, when I can buy the Ubiquiti EdgeMAX PoE for $150, or the LITE for $90.
Yeah, and I'd consider the EdgeMAX to be a vastly superior product. One that I would certainly trust more from a support and security perspective. That it is cheaper is just the icing.
Support from 3rd party, yes. Support from UBNT is email only still. So, that affects things for some.
-
@JaredBusch said in Fortinet Experiences:
@scottalanmiller said in Fortinet Experiences:
@JaredBusch said in Fortinet Experiences:
There is no reason to pay $400 (CDW price) for the lowest model unit, the Fortinet FortiGate 30E, when I can buy the Ubiquiti EdgeMAX PoE for $150, or the LITE for $90.
Yeah, and I'd consider the EdgeMAX to be a vastly superior product. One that I would certainly trust more from a support and security perspective. That it is cheaper is just the icing.
Support from 3rd party, yes. Support from UBNT is email only still. So, that affects things for some.
Fortinet support and documentation was bad and wrong when we tried to use them. Email support from UBNT is, IMO, better.
-
@JaredBusch said i
Support from 3rd party, yes. Support from UBNT is email only still. So, that affects things for some.
Is the Unifi line different?
I've used the LIVE CHAT option on the controller before.
-
@BRRABill said in Fortinet Experiences:
@JaredBusch said i
Support from 3rd party, yes. Support from UBNT is email only still. So, that affects things for some.
Is the Unifi line different?
Hugely different. EdgeMax Pro can do much more than the USG for example but the Unifi line gives you all of your devices from a single management tool with tracking and stats between devices seamlessly, also the alerts and reporting is good.
EdgeMax and other devices outside the Unifi range you have to treat like traditional stand alone devices but you get more performance and features as a result.
-
@Breffni-Potter said in Fortinet Experiences:
@BRRABill said in Fortinet Experiences:
@JaredBusch said i
Support from 3rd party, yes. Support from UBNT is email only still. So, that affects things for some.
Is the Unifi line different?
Hugely different. EdgeMax Pro can do much more than the USG for example but the Unifi line gives you all of your devices from a single management tool with tracking and stats between devices seamlessly, also the alerts and reporting is good.
EdgeMax and other devices outside the Unifi range you have to treat like traditional stand alone devices but you get more performance and features as a result.
UniFi = Meraki style cloud management that you don't pay for because it is on a controller you set up instead of on theirs.
EdgeMax = Traditional stand alone router and switches.
-
Unfortunately UBNT and none of their products show up on the FIPS validated list that I am required to use.
-
@Kelly said in Fortinet Experiences:
Unfortunately UBNT and none of their products show up on the FIPS validated list that I am required to use.
What is FIPS? I don't remember running into that one yet.
-
@travisdh1 said in Fortinet Experiences:
@Kelly said in Fortinet Experiences:
Unfortunately UBNT and none of their products show up on the FIPS validated list that I am required to use.
What is FIPS? I don't remember running into that one yet.
https://en.wikipedia.org/wiki/Federal_Information_Processing_Standards
System for making sure that vendors that pay off politicians get listed and guaranteed sales
-
@scottalanmiller said in Fortinet Experiences:
System for making sure that vendors that pay off politicians get listed and guaranteed sales
Yeah - that's probably why they aren't on the list. To help keep their prices low!
-
@Dashrender said in Fortinet Experiences:
@scottalanmiller said in Fortinet Experiences:
System for making sure that vendors that pay off politicians get listed and guaranteed sales
Yeah - that's probably why they aren't on the list. To help keep their prices low!
Yup
