[AusNOG] Fortigate | input/thoughts

Matthew VK3EVL hitman at itglowz.com
Thu Oct 17 19:42:05 EST 2013 

Although not in a multi tenant environment but a very large one, the only thing I've found a little screwy is the web proxy function. With caching turned on it seems to mash client requests to CAs resulting in users getting a certificate error stating revocation information missing. After seeing only a 1% hit rate on the cache it was decided to turn off the cache (not the auth proxy function) and mysteriously a whole myriad of problems disappeared.


> On 17 Oct 2013, at 16:10, Shane Chrisp <shane at 2000cn.com.au> wrote:
> 
> On 16/10/13 20:47, Richard Ham AusNOG wrote:
> 
> I totally agree with Richard, although I may be a bit biased as I am a Fortinet Gold Partner. However we have quite a large install base now
> with many of those in High Availabilty configuration and they work flawlessly. The typical complaint we have encountered
> from users who were not happy with them, has been due to the units not being spec'd up correctly for the task at hand or
> more commonly, simple misconfiguration. Since the introduction of FortiOS v5, the reporting features which are built into the
> units are greatly improved, however if you are looking to consolodate logs from many Fortigates into single reports, then a
> FortiAnalyzer is the way to. They are available as a hardware or VM solution. I tend to suggest the VM as it scales beyond the
> Hardware versions for locations where they may be additional growth in the future.
> 
> I am also happy to answer any other questions.
> 
> -- 
> 
> Regards
> 
> Shane Chrisp
> 2000 Computers & Networks Pty Ltd
> Suite 6, 49 Hay St, Subiaco, WA 6008
> Ph 08 6298 7391
> Fx 08 6298 7393
> Mb 0412 409 856
> Email shane at 2000cn.com.au
> Web http://www.2000cn.com.au
> 
> *** Fortinet Gold Partner ***
> 
> 
>> Hi John,
>> 
>> I have used/administered multi-tennant (VDOM) based Fortigates for 7+ years
>> now and am as happy with them as I was after reading the marketing blurb
>> when I first assessed them against competitors. They are a solid unit and
>> features are aggressively upgraded from major firmware release to firmware
>> release. The Fortigate units are good at generalist firewalls/utm and do
>> well as generalist firewall/utm where as the Fortimail units or similar are
>> better as specific functions in filtering email etc.
>> 
>> I can't really comment about reporting as I haven't used the Fortianalyzer
>> units in the last 4 years.
>> 
>> Feel free to email me for specifics,
>> 
>> Thanks,
>> 
>> Richard
>> 
>> -----Original Message-----
>> From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of
>> jcbrandis at gmail.com
>> Sent: Wednesday, 16 October 2013 8:54 PM
>> To: ausnog at ausnog.net
>> Subject: [AusNOG] Fortigate | input/thoughts
>> 
>> Hi all,
>> 
>> I recall a few posts back there was talk of Fortinet/Fortigate as a
>> firewall. I am Looking at this product to fill a void and interested in the
>> opinions of others who use it in Mutli tenant scenarios with all the key
>> features (utm, ips/ids, correlation, reporting). If you could lend
>> experiences, thoughts etc it would be much appreciated., Off list of-course.
>> 
>> 
>> Hope all are having a good night and sorry for the disturbance.
>> 
>> PS: not interested in a sales person contacting me.
>> 
>> Many thanks
>> 
>> John in Sydney.
>> 
>> 
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
> 
> 
> 
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

More information about the AusNOG mailing list