[AusNOG] Fortigate | input/thoughts

jcbrandis at gmail.com jcbrandis at gmail.com
Thu Oct 17 20:50:19 EST 2013 

Great comments all and I thank you. I got over 50 replies so they are quite popular. I did note very few of you use the reporting functionality. Bummer as that was one of the main drivers for my message. Many of you expressed bugs and throughout as a gotcha. 
Also thanks to those who gave a head to head comparison SSG vs FortiXXX. 

Off to fight fires, literally. 

Sorry for the disturbance. 

Sent from my iPhone

On 17/10/2013, at 7:42 PM, Matthew VK3EVL <hitman at itglowz.com> wrote:

> Although not in a multi tenant environment but a very large one, the only thing I've found a little screwy is the web proxy function. With caching turned on it seems to mash client requests to CAs resulting in users getting a certificate error stating revocation information missing. After seeing only a 1% hit rate on the cache it was decided to turn off the cache (not the auth proxy function) and mysteriously a whole myriad of problems disappeared.
> 
> 
>> On 17 Oct 2013, at 16:10, Shane Chrisp <shane at 2000cn.com.au> wrote:
>> 
>> On 16/10/13 20:47, Richard Ham AusNOG wrote:
>> 
>> I totally agree with Richard, although I may be a bit biased as I am a Fortinet Gold Partner. However we have quite a large install base now
>> with many of those in High Availabilty configuration and they work flawlessly. The typical complaint we have encountered
>> from users who were not happy with them, has been due to the units not being spec'd up correctly for the task at hand or
>> more commonly, simple misconfiguration. Since the introduction of FortiOS v5, the reporting features which are built into the
>> units are greatly improved, however if you are looking to consolodate logs from many Fortigates into single reports, then a
>> FortiAnalyzer is the way to. They are available as a hardware or VM solution. I tend to suggest the VM as it scales beyond the
>> Hardware versions for locations where they may be additional growth in the future.
>> 
>> I am also happy to answer any other questions.
>> 
>> -- 
>> 
>> Regards
>> 
>> Shane Chrisp
>> 2000 Computers & Networks Pty Ltd
>> Suite 6, 49 Hay St, Subiaco, WA 6008
>> Ph 08 6298 7391
>> Fx 08 6298 7393
>> Mb 0412 409 856
>> Email shane at 2000cn.com.au
>> Web http://www.2000cn.com.au
>> 
>> *** Fortinet Gold Partner ***
>> 
>> 
>>> Hi John,
>>> 
>>> I have used/administered multi-tennant (VDOM) based Fortigates for 7+ years
>>> now and am as happy with them as I was after reading the marketing blurb
>>> when I first assessed them against competitors. They are a solid unit and
>>> features are aggressively upgraded from major firmware release to firmware
>>> release. The Fortigate units are good at generalist firewalls/utm and do
>>> well as generalist firewall/utm where as the Fortimail units or similar are
>>> better as specific functions in filtering email etc.
>>> 
>>> I can't really comment about reporting as I haven't used the Fortianalyzer
>>> units in the last 4 years.
>>> 
>>> Feel free to email me for specifics,
>>> 
>>> Thanks,
>>> 
>>> Richard
>>> 
>>> -----Original Message-----
>>> From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of
>>> jcbrandis at gmail.com
>>> Sent: Wednesday, 16 October 2013 8:54 PM
>>> To: ausnog at ausnog.net
>>> Subject: [AusNOG] Fortigate | input/thoughts
>>> 
>>> Hi all,
>>> 
>>> I recall a few posts back there was talk of Fortinet/Fortigate as a
>>> firewall. I am Looking at this product to fill a void and interested in the
>>> opinions of others who use it in Mutli tenant scenarios with all the key
>>> features (utm, ips/ids, correlation, reporting). If you could lend
>>> experiences, thoughts etc it would be much appreciated., Off list of-course.
>>> 
>>> 
>>> Hope all are having a good night and sorry for the disturbance.
>>> 
>>> PS: not interested in a sales person contacting me.
>>> 
>>> Many thanks
>>> 
>>> John in Sydney.
>>> 
>>> 
>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>> 
>> 
>> 
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

More information about the AusNOG mailing list