Fortigate Experiance / Review
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Fortigate Experiance / Review

From: CCMiami <nospam@modeldriven.org>
Date: Thu Feb 16 2006 - 15:59:39 CET



We purchased a Fortigate 100a firewall about 2 months ago, partly based on 


the comments from this group as well as the excellent reviews.  I thought I 


would let you know how it is going.



Our environment is a single LAN, we have a few servers and need good remote 


access.  Some the reasons we picked the Fortigate are the speed - as we want 


to have some AV checking "on the inside" due to the population of laptops. 


A VLAN setup was also recommended to us so we have each server in its own 


vlan.  Of course our primary concern is security, and the Fortigate has a 


good reputation.  We also purchased the VPN clinent/firewall so we would 


have both ends from Fortigate.  We don't have a dedicated sysadmin but our 


group is quite technical (including a programmer that has written router 


code).



The unit came out of the box working and has had no serious hardware or 


software problems.  We have not had any intrusions but I really have no way 


to evaluate its capability to stop them.  The box is feature-rich and 


supports mostly every networking protocol and option we can think of, 


capability has not been a problem. For a fast unit with VLAN this fortigate 


is a good value.



What has been a problem is the complexity and documentation.  This is a box 


they expect someone to become an expert on and understand the concepts, 


options and there interrelationships.  The documentation requires multiple 


readings.  We have yet to get the VPN working, we are on our 3rd try - 


getting VPN up requires configuration of options all over, there is a "step 


by step" but it seems somewhat out of date.  I should emphasize we are 


talking about smart techies trying to do this.



There are a lot of AV options for specific attacks, most are just set to 


record the event.  As we don't study virus signatures in detail, we don't 


have a good way to know what we should turn on, we hope the defaults are ok.



We can't give good marks to the "Forticlient" VPN and Firewall.  Every 


machine it has been installed on has had stability problems.  There is an 


option to remove the firewall and just use VPN, but this requires modifying 


the install with special software we don't have and have never used.  We are 


going to try using the MS VPN client.



Bottom line is this may be a good box for a pro, but it has a high overhead 


for the small network user.  What we don't have is a good way to compare 


this with the other firewalls, perhaps they are all complex.  I suspect that 


once everything is set up it will function well.


Received on Mon May  1 00:50:54 2006