Educause Security Discussion mailing list archives
Re: Fortinet Firewalls
From: "Tupker, Mike" <mtupker () MTMERCY EDU>
Date: Thu, 23 Apr 2009 10:44:35 -0500
I'm in the same boat. I've been looking at Watchguard and Sonicwall, but I also have concerns about performance of the all in one devices. Currently we have a Secure Computing Sidewinder G2 UTM (now mcafee) device. In terms of performance it works well but it has no useful reporting unless you buy a very expensive software package (or unless you like looking through UNIX logs with grep). The yearly maintenance cost is also extremely high on the G2 compared to similar UTM devices. I've also looked at the Palo Alto offerings and am pretty impressed by the ease of management. (almost looks a little to easy) :) Mike Tupker Systems Administrator Mount Mercy College Office: (319) 363-1323 x1401 Mobile: (319) 538-1644 If you need assistance with an computer issue please contact the helpdesk at x4357 or http://help.mtmercy.edu. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kellogg, Brian D. Sent: Thursday, April 23, 2009 9:42 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Fortinet Firewalls I completely agree and excellent advice. Unfortunately my budget and security requirements are at odds. Thank you, Brian Kellogg Network Services Manager St. Bonaventure University 716-375-4092 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ness, Carl J Sent: Thursday, April 23, 2009 10:39 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Fortinet Firewalls Beware of kitchen-sink devices. If you need a firewall, get a firewall, if you need IPS, get an IPS box. When you're talking enterprise-class, it really is better to stay away from vendors and solutions that claim to do more than one thing. Usually they do many things kinda-sorta well. I'd rather have more than one box that does one thing and does it really well. Soho or branch office, well that's where all-in-one's excel. Just my .02 Carl Carl J. Ness, M.S., CISSP Senior Security Analyst CIO Office, University of Iowa From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Consolvo, Corbett D Sent: Thursday, April 23, 2009 9:14 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Fortinet Firewalls We use ASAs, they have very good basic firewall performance (best I've seen) but do not have the intelligence that the pure-play firewalls have. I have been interested in looking at Palo Alto firewalls but have not had a chance past a quick demo. Thanks, Corbett Texas State University ________________________________ From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ramon Hermida [rhermida () UTPA EDU] Sent: Thursday, April 23, 2009 9:07 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Fortinet Firewalls We are using Fortinet firewalls for several firewall purposes. We run these in a clusters (we are using their mid-range blade solution) and active-active mode to do load-balancing. We have been using IPS, A/V scanning, web filtering and some traffic shaping quite successfully for a couple of years now. We have also used their IPSEC, and SSL VPN functionality without any issues. We are actually quite impressed with the IPS functionality because it allows blocking not only by signature, but also by malicious behavior. We are currently passing about 240 Mbps of bandwidth and what we like about the solution is that when our bandwidth needs increase, we just add additional blades to the cluster. Last time I checked Cisco ASA could not handle IPS scanning for more than 100 Mbps of bandwidth. Please contact me off-list if you wish further details as I don't feel comfortable disclosing further details of our network infrastructure in a public forum. Regards -RH Ramon Hermida Senior Network Security Analyst University of Texas Pan American ________________________________ From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Pufahl, Jason Sent: Thursday, April 23, 2009 8:27 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Fortinet Firewalls The University of Connecticut uses Fortinet firewalls at a variety of locations throughout campus. Unfortunately, we deployed them at our Internet borders and they have never performed as advertised. We have had no end of significant software issues related to A/V and IPS scanning and performance. At our lower traffic volume sites the hardware performs adequately. Our opinion is that Fortinet is not suited for an enterprise deployment, but that they fit well in a small office/small network scenario. We are in the process of evaluating different vendors now with the intention of replacing the Internet facing firewalls before next fall. Feel free to contact me off list if you would like additional information. -Jason Pufahl Team Lead, Network Security University of Connecticut From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kellogg, Brian D. Sent: Thursday, April 23, 2009 8:57 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Fortinet Firewalls We currently run an old Pix firewall and it's done the job well, but it's time to retire it. We are looking at Fortinet and Cisco ASA at the moment and are quite interested in Fortinet due to the its price and capabilities at that price point. Would anyone be willing to share their experience with Fortinet firewalls and their tech support? We are most interested in their VPN, both user and site to site; SSL VPN; virus scanning; and IPS features. Suggestions of other vendors that can provide the same features are welcome as well. Thank you, Brian Kellogg Network Services Manager St. Bonaventure University 716-375-4092
Current thread:
- Fortinet Firewalls Kellogg, Brian D. (Apr 23)
- <Possible follow-ups>
- Fortinet Firewalls Kellogg, Brian D. (Apr 23)
- Re: Fortinet Firewalls Pufahl, Jason (Apr 23)
- Re: Fortinet Firewalls Ramon Hermida (Apr 23)
- Re: Fortinet Firewalls Consolvo, Corbett D (Apr 23)
- Re: Fortinet Firewalls Ness, Carl J (Apr 23)
- Re: Fortinet Firewalls Kellogg, Brian D. (Apr 23)
- Re: Fortinet Firewalls Kellogg, Brian D. (Apr 23)
- Re: Fortinet Firewalls Tupker, Mike (Apr 23)
- Re: Fortinet Firewalls Ouska, Julie (Apr 23)
- Re: Fortinet Firewalls Greene, Chip (Apr 23)
- Re: Fortinet Firewalls Avdagic, Indir (Apr 23)
- Re: Fortinet Firewalls Daly, Douglas (Apr 24)