Educause Security Discussion mailing list archives
Re: Fortinet Firewalls
From: "Ouska, Julie" <Julie.Ouska () CCCS EDU>
Date: Thu, 23 Apr 2009 10:06:35 -0600
I checked with my Manager of Network Technologies and this was his response: Our current production firewalls are Cisco ASA's. They have not given us any issues like we had with the old PIX's. We do have the ability to run the firewalls on the Fortinet devices as well however they are currently only being used for web filtering. As for the SSL VPN we tested it on the ASA's the Fortinets and Juniper and Juniper is far superior to the others in the SSL VPN environment. If I was looking to replace firewalls in the future I'm not certain that I would use Cisco or Fortinet and might go down the Juniper path with that product as well. Julie Julie Ouska CIO/VP, Information Technology Colorado Community College System (720) 858-2781 julie.ouska () cccs edu www.cccs.edu From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Tupker, Mike Sent: Thursday, April 23, 2009 9:45 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Fortinet Firewalls I'm in the same boat. I've been looking at Watchguard and Sonicwall, but I also have concerns about performance of the all in one devices. Currently we have a Secure Computing Sidewinder G2 UTM (now mcafee) device. In terms of performance it works well but it has no useful reporting unless you buy a very expensive software package (or unless you like looking through UNIX logs with grep). The yearly maintenance cost is also extremely high on the G2 compared to similar UTM devices. I've also looked at the Palo Alto offerings and am pretty impressed by the ease of management. (almost looks a little to easy) J Mike Tupker Systems Administrator Mount Mercy College Office: (319) 363-1323 x1401 Mobile: (319) 538-1644 If you need assistance with an computer issue please contact the helpdesk at x4357 or http://help.mtmercy.edu. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kellogg, Brian D. Sent: Thursday, April 23, 2009 9:42 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Fortinet Firewalls I completely agree and excellent advice. Unfortunately my budget and security requirements are at odds. Thank you, Brian Kellogg Network Services Manager St. Bonaventure University 716-375-4092 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ness, Carl J Sent: Thursday, April 23, 2009 10:39 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Fortinet Firewalls Beware of kitchen-sink devices. If you need a firewall, get a firewall, if you need IPS, get an IPS box. When you're talking enterprise-class, it really is better to stay away from vendors and solutions that claim to do more than one thing. Usually they do many things kinda-sorta well. I'd rather have more than one box that does one thing and does it really well. Soho or branch office, well that's where all-in-one's excel. Just my .02 Carl Carl J. Ness, M.S., CISSP Senior Security Analyst CIO Office, University of Iowa From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Consolvo, Corbett D Sent: Thursday, April 23, 2009 9:14 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Fortinet Firewalls We use ASAs, they have very good basic firewall performance (best I've seen) but do not have the intelligence that the pure-play firewalls have. I have been interested in looking at Palo Alto firewalls but have not had a chance past a quick demo. Thanks, Corbett Texas State University ________________________________ From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ramon Hermida [rhermida () UTPA EDU] Sent: Thursday, April 23, 2009 9:07 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Fortinet Firewalls We are using Fortinet firewalls for several firewall purposes. We run these in a clusters (we are using their mid-range blade solution) and active-active mode to do load-balancing. We have been using IPS, A/V scanning, web filtering and some traffic shaping quite successfully for a couple of years now. We have also used their IPSEC, and SSL VPN functionality without any issues. We are actually quite impressed with the IPS functionality because it allows blocking not only by signature, but also by malicious behavior. We are currently passing about 240 Mbps of bandwidth and what we like about the solution is that when our bandwidth needs increase, we just add additional blades to the cluster. Last time I checked Cisco ASA could not handle IPS scanning for more than 100 Mbps of bandwidth. Please contact me off-list if you wish further details as I don't feel comfortable disclosing further details of our network infrastructure in a public forum. Regards -RH Ramon Hermida Senior Network Security Analyst University of Texas Pan American ________________________________ From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Pufahl, Jason Sent: Thursday, April 23, 2009 8:27 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Fortinet Firewalls The University of Connecticut uses Fortinet firewalls at a variety of locations throughout campus. Unfortunately, we deployed them at our Internet borders and they have never performed as advertised. We have had no end of significant software issues related to A/V and IPS scanning and performance. At our lower traffic volume sites the hardware performs adequately. Our opinion is that Fortinet is not suited for an enterprise deployment, but that they fit well in a small office/small network scenario. We are in the process of evaluating different vendors now with the intention of replacing the Internet facing firewalls before next fall. Feel free to contact me off list if you would like additional information. -Jason Pufahl Team Lead, Network Security University of Connecticut From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kellogg, Brian D. Sent: Thursday, April 23, 2009 8:57 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Fortinet Firewalls We currently run an old Pix firewall and it's done the job well, but it's time to retire it. We are looking at Fortinet and Cisco ASA at the moment and are quite interested in Fortinet due to the its price and capabilities at that price point. Would anyone be willing to share their experience with Fortinet firewalls and their tech support? We are most interested in their VPN, both user and site to site; SSL VPN; virus scanning; and IPS features. Suggestions of other vendors that can provide the same features are welcome as well. Thank you, Brian Kellogg Network Services Manager St. Bonaventure University 716-375-4092
Current thread:
- Fortinet Firewalls Kellogg, Brian D. (Apr 23)
- <Possible follow-ups>
- Fortinet Firewalls Kellogg, Brian D. (Apr 23)
- Re: Fortinet Firewalls Pufahl, Jason (Apr 23)
- Re: Fortinet Firewalls Ramon Hermida (Apr 23)
- Re: Fortinet Firewalls Consolvo, Corbett D (Apr 23)
- Re: Fortinet Firewalls Ness, Carl J (Apr 23)
- Re: Fortinet Firewalls Kellogg, Brian D. (Apr 23)
- Re: Fortinet Firewalls Kellogg, Brian D. (Apr 23)
- Re: Fortinet Firewalls Tupker, Mike (Apr 23)
- Re: Fortinet Firewalls Ouska, Julie (Apr 23)
- Re: Fortinet Firewalls Greene, Chip (Apr 23)
- Re: Fortinet Firewalls Avdagic, Indir (Apr 23)
- Re: Fortinet Firewalls Daly, Douglas (Apr 24)