Educause Security Discussion mailing list archives

Re: Fortinet Firewalls

From: "Daly, Douglas" <DDALY () NYMC EDU>
Date: Fri, 24 Apr 2009 14:39:43 -0400

Good Afternoon Brian,

We have run Fortinet products for many years. The short of it is, they do what they claim but they don't do it as fast 
as they say they can. The ASA is our internet firewall and is a more capable product. We run Fortigate 1000A inside the 
network as a second (to our endpoint protection) anti-virus scanner - nothing else. We licensed the whole suite but 
even when our internet was only a 15Mb/s partial T3, the box was never able to handle the throughput demands of 
anti-virus plus anything else. We are recently looked into an upgrade to  the 620 or 3016 but the specs are so marginal 
to our needs (we're upgrading to 100Mb/s internet soon) that the published 250Mb/s and 300Mb/s speeds for antivirus are 
too close to the possible maximum 200Mb/s (100mb/s full duplex) we could see within the lifespan of the system.  They 
do have a 3600 that would work for us but now we are talking too much money and other competitors become more 
attractive.

I am a fan of Fortigate and the support is good but you need to buy more than the published specs make you think you 
need.

One caveat to all this... I like Fortigate because they do not run the same anti-virus engine as our end point 
protection. We don't use the ASA antivirus because it is the same engine. Not much benefit to scanning twice with the 
same engine and signatures.

Douglas Daly
Associate Director,
Technical Services
New York Medical College
Valhalla, NY  10595

914.594.4961

-----Original Message-----
From: Kellogg, Brian D. [mailto:bkellogg () SBU EDU]
Sent: Thursday, April 23, 2009 8:57 AM
Subject: Fortinet Firewalls

We currently run an old Pix firewall and it's done the job well, but it's time to retire it.  We are looking at 
Fortinet and Cisco ASA at the moment and are quite interested in Fortinet due to the its price and capabilities at that 
price point.  Would anyone be willing to share their experience with Fortinet firewalls and their tech support?  We are 
most interested in their VPN, both user and site to site; SSL VPN; virus scanning; and IPS features.
Suggestions of other vendors that can provide the same features are welcome as well.


Thank you,

Brian Kellogg
Network Services Manager
St. Bonaventure University
716-375-4092

Current thread:

Re: Fortinet Firewalls, (continued)
- Re: Fortinet Firewalls Pufahl, Jason (Apr 23)
- Re: Fortinet Firewalls Ramon Hermida (Apr 23)
- Re: Fortinet Firewalls Consolvo, Corbett D (Apr 23)
- Re: Fortinet Firewalls Ness, Carl J (Apr 23)
- Re: Fortinet Firewalls Kellogg, Brian D. (Apr 23)
- Re: Fortinet Firewalls Kellogg, Brian D. (Apr 23)
- Re: Fortinet Firewalls Tupker, Mike (Apr 23)
- Re: Fortinet Firewalls Ouska, Julie (Apr 23)
- Re: Fortinet Firewalls Greene, Chip (Apr 23)
- Re: Fortinet Firewalls Avdagic, Indir (Apr 23)
- Re: Fortinet Firewalls Daly, Douglas (Apr 24)