Educause Security Discussion mailing list archives
Re: Fortinet vs. Palo Alto
From: Tim Nance <nancet () SHANDS UFL EDU>
Date: Fri, 25 Feb 2011 14:28:23 -0500
Three years ago we brought a Palo Alto device into our network to test it out. It wasn't quite ready for primetime. Misidentified traffic. Lacked a bit on the UI. A year ago we brought them back in, and I believe they are now fully baked. We have now been running a Palo Alto firewall on our wide open guest/patient wireless network for the past 10 months. We have it configured to block 2 web site categories, all unknown applications & all peer to peer sharing applications. Prior to its implementation we were running a juniper firewall with web filtering subscription and were responding to about 1 RIAA type of issue per week. Since it went live we have not had a single reported infringement issue. About 6 months ago we replaced our web filtering solution for the primary network with much larger Palo Alto, and continue to be impressed with abilities. The renewal costs for our previous web filtering solution were on par with a new Palo Alto with url and app filtering. We had to drop another 5k to get the threat monitoring (IDP) functionality. Then another one of our hospitals which was running its own web filtering solution opted to utilize the Palo Alto. This saved us another $15,000 as the Palo Alto web filtering is a flat fee vs a per user as are most other solutions. We are currently pushing traffic from 12 thousand hosts through it The IDP functionality within the Palo Alto provided much more meaningful data than the other system we were using and I have not had any problems with stateful firewalling capabilities. We are tentatively planning on purchasing 2 - 4 more 10 gig Palo Alto boxes. We just finished participating in beta testing the new Palo Alto firewalls which will be announced next week. We placed it at the boundary between us and main campus and fed it traffic from our entire organization ~25,000 hosts. We performed deep packet inspection all traffic on the 10gig interfaces. I was extremely impressed with their performance and upgraded user interface. Due to NDA can't such much more about it. I tested a Fortinet device a few months ago. They have a lot of promise, but there promise of UTM is not there yet. I am still planning on buying a couple of dozen of their low end devices as an in-line control point for some of our FDA regulated devices. I saw Fortinet's new gear at RSA last week and it looked impressive. The capabilities they are claiming sound even more so. Though I found it very telling when I spoke to the Sonicwall engineer at the show, and he told me don't trust the Fortinet numbers and then went on to praise the Palo Alto boxes. --tim Timothy M. Nance CISSP, CISA, MCSA, ECSA Information Security Analyst University of Florida Academic Health Center PO Box 100356 Gainesville, FL 32610-0356 265-8317 x 85285
"Consolvo, Corbett D" <cc72 () TXSTATE EDU> 2/25/2011 9:21 AM >>>
Folks, We*re doing some firewall evaluations and was wondering if anyone has any input on Fortinet vs. Palo Alto. We*re looking at them for multi-Gb installations (perimeter, data center, possibly dorms) and my impression is that Palo Alto is more polished but Fortinet looks to be less expensive as well as providing some features (such as vulnerability assessment and chassis versions) that Palo Alto doesn*t. Any feedback (especially real-world experience) on either or both products would certainly be appreciated. Thanks Corbett Consolvo Texas State University
Current thread:
- Fortinet vs. Palo Alto Consolvo, Corbett D (Feb 25)
- Re: Fortinet vs. Palo Alto Nathaniel Hall (Feb 25)
- Re: Fortinet vs. Palo Alto Kevin Wilcox (Feb 25)
- Re: Fortinet vs. Palo Alto Roderick Cook (Feb 25)
- Re: Fortinet vs. Palo Alto Basgen, Brian (Feb 25)
- Re: Fortinet vs. Palo Alto Tim Nance (Feb 25)
- Re: Fortinet vs. Palo Alto Kellogg, Brian D. (Feb 25)
- Re: Fortinet vs. Palo Alto Valdis Kletnieks (Feb 25)
- Re: Fortinet vs. Palo Alto John Ladwig (Feb 25)
- Re: Fortinet vs. Palo Alto Valdis Kletnieks (Feb 25)
- Re: Fortinet vs. Palo Alto John Ladwig (Feb 25)
- Re: Fortinet vs. Palo Alto Nathaniel Hall (Feb 25)
- <Possible follow-ups>
- Re: Fortinet vs. Palo Alto Joe Guenther (Mar 03)
- Re: Fortinet vs. Palo Alto Will Froning (Mar 06)