Educause Security Discussion mailing list archives
Re: Firewalls
From: Nathaniel Hall <educause-lists () NATHANIELHALL COM>
Date: Sun, 14 Jul 2013 22:54:09 -0500
I understand what you mean about the non-swappable power supplies. In all honesty, I'm usually less concerned with redundant power supplies than I am with redundant systems. A power supply is only a fraction of the parts that could go bad. I'd much rather have redundant systems than a single system with redundant supplies.
I have not had the lost packets issue with a config change, but I do understand the waiting on commit. I have a PA-200 at home with basically everything enabled and about 50 security rules. My load stays fairly low, but I always have long commit times. If you have created custom Applications with regular expressions it will significantly increase the commit time. Be careful about that.
In the environment where I worked with Fortinets we had 30+ gateways. It was not unusual for them to be overloaded. Come to find out the amount of traffic we were passing, even though the device met our requirements according to spec, we actually needed a much larger device that spec'ed for 8GB+ of traffic.
DISCLAIMER: I work for a vendor of Palo Alto and Fortinet devices. -- Nathaniel Hall On 7/10/2013 8:29 PM, John Kaftan wrote:
Chris:What Fortigate unit did you have? To be competitive price wise we have to get into the PA 3050. That box is not beast by our estimation. Single non-swappable power supplies really bums us out. The interface is really clunky. We have to wait 45 sec or more for each commit. We also loose packets every time we make a config change and the logging is not very robust compared to the Fortigate.We looked at total cost of ownership over 5 years and the PA 5020s were more than 2x the cost of the Fortigate 1000cs. According to specs these guys are supposed to be close.Everybody we talk to seems to love PA though. We feel like we are not getting it. If the 3050 would cut it for us maybe we could consider them. But the 3050 doesn't seem to compare to the Fortigate 1000c. It isn't really an enterprise solution.Thanks
Current thread:
- Re: Firewalls Peter Setlak (Jul 03)
- <Possible follow-ups>
- Re: Firewalls Chris Golden (Jul 10)
- Re: Firewalls Bob Williamson (Jul 10)
- Re: Firewalls Nathaniel Hall (Jul 14)
- Re: Firewalls John Kaftan (Jul 10)
- Re: Firewalls Nathaniel Hall (Jul 14)
- Re: Firewalls Bob Williamson (Jul 10)
- Re: Firewalls Chris Davis (Jul 11)
- Re: Firewalls Bradley, Stephen (Jul 11)
- Re: Firewalls Chris Davis (Jul 12)
- Re: Firewalls randy (Jul 12)
- Re: Firewalls Alan Nord (Jul 17)