Re: Fortinet's fortigate 100 devices

[Bob Walder <bwalder () spamcop net>]

We started testing UTM devices at the end of last year and Fortinet and ISS
were the first two to complete testing. The reports are available on our Web
site (www.nss.co.uk)

As you will see, the performance drops off considerably the more functions
you enable, so careful capacity planning is required

We found both devices to be capable for the target market - just don't
expect the wire-speed Gigabit performance you get from dedicated in-line IPS
devices.... :o)  AV and Anti Spam are real performance hogs (no matter which
vendor you look at)!

If you don't need firewall, VPN and IPS then you could also look at SCA
devices such as Panda GateDefender (also tested)

Bob Walder
The NSS Group


On 30/12/05 18:03, "Andrew Plato" <andrew.plato () anitian com> wrote:

> DISCLAIMER: I am a reseller of Fortinet.
>
> Hi Jimmy, 
>
> I sell and support a lot of Fortinets. They're a good product. They
> aren't perfect, but as a UTM device, they're definitely one of the best
> on the market. 
>
> In terms of performance, you'll want to buy way more Fortinet then you
> think you need. As a basic firewall, the performance is great, but if
> you start turning on services (like IPS and AV) the performance
> plummets. If you think a 100 is right for your environment, you might
> want to consider a 200 or 300 if you plan to turn on the other services.
>
>
> The HA on Fortinet is about as easy as it gets. I typically deploy them
> as an active-active cluster. The latency when one goes down and the
> other picking up is short. Just a few seconds. Having deployed hundreds
> of Fortinets, HA has never been a problem.
>
> There are some gotchas with Fortinet. The IPS is frustratingly obscure.
> While its not bad at detecting things, the GUI makes it painstakingly
> slow to configure. I've gotten good at doing IPS work in the CLI using a
> text script I built. Logging in the Fortinet is not so hot either. Try
> to budget for a Fortilog/Fortianalyzer. Its extra money, but its worth
> it in the long run. Unless you really like writing syslog parsers. Also,
> I find the way firewall policies are created to be a little laborious.
>
> Fortinet support is fair. My experience is that it can take days to get
> answers. However, they are very nice to partners. If you can find a
> knowledgeable Fortinet reseller/partner they may be more help than
> Fortinet. They can also get you past first line support to engineering
> support. 
>
> As far as competing products - you'll want to look at SecureComputing's
> Sidewinder and 3Com's TippingPoint X505. WatchGuard and Sonicwall are
> trailers in the UTM space. WatchGuard has a good GUI. The IPS and AV are
> okay. I would avoid Cisco's and Symantec's offerings in the UTM space.
> They aren't very impressive and generally cost more.
>
> Also, a lot of Fortinet's competitors like to bring up Fortinet's issue
> with TrendMicro and their violation of the GPL license. Both of these
> issues have been resolved and are no longer an issue. Fortinet
> re-engineered their AV engine, so it does not violate the Trend patent.
> And they have published their code changes and thus complied with the
> GPL license. So, don't let some sale-hungry vendor rep mislead you with
> those issues.
>
> Good luck. 
>
> _____________________________________
> Andrew Plato, CISSP
> President/Principal Consultant
> ANITIAN ENTERPRISE SECURITY
>
> Your Expert Partner for Security & Networking
>
> 3800 SW Cedar Hills Blvd, Suite 280
> Beaverton, OR 97005
> 503-644-5656 Office
> 503-214-8069 Fax
> 503-201-0821 Mobile
> www.anitian.com
> _____________________________________
>
>  
>
> -----Original Message-----
> From: Jimmy Stewpot [mailto:squid () oranged to]
> Sent: Wednesday, December 28, 2005 7:21 AM
> To: focus-ids () securityfocus com
> Subject: Fortinet's fortigate 100 devices
>
> Hello,
>
> I am currently in the process of evaluating a security appliance by the
> company Fortinet. The product in specifics is the Fortigate 100. So far
> the product has been looking very impressive. However I have some
> questions that I am trying to find answers to.
>
> - Has anyone got any advice regarding the network performance of these
> devices in real world environments. During my testing I noticed they are
> using a Realtek 8139 based NIC. I personally have never had any issues
> with Realtek 8139 cards in environments ranging from slow to medium/high
> bandwidth utilization (40-50Mbps) however any feedback about how the
> Realtek network cards perform in the Fortigate would be greatly
> appreciated.
>
> - I noticed that the system has got HA functionality. It appears to be
> very similar to the way in which VRRP works. However it does not state
> that its actually VRRP (licensing issues perhaps). Does anyone have any
> feedback as to how good the fail over/fail back/ redundancy issues are
> on these devices?
>
> - Any overall opinions or feedback from anyone that has used the device
> in any production environments would be fantastic. Also if anyone knows
> of any competing products I would like be very interested to know about
> them.
>
> - I am also interested to know how everyones experiences are in regards
> to Fortinet support?
>
>
> So far my own experience in using the devices has been exceptional.
> However as we are looking to put them into some more intensive solutions
>   I need to find out as much information as I can so that we can prepare
> or look at bigger/faster Fortinet boxes or alternatives.
>
> Regards,
>
> Jimmy.
>
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from
> CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> ------------------------------------------------------------------------
>
>
>
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> ------------------------------------------------------------------------



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------