Fortinet Experiences

JaredBusch

@Kelly said in Fortinet Experiences:

@brianlittlejohn said in Fortinet Experiences:

I seem to remember them having a pretty big security flaw not too long ago...not positive though.

I'm not finding anything doing basic searches, e.g. fortinet cva

http://thehackernews.com/2016/01/fortinet-firewall-password-hack.html

Kelly

@JaredBusch said in Fortinet Experiences:

@Kelly said in Fortinet Experiences:

@brianlittlejohn said in Fortinet Experiences:

I seem to remember them having a pretty big security flaw not too long ago...not positive though.

I'm not finding anything doing basic searches, e.g. fortinet cva

http://thehackernews.com/2016/01/fortinet-firewall-password-hack.html

Ouch

JaredBusch

@Kelly said in Fortinet Experiences:

@JaredBusch said in Fortinet Experiences:

@Kelly I do not recommend them, but I have had clients over time that have had them existing and they seem to work without any major issues.

What feature of the Fortinet is being pushed?

It is no secret that I am a fan of the Ubiquiti gear. But when people want more than just router and firewall in the edge device, Ubiquiti is not the right tool for the job.

@JaredBusch Why would you not recommend them?

I do not recommend UTM functionality to clients. So I have no need for any feature of the gear beyond routing and firewall.

There is no reason to pay $400 (CDW price) for the lowest model unit, the Fortinet FortiGate 30E, when I can buy the Ubiquiti EdgeMAX PoE for $150, or the LITE for $90.

JaredBusch

@Kelly said in Fortinet Experiences:

@JaredBusch said in Fortinet Experiences:

@Kelly said in Fortinet Experiences:

@brianlittlejohn said in Fortinet Experiences:

I seem to remember them having a pretty big security flaw not too long ago...not positive though.

I'm not finding anything doing basic searches, e.g. fortinet cva

http://thehackernews.com/2016/01/fortinet-firewall-password-hack.html

Ouch

Not as bad as it sounds when you read all the details. It was supposedly fixed in 2014, but never published or announced. Either way, it is resolved now, and there was never more than a proof of concept hack built prior to the announcement, that any one knows of.

scottalanmiller

We've also had bad luck with fortinet. Like Jared we don't recommend UTMs as a product category and Fortinet as a vendor we had issues with stability. Plus the security issue. Definitely not someone I'd choose.

JaredBusch

@scottalanmiller said in Fortinet Experiences:

We've also had bad luck with fortinet. Like Jared we don't recommend UTMs as a product category and Fortinet as a vendor we had issues with stability. Plus the security issue. Definitely not someone I'd choose.

Don't say also when no one else has stated anything about bad luck.

scottalanmiller

@JaredBusch said in Fortinet Experiences:

There is no reason to pay $400 (CDW price) for the lowest model unit, the Fortinet FortiGate 30E, when I can buy the Ubiquiti EdgeMAX PoE for $150, or the LITE for $90.

Yeah, and I'd consider the EdgeMAX to be a vastly superior product. One that I would certainly trust more from a support and security perspective. That it is cheaper is just the icing.

JaredBusch

@scottalanmiller said in Fortinet Experiences:

@JaredBusch said in Fortinet Experiences:

There is no reason to pay $400 (CDW price) for the lowest model unit, the Fortinet FortiGate 30E, when I can buy the Ubiquiti EdgeMAX PoE for $150, or the LITE for $90.

Yeah, and I'd consider the EdgeMAX to be a vastly superior product. One that I would certainly trust more from a support and security perspective. That it is cheaper is just the icing.

Support from 3rd party, yes. Support from UBNT is email only still. So, that affects things for some.

scottalanmiller

@JaredBusch said in Fortinet Experiences:

@scottalanmiller said in Fortinet Experiences:

@JaredBusch said in Fortinet Experiences:

There is no reason to pay $400 (CDW price) for the lowest model unit, the Fortinet FortiGate 30E, when I can buy the Ubiquiti EdgeMAX PoE for $150, or the LITE for $90.

Yeah, and I'd consider the EdgeMAX to be a vastly superior product. One that I would certainly trust more from a support and security perspective. That it is cheaper is just the icing.

Support from 3rd party, yes. Support from UBNT is email only still. So, that affects things for some.

Fortinet support and documentation was bad and wrong when we tried to use them. Email support from UBNT is, IMO, better.

BRRABill

@JaredBusch said i

Support from 3rd party, yes. Support from UBNT is email only still. So, that affects things for some.

Is the Unifi line different?

I've used the LIVE CHAT option on the controller before.

Deleted74295

@BRRABill said in Fortinet Experiences:

@JaredBusch said i

Support from 3rd party, yes. Support from UBNT is email only still. So, that affects things for some.

Is the Unifi line different?

Hugely different. EdgeMax Pro can do much more than the USG for example but the Unifi line gives you all of your devices from a single management tool with tracking and stats between devices seamlessly, also the alerts and reporting is good.

EdgeMax and other devices outside the Unifi range you have to treat like traditional stand alone devices but you get more performance and features as a result.

JaredBusch

@Breffni-Potter said in Fortinet Experiences:

@BRRABill said in Fortinet Experiences:

@JaredBusch said i

Support from 3rd party, yes. Support from UBNT is email only still. So, that affects things for some.

Is the Unifi line different?

Hugely different. EdgeMax Pro can do much more than the USG for example but the Unifi line gives you all of your devices from a single management tool with tracking and stats between devices seamlessly, also the alerts and reporting is good.

EdgeMax and other devices outside the Unifi range you have to treat like traditional stand alone devices but you get more performance and features as a result.

UniFi = Meraki style cloud management that you don't pay for because it is on a controller you set up instead of on theirs.

EdgeMax = Traditional stand alone router and switches.

Kelly

Unfortunately UBNT and none of their products show up on the FIPS validated list that I am required to use.

travisdh1

@Kelly said in Fortinet Experiences:

Unfortunately UBNT and none of their products show up on the FIPS validated list that I am required to use.

What is FIPS? I don't remember running into that one yet.

scottalanmiller

@travisdh1 said in Fortinet Experiences:

@Kelly said in Fortinet Experiences:

Unfortunately UBNT and none of their products show up on the FIPS validated list that I am required to use.

What is FIPS? I don't remember running into that one yet.

https://en.wikipedia.org/wiki/Federal_Information_Processing_Standards

System for making sure that vendors that pay off politicians get listed and guaranteed sales

Dashrender

@scottalanmiller said in Fortinet Experiences:

System for making sure that vendors that pay off politicians get listed and guaranteed sales

Yeah - that's probably why they aren't on the list. To help keep their prices low!

scottalanmiller

@Dashrender said in Fortinet Experiences:

@scottalanmiller said in Fortinet Experiences:

System for making sure that vendors that pay off politicians get listed and guaranteed sales

Yeah - that's probably why they aren't on the list. To help keep their prices low!

Yup

Reid Cooper

I guess it matters then... who else is on the list? What about Sophos, are they an option?

Kelly

@Reid-Cooper said in Fortinet Experiences:

I guess it matters then... who else is on the list? What about Sophos, are they an option?

Looks like only their disk encryption is.

Here is the list: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm.