Cisco PIX vs Fortigate 100A

[madlife]

With Cisco no longer selling PIX soon, and our PIX is getting pretty out of date, our network vendor suggested we look at the Fortinet Fortigate 100A. Does anyone here have any experience with them?

The built-in web filtering would be sweet, but i dont know how much we would use the anti-virus/anti-spam filter. The Traffic Shaping may be useful too

We are running about 175 computers, with internet access. 6 Cisco 2950/3550s, and a T1 connection. We use a good amount of the T1, but it is mostly PDF manuals, and other text and pictures. Our T1 usage is rarely consistantly maxed out.

Thanks in advance for any input.

 

[gb0mb]

I use a Forti 100a. I am not overly pleased with it. Yes it seems to offer a world free options, that normally Cisco charges a per User fee for.

I will give you some detail on my latest issue with it:

i have a standard network wan/dmz/internal.
All of a sudden the following happens:

Wan-->DMZ fails doesent even make it to DMZ server.(sniffed traffic)
Int-->Dmz works fine.

Reboot sever via gui soft boot works for 20 minutes back down.

Final solution was to unplug for 30 second and replug back in. Been working fine for a while.

If this is a forti problem, come on I need more reliablity.

I have seen this firewall shutdown for certain types of traffic. For a security device it was kinda lame that when I had a bad cable modem that caused an arp storm it crashed my firewall.

I am currently looking at an entry level ASA5510 for I think about $2500ish.

As soon as I can I am switching. CISCO all around costs more for everything but all my experiences with PIXs' was much better.

Gb0mb

........99.9% User Error........

 

[cajuntank]

I have only minor experience with the Fortigate line and I too was not impressed. The Cisco ASA's are fine and if your used to Cisco, I would steer that way.

Now that being said, I really like the Sonicwall appliances. They are so much cheaper than the Cisco and like the Fortigate, they offer a plethora of bundled security options you tend to see from other competing manufacturers in that product range.

I would look at a Pro series appliance with the total security bundle. The bundle gives you anti-virus at the gateway level (POP3, SMTP, HTTP), IPS, anti-spyware, basic content filtering (you can upgrade to Premium which gives you more category control), and opens the optional WAN port for failover or load sharing with another ISP connection (DSL, cable, etc...).

The ASA, you can get the basic box, but for another couple of hundred get the bundle with either the CSC for anti-x filtering or the IPS module (cannot have both which kind of sucks). Then Cisco makes sure you pay for the subscription license for whichever one you choose. If you get the base box and want to upgrade to one of the modules later, get ready to be raped. They want you to buy the bundle up front and offer it at such a cheaper price compared to it separately that you'll feel like you need to apply a nice soothing ointment afterwards.

Cisco's got good product, but they make it so hard to configure compared to everyone else's and they charge you for it as well.

Oh well, everyone drinks the cool-ade at some time.