+ Reply to Thread
Page 1 of 2 1 2 Last
Results 1 to 25 of 48
  1. 1337 H@X0R subl1m1nal's Avatar
    Join Date
    Jan 2009
    Location
    Iowa
    Posts
    177

    Certifications
    MCSA, STS, Security+, Net+, A+
    #1

    Default Fortinet vs Cisco

    Hi all,

    Not to stir up a fanboy throwdown, just a genuine question. I had a sales guy come in here and pitch me some fortigate firewalls at me. I'm not really a Cisco or WAN guy so I was hoping some of my good friends on TE could clue me in on information.

    Which is better: Fortigate or ASA? I've had a fortigate firewall that I managed about 5 years ago and I hated it. Is it any better?

    Features desired:
    Intrusion Detection/Prevention
    Data Loss Prevention
    Outbound port blocking

    Any other features I should be looking at? I know the fortigate will be much cheaper, but it may not be as valuable.

    Currently we have Cisco 1700 routers that do have some firewall rules set up on them. But from my understanding, they are not as featured as a PIX, ASA, or Fortigate. The sales guy recommended I put the fortigates behind my cisco routers.

    Any thoughts?

    Thanks,
    Subl1m1nal
    Reply With Quote Quote  


  2. Login/register to remove this advertisement.
  3. Senior Member
    Join Date
    Dec 2008
    Location
    Denver
    Posts
    1,860

    Certifications
    CCNA:Security,BCNE,Exchange 2007, ITIL
    #2
    I know people who swear by fortinet, to me it looks like its in the same class as Watchguard which is what my business uses. I prefer ASA but for the price and capability I think the fortinet would probably be a good bet for you. You could also look into using the "Classic" firewall thats available in the cisco routers you own, that firewall is actually fairly well featured.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Aug 2008
    Posts
    3,954
    #3
    fortinet's are wonderful toys, and I much prefer them over ASA's
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Nov 2005
    Location
    Birmingham, AL
    Posts
    1,088
    #4
    Quote Originally Posted by Forsaken_GA View Post
    fortinet's are wonderful toys, and I much prefer them over ASA's
    I'm in this club.

    By the way, don't put FortiGates in the same category as the Firebox. Watchguard has some of the most backwards logic I've ever encountered.
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Jan 2008
    Location
    Madison, WI
    Posts
    1,439

    Certifications
    B.S. Tech Management, Network+, Server+, 70-680, 70-620, JNCIA-Junos
    #5
    I know you didn't mention these specifically but thought I would toss it out there as I've jumped head first into them and have grown to be quite fond of them. We ended up looking into Juniper and tried out their SRX gateways and after a week or two of testing ended up ordering 40 SRX100's and a SRX240 for our corporate office. Once I got used to Junos I found myself feeling more comfortable on Juniper gear than I had with Cisco and I have a lot more hands-on time with Cisco not to mention classroom and self-study time spent learning it.

    Just thought I would throw another option out there. I would probably have had 40 ASA's instead since that is what I was more familiar with when we were ready to order. But at that point (few months ago) Cisco was having horrible supply issues with ASA's and they just weren't available.
    Reply With Quote Quote  

  7. Senior Member Chivalry1's Avatar
    Join Date
    Mar 2005
    Location
    127.0.0.1
    Posts
    533

    Certifications
    CISSP, CICSP, MCSE, C|EH, MCSA, MCITP: EMA 2K7/2010, MCTS:Exchange 2K7/2010, Sec+, Net+, CCA-XENAPP, ITIL-V3, MCDST, MOS
    #6
    Quote Originally Posted by RTmarc View Post
    I'm in this club.

    By the way, don't put FortiGates in the same category as the Firebox. Watchguard has some of the most backwards logic I've ever encountered.
    Im in the club. Check this post http://www.techexams.net/forums/gene...ification.html

    Fortinets are great firewalls! i have worked with Fortinets firewalls in a corporate environment. They are not by "ANY" means in the same catogory as Watchguard Firebox. I would rather run IPTables before running that crap they call a Watchguard firewall. I am a Cisco PIX firewall guy and Fortinets are the best competition.

    Lower your operational, deployment and support cost by choosing a set of Fortinet Fortigate 800 Firewalls. Think to yourself there is a reason why Fortinet has a "Fan Club"

    Sidenote: From the stock market today 9/28/
    Cisco closed @ 21.86 {CSCO}
    Fortinet closed @ 24.36 {FTNT}
    Last edited by Chivalry1; 09-29-2010 at 04:34 AM.
    "The recipe for perpetual ignorance is: be satisfied with your opinions and
    content with your knowledge. " Elbert Hubbard (1856 - 1915)
    Reply With Quote Quote  

  8. Cisco Moderator mikej412's Avatar
    Join Date
    May 2005
    Location
    Chicago
    Posts
    10,192

    Certifications
    CCNP CCIP CCSP CCVP CCDP CCDA CCNA CS-CIPSS CS-CIPTDS CS-CIPTOS CS-CIPCSS CS-CFWS CS-CVPNS CS-CISecS ISSP 4013 4011
    #7
    Quote Originally Posted by Chivalry1 View Post
    Sidenote: From the stock market today 9/28/
    Cisco closed @ 21.86 {CSCO}
    Fortinet closed @ 24.36 {FTNT}
    Code:
    CSCO Market Cap: 124.35B. P/E (ttm): 16.46. EPS (ttm): 1.33
    FTNT Market Cap:   1.74B. P/E (ttm): 35.82. EPS (ttm): 0.68
    Reply With Quote Quote  

  9. 1337 H@X0R subl1m1nal's Avatar
    Join Date
    Jan 2009
    Location
    Iowa
    Posts
    177

    Certifications
    MCSA, STS, Security+, Net+, A+
    #8
    Good stuff guys. I've always been partial to cisco since my training at school has been with cisco products. However, since school, I don't spend a lot of time working on the equipment. Set it and forget it type deal.

    I don't think we'll get rid of our cisco routers. Maybe we'll put a fortigate or juniper behind the ciscos for some added security.

    Thanks for the replies guys!
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Dec 2008
    Location
    Denver
    Posts
    1,860

    Certifications
    CCNA:Security,BCNE,Exchange 2007, ITIL
    #9
    I gotta hand it to Juniper, they have some of the best firewalls I have ever seen. They aren't cheap though.
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Apr 2009
    Posts
    5,018
    #10
    Quote Originally Posted by mikej412 View Post
    Code:
    CSCO Market Cap: 124.35B. P/E (ttm): 16.46. EPS (ttm): 1.33
    FTNT Market Cap:   1.74B. P/E (ttm): 35.82. EPS (ttm): 0.68
    Owned lol!
    Reply With Quote Quote  

  12. Senior Member jojopramos's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    419

    Certifications
    CCNA, MCSE, MCSA Messaging, A+, Server+, SCP
    #11
    +1 to Mike....
    Reply With Quote Quote  

  13. Product Manager NightShade1's Avatar
    Join Date
    Jan 2007
    Location
    Panama
    Posts
    431

    Certifications
    ACFE OmniSwitch R6, ACFE WLAN R6, ACMA, ACMP, ACSP, ACSS,AACS,CPSS,WQSS, FCNSP V5, FCNSA V5, MCITP: SA, MCTS: Hyper V
    #12
    Fortinet Fan here also :P

    dont put fortinet on watchguard category please....

    Quote Originally Posted by mikej412 View Post
    Code:
    CSCO Market Cap: 124.35B. P/E (ttm): 16.46. EPS (ttm): 1.33
    FTNT Market Cap:   1.74B. P/E (ttm): 35.82. EPS (ttm): 0.68

    Cisco founded 1984...
    Fortinet founded 2000...

    Quote Originally Posted by Chivalry1 View Post
    Im in the club. Check this post http://www.techexams.net/forums/gene...ification.html

    Sidenote: From the stock market today 9/28/
    Cisco closed @ 21.86 {CSCO}
    Fortinet closed @ 24.36 {FTNT}
    for 16 years of advantage in the market this should not be happening... shame on cisco
    Last edited by NightShade1; 09-30-2010 at 01:17 PM.
    Reply With Quote Quote  

  14. Senior Member
    Join Date
    Dec 2008
    Location
    Denver
    Posts
    1,860

    Certifications
    CCNA:Security,BCNE,Exchange 2007, ITIL
    #13
    How many times has Cisco stock been split? The stock value of a company only gives you a very narrow look at there success as a company.

    I will keep fortinet and WG in the same class, they are about the same price and offer the same features. Besides "backwards logic" I have not heard a decent criticism of WG yet. I don't like them because they nickel and dime you, which irritates me. As far as performance goes, haven't had an issue. I have seen them successfully mitigate internal and external threats where other firewalls would have failed.
    Reply With Quote Quote  

  15. Product Manager NightShade1's Avatar
    Join Date
    Jan 2007
    Location
    Panama
    Posts
    431

    Certifications
    ACFE OmniSwitch R6, ACFE WLAN R6, ACMA, ACMP, ACSP, ACSS,AACS,CPSS,WQSS, FCNSP V5, FCNSA V5, MCITP: SA, MCTS: Hyper V
    #14
    Quote Originally Posted by it_consultant View Post
    How many times has Cisco stock been split? The stock value of a company only gives you a very narrow look at there success as a company.

    I will keep fortinet and WG in the same class, they are about the same price and offer the same features. Besides "backwards logic" I have not heard a decent criticism of WG yet. I don't like them because they nickel and dime you, which irritates me. As far as performance goes, haven't had an issue. I have seen them successfully mitigate internal and external threats where other firewalls would have failed.
    Umm if you see in the Magic Quadrand from Gardner you see Fortinet really near cisco in the challenger quadrand.... even if cisco has 16 more years than fortinet in the market...

    In the SMB Fortinet is the leader in there... not to mention that in the enterprise firewalls fortinet is in the challenger quadrant while watchguard is in the niche players you cant put them both in the same category...

    Anyways what you think Cisco firewalls are better than fortinet ones? im assuming you think that... tell me if im wrong...

    Another interesting note... Fortinet went public last year... so fortinet was owning by itselft... now just give it a few years and we will see...now they got greater financial resources....
    Last edited by NightShade1; 09-30-2010 at 03:32 PM.
    Reply With Quote Quote  

  16. Senior Member
    Join Date
    Dec 2008
    Location
    Denver
    Posts
    1,860

    Certifications
    CCNA:Security,BCNE,Exchange 2007, ITIL
    #15
    My preference for firewalls (based on personal experience) is this:

    Palo Alto or Checkpoint (tied for one only because Palo Altos are INCREDIBLY expensive)
    Netscreen
    Cisco ASA
    Watchguard

    I have used each of those products so I can attest to there high and low points.

    As far as the value of a company is concerned, the stock price indicates how much a stock is worth right now. Which is great for investing, however it does nothing to indicate cash on hand, research and development, mergers and acquisitions, etc. which all combine to determine the actual market standing and power of a company. Thats not to say that fortinet is not an outstanding company, its to say that comparing stock prices as the sole way to indicate how well a company is doing is too narrow.
    Reply With Quote Quote  

  17. Senior Member
    Join Date
    Dec 2009
    Location
    Illinois
    Posts
    399

    Certifications
    A+, CCNA:S, CCNP
    #16
    Quote Originally Posted by NightShade1 View Post
    for 16 years of advantage in the market this should not be happening... shame on cisco
    So if fortinet had 10 total shares at $20 each, and Cisco had 100 million shares at $10 each, Fortinet would somehow be better?

    Last i checked stock price is only important when comparing it to the SAME companies previous prices, not a competitor with different amounts of stock/market capitalization.
    Reply With Quote Quote  

  18. Senior Member
    Join Date
    Jan 2008
    Location
    Madison, WI
    Posts
    1,439

    Certifications
    B.S. Tech Management, Network+, Server+, 70-680, 70-620, JNCIA-Junos
    #17
    I'm sure the OP really had debating stock price, market cap, and stock split history in mind when he created this thread, wait - that's not what he asked about. Pretty sure he has plenty of information to go off from now to make a more informed decision.
    Reply With Quote Quote  

  19. Senior Member Chivalry1's Avatar
    Join Date
    Mar 2005
    Location
    127.0.0.1
    Posts
    533

    Certifications
    CISSP, CICSP, MCSE, C|EH, MCSA, MCITP: EMA 2K7/2010, MCTS:Exchange 2K7/2010, Sec+, Net+, CCA-XENAPP, ITIL-V3, MCDST, MOS
    #18
    Quote Originally Posted by it_consultant View Post
    How many times has Cisco stock been split? The stock value of a company only gives you a very narrow look at there success as a company.

    I will keep fortinet and WG in the same class, they are about the same price and offer the same features. Besides "backwards logic" I have not heard a decent criticism of WG yet. I don't like them because they nickel and dime you, which irritates me. As far as performance goes, haven't had an issue. I have seen them successfully mitigate internal and external threats where other firewalls would have failed.

    I think the mass majority of us here have managed these firewalls in one manner or another. Again I am basing this off "my" IT consulting experience. I have managed CISCO PIX/ASA, Netscreen, Juniper, Watchguard, Sidewinder and IPTables. I am just saying in my experience Fortinets are the best firewall solution. The majority of my experience is Cisco so the nickel and diming is not a new concept to me.

    The stock reference shows customer and consumer confidence in the product regardless of the volume. Seeing that the company only went public 4th quarter last year, its amazing that the stock is worth as much. Gardner report only provides more fuel.

    To get back to the main question get Fortinet and leave the pricey Cisco appliances to the corporate companies that have excess money to spend.
    "The recipe for perpetual ignorance is: be satisfied with your opinions and
    content with your knowledge. " Elbert Hubbard (1856 - 1915)
    Reply With Quote Quote  

  20. Product Manager NightShade1's Avatar
    Join Date
    Jan 2007
    Location
    Panama
    Posts
    431

    Certifications
    ACFE OmniSwitch R6, ACFE WLAN R6, ACMA, ACMP, ACSP, ACSS,AACS,CPSS,WQSS, FCNSP V5, FCNSA V5, MCITP: SA, MCTS: Hyper V
    #19
    it consultant
    you should try fortinet firewall if you havent... you will see they are pretty awsome...
    you are the first person i know that pick watchguard over fortinet O_o
    Reply With Quote Quote  

  21. Senior Member hypnotoad's Avatar
    Join Date
    Dec 2007
    Posts
    915

    Certifications
    BS&MS-CompSci, CCNA, CCNP, Hyper-V, CCAI
    #20
    Cisco Price/Earnings is 16.4
    Fortinet is in the low 20's
    Reply With Quote Quote  

  22. Senior Member
    Join Date
    Dec 2008
    Location
    Denver
    Posts
    1,860

    Certifications
    CCNA:Security,BCNE,Exchange 2007, ITIL
    #21
    Quote Originally Posted by NightShade1 View Post
    it consultant
    you should try fortinet firewall if you havent... you will see they are pretty awsome...
    you are the first person i know that pick watchguard over fortinet O_o
    I would love to try fortinet, unfortunately, like many things, firewall purchasing decisions are out of my control. I had to fight tooth and nail to get an ASA for a network I put in. The ASA was a grand cheaper than the WG and arguably a better product.

    I still rip out more Sonicwalls than I would like to admit!
    Last edited by it_consultant; 10-01-2010 at 08:15 PM.
    Reply With Quote Quote  

  23. IT MAN falcon101's Avatar
    Join Date
    Sep 2007
    Location
    California
    Posts
    51

    Certifications
    A+, Net+ ,MCP, MCSA, BSC-Network Communications and Management, Working on CCNA and MCITP
    #22
    Damn I love this topic since FORTIGATE Router/Firewalls are the bread an butter in our network topology.

    As much as Cisco is praised (and it should be in some sense) I have nothing but love for the Forti's.


    We use their 60, 100A, 200 and 110C devices all over. I have personally deployed 13 of these suckers at our Corporate and 12 branch offices. We get the CPE's (Cisco, Samsung UBIGATE and Netopia) from the ISP's and then the Forti takes care of the rest.

    Few advantages are COST, support and Manageability. Setting up access policies, routes, VPN gateways etc etc has never been easier. Its amazing that how much our network infrastructure relies on these devices. Yes, we have issues where 2 of have gone down but that's what config and appliance backup are for. Although they don't offer any Net Mon software but Fireplotter is simple and just awesome for graphical network monitoring in addition to their built-in stuff.

    I have not messed with their WiFi products but they look tempting. One thing i do have to admit, I have so much been spoiled with the Fortis within the last 7 years that I haven't touched a CISCO products which kinda concerns me for any future endeavors and CCNA. I guess that where CBT nuggets and TrainSignal comes in
    Last edited by falcon101; 10-01-2010 at 09:02 PM.
    Reply With Quote Quote  

  24. Senior Member ssampier's Avatar
    Join Date
    Jul 2010
    Location
    Sierra Vista, AZ
    Posts
    224

    Certifications
    MCSA, Security+, EC-Council CEH, CCNA
    #23
    As mentioned Juniper is a solid product. It costs us less than Cisco with greater port density.

    For instance, a Juniper SRX 240 costs I think $2,300. The Juniper SRX includes 16 Gig-E ports. They had a lighter product with 3 or 4 ports for $1,000 or so. I can't remember what version the "lighter" one was, however.

    I am not a salesperson. I just had the job of picking out a firewall for 3 educational agencies and I did some simple training.

    Quote Originally Posted by msteinhilber View Post
    I know you didn't mention these specifically but thought I would toss it out there as I've jumped head first into them and have grown to be quite fond of them. We ended up looking into Juniper and tried out their SRX gateways and after a week or two of testing ended up ordering 40 SRX100's and a SRX240 for our corporate office. Once I got used to Junos I found myself feeling more comfortable on Juniper gear than I had with Cisco and I have a lot more hands-on time with Cisco not to mention classroom and self-study time spent learning it.
    I was pretty impressed with JUNOS-ES. I never got the command line down, but I did like the web gui. It was usually pretty snappy (with the frequent small, 'bugs', however). At least it was when I used 9.4. I haven't touched one in months.

    I also never setup the VPN. It wasn't a huge priority and I had easier options. How much was the VPN per user, if you don't mind my asking?
    Reply With Quote Quote  

  25. Old Grumpy cablegod's Avatar
    Join Date
    Mar 2008
    Location
    Southeastern US
    Posts
    293

    Certifications
    BS:IT, MCSE 2k3, MCITP:EA, OCP 10g, OCE:10g RAC, OCP 12C, A few +
    #24
    Quote Originally Posted by ssampier View Post
    As mentioned Juniper is a solid product. It costs us less than Cisco with greater port density.

    For instance, a Juniper SRX 240 costs I think $2,300. The Juniper SRX includes 16 Gig-E ports. They had a lighter product with 3 or 4 ports for $1,000 or so. I can't remember what version the "lighter" one was, however.

    I am not a salesperson. I just had the job of picking out a firewall for 3 educational agencies and I did some simple training.



    I was pretty impressed with JUNOS-ES. I never got the command line down, but I did like the web gui. It was usually pretty snappy (with the frequent small, 'bugs', however). At least it was when I used 9.4. I haven't touched one in months.

    I also never setup the VPN. It wasn't a huge priority and I had easier options. How much was the VPN per user, if you don't mind my asking?
    I run an all Juniper gear shop, SSG/SRX firewalls, SA SSL VPN's, and EX series switches. The VPN on the SRX/SSG's may work, but I find it much simpler for end-user VPN to use the SSL VPN appliances from Juniper. They work absolutely GREAT. Worth every cent, just like the rest of their products that we use. Juniper made a believer out of me, and I was dyed-in-the-wool Cisco 5+ years ago. I like Juniper so much, I even bought Juniper stock after our "conversion". Funny, but true
    Reply With Quote Quote  

  26. Senior Member
    Join Date
    Aug 2008
    Posts
    3,954
    #25
    Quote Originally Posted by it_consultant View Post
    I still rip out more Sonicwalls than I would like to admit!
    This is not a bad thing. Every time I run into one of those damn things, I want to reenact the scene from Officespace with the printer
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 2 1 2 Last

Social Networking & Bookmarks