Fortinet vs Cisco

[subl1m1nal]

Hi all,

Not to stir up a fanboy throwdown, just a genuine question. I had a sales guy come in here and pitch me some fortigate firewalls at me. I'm not really a Cisco or WAN guy so I was hoping some of my good friends on TE could clue me in on information.

Which is better: Fortigate or ASA? I've had a fortigate firewall that I managed about 5 years ago and I hated it. Is it any better?

Features desired:
Intrusion Detection/Prevention
Data Loss Prevention
Outbound port blocking

Any other features I should be looking at? I know the fortigate will be much cheaper, but it may not be as valuable.

Currently we have Cisco 1700 routers that do have some firewall rules set up on them. But from my understanding, they are not as featured as a PIX, ASA, or Fortigate. The sales guy recommended I put the fortigates behind my cisco routers.

Any thoughts?

Thanks,
Subl1m1nal

[it_consultant]

I know people who swear by fortinet, to me it looks like its in the same class as Watchguard which is what my business uses. I prefer ASA but for the price and capability I think the fortinet would probably be a good bet for you. You could also look into using the "Classic" firewall thats available in the cisco routers you own, that firewall is actually fairly well featured.

[Forsaken_GA]

fortinet's are wonderful toys, and I much prefer them over ASA's

[RTmarc]

fortinet's are wonderful toys, and I much prefer them over ASA's

I'm in this club.

By the way, don't put FortiGates in the same category as the Firebox. Watchguard has some of the most backwards logic I've ever encountered.

[msteinhilber]

I know you didn't mention these specifically but thought I would toss it out there as I've jumped head first into them and have grown to be quite fond of them. We ended up looking into Juniper and tried out their SRX gateways and after a week or two of testing ended up ordering 40 SRX100's and a SRX240 for our corporate office. Once I got used to Junos I found myself feeling more comfortable on Juniper gear than I had with Cisco and I have a lot more hands-on time with Cisco not to mention classroom and self-study time spent learning it.

Just thought I would throw another option out there. I would probably have had 40 ASA's instead since that is what I was more familiar with when we were ready to order. But at that point (few months ago) Cisco was having horrible supply issues with ASA's and they just weren't available.

[Chivalry1]

I'm in this club.

By the way, don't put FortiGates in the same category as the Firebox. Watchguard has some of the most backwards logic I've ever encountered.

Im in the club. Check this post http://www.techexams.net/forums/gene...ification.html

Fortinets are great firewalls! i have worked with Fortinets firewalls in a corporate environment. They are not by "ANY" means in the same catogory as Watchguard Firebox. I would rather run IPTables before running that crap they call a Watchguard firewall. I am a Cisco PIX firewall guy and Fortinets are the best competition.

Lower your operational, deployment and support cost by choosing a set of Fortinet Fortigate 800 Firewalls. Think to yourself there is a reason why Fortinet has a "Fan Club"

Sidenote: From the stock market today 9/28/
Cisco closed @ 21.86 {CSCO}
Fortinet closed @ 24.36 {FTNT}

[mikej412]

Sidenote: From the stock market today 9/28/
Cisco closed @ 21.86 {CSCO}
Fortinet closed @ 24.36 {FTNT}

Code:

CSCO Market Cap: 124.35B. P/E (ttm): 16.46. EPS (ttm): 1.33
FTNT Market Cap:   1.74B. P/E (ttm): 35.82. EPS (ttm): 0.68

[subl1m1nal]

Good stuff guys. I've always been partial to cisco since my training at school has been with cisco products. However, since school, I don't spend a lot of time working on the equipment. Set it and forget it type deal.

I don't think we'll get rid of our cisco routers. Maybe we'll put a fortigate or juniper behind the ciscos for some added security.

Thanks for the replies guys!

[it_consultant]

I gotta hand it to Juniper, they have some of the best firewalls I have ever seen. They aren't cheap though.

[Bl8ckr0uter]

Code:

CSCO Market Cap: 124.35B. P/E (ttm): 16.46. EPS (ttm): 1.33
FTNT Market Cap:   1.74B. P/E (ttm): 35.82. EPS (ttm): 0.68

Owned lol!

[jojopramos]

+1 to Mike....

[NightShade1]

Fortinet Fan here also :P

dont put fortinet on watchguard category please....

Code:

CSCO Market Cap: 124.35B. P/E (ttm): 16.46. EPS (ttm): 1.33
FTNT Market Cap:   1.74B. P/E (ttm): 35.82. EPS (ttm): 0.68

Cisco founded 1984...
Fortinet founded 2000...

Im in the club. Check this post http://www.techexams.net/forums/gene...ification.html

Sidenote: From the stock market today 9/28/
Cisco closed @ 21.86 {CSCO}
Fortinet closed @ 24.36 {FTNT}

for 16 years of advantage in the market this should not be happening... shame on cisco

[it_consultant]

How many times has Cisco stock been split? The stock value of a company only gives you a very narrow look at there success as a company.

I will keep fortinet and WG in the same class, they are about the same price and offer the same features. Besides "backwards logic" I have not heard a decent criticism of WG yet. I don't like them because they nickel and dime you, which irritates me. As far as performance goes, haven't had an issue. I have seen them successfully mitigate internal and external threats where other firewalls would have failed.

[NightShade1]

How many times has Cisco stock been split? The stock value of a company only gives you a very narrow look at there success as a company.

I will keep fortinet and WG in the same class, they are about the same price and offer the same features. Besides "backwards logic" I have not heard a decent criticism of WG yet. I don't like them because they nickel and dime you, which irritates me. As far as performance goes, haven't had an issue. I have seen them successfully mitigate internal and external threats where other firewalls would have failed.

Umm if you see in the Magic Quadrand from Gardner you see Fortinet really near cisco in the challenger quadrand.... even if cisco has 16 more years than fortinet in the market...

In the SMB Fortinet is the leader in there... not to mention that in the enterprise firewalls fortinet is in the challenger quadrant while watchguard is in the niche players you cant put them both in the same category...

Anyways what you think Cisco firewalls are better than fortinet ones? im assuming you think that... tell me if im wrong...

Another interesting note... Fortinet went public last year... so fortinet was owning by itselft... now just give it a few years and we will see...now they got greater financial resources....

[it_consultant]

My preference for firewalls (based on personal experience) is this:

Palo Alto or Checkpoint (tied for one only because Palo Altos are INCREDIBLY expensive)
Netscreen
Cisco ASA
Watchguard

I have used each of those products so I can attest to there high and low points.

As far as the value of a company is concerned, the stock price indicates how much a stock is worth right now. Which is great for investing, however it does nothing to indicate cash on hand, research and development, mergers and acquisitions, etc. which all combine to determine the actual market standing and power of a company. Thats not to say that fortinet is not an outstanding company, its to say that comparing stock prices as the sole way to indicate how well a company is doing is too narrow.

[Heero]

for 16 years of advantage in the market this should not be happening... shame on cisco

So if fortinet had 10 total shares at $20 each, and Cisco had 100 million shares at $10 each, Fortinet would somehow be better?

Last i checked stock price is only important when comparing it to the SAME companies previous prices, not a competitor with different amounts of stock/market capitalization.

[msteinhilber]

I'm sure the OP really had debating stock price, market cap, and stock split history in mind when he created this thread, wait - that's not what he asked about. Pretty sure he has plenty of information to go off from now to make a more informed decision.

[Chivalry1]

How many times has Cisco stock been split? The stock value of a company only gives you a very narrow look at there success as a company.

I will keep fortinet and WG in the same class, they are about the same price and offer the same features. Besides "backwards logic" I have not heard a decent criticism of WG yet. I don't like them because they nickel and dime you, which irritates me. As far as performance goes, haven't had an issue. I have seen them successfully mitigate internal and external threats where other firewalls would have failed.

I think the mass majority of us here have managed these firewalls in one manner or another. Again I am basing this off "my" IT consulting experience. I have managed CISCO PIX/ASA, Netscreen, Juniper, Watchguard, Sidewinder and IPTables. I am just saying in my experience Fortinets are the best firewall solution. The majority of my experience is Cisco so the nickel and diming is not a new concept to me.

The stock reference shows customer and consumer confidence in the product regardless of the volume. Seeing that the company only went public 4th quarter last year, its amazing that the stock is worth as much. Gardner report only provides more fuel.

To get back to the main question get Fortinet and leave the pricey Cisco appliances to the corporate companies that have excess money to spend.

[NightShade1]

it consultant
you should try fortinet firewall if you havent... you will see they are pretty awsome...
you are the first person i know that pick watchguard over fortinet O_o

[hypnotoad]

Cisco Price/Earnings is 16.4
Fortinet is in the low 20's

[it_consultant]

it consultant
you should try fortinet firewall if you havent... you will see they are pretty awsome...
you are the first person i know that pick watchguard over fortinet O_o

I would love to try fortinet, unfortunately, like many things, firewall purchasing decisions are out of my control. I had to fight tooth and nail to get an ASA for a network I put in. The ASA was a grand cheaper than the WG and arguably a better product.

I still rip out more Sonicwalls than I would like to admit!

[falcon101]

Damn I love this topic since FORTIGATE Router/Firewalls are the bread an butter in our network topology.

As much as Cisco is praised (and it should be in some sense) I have nothing but love for the Forti's.


We use their 60, 100A, 200 and 110C devices all over. I have personally deployed 13 of these suckers at our Corporate and 12 branch offices. We get the CPE's (Cisco, Samsung UBIGATE and Netopia) from the ISP's and then the Forti takes care of the rest.

Few advantages are COST, support and Manageability. Setting up access policies, routes, VPN gateways etc etc has never been easier. Its amazing that how much our network infrastructure relies on these devices. Yes, we have issues where 2 of have gone down but that's what config and appliance backup are for. Although they don't offer any Net Mon software but Fireplotter is simple and just awesome for graphical network monitoring in addition to their built-in stuff.

I have not messed with their WiFi products but they look tempting. One thing i do have to admit, I have so much been spoiled with the Fortis within the last 7 years that I haven't touched a CISCO products which kinda concerns me for any future endeavors and CCNA. I guess that where CBT nuggets and TrainSignal comes in

[ssampier]

As mentioned Juniper is a solid product. It costs us less than Cisco with greater port density.

For instance, a Juniper SRX 240 costs I think $2,300. The Juniper SRX includes 16 Gig-E ports. They had a lighter product with 3 or 4 ports for $1,000 or so. I can't remember what version the "lighter" one was, however.

I am not a salesperson. I just had the job of picking out a firewall for 3 educational agencies and I did some simple training.

I know you didn't mention these specifically but thought I would toss it out there as I've jumped head first into them and have grown to be quite fond of them. We ended up looking into Juniper and tried out their SRX gateways and after a week or two of testing ended up ordering 40 SRX100's and a SRX240 for our corporate office. Once I got used to Junos I found myself feeling more comfortable on Juniper gear than I had with Cisco and I have a lot more hands-on time with Cisco not to mention classroom and self-study time spent learning it.

I was pretty impressed with JUNOS-ES. I never got the command line down, but I did like the web gui. It was usually pretty snappy (with the frequent small, 'bugs', however). At least it was when I used 9.4. I haven't touched one in months.

I also never setup the VPN. It wasn't a huge priority and I had easier options. How much was the VPN per user, if you don't mind my asking?

[cablegod]

As mentioned Juniper is a solid product. It costs us less than Cisco with greater port density.

For instance, a Juniper SRX 240 costs I think $2,300. The Juniper SRX includes 16 Gig-E ports. They had a lighter product with 3 or 4 ports for $1,000 or so. I can't remember what version the "lighter" one was, however.

I am not a salesperson. I just had the job of picking out a firewall for 3 educational agencies and I did some simple training.



I was pretty impressed with JUNOS-ES. I never got the command line down, but I did like the web gui. It was usually pretty snappy (with the frequent small, 'bugs', however). At least it was when I used 9.4. I haven't touched one in months.

I also never setup the VPN. It wasn't a huge priority and I had easier options. How much was the VPN per user, if you don't mind my asking?

I run an all Juniper gear shop, SSG/SRX firewalls, SA SSL VPN's, and EX series switches. The VPN on the SRX/SSG's may work, but I find it much simpler for end-user VPN to use the SSL VPN appliances from Juniper. They work absolutely GREAT. Worth every cent, just like the rest of their products that we use. Juniper made a believer out of me, and I was dyed-in-the-wool Cisco 5+ years ago. I like Juniper so much, I even bought Juniper stock after our "conversion". Funny, but true

[Forsaken_GA]

I still rip out more Sonicwalls than I would like to admit!

This is not a bad thing. Every time I run into one of those damn things, I want to reenact the scene from Officespace with the printer