Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: FORTIGATE

from [Jason J. W. Williams] Network Security [Permanent Link]
Subject: RE: FORTIGATE
Date: Mon, 27 Sep 2004 10:51:03 -0600 
        We've gone through all the growing pains with Fortinet. On the lower
end, you can deploy them without much thought/planning. On the high-end
(where we run quite a few boxes quite reliably), you need to do your
planning and query your FortiPartner about what features you want to use.
FortiOS 2.5 MR9 and MR10 are very reliable in high-volume environments.
FortiOS 2.8 MR4 is shaping up to be a viable upgrade in similar environs,
but we'll be waiting for MR5 or MR6 of 2.8 however to recommend the upgrade
to our customer boxes. As to buggy code in the ASIC, we've encountered some
issues, but not with the ASIC. And all of them have been satisfactorily
remedied in FortiOS 2.5 MR9. The ASICs run very well. The OS just had some
small-packet and high-volume performance issues with early 2.5 code. 
        As to the Administration GUI, we really like the 2.5 GUI over
Checkpoint and Netscreen WebUIs. FortiOS 2.8 WebUI blows them away. A lot of
complaints with the FortiGate units in our experience (at this point at
least, the past is a different story) is an issue of poor box sizing on the
part of the FortiPartner/VAR. If you're running a mission-critical
environment look at using a high-availability cluster (scale # to suit)
rather than one super beefy box.  I'll also disclose that we are a
FortiPartner. We primarily deploy them in high-volume environs, unlike most
FortiPartners however. And we have had our growing pains with Fortinet.
However, at this point I would have no problem recommending FortiGate 800
clusters running FortiOS 2.5 MR10 in high-volume/mission critical
environments. The main reason is that we have wrung these boxes out, know
where the brick walls are and feel comfortable with their limits. Grill your
FortiPartner though. Make sure they aren't giving you the party-line, or
you'll have an unhappy deployment. My two cents.

-----Original Message-----
From: Kimberly McCollum [mailto:seachick26@hotmail.com] 
Sent: Wednesday, September 22, 2004 2:41 PM
To: firewalls@securityfocus.com
Subject: Re: FORTIGATE


The code for the Fortigates is VERY buggy...
Be careful putting them in... DO NOT turn all the bells and whistles on all
at once.
Run them in firewall then add things slowly and watch carefully for
unexpected  behavior..

Like... the filtering code will cause intermittant problems with smtp
connecting to the mail servers.

Performance degrades over time causing network slowdowns due to buggy code
in their propriety ASIC that does the virus scanning logic..

we have had constant problems and have had to upgrade the code and have the
techs looking at our debug logs constantly

I'd say if your network needs to be reliable, think about using a more
mature technology.

They may not be as problematic in smaller environments..

Also for administration... the GUI is very poorly designed...
It organizes the objects based on the time that the object was added (not
alphabetical :(!  ) and lots of other very irritating issues that make
working on them a real aggrivation.

I would never suggest them for a client.



From: "tito.basa" <mochafrap@mix.ph>
To: Taufik <taufikn@isp.time.net.my>
CC: Jake.Marullo@XOTech-LLC.com, firewalls@securityfocus.com
Subject: Re: FORTIGATE
Date: Mon, 20 Sep 2004 14:47:41 +0800

Taufik wrote:


Hi all,
May i know how do u feel about fortigate product, who has a good / bad 
experienced with this product. They claimed that they can do 
firewalling, IPS, anti virus and anti spam. Is it works well and meet the

objectives.

Perhaps all of u can give me the usefull information.


yes they do work for over a year now here

the AV list is based on the  virus in the wild list (forgot the list URL)
but then it complements your client and server side AV aside from file
blocking some or all the SAP-27 files mentioned in the OSSTMM  at the
gateway (sent to quarantine if you want to recover any blocked file)

still have to use the anti-spam as i plan to test this first with the new OS
release...

thanks

tito
philippines

_________________________________________________________________
Take charge with a pop-up guard built on patented MicrosoftR SmartScreen
Technology. 
http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=htt
p://hotmail.com/enca&HL=Market_MSNIS_Taglines
  Start enjoying all the benefits of MSNR Premium right now and get the
first two months FREE*.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  IPTables, agflem
Next by Date:  RE: PIX failover without using HSRP, James Williams
Previous by Thread:  Re: FORTIGATE, Kimberly McCollum
Next by Thread:  Re: FORTIGATE, tito.basa
Indexes:  [Date] [Thread] [Top] [All Lists]