hmmm me again...
yes no problems with 2.5 MR10 here with all AV and IPS enabled
we currently use 4 of those beasts on big volume production
unforgiving of any added packet delay (sans AV
since i have no use for it. works only for HTTP, POP3, SMTP, FTP and IMAP)
and was the one who cut it from another firewall brand.
non-ASIC powered firewalls can't deliver our requirement
(MMORPGs specifically)
I'm just an end-user of Fortigate, BTW, not employed nor
work for a partner in any way.
I prefer the look and feel of Netscreen 5 webUI plus the
physical box appearance, if you may ask :)
i use both boxes aside from a third FW brand
plus ACLs on the Cisco
Jason J. W. Williams wrote:
We've gone through all the growing pains with Fortinet. On the lower
end, you can deploy them without much thought/planning. On the high-end
(where we run quite a few boxes quite reliably), you need to do your
planning and query your FortiPartner about what features you want to use.
FortiOS 2.5 MR9 and MR10 are very reliable in high-volume environments.
FortiOS 2.8 MR4 is shaping up to be a viable upgrade in similar environs,
but we'll be waiting for MR5 or MR6 of 2.8 however to recommend the upgrade
to our customer boxes. As to buggy code in the ASIC, we've encountered some
issues, but not with the ASIC. And all of them have been satisfactorily
remedied in FortiOS 2.5 MR9. The ASICs run very well. The OS just had some
small-packet and high-volume performance issues with early 2.5 code.
As to the Administration GUI, we really like the 2.5 GUI over
Checkpoint and Netscreen WebUIs. FortiOS 2.8 WebUI blows them away. A lot of
complaints with the FortiGate units in our experience (at this point at
least, the past is a different story) is an issue of poor box sizing on the
part of the FortiPartner/VAR. If you're running a mission-critical
environment look at using a high-availability cluster (scale # to suit)
rather than one super beefy box. I'll also disclose that we are a
FortiPartner. We primarily deploy them in high-volume environs, unlike most
FortiPartners however. And we have had our growing pains with Fortinet.
However, at this point I would have no problem recommending FortiGate 800
clusters running FortiOS 2.5 MR10 in high-volume/mission critical
environments. The main reason is that we have wrung these boxes out, know
where the brick walls are and feel comfortable with their limits. Grill your
FortiPartner though. Make sure they aren't giving you the party-line, or
you'll have an unhappy deployment. My two cents.
-----Original Message-----
From: Kimberly McCollum [mailto:seachick26@hotmail.com]
Sent: Wednesday, September 22, 2004 2:41 PM
To: firewalls@securityfocus.com
Subject: Re: FORTIGATE
The code for the Fortigates is VERY buggy...
Be careful putting them in... DO NOT turn all the bells and whistles on all
at once.
Run them in firewall then add things slowly and watch carefully for
unexpected behavior..
Like... the filtering code will cause intermittant problems with smtp
connecting to the mail servers.
Performance degrades over time causing network slowdowns due to buggy code
in their propriety ASIC that does the virus scanning logic..
we have had constant problems and have had to upgrade the code and have the
techs looking at our debug logs constantly
I'd say if your network needs to be reliable, think about using a more
mature technology.
They may not be as problematic in smaller environments..
Also for administration... the GUI is very poorly designed...
It organizes the objects based on the time that the object was added (not
alphabetical :(! ) and lots of other very irritating issues that make
working on them a real aggrivation.
I would never suggest them for a client.
From: "tito.basa" <mochafrap@mix.ph>
To: Taufik <taufikn@isp.time.net.my>
CC: Jake.Marullo@XOTech-LLC.com, firewalls@securityfocus.com
Subject: Re: FORTIGATE
Date: Mon, 20 Sep 2004 14:47:41 +0800
Taufik wrote:
Hi all,
May i know how do u feel about fortigate product, who has a good / bad
experienced with this product. They claimed that they can do
firewalling, IPS, anti virus and anti spam. Is it works well and meet the
objectives.
Perhaps all of u can give me the usefull information.
yes they do work for over a year now here
the AV list is based on the virus in the wild list (forgot the list URL)
but then it complements your client and server side AV aside from file
blocking some or all the SAP-27 files mentioned in the OSSTMM at the
gateway (sent to quarantine if you want to recover any blocked file)
still have to use the anti-spam as i plan to test this first with the new OS
release...
thanks
tito
philippines
_________________________________________________________________
Take charge with a pop-up guard built on patented MicrosoftR SmartScreen
Technology.
http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=htt
p://hotmail.com/enca&HL=Market_MSNIS_Taglines
Start enjoying all the benefits of MSNR Premium right now and get the
first two months FREE*.
--- CONFIDENTIALITY NOTICE ---
The information in this email may be privileged, confidential, proprietary and
exempt from disclosure. This email is intended to be reviewed by only the
individual or organization named above. If you are not the intended recipient
or an authorized representative of the intended recipient, you are hereby
notified that any review, dissemination or copying of this email and its
attachments, if any, or the information contained herein is prohibited. If you
have received this email in error, please immediately notify the sender by
return email and delete this email from your system.
