Why Fortinet Suits Being Internal Firewall?….Where Cisco Ranks Well?

I am comparing Cisco Firehouse vs Palo Alto vs Fortinet for Perimeter Firewall as an option.

Cisco is pretty good with IPS and been ranked #1 in Gartner. While in NGFW (next gen firewall ranking) Cisco is placed in Challengers quadrant. Here I am listing a few of the features that Cisco doesn’t provide in their Cisco Firehouse model. However, Cisco is a fighter and will definitely come up with feature enhancement pretty soon.

  • Integarted Antrivirus
  • Protocol scanning (HTTPS)
  • Encrypted VPN Inspection
  • SSL Client OS Support

Now lets through some light on Fortinet as a product and its limitations. Fortinet as a firewall is having all the required feature that a NGFW should have but there are many ambiguity in the market for Fortinet. Many would prefer Fortinet firewall in their environment on-premise or on cloud but is that a good/smart choice. Should you go with Fortinet as perimeter firewall? Some look to save cost for a better price/performance ratio but is that a smart choice? Let’s discuss some of the limitations below. Fortinet is one of the rarest firewall to give WAN optimization etc but do we really need those.

  1. Its attach rate for cloud-based sandboxing is low, and the feature has received few improvements since its first release. some prospective customers with high-risk exposure still express doubts regarding Fortinet’s ability to meet their security requirements.
  2. Fortinet does not offer the direct vendor support and premium subscriptions that large enterprise clients might require.
  3. Centralised and cloud-based management have made insufficient progress to positively influence Fortinet’s score during technical evaluation.
    WAN optimisation does not work for encrypted traffic; avoid optimisation for encrypted network traffic.
  4. Some feature like WAN optimisation that Fortinet supports and Palo Alto doesn’t is/are basically an additional feature one might not use in environment. The following application control 2.0 feature do not work in combination with WAN optimisation.
  • SSL interception
  • Virus scanning in the firewall
  • ATP – Advanced threat protection

Fortinet scores pretty well on Gartners magic quadrant but it is also a second choice when security comes in. One workaround for better price/throughput solution would be to go with Cisco IPS devices with Fortinet firewalls.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s