I am comparing Cisco Firehouse vs Palo Alto vs Fortinet for Perimeter Firewall as an option.
Cisco is pretty good with IPS and been ranked #1 in Gartner. While in NGFW (next gen firewall ranking) Cisco is placed in Challengers quadrant. Here I am listing a few of the features that Cisco doesn’t provide in their Cisco Firehouse model. However, Cisco is a fighter and will definitely come up with feature enhancement pretty soon.
- Integarted Antrivirus
- Protocol scanning (HTTPS)
- SSL VPN
- Encrypted VPN Inspection
- SSL Client OS Support
Now lets through some light on Fortinet as a product and its limitations. Fortinet as a firewall is having all the required feature that a NGFW should have but there are many ambiguity in the market for Fortinet. Many would prefer Fortinet firewall in their environment on-premise or on cloud but is that a good/smart choice. Should you go with Fortinet as perimeter firewall? Some look to save cost for a better price/performance ratio but is that a smart choice? Let’s discuss some of the limitations below. Fortinet is one of the rarest firewall to give WAN optimization etc but do we really need those.
- Its attach rate for cloud-based sandboxing is low, and the feature has received few improvements since its first release. some prospective customers with high-risk exposure still express doubts regarding Fortinet’s ability to meet their security requirements.
- Fortinet does not offer the direct vendor support and premium subscriptions that large enterprise clients might require.
- Centralised and cloud-based management have made insufficient progress to positively influence Fortinet’s score during technical evaluation.
WAN optimisation does not work for encrypted traffic; avoid optimisation for encrypted network traffic.
- Some feature like WAN optimisation that Fortinet supports and Palo Alto doesn’t is/are basically an additional feature one might not use in environment. The following application control 2.0 feature do not work in combination with WAN optimisation.
- SSL interception
- Virus scanning in the firewall
- ATP – Advanced threat protection
Fortinet scores pretty well on Gartners magic quadrant but it is also a second choice when security comes in. One workaround for better price/throughput solution would be to go with Cisco IPS devices with Fortinet firewalls.