Cisco Application Centric Infrastructure (ACI) is network virtualization technology.
N/A
FortiGate
Score 8.6 out of 10
N/A
FortiNet FortiGate is a firewall option with high integrability. It offers a variety of deployment options and next-gen firewall capabilities, including integration with IaaS cloud platforms and public cloud environments.
I feel that Cisco ACI is quite good at different architecture designs. You can have it as just a straight layer two network. You can have it like we have with a vast layer three network and I think just for the layer three network it has easen up the use. I think the use cases for layer three networking is better for ACI. If you just want to do the layer two, you can still use Cisco Nexus and so on and that should be almost simpler in some way.
Fortinet FortiGate addressed an immediate security issue we had a few years ago. The device gave us a much clearer picture of the activities on our network and also more importantly, increased our awareness of threats from the internet as a whole. Fortinet FortiGate helps us to mitigate these threats with regular signature updates from Fortiguard labs, identifying certain characteristics which, once recognised by Fortinet FortiGate, can be harnessed to deploy powerful 'playbooks'.
Cisco ACI, The object model is very complicated. It's something difficult to understand and also because there is a user interface, there's a web user interface, but it's not optimal to use it because if you want to deploy a large amount of VLAN or a large amount of tenants, it's quite difficult to do it or it's quite challenging. Maybe if you want to configure a large amount of ports using the web interface, it's not appropriate because it takes a lot of time. It also provides APIs to do that, but as I say, the object model is very difficult to understand and there is very little documentation about automation of the ACI and maybe there is but it's not so easy to find.
SD-WAN - Load balancing of Internet traffic is a USP of Fortigate and makes it stand tall in the competition. Be it 3 or more Internet Links, multiple Subnets/segments of users to distribute and bandwidth load balancing for links and users. SLA based monitoring of Internet Links / MPLS links, makes it even better to choose the links on the basis of performance (Latency, packet loss, Jitter etc).
SSL VPN configuration - As we all have WFH force (to some extend or all employee) during Covid-19, it is impossible to plan BCP without having a SSL VPN. In Fortigate, the SSL VPN configuration is very easy with the help of wizard. The deep CLI-level debugging is also very helpful in troubleshooting. Type of tunnel can be easily configured - Full Tunnel or Split Tunnel for SSL.
Explicit Proxy - This is also a great feature to shape and re-route the traffic, configuring the Proxy on the Firewall itself. We are using this feature in Pilot for now, and planned to rollout in few weeks looking at the success rate of the POC.
I think something I've just went to a session with hyper fabric and the ideas that hyper fabric has. Keep it really simple because Cisco ACI is a complex system and adopt some of the ideas behind hyper fabric, bring it to ACI that will be really beneficial. So as I said, automation is a great thing, but it's still, you need to have the background and the really complex stuff that happens behind the scenes to leverage the value of that solution. And by adding more simplicity to it, I think that will be a great thing. And also integrating with other applications in terms of the automation.
Provided with the intensive fault isolation for the CISCO ACI, we are glad that we have this Data Center Solution in place and we will continue to renew as long as the future needed requirements are meet and more helpful features will be enabled in the future with the integration of security
Fortinet's products have kept improving with new software releases and they continue to deliver great value. Their support is also very good. I believe that as a small enterprise, their products have given us competitive advantage delivering features and functionality that enable us to innovate and do things better. They also continue to be a leader in the markets they serve.
You'll need a lot of training and hands on experience to get the most out of the product. There are a lot of very useful features in the ACI product. Often times there are a lot of ways to get to a solution for chalanges in the field. The solutions might be different eacht time. Knowing which one to implement is somtimes a challenge.
The firewall runs very well, firmware updates are fairly quick but you must follow the upgrade path. Neglecting this step will cause a lot of pain. If you decide to go with Fortinet FortiGate switches and/or access points, they can be managed within the firewall which is great. We're also using the FortiAnalyzer which easily plugs into the firewall for any reporting you may require.
It allways works. If there are problems with links going down by accident (say someone accidentally unpatches something they shouldn't have), we rarely miss more then one packet over the link. Also, using VPCs we are able to upgrade the software on the switches without the attached EPs ever noticing.
Day to day operations on Cisco ACI do not require much human intervention, the platform ticks over without any major faults. Being able to rapidly replicate the communication between two groups of machines across multiple sub networks speeds up new application delivery, and the integration into vmWare allows multiple teams within IT to work together to problem solve rapidly.
Cisco provides users and partners with a multitude of data for you to consume. I think that the stuff in the public domain goes a long way to assisting you find any answers you may need, plus insights and information from areas such as DevNet provide you with access to more than just the traditional release notes and the like
The Support team at Fortinet is excellent. They can not only help you configure the device for what you are trying to do, they offer suggestions on improving rules, and troubleshooting issues. Their response time is fast, ensuring you are up and running immediately with no questions asked. We had a hard drive failure in one of our Fortinet Fortigate appliances. The tech answered immediately, and started rebuilding the drive after some preliminary investigations. After rebuilding, there were still errors and issues, so they dispatched a brand new Fortinet Fortigate appliance. The tech then backed up the configurations for when the new device came in, which showed up in a few hours. A restore of the configuration took less than a minute, and there were no more errors or issues.
The Cisco ACI training provided by Cisco was in depth, covered all of our requirements, and allowed us to implement and maintain the platform without issues.
Being involved in the implmentation gives you more overview on how things are supposed to be working and communicating, you can easily performce troubleshooting and understanding the troubleshooting scenario
Actually we start our learning in networking career with Cisco. So it is very useful or easier to learn this product. And honestly speaking, I didn't work in any other data center solution other than Cisco. So I cannot compare what it gives us more than other popular stuff. But this is very nice product like from Cisco.
[Fortinet] FortiGate is not only cost effective but it gives the comprehensive security against the APT attacks and gives the complete traffic visibility and granular control. You can easily create the VDOMs (Virtual firewall) within a Fortigate firewall and customize the dashboard as per your requirement if you have multiple VDOMs within a single firewall.
Cisco ACI scales well and is suited in scenarios such as multi-cloud or large data centre implementations. It is not suited to smaller deployments as the efficiencies that it provides are not fully realised. It is well suited in large environments that contain both virtual and bare-metal machines allowing a great deal of flexibility. It is also perfect to support multi-tenancy platforms.
We've definitely spent quite a bit of time relearning how to do things in ACI, but I think the investment has been well worth while considering that we can now deploy tenants and leaves from the ground up in a matter of seconds.
We can if we choose to upgrade an entire datacenters worth of switches in a single night. (We've chosen to break it up for availability requirements, but if you didn't require 99.999% uptime like us you may be able to do it)
The pricing given to us for our firewall was well within what we were already spending for other vendors solutions and had the added value of eliminating a separate expense for a dedicated web filtering appliance.
We have also adopted Fortinet's security fabric approach and thus changed vendors for our switch and AP devices. These devices have come at reduced prices as compared to another previous vendor we were using, particularly in relation to ongoing annual maintenance costs.
