Cisco Application Centric Infrastructure (ACI) is network virtualization technology.
N/A
FortiGate
Score 8.6 out of 10
N/A
FortiNet FortiGate is a firewall option with high integrability. It offers a variety of deployment options and next-gen firewall capabilities, including integration with IaaS cloud platforms and public cloud environments.
Well suited to data center deployments with storage and compute to host applications. When deployed with VMWARE and/or hyperconverged infrastructure you get a good solution that is reliable and robust and can support a vast array of solutions. Cisco Application Centric Infrastructure works on any sized solution however, it's more appropriate to mid to large scale deployments.
For FortiGate Firewall, the basic functionality and requirement is met easily as Fortigate is among market leaders in NGFW. There are some extra points that inclined us to use Fortigate as our main Firewall. [Fortinet]Fortigate has a very well refined and functional SD-WAN solution when it comes to load balancing for normal Internet Traffic. SD-WAN - Load balancing of Internet traffic is a USP of Fortigate and makes it stand tall in the competition. Be it 3 or more Internet Links, multiple Subnets/segments of users to distribute and bandwidth load balancing for links and users. SLA based monitoring of Internet Links / MPLS links, makes it even better to choose the links on the basis of performance (Latency, packet loss, Jitter etc). SSL VPN configuration - The deep CLI-level debugging is also very helpful in troubleshooting. Type of tunnel can be easily configured - Full Tunnel or Split Tunnel for SSL. Though, I think Fortigate is one of the best options for small and mid-sized organizations, there are some areas for improvement. First, the CLI interface is very hard to adapt as the commands and directory hierarchy is very different for common syntax and standards.
The REST API allows your to programmatically interact with the network and make massive changes very quickly when needed.
The API allows you to tie together Server Provisioning tools, storage provisioning tools, into an orchestration platform such as Ansible to streamline new deployments and builds.
New Deployments are extremely simple once you've worked out your programatic deployment process. We can deploy new clients/tenants in seconds rather than days or weeks like it used to take.
Replacing failed switches/apics/etc is also extremely easy.
Tightly couple the underlying Network Infrastructure to VMWare Deployments to allow VMs to move anywhere in the datacenter at the drop of a hat.
The APIC web UI is slow. Even on the newer UCS systems it is laggy.
The terminology for some of the objects is really confusing for someone that never used Cisco Application Centric Infrastructure. It would be at least helpful if there would be a link to a reference of the "classical" terms in the web UI.
The cost of the hardware, together with the management platform, is high. It is difficult to convince my management layer why the ease of manageability outweighs the high price.
When we switched to Fortinet Fortigate, it took some time getting used to and become familiar with the new interface. Being used to strictly command-line interfaces, a full GUI-based firewall was something brand new. Careful planning had to be done when creating rules to ensure we didn't miss anything. However, once we got used to the new GUI interface, going from one Fortinet product to another was simple, as Fortinet used the same interface for all of its devices.
Cisco ACI is doing exactly what was intended for it to do, that is support our next generation data centre, improve security, and increase resiliency. Migrating to another platform would be a waste of time, resource and energy, which could be better spent migrating more legacy applications into the Cisco ACI fabric.
Fortinet's products have kept improving with new software releases and they continue to deliver great value. Their support is also very good. I believe that as a small enterprise, their products have given us competitive advantage delivering features and functionality that enable us to innovate and do things better. They also continue to be a leader in the markets they serve.
Cisco ACI has changed the traditional data center model into a new era of automation and agility. The product was considerably easy to deploy met all the expectations. In terms of usability, ACI provides a unified interface for managing the whole infrastructure in one place which is the main benefit for users (admins)
The user interface shared among many simultaneous users is very easy to get around. With shared favorites among users, most tasks are easily bookmarked and can quickly be found and edited. Their strategy for web filter integration is easy to understand and manage as well. With some general direction, setup and maintenance were easy to do and easy to teach others in the organization to do as well.
I do not give it 10 because the platform evolves more and more every day in the data traffic of the datacenter. But the implementations that they carry out for different clients of the platform are very happy with the result of the same over time. Another point that you notice about the platform, despite its good performance, is the low use of energy used by this 24x7 on, it is a good fact to take into account for our environment.
Cisco provides users and partners with a multitude of data for you to consume. I think that the stuff in the public domain goes a long way to assisting you find any answers you may need, plus insights and information from areas such as DevNet provide you with access to more than just the traditional release notes and the like
We live in Turkey. Fortinet's Turkey office [dealt] constantly with us in our every problem or our experience. In addition, global support teams also supported every ticket we opened in every problem we encountered. They support innovative approaches and evaluate and offer solutions. In this context, they were very supportive of the problems we encountered in previous versions.
The Cisco ACI training provided by Cisco was in depth, covered all of our requirements, and allowed us to implement and maintain the platform without issues.
NSX-T and ACI both are definitely awesome products. I tend to use ACI in networks that have more barebone and/or alternative hypervisors. NSX still works best in VMware heavy networks. Another consideration is where the network is managed, by which team. If the network is solely managed by the network team ACI tends to be a better fitting solution. Also since ACI is a complete solution you don't need any other products. If you implement NSX you will still need a physical network.
[Fortinet] FortiGate is not only cost effective but it gives the comprehensive security against the APT attacks and gives the complete traffic visibility and granular control. You can easily create the VDOMs (Virtual firewall) within a Fortigate firewall and customize the dashboard as per your requirement if you have multiple VDOMs within a single firewall.
Cisco ACI scales well and is suited in scenarios such as multi-cloud or large data centre implementations. It is not suited to smaller deployments as the efficiencies that it provides are not fully realised. It is well suited in large environments that contain both virtual and bare-metal machines allowing a great deal of flexibility. It is also perfect to support multi-tenancy platforms.
Positive impact moving off of legacy to ACI has shorten costs of operations.
Native support for automation makes deployment easier and takes few mins than large amount of hours that can bring costs (OT over time) since it takes minutes to deploy this OT cost has decreased.
Troubleshooting made easier, this gains customer trust, therefore we get to spend less time trying to solve an issue and less operations costs.
Fortigates have an interesting bundle model for support and subscription services that make it an attractive option to deploy Firewall, IDS, Ant-virus, anti-SPAM in a single device. The cost of the bundle is pretty much what you pay for the device, not requiring huge expenditures on it's time to renew the hardware.
