Cisco Catalyst SD-WAN vs. Fortinet FortiGate

The best case, what I recommend to others and to clients to use is Cisco Catalyst SD-WAN one for is the case when you have a huge number of branches or small offices or remote offices, you name it. Even home offices, you have a large number and you want this whole infrastructure to be extremely easy to set up and also to have everything almost the same, not to have deviations from the standard configuration. This is the sweet spot for introducing Cisco Catalyst SD-WAN.

Incentivized

Fortinet FortiGate addressed an immediate security issue we had a few years ago. The device gave us a much clearer picture of the activities on our network and also more importantly, increased our awareness of threats from the internet as a whole. Fortinet FortiGate helps us to mitigate these threats with regular signature updates from Fortiguard labs, identifying certain characteristics which, once recognised by Fortinet FortiGate, can be harnessed to deploy powerful 'playbooks'.

Incentivized

• We are able to use a multiple different circuits to go into the cloud, so we are not relying on just one particular private wireless. We're relying on wine circuits, ethernet, ethernet out. So it provides us that flexibility where we didn't have that before. Provides security that is very robust and flexible and scalable and it provides us with, the biggest thing is redundancy, where we have backup. For example, we have a Starlink for nuclear power plants. If our main circuits go down, we have that. And without Cisco Catalyst SD-WAN it would be very hard to actually achieve, to accomplish true redundancy. So we're happy with Cisco Catalyst SD-WAN in that regard.

Incentivized

• SD-WAN - Load balancing of Internet traffic is a USP of Fortigate and makes it stand tall in the competition. Be it 3 or more Internet Links, multiple Subnets/segments of users to distribute and bandwidth load balancing for links and users. SLA based monitoring of Internet Links / MPLS links, makes it even better to choose the links on the basis of performance (Latency, packet loss, Jitter etc).
• SSL VPN configuration - As we all have WFH force (to some extend or all employee) during Covid-19, it is impossible to plan BCP without having a SSL VPN. In Fortigate, the SSL VPN configuration is very easy with the help of wizard. The deep CLI-level debugging is also very helpful in troubleshooting. Type of tunnel can be easily configured - Full Tunnel or Split Tunnel for SSL.
• Explicit Proxy - This is also a great feature to shape and re-route the traffic, configuring the Proxy on the Firewall itself. We are using this feature in Pilot for now, and planned to rollout in few weeks looking at the success rate of the POC.

• I will say the way we use it now, and I think what happened was the way it was deployed, it was fine, but unfortunately over the course of the years we've gotten a little out of hand with our device templates and feature templates. I think if there's any form of feedback that I would give to Cisco is how do we find ways to improve the environment as it stands so we get to a certain point with the environment and then we don't know how to undo it or fix it or optimize the environment. Because right now we're in a position where we're playing a lot of catch up and clean up and if there was a way or some tool or feature that we can take advantage of that would allow us to optimize that environment where we will kind of corner ourselves into a lot of problems in the future. There's some feature or something that we could take advantage of that will allow us to optimize that environment and not let it get out of control pretty easily. That would be my suggestion.

Incentivized

• Documentation is missing a great deal of detail and assumes the customer and just guess and fill in the blanks themselves
• Fortinet has lots and lots of video guides on topics that only a small percentage of customers would ever need
• The documentation and video guides do not get updated so most is only relevant to older software versions

Incentivized

I would rate SD-WAN highly because it has significantly improved network performance, reliability, and cost-efficiency for my organization. Its ability to optimize traffic dynamically, enhance security, and simplify management across multiple locations has been invaluable. With SD-WAN, we’ve reduced dependency on costly MPLS, improved cloud application performance, and gained greater control over our network infrastructure.

Incentivized

Fortinet's products have kept improving with new software releases and they continue to deliver great value. Their support is also very good. I believe that as a small enterprise, their products have given us competitive advantage delivering features and functionality that enable us to innovate and do things better. They also continue to be a leader in the markets they serve.

Incentivized

The niche configurations are given equal focus as the standard use cases, which can make onboarding difficult in the beginning (ie why am I not using an entire tab of the portal), but aside from that part, the dashboard is relatively easy to navigate and apply the configuration. The metrics and analytics available are also nice to have in a single pane.

Incentivized

The firewall runs very well, firmware updates are fairly quick but you must follow the upgrade path. Neglecting this step will cause a lot of pain. If you decide to go with Fortinet FortiGate switches and/or access points, they can be managed within the firewall which is great. We're also using the FortiAnalyzer which easily plugs into the firewall for any reporting you may require.

Incentivized

I think if we could afford, we could have HA inplace but we planned out outage and workaround to avoid any outages.

Incentivized

We had didn't any hardware failures at our two main office locations and upgraded our units last year after using them for about 5-6 years

Incentivized

It does slow down over the period but it's same with other product. you need to clear/reboot services.

Incentivized

Good performance and really good integration. We have integration with Microsoft AD.

Incentivized

Al ser soluciones integradas del portafolio de soluciones de Cisco, el soporte es transversal a cada uno de los componentes implementados, teniendo el cliente la capacidad de resolver sus inconvenientes bajo una misma infraestructura que está totalmente homologada, satisfacciendo de esta manera, las necesidades del cliente asi como permitiendo, que este se concentre en su negocio. Since the Cisco SD-WAN tools are a part of Cisco’s broader portfolio of solutions, support cross-cuts to each of our deployed components, with our company as the customer having the ability to solve our problems through the same, approved infrastructure. Their support team easily satisfies the customer’s needs so that they continue to focus on business functions.

Incentivized

The Support team at Fortinet is excellent. They can not only help you configure the device for what you are trying to do, they offer suggestions on improving rules, and troubleshooting issues. Their response time is fast, ensuring you are up and running immediately with no questions asked. We had a hard drive failure in one of our Fortinet Fortigate appliances. The tech answered immediately, and started rebuilding the drive after some preliminary investigations. After rebuilding, there were still errors and issues, so they dispatched a brand new Fortinet Fortigate appliance. The tech then backed up the configurations for when the new device came in, which showed up in a few hours. A restore of the configuration took less than a minute, and there were no more errors or issues.

Incentivized

I received it a couple years afters use it and it was just to confirm my knowledge about the tool.

Incentivized

I was late to participate but my team was very happy with the outcome.

Incentivized

Make sure that you have the most current version of FortiOS. Make sure all Fortigates are on the same version

Incentivized

We've used the old Cisco SD-WAN, which no longer exists. It was a lot more complex to configure what is now called Cisco Catalyst SD-WAN. So they've definitely come a long way in that it is a lot less complicated to set up and template based.

Incentivized

[Fortinet] FortiGate is not only cost effective but it gives the comprehensive security against the APT attacks and gives the complete traffic visibility and granular control. You can easily create the VDOMs (Virtual firewall) within a Fortigate firewall and customize the dashboard as per your requirement if you have multiple VDOMs within a single firewall.

Incentivized

I didn't take part of this decision but it always multiyear contract get best discount.

Incentivized

No changes needed to terms and conditions.

Incentivized

Really strength in scalability. Only thigs it's depends on some prototype Cisco product which you can't work with other Cisco products.

Incentivized

My environments are pretty small (less than 100 users per location) so no issues here.

Incentivized

• Our branch offices can connect to our enterprise network and the internet quickly and securely, which has helped to increase productivity and reduce downtime.
• We have been able to reduce our dependence on expensive MPLS connections, and instead utilize a combination of broadband and LTE connections, which are more cost-effective
• The centralized location improves network visibility and troubleshooting process

• The pricing given to us for our firewall was well within what we were already spending for other vendors solutions and had the added value of eliminating a separate expense for a dedicated web filtering appliance.
• We have also adopted Fortinet's security fabric approach and thus changed vendors for our switch and AP devices. These devices have come at reduced prices as compared to another previous vendor we were using, particularly in relation to ongoing annual maintenance costs.

Incentivized