Cisco Catalyst Switches vs. Fortinet FortiGate vs. pfSense

I think the most suited ones will be of course, for example, a supermarket where you have more than 50 plus devices because there are like 48 ports in a switch. We can just use a lot of devices and connect them to it. A less use case will be, I think it depends at the end of the day how your topology looks like. If you have a very few devices, you shouldn't be going for these catalyst switches because they are of course much bigger, more processing power and all those things. If you have, again, it comes to topology. If you have the number of users who are using these switches is less than 15, it's less than 15, then you can just go for any other option and not use them.

Incentivized

Fortinet FortiGate addressed an immediate security issue we had a few years ago. The device gave us a much clearer picture of the activities on our network and also more importantly, increased our awareness of threats from the internet as a whole. Fortinet FortiGate helps us to mitigate these threats with regular signature updates from Fortiguard labs, identifying certain characteristics which, once recognised by Fortinet FortiGate, can be harnessed to deploy powerful 'playbooks'.

Incentivized

I believe PFSense is well suited for both home lab environments as well as up to small to mid-size business environments on a tight budget. However, I would implore that anything in production requires the use of the authorized hardware that PFSense sells to receive support. However, in my experience, PFSense is a solid set-and-forget firewall solution.

• One of the things that it does well, it's not something major, but there's a light tracking feature that the 9300 comes with that you can turn on the light and that has become critical in a data center environment where you want to help someone to make sure that you're talking about the same switch, you can turn the light on and off something that is not available in other versions of Cisco switches before the 9300. So it's not as major, but it's quite critical when you're dealing with multiple systems and multiple switches.

Incentivized

• SD-WAN - Load balancing of Internet traffic is a USP of Fortigate and makes it stand tall in the competition. Be it 3 or more Internet Links, multiple Subnets/segments of users to distribute and bandwidth load balancing for links and users. SLA based monitoring of Internet Links / MPLS links, makes it even better to choose the links on the basis of performance (Latency, packet loss, Jitter etc).
• SSL VPN configuration - As we all have WFH force (to some extend or all employee) during Covid-19, it is impossible to plan BCP without having a SSL VPN. In Fortigate, the SSL VPN configuration is very easy with the help of wizard. The deep CLI-level debugging is also very helpful in troubleshooting. Type of tunnel can be easily configured - Full Tunnel or Split Tunnel for SSL.
• Explicit Proxy - This is also a great feature to shape and re-route the traffic, configuring the Proxy on the Firewall itself. We are using this feature in Pilot for now, and planned to rollout in few weeks looking at the success rate of the POC.

• Easy to use. Good user interface design! Easy to understand and easy to set up.
• Lower hardware requirement. 3 years ago, we used an old PC to run it. Now, we have changed to a router device with Celeron CPU and 8GB RAM. It runs smoothly with a 1000G commercial broadband.

Incentivized

• Functionality. Well, one of the functions that we are missing is a faster route based on OSPF. Other than that, it could provide an upgrade without a hitless upgrade. Well, now it is a very fast upgrade, which is also okay. We had a case when the platform crashed, but that was a specific case. We were happy with this product.

Incentivized

• Documentation is missing a great deal of detail and assumes the customer and just guess and fill in the blanks themselves
• Fortinet has lots and lots of video guides on topics that only a small percentage of customers would ever need
• The documentation and video guides do not get updated so most is only relevant to older software versions

Incentivized

• I did kind of mention a Con in the Pro section with OpenVPN.
• When I create a config for an employee other employees are able to login to that config.
• I could be doing something wrong when I am making it - I am not afraid to admit that as I am pretty new to all of this, but it seems like it builds a key and I would think the key would be unique in some way to each employee, but I could be wrong.
• I actually do not have a lot of Con's for this software - I did not get to set this up on our work network so I am not sure of any downfalls when installing.
• I installed this on my personal machine in a Hyper-V environment to get a feel for it before I started working on it at work and it seemed pretty smooth. I didn't run into any issues.

Incentivized

They are consistently reliable and this switch in particular is a very affordable solution. We can place the Cisco Catalyst 1000 Series Switches gear in areas that we normally would not place a switch because it is affordable enough to make it justifiable. And because it is a reliable solution, we are confident it will continue to provide service over the long haul.

Incentivized

Fortinet's products have kept improving with new software releases and they continue to deliver great value. Their support is also very good. I believe that as a small enterprise, their products have given us competitive advantage delivering features and functionality that enable us to innovate and do things better. They also continue to be a leader in the markets they serve.

Incentivized

Cisco by and far does a great job with the Catalyst line. From a layer 2 dumb switch all the way up to ISP carrier grade switching within the Catalyst portfolio. The best part about it is command parity among the various tiers of product. The only differences are going to lie in what features are available per switch.

Incentivized

The firewall runs very well, firmware updates are fairly quick but you must follow the upgrade path. Neglecting this step will cause a lot of pain. If you decide to go with Fortinet FortiGate switches and/or access points, they can be managed within the firewall which is great. We're also using the FortiAnalyzer which easily plugs into the firewall for any reporting you may require.

Incentivized

The pfSense UI is easy to navigate and pretty go look at. It is much better than some high dollar firewalls that just throw menus you you. The pfSense UI is quick and responsive and makes sense 99% of the time. Changes are committed quickly and the hardware rarely requires a reboot. It just runs.

Incentivized

We have very few is any outages due to a Cisco hardware failure. Some of our gear is exposed to some pretty harsh environments, and they keep on ticking!

Incentivized

We had didn't any hardware failures at our two main office locations and upgraded our units last year after using them for about 5-6 years

Incentivized

No, the packets flow. Sometimes you will see collisions and broadcast storms can happen which will slow performance but that can be fixed and the packets will flow.

Incentivized

Good performance and really good integration. We have integration with Microsoft AD.

Incentivized

We rarely have issues with the product. I have only had to contact support one time since we put it in and that was to see if another vendor was giving me accurate information on an issue I was having.

Incentivized

The Support team at Fortinet is excellent. They can not only help you configure the device for what you are trying to do, they offer suggestions on improving rules, and troubleshooting issues. Their response time is fast, ensuring you are up and running immediately with no questions asked. We had a hard drive failure in one of our Fortinet Fortigate appliances. The tech answered immediately, and started rebuilding the drive after some preliminary investigations. After rebuilding, there were still errors and issues, so they dispatched a brand new Fortinet Fortigate appliance. The tech then backed up the configurations for when the new device came in, which showed up in a few hours. A restore of the configuration took less than a minute, and there were no more errors or issues.

Incentivized

pfSense+ basic provides "As Available" email support. pfSense+ Pro offers 24 hr turn around email support. pfSense+ Enterprise offers 24/7 phone support.

Incentivized

Cisco Networking Academy partners with many local Colleges and High Schools to provide great hands-on training. You do need to drive to learn the topic. The in-class session only go so far. You really need to apply this to the real world. Cisco makes it easy for business to connect via CLC or Cisco Learning Credits.

Incentivized

I received it a couple years afters use it and it was just to confirm my knowledge about the tool.

Incentivized

My own personal research to get the information I want is very handy and helped me many times

Incentivized

The implementation of the Cisco Catalyst 1000 Series Switches is fairly seamless, especially if you are familiar with Cisco products. We have had Brocade switch gear in place too, and the differences between the manufacturers [are] not a major issue.

Incentivized

Make sure that you have the most current version of FortiOS. Make sure all Fortigates are on the same version

Incentivized

We do have other vendors. For example, Juniper, Fortinet, and there are quite a few others. And Cisco is pretty good because we know the workflow, we know how the operating system works. We are much more familiar with Cisco products and we know the support system behind it. So in terms of comparing with others, I think it stands out. It's one of our top products to go to

Incentivized

[Fortinet] FortiGate is not only cost effective but it gives the comprehensive security against the APT attacks and gives the complete traffic visibility and granular control. You can easily create the VDOMs (Virtual firewall) within a Fortigate firewall and customize the dashboard as per your requirement if you have multiple VDOMs within a single firewall.

Incentivized

Meraki has a unified management login for all devices, which is nice. It also has decent content filtering, both areas where pfSense is weaker. Where pfSense far ouclasses Meraki is in the ease of use and the other width of features. These include features such as better VPN interoperability, non-subscription based pricing, auditability, not relying on the infrastructure of a third party, more transparency of what's actually going on, easier to deploy replacements if hardware fails. Additionally, the NAT management for pfSense seems to be a bit better, as you can NAT between any network segment and not just the LAN segments out the WAN interfaces.

No changes needed to terms and conditions.

Incentivized

We are exclusive Cisco at our organization. In truth part of the reason is, with one type of switch and one manufacturer, it is easier to support. It is also easier to give consistent training to our staff in our tech department

Incentivized

My environments are pretty small (less than 100 users per location) so no issues here.

Incentivized

• energy costs dropped by around 11 per cent on the access layer
• management has become easier with DNA Center
• ISSU software upgrades and fabric deployments have significantly reduced "planned" down times
• network speed has increased, latency is at an all-time best within our own LAN

Incentivized

• The pricing given to us for our firewall was well within what we were already spending for other vendors solutions and had the added value of eliminating a separate expense for a dedicated web filtering appliance.
• We have also adopted Fortinet's security fabric approach and thus changed vendors for our switch and AP devices. These devices have come at reduced prices as compared to another previous vendor we were using, particularly in relation to ongoing annual maintenance costs.

Incentivized

• pfSense can be installed on commodity hardware with no licensing fees. With a simple less than 10 minute restore time, on most hardware, it's an extremely inexpensive way to achieve the same results that some of the more expensive vendors provide.
• The easy to use interface has allowed configuration management to be preformed by lower level technicians with quick and easy training.

Incentivized