FortiNet FortiGate is a firewall option with high integrability. It offers a variety of deployment options and next-gen firewall capabilities, including integration with IaaS cloud platforms and public cloud environments.
N/A
Pricing
Cisco Nexus Series Switches
Fortinet FortiGate
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Cisco Nexus Series Switches
FortiGate
Free Trial
No
Yes
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
FortiGate pricing starts at $250 for home office use, up to $300,000 for large enterprise appliances.
Must contact sales team for pricing.
We made a simple overview of the market, Cisco is still a leader. vPC is a must know for any Cisco lover and any network engineer, actually is the most simple way to aggregate switches and provide high performance without going to a more complex solution and also we choose to …
Cisco Nexus switches are Known for their high performance, the Nexus series supports advanced networking standards, including 100/400Gbps Ethernet, VXLAN, EVPN, and FabricPath, enabling scalability in cloud-scale data centers. It can handle massive amounts of traffic with low …
It fits perfectly in all our data centers where we are using it. For small companies or smaller racks or something. I don't think it fits there because Cisco Nexus Series Switches is a big one. It's the most advanced one.
Fortinet FortiGate addressed an immediate security issue we had a few years ago. The device gave us a much clearer picture of the activities on our network and also more importantly, increased our awareness of threats from the internet as a whole. Fortinet FortiGate helps us to mitigate these threats with regular signature updates from Fortiguard labs, identifying certain characteristics which, once recognised by Fortinet FortiGate, can be harnessed to deploy powerful 'playbooks'.
Maintenance, upgrades, and software certification can be performed without service interruptions because of the modular nature of NX-OS and features such as In-Service Software Upgrade (ISSU) and the capability for processes to restart dynamically
FabricPath:
Enables each device to build an overall view of the topology; this is similar to other link state routing protocols. Each device in the FabricPath topology is identified by a switch-id. The Layer 2 forwarding tables are built based on reachability to each switch-id, not by the MAC address. Eliminates spanning-tree to maximize network bandwidth and flexibility in topological configurations, as well as simplify operational support and configuration. This enables a tremendous amount of flexibility on the topology because you can now build FabricPath topologies for Layer 2-based networks the same as for Layer 3-based networks
Overlay Transport Virtualization (OTV): Enables the Layer 2 extension between distributed data centers over any transport Layer 3 network
SD-WAN - Load balancing of Internet traffic is a USP of Fortigate and makes it stand tall in the competition. Be it 3 or more Internet Links, multiple Subnets/segments of users to distribute and bandwidth load balancing for links and users. SLA based monitoring of Internet Links / MPLS links, makes it even better to choose the links on the basis of performance (Latency, packet loss, Jitter etc).
SSL VPN configuration - As we all have WFH force (to some extend or all employee) during Covid-19, it is impossible to plan BCP without having a SSL VPN. In Fortigate, the SSL VPN configuration is very easy with the help of wizard. The deep CLI-level debugging is also very helpful in troubleshooting. Type of tunnel can be easily configured - Full Tunnel or Split Tunnel for SSL.
Explicit Proxy - This is also a great feature to shape and re-route the traffic, configuring the Proxy on the Firewall itself. We are using this feature in Pilot for now, and planned to rollout in few weeks looking at the success rate of the POC.
Implementing jumbo frames on interfaces of its fabric extender series (N2k, etc.) by editing the network QoS does not have to be a global configuration that would affect all its interfaces. It can be improved to become just an interface configuration.
Licensing on the NXOS is a bit complicated and expensive. I understand that the Nexus is made for core data center switching but it does not have to break the bank.
OTV technology is for Nexus only. Based on the advantage of the technology, it should be made vendor-neutral to accommodate other vendor devices.
Actually if we need to implement or develop our actual DC we will use Cisco Nexus Series Switches again. The solution is well known and we will be able to interconnect easily the switches, as we're not using all the possibilities of features we know what is solution is a long term solution.
Fortinet's products have kept improving with new software releases and they continue to deliver great value. Their support is also very good. I believe that as a small enterprise, their products have given us competitive advantage delivering features and functionality that enable us to innovate and do things better. They also continue to be a leader in the markets they serve.
The platform has a good performance. The major issue is all the bugs you can discover across the operations, and it can be a big challenge depending on the number of Cisco Nexus Series Switches you have deployed. In our case, we own more than 200 Cisco Nexus Series Switches 9k, and we face an upgrade process, it could be a long time project to grant a new software deployment in all our switches platform.
The firewall runs very well, firmware updates are fairly quick but you must follow the upgrade path. Neglecting this step will cause a lot of pain. If you decide to go with Fortinet FortiGate switches and/or access points, they can be managed within the firewall which is great. We're also using the FortiAnalyzer which easily plugs into the firewall for any reporting you may require.
These switches are very fast. They've been designed to work within the data center. We connect them to Cisco UCS-B Mini servers with the storage being directly attached. They are able to handle the data traffic pretty easily. We can also move servers pretty fast from data center to data center without overloading them. This has allowed our company to stay running during any kind of conditional outage. We have come to really rely on them for business continuity.
Overall, Cisco has great products and I believe that they believe in the philosophy of a great customer experience. Although there have been a few technical support issues that caused a lot of company anxiety, in most cases, Cisco has gone above and beyond in making a valiant effort to help the customer solve any issues.
The Support team at Fortinet is excellent. They can not only help you configure the device for what you are trying to do, they offer suggestions on improving rules, and troubleshooting issues. Their response time is fast, ensuring you are up and running immediately with no questions asked. We had a hard drive failure in one of our Fortinet Fortigate appliances. The tech answered immediately, and started rebuilding the drive after some preliminary investigations. After rebuilding, there were still errors and issues, so they dispatched a brand new Fortinet Fortigate appliance. The tech then backed up the configurations for when the new device came in, which showed up in a few hours. A restore of the configuration took less than a minute, and there were no more errors or issues.
The Cisco 9000 stacks up quite well against the Cisco Catalyst 3850 switches. The additional features available in the Nexus 9000, such as VPN, FCoE, 40 gigabits, give us the ability to support the future needs of the company in our data center. The Nexus 9000 allowed us to condense our core and aggregation environment that comprised of 2 Catalyst 6504 and 2 Catalyst 6509 to a port of Nexus 9000. Although the Catalyst 3850 would be sufficient to handle routing, those features in the Nexus 9000 made it the clear choice for us.
[Fortinet] FortiGate is not only cost effective but it gives the comprehensive security against the APT attacks and gives the complete traffic visibility and granular control. You can easily create the VDOMs (Virtual firewall) within a Fortigate firewall and customize the dashboard as per your requirement if you have multiple VDOMs within a single firewall.
The Nexus 3000 series switches are data center switches, so I would say they have similar security ability to other switches in this segment. I don't have a lot of experience doing more than basic ACL security on switches, but I know these can be integrated into other security solutions like Cisco ISE and 802.1x authentication. It could also be integrated into an ACI solution to add micro segmentation, which would bring in other security functions.
The pricing given to us for our firewall was well within what we were already spending for other vendors solutions and had the added value of eliminating a separate expense for a dedicated web filtering appliance.
We have also adopted Fortinet's security fabric approach and thus changed vendors for our switch and AP devices. These devices have come at reduced prices as compared to another previous vendor we were using, particularly in relation to ongoing annual maintenance costs.
