Hi Antoine, the main difference between Fortinet HW and VM is the HW :-)
They use special ASIC's to accelerate pure firewall traffic, VPN, SSL, they have an inbuild switch fabric etc. In reality this means VM versions are good if you use mainly UTM (Antivirus, Antispam, Intrusion Protection etc), but they are not as good if you're mainly using pure firewalling, VPN, SSL or even many ports etc.
They support virtualization and that means you can have several separate customers each with their own login, rights, max usage configuration on one unit.
I'll send you some more info off list.
Regards Ralf
-----Ursprüngliche Nachricht----- Von: swinog-bounces@lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] Im Auftrag von Antoine Benkemoun-Andre Gesendet: Donnerstag, 23. April 2015 09:49 An: Jeroen Massar; swinog@lists.swinog.ch Betreff: Re: [swinog] FortiVM feedback
Ok, I think this discussion is drifting a little bit. I understand your point and I find the thought process interesting. If you wish to continue this conversation, we can always do so off-list or around a beer in Lausanne.
Maybe my initial request was ambiguous so I will attempt to clarify it.
The question we’re asking here is : Out of the people who have tried FortiVM solution, do you have feedback to share and have you encountered any limitations or problems with it ?
Antoine
On 23/04/15 09:37, "Jeroen Massar" jeroen@massar.ch wrote:
On 2015-04-23 09:32, Antoine Benkemoun-Andre wrote:
That’s a very good remark :)
As I mentioned previously, we’re presently fully standardised on their appliances (physical so far) and have no particular complaints about it so we see no reason why we should not continue this way. In our opinion, standardisation has quite a lot of value.
You are talking about mono-culture and vendor lock-in. Those have little to do with standardization.
Also note that from a perspective of most admins, mono-culture is bad, as that means if one thing is broken, everything is broken, while diversity would mean that a bug might not affect all things.
On the flip-side though, having only one thing to support does mean less overhead; and if you are thinking about "cloud" firewalls, well, nothing much can be helped there IMHO...
Without requirements (which could include "team is 1 person big, hence, not going to bother with multiple things" or "we have zero budget" or "management already decided" ;) little anybody can say if something is good or bad though.
Greets, Jeroen
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
_______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog