Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Buying anything on Amazon? Please use the Geekzone Amazon aff link.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3


3953 posts

Uber Geek
+1 received by user: 26

Trusted

  Reply # 703576 19-Oct-2012 15:33 Send private message

BarTender: Still think pfSense is the best option especially if you have a Virtualised environment with spare capacity.  Just dedicate a network cards to routing out to the internet, and since it sits on your ESX server / SAN, if that blows up you're dead in the water anyway.  So no need to purchase new hardware.

Come on Laurence... Pull out the geek card and make it happen :)


What works for Geeks doesn't necessarily work for a business that requires support and has no in house tech capability!

But it's worth thinking about I guess since they are about to a virtualised environment with all new kit.




System One: Popcorn Hour A200,  PS3 SuperSlim, NPVR running on Gigabyte Brix, Sony BDP-S390 BD player, Logitech Revue, Pioneer AVR, Panasonic 60" 3D plasma

System Two: Popcorn Hour A200 ,  Oppo BDP-80 BluRay Player with hardware mode to be region free, Vivitek HD1080P 1080P DLP projector with 100" screen. Harman Kardon HK AVR 254 7.1 receiver, Toshiba HD-A2 HD-DVD player, Roku XS media player

Check out my blog at lchiu.blogspot.com

7777 posts

Uber Geek
+1 received by user: 326

Trusted
Subscriber

  Reply # 703609 19-Oct-2012 16:31 Send private message

If there is no in house IT, a supported managed solution from an established reputable provider is probably the way to go.

I've dealt with http://www.ifm.net.nz/ and http://www.networkpro.co.nz/ before and they were both pretty good.

It's pretty expensive though.

If they have no VM server and you still want to look into pfsense:

You could install pfsense on two ALIX boxes or other commodity hardware, eg: mini ITX and charge them a monthly fee for support yourself.
http://nicegear.co.nz/single-board-computers/pc-engines-alix-2d2/
http://nicegear.co.nz/accessories/pc-engines-case-for-alix-2d2/
http://nicegear.co.nz/accessories/pc-engines-poe-injector-for-alix-boards/

http://www.minecraftforum.net/topic/1447486-building-a-pfsense-mini-itx-firewall-box/
http://forum.pfsense.org/index.php?topic=32383.0;prev_next=next
http://www.smallnetbuilder.com/security/security-howto/31406-build-your-own-ids-firewall-with-pfsense

The DIY/pfsense router is far far cheaper

53 posts

Master Geek


  Reply # 708701 29-Oct-2012 21:02 Send private message

i would go with sonicwall, not fortigate.

fortigate i found they are too buggy. Quite a lot of random errors that might require firmware upgrade or reboot. Although most configurations can be done in GUI, but some functionalities are only available in CLI, while some require both GUI and CLI configurations. Which is very annoying!

87 posts

Master Geek
+1 received by user: 8


  Reply # 709039 30-Oct-2012 11:22 Send private message

jackk: i would go with sonicwall, not fortigate.

fortigate i found they are too buggy. Quite a lot of random errors that might require firmware upgrade or reboot. Although most configurations can be done in GUI, but some functionalities are only available in CLI, while some require both GUI and CLI configurations. Which is very annoying!


On the contrary, I have felt the Sonicwalls that I have worked with have been buggy and not as user friendly as the FG.

Fortinet put out new firmware very regularly, and are about to come out with a flashy new OS that is supposedly very good (I haven't had a look yet).

Whilst you are right about some config being required in CLI, it's generally some of the niche stuff, and it's usually just to turn features off or on. A lot of CLI only config is stuff that is on it's way out anyway (Like PPTP or L2TP VPN setup).

They do have bugs, sure. But what device doesn't? I haven't come across any bugs yet which are anything more than an annoyance. Nothing that impacts the core functionality of the FW.

Each to their own really. Being in charge of 30 odd fortigates makes me slightly (ok, a lot) biased towards them - but I was thrown into this position and was a bit cynical of them in the beginning. They old versions of the OS (anything pre V4) are ugly and weren't nearly as nice. But now that I have worked with them, I think they are a great little device.

53 posts

Master Geek


  Reply # 709114 30-Oct-2012 13:10 Send private message

Jeeves:
jackk: i would go with sonicwall, not fortigate.

fortigate i found they are too buggy. Quite a lot of random errors that might require firmware upgrade or reboot. Although most configurations can be done in GUI, but some functionalities are only available in CLI, while some require both GUI and CLI configurations. Which is very annoying!


On the contrary, I have felt the Sonicwalls that I have worked with have been buggy and not as user friendly as the FG.

Fortinet put out new firmware very regularly, and are about to come out with a flashy new OS that is supposedly very good (I haven't had a look yet).

Whilst you are right about some config being required in CLI, it's generally some of the niche stuff, and it's usually just to turn features off or on. A lot of CLI only config is stuff that is on it's way out anyway (Like PPTP or L2TP VPN setup).

They do have bugs, sure. But what device doesn't? I haven't come across any bugs yet which are anything more than an annoyance. Nothing that impacts the core functionality of the FW.

Each to their own really. Being in charge of 30 odd fortigates makes me slightly (ok, a lot) biased towards them - but I was thrown into this position and was a bit cynical of them in the beginning. They old versions of the OS (anything pre V4) are ugly and weren't nearly as nice. But now that I have worked with them, I think they are a great little device.



Yeah I am a bit biased as well, been dealing with 70 or sonicwalls at my last job and they are great but then again those are deployed for various SME. Currently looking after 10 or so fortigate in an enterprise environment and I don't have the best experience with them. Some of the major ones includes GUI admin locked up and rules' hit counters resetting randomly. Support usually ask you to reboot or firmware upgrade (firmware on board was only a few months old) but being in a large enterprise, this is easier said than done. I also don't really like the logging in fortigate, I found that they are not as informative as the sonicwall. Perhaps they are more suited for smaller networks. :P

87 posts

Master Geek
+1 received by user: 8


  Reply # 709756 31-Oct-2012 11:39 Send private message

Agreed on the logging. It's horrible.
Regards firmware upgrades - I do like the automatic process that happens when setup in HA so you have no or only a micro outage throughout the whole process. Very seemless and I haven't had one fail yet.

53 posts

Master Geek


  Reply # 709815 31-Oct-2012 13:04 Send private message

I really should try the HA upgrade next time. Being a bit paranoid previously and have been upgrading them one by one. :P

I really like the VDOM though!!

87 posts

Master Geek
+1 received by user: 8


  Reply # 710256 1-Nov-2012 10:36 Send private message

Nothing wrong with being paranoid. But to be safe enough just keep a usb drive with a version of the older OS handy and be on-site when doing the upgrade, so you can roll back if needs be. (again, haven't had a failure/problem yet amongst dozens of upgrades).



3953 posts

Uber Geek
+1 received by user: 26

Trusted

  Reply # 710270 1-Nov-2012 10:51 Send private message

An issue my friend has is the cost the ongoing support. He was quoted over $1K for monthly support for a Fortigate. He could not understand what that provided.

I would asumeo once the device is up and running, just a quick check every now and then should be enough. Presumably new rules/filters could be pushed out by Fortigate like AV signatures?




System One: Popcorn Hour A200,  PS3 SuperSlim, NPVR running on Gigabyte Brix, Sony BDP-S390 BD player, Logitech Revue, Pioneer AVR, Panasonic 60" 3D plasma

System Two: Popcorn Hour A200 ,  Oppo BDP-80 BluRay Player with hardware mode to be region free, Vivitek HD1080P 1080P DLP projector with 100" screen. Harman Kardon HK AVR 254 7.1 receiver, Toshiba HD-A2 HD-DVD player, Roku XS media player

Check out my blog at lchiu.blogspot.com

53 posts

Master Geek


  Reply # 710283 1-Nov-2012 11:15 Send private message

Jeeves: Nothing wrong with being paranoid. But to be safe enough just keep a usb drive with a version of the older OS handy and be on-site when doing the upgrade, so you can roll back if needs be. (again, haven't had a failure/problem yet amongst dozens of upgrades).


cheers Jeeves. will keep that in mind.

53 posts

Master Geek


  Reply # 710291 1-Nov-2012 11:25 Send private message

lchiu7: An issue my friend has is the cost the ongoing support. He was quoted over $1K for monthly support for a Fortigate. He could not understand what that provided.

I would asumeo once the device is up and running, just a quick check every now and then should be enough. Presumably new rules/filters could be pushed out by Fortigate like AV signatures?


With regard to the support, do you mean support provided by a managed service provider/IT company to "look after" the box? It is not the actual support license (the support license enable you to log calls direct with fortigate and depends on the license it might give you AV/IPS signatures update as well) direct with fortigate right?

Once the device is in, it should require little attention, unless you require rule/config changes. Probably a firmware upgrade every couple of months and that's pretty much it.



3953 posts

Uber Geek
+1 received by user: 26

Trusted

  Reply # 710502 1-Nov-2012 16:38 Send private message

jackk:
lchiu7: An issue my friend has is the cost the ongoing support. He was quoted over $1K for monthly support for a Fortigate. He could not understand what that provided.

I would asumeo once the device is up and running, just a quick check every now and then should be enough. Presumably new rules/filters could be pushed out by Fortigate like AV signatures?


With regard to the support, do you mean support provided by a managed service provider/IT company to "look after" the box? It is not the actual support license (the support license enable you to log calls direct with fortigate and depends on the license it might give you AV/IPS signatures update as well) direct with fortigate right?

Once the device is in, it should require little attention, unless you require rule/config changes. Probably a firmware upgrade every couple of months and that's pretty much it.


I asked my friend and he is not clear on that at all. He was provided this set of services as an example but they are from Fortigate, not the local SI organisation.








System One: Popcorn Hour A200,  PS3 SuperSlim, NPVR running on Gigabyte Brix, Sony BDP-S390 BD player, Logitech Revue, Pioneer AVR, Panasonic 60" 3D plasma

System Two: Popcorn Hour A200 ,  Oppo BDP-80 BluRay Player with hardware mode to be region free, Vivitek HD1080P 1080P DLP projector with 100" screen. Harman Kardon HK AVR 254 7.1 receiver, Toshiba HD-A2 HD-DVD player, Roku XS media player

Check out my blog at lchiu.blogspot.com

3033 posts

Uber Geek
+1 received by user: 215

Trusted
Subscriber

  Reply # 710509 1-Nov-2012 16:53 Send private message

Haha $1k! crazy. I'll go on using PFsense thanks. These things are generally set and forget (well to a point).





63 posts

Master Geek

Trusted
Subscriber

  Reply # 710513 1-Nov-2012 16:58 Send private message

$1000 is insane - that's almost twice what I'd expect the annual renewal to be.

NZ's largest Fortinet importer sells all their Fortinet hardware with at least first year support. That means that there shouldn't be ANY ongoing costs for the first year - for the Fortinet hardware. It's not unusual for a reseller to add managed services though for things like reporting and 2 hour on-site replacement which either aren't part of the standard bundle or which might require additional licencing. If they won't remove those costs; there're about 190 resellers in NZ.

In the little units this "Bundle" also includes all the UTM services turned on. Web Filtering etc. Which is good - you will want them. You can also buy 24 or 36 month bundles if you'd like which is cheaper than renewing annually.

Year two+ you'll need to renew the hardware support (Which provides TAC access, firmware upgrades and hardware replacement if the box dies) and can optionally renew the UTM - You'll still want this. As a rough estimate it'll be about 20-25% of the hardware for everything enabled.

For the highlighted support clause - Advanced replacement is available nationally. Be aware that until the Local RMA is in place these are shipped from Taiwan so take 3-5 days to arrive. That's the main reason resellers choose to offer 2 hour onsite :).




I work for a Hosting Provider - But my opinions are my own.

53 posts

Master Geek


  Reply # 710582 1-Nov-2012 19:15 Send private message

For your reference, we have received a quote from a reseller for forticare 8x5 for 7 of our fortigate (various models) recently. it was roughly around 7k including GST. These are 1 year support licenses not including UTM. 

1 | 2 | 3
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





Trending now »

Hot discussions in our forums right now:

Netflix officialy launching in NZ in March
Created by jarj, last reply by tdgeek on 21-Nov-2014 19:08 (97 replies)
Pages... 5 6 7


Gull Employment Dispute.
Created by networkn, last reply by gzt on 23-Nov-2014 21:10 (69 replies)
Pages... 3 4 5


Which one is right for me? M8, Z3, S5 or other?
Created by makiomoto, last reply by makiomoto on 20-Nov-2014 13:52 (40 replies)
Pages... 2 3


Free 1gb data with $19 combo until end of Jan 2015 (1.5gb total)
Created by eXDee, last reply by PhantomNVD on 23-Nov-2014 21:37 (15 replies)

Slingshot line speed
Created by Frankiej45, last reply by Frankiej45 on 20-Nov-2014 14:38 (14 replies)

Little Wins labour Leadership
Created by MikeAqua, last reply by Aredwood on 21-Nov-2014 18:47 (53 replies)
Pages... 2 3 4


Orcon: Why did you cancel my email account without telling me??
Created by old3eyes, last reply by old3eyes on 21-Nov-2014 17:03 (13 replies)

My connection is too fast
Created by ckc, last reply by Geektastic on 20-Nov-2014 11:30 (25 replies)
Pages... 2



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.