Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3


5211 posts

Uber Geek

Trusted

  # 703576 19-Oct-2012 15:33
Send private message

BarTender: Still think pfSense is the best option especially if you have a Virtualised environment with spare capacity.  Just dedicate a network cards to routing out to the internet, and since it sits on your ESX server / SAN, if that blows up you're dead in the water anyway.  So no need to purchase new hardware.

Come on Laurence... Pull out the geek card and make it happen :)


What works for Geeks doesn't necessarily work for a business that requires support and has no in house tech capability!

But it's worth thinking about I guess since they are about to a virtualised environment with all new kit.




Staying in Wellington. Check out my AirBnB in the Wellington CBD.  https://www.airbnb.co.nz/rooms/32019730  Mention GZ to get a 10% discount

 

System One: Popcorn Hour A200,  PS3 SuperSlim, NPVR and Plex Server running on Gigabyte Brix (Windows 10 Pro), Sony BDP-S390 BD player, Pioneer AVR, Raspberry Pi running Kodi and Plex, Panasonic 60" 3D plasma, Google Chromecast

System Two: Popcorn Hour A200 ,  Oppo BDP-80 BluRay Player with hardware mode to be region free, Vivitek HD1080P 1080P DLP projector with 100" screen, Denon AVRS730H 7.2 Channel Dolby Atmos/DTS-X AV Receiver, Samsung 4K player, Google Chromecast, Odroid C2 running Kodi and Plex

 

 


8035 posts

Uber Geek

Trusted

  # 703609 19-Oct-2012 16:31
Send private message

If there is no in house IT, a supported managed solution from an established reputable provider is probably the way to go.

I've dealt with http://www.ifm.net.nz/ and http://www.networkpro.co.nz/ before and they were both pretty good.

It's pretty expensive though.

If they have no VM server and you still want to look into pfsense:

You could install pfsense on two ALIX boxes or other commodity hardware, eg: mini ITX and charge them a monthly fee for support yourself.
http://nicegear.co.nz/single-board-computers/pc-engines-alix-2d2/
http://nicegear.co.nz/accessories/pc-engines-case-for-alix-2d2/
http://nicegear.co.nz/accessories/pc-engines-poe-injector-for-alix-boards/

http://www.minecraftforum.net/topic/1447486-building-a-pfsense-mini-itx-firewall-box/
http://forum.pfsense.org/index.php?topic=32383.0;prev_next=next
http://www.smallnetbuilder.com/security/security-howto/31406-build-your-own-ids-firewall-with-pfsense

The DIY/pfsense router is far far cheaper

 
 
 
 


53 posts

Master Geek


  # 708701 29-Oct-2012 21:02
Send private message

i would go with sonicwall, not fortigate.

fortigate i found they are too buggy. Quite a lot of random errors that might require firmware upgrade or reboot. Although most configurations can be done in GUI, but some functionalities are only available in CLI, while some require both GUI and CLI configurations. Which is very annoying!

302 posts

Ultimate Geek


  # 709039 30-Oct-2012 11:22
Send private message

jackk: i would go with sonicwall, not fortigate.

fortigate i found they are too buggy. Quite a lot of random errors that might require firmware upgrade or reboot. Although most configurations can be done in GUI, but some functionalities are only available in CLI, while some require both GUI and CLI configurations. Which is very annoying!


On the contrary, I have felt the Sonicwalls that I have worked with have been buggy and not as user friendly as the FG.

Fortinet put out new firmware very regularly, and are about to come out with a flashy new OS that is supposedly very good (I haven't had a look yet).

Whilst you are right about some config being required in CLI, it's generally some of the niche stuff, and it's usually just to turn features off or on. A lot of CLI only config is stuff that is on it's way out anyway (Like PPTP or L2TP VPN setup).

They do have bugs, sure. But what device doesn't? I haven't come across any bugs yet which are anything more than an annoyance. Nothing that impacts the core functionality of the FW.

Each to their own really. Being in charge of 30 odd fortigates makes me slightly (ok, a lot) biased towards them - but I was thrown into this position and was a bit cynical of them in the beginning. They old versions of the OS (anything pre V4) are ugly and weren't nearly as nice. But now that I have worked with them, I think they are a great little device.

53 posts

Master Geek


  # 709114 30-Oct-2012 13:10
Send private message

Jeeves:
jackk: i would go with sonicwall, not fortigate.

fortigate i found they are too buggy. Quite a lot of random errors that might require firmware upgrade or reboot. Although most configurations can be done in GUI, but some functionalities are only available in CLI, while some require both GUI and CLI configurations. Which is very annoying!


On the contrary, I have felt the Sonicwalls that I have worked with have been buggy and not as user friendly as the FG.

Fortinet put out new firmware very regularly, and are about to come out with a flashy new OS that is supposedly very good (I haven't had a look yet).

Whilst you are right about some config being required in CLI, it's generally some of the niche stuff, and it's usually just to turn features off or on. A lot of CLI only config is stuff that is on it's way out anyway (Like PPTP or L2TP VPN setup).

They do have bugs, sure. But what device doesn't? I haven't come across any bugs yet which are anything more than an annoyance. Nothing that impacts the core functionality of the FW.

Each to their own really. Being in charge of 30 odd fortigates makes me slightly (ok, a lot) biased towards them - but I was thrown into this position and was a bit cynical of them in the beginning. They old versions of the OS (anything pre V4) are ugly and weren't nearly as nice. But now that I have worked with them, I think they are a great little device.



Yeah I am a bit biased as well, been dealing with 70 or sonicwalls at my last job and they are great but then again those are deployed for various SME. Currently looking after 10 or so fortigate in an enterprise environment and I don't have the best experience with them. Some of the major ones includes GUI admin locked up and rules' hit counters resetting randomly. Support usually ask you to reboot or firmware upgrade (firmware on board was only a few months old) but being in a large enterprise, this is easier said than done. I also don't really like the logging in fortigate, I found that they are not as informative as the sonicwall. Perhaps they are more suited for smaller networks. :P

302 posts

Ultimate Geek


  # 709756 31-Oct-2012 11:39
Send private message

Agreed on the logging. It's horrible.
Regards firmware upgrades - I do like the automatic process that happens when setup in HA so you have no or only a micro outage throughout the whole process. Very seemless and I haven't had one fail yet.

53 posts

Master Geek


  # 709815 31-Oct-2012 13:04
Send private message

I really should try the HA upgrade next time. Being a bit paranoid previously and have been upgrading them one by one. :P

I really like the VDOM though!!

 
 
 
 


302 posts

Ultimate Geek


  # 710256 1-Nov-2012 10:36
Send private message

Nothing wrong with being paranoid. But to be safe enough just keep a usb drive with a version of the older OS handy and be on-site when doing the upgrade, so you can roll back if needs be. (again, haven't had a failure/problem yet amongst dozens of upgrades).



5211 posts

Uber Geek

Trusted

  # 710270 1-Nov-2012 10:51
Send private message

An issue my friend has is the cost the ongoing support. He was quoted over $1K for monthly support for a Fortigate. He could not understand what that provided.

I would asumeo once the device is up and running, just a quick check every now and then should be enough. Presumably new rules/filters could be pushed out by Fortigate like AV signatures?




Staying in Wellington. Check out my AirBnB in the Wellington CBD.  https://www.airbnb.co.nz/rooms/32019730  Mention GZ to get a 10% discount

 

System One: Popcorn Hour A200,  PS3 SuperSlim, NPVR and Plex Server running on Gigabyte Brix (Windows 10 Pro), Sony BDP-S390 BD player, Pioneer AVR, Raspberry Pi running Kodi and Plex, Panasonic 60" 3D plasma, Google Chromecast

System Two: Popcorn Hour A200 ,  Oppo BDP-80 BluRay Player with hardware mode to be region free, Vivitek HD1080P 1080P DLP projector with 100" screen, Denon AVRS730H 7.2 Channel Dolby Atmos/DTS-X AV Receiver, Samsung 4K player, Google Chromecast, Odroid C2 running Kodi and Plex

 

 


53 posts

Master Geek


  # 710283 1-Nov-2012 11:15
Send private message

Jeeves: Nothing wrong with being paranoid. But to be safe enough just keep a usb drive with a version of the older OS handy and be on-site when doing the upgrade, so you can roll back if needs be. (again, haven't had a failure/problem yet amongst dozens of upgrades).


cheers Jeeves. will keep that in mind.

53 posts

Master Geek


  # 710291 1-Nov-2012 11:25
Send private message

lchiu7: An issue my friend has is the cost the ongoing support. He was quoted over $1K for monthly support for a Fortigate. He could not understand what that provided.

I would asumeo once the device is up and running, just a quick check every now and then should be enough. Presumably new rules/filters could be pushed out by Fortigate like AV signatures?


With regard to the support, do you mean support provided by a managed service provider/IT company to "look after" the box? It is not the actual support license (the support license enable you to log calls direct with fortigate and depends on the license it might give you AV/IPS signatures update as well) direct with fortigate right?

Once the device is in, it should require little attention, unless you require rule/config changes. Probably a firmware upgrade every couple of months and that's pretty much it.



5211 posts

Uber Geek

Trusted

  # 710502 1-Nov-2012 16:38
Send private message

jackk:
lchiu7: An issue my friend has is the cost the ongoing support. He was quoted over $1K for monthly support for a Fortigate. He could not understand what that provided.

I would asumeo once the device is up and running, just a quick check every now and then should be enough. Presumably new rules/filters could be pushed out by Fortigate like AV signatures?


With regard to the support, do you mean support provided by a managed service provider/IT company to "look after" the box? It is not the actual support license (the support license enable you to log calls direct with fortigate and depends on the license it might give you AV/IPS signatures update as well) direct with fortigate right?

Once the device is in, it should require little attention, unless you require rule/config changes. Probably a firmware upgrade every couple of months and that's pretty much it.


I asked my friend and he is not clear on that at all. He was provided this set of services as an example but they are from Fortigate, not the local SI organisation.








Staying in Wellington. Check out my AirBnB in the Wellington CBD.  https://www.airbnb.co.nz/rooms/32019730  Mention GZ to get a 10% discount

 

System One: Popcorn Hour A200,  PS3 SuperSlim, NPVR and Plex Server running on Gigabyte Brix (Windows 10 Pro), Sony BDP-S390 BD player, Pioneer AVR, Raspberry Pi running Kodi and Plex, Panasonic 60" 3D plasma, Google Chromecast

System Two: Popcorn Hour A200 ,  Oppo BDP-80 BluRay Player with hardware mode to be region free, Vivitek HD1080P 1080P DLP projector with 100" screen, Denon AVRS730H 7.2 Channel Dolby Atmos/DTS-X AV Receiver, Samsung 4K player, Google Chromecast, Odroid C2 running Kodi and Plex

 

 


3524 posts

Uber Geek

Trusted

  # 710509 1-Nov-2012 16:53
Send private message

Haha $1k! crazy. I'll go on using PFsense thanks. These things are generally set and forget (well to a point).




Speedtest 2019-10-14


65 posts

Master Geek

Trusted

  # 710513 1-Nov-2012 16:58
Send private message

$1000 is insane - that's almost twice what I'd expect the annual renewal to be.

NZ's largest Fortinet importer sells all their Fortinet hardware with at least first year support. That means that there shouldn't be ANY ongoing costs for the first year - for the Fortinet hardware. It's not unusual for a reseller to add managed services though for things like reporting and 2 hour on-site replacement which either aren't part of the standard bundle or which might require additional licencing. If they won't remove those costs; there're about 190 resellers in NZ.

In the little units this "Bundle" also includes all the UTM services turned on. Web Filtering etc. Which is good - you will want them. You can also buy 24 or 36 month bundles if you'd like which is cheaper than renewing annually.

Year two+ you'll need to renew the hardware support (Which provides TAC access, firmware upgrades and hardware replacement if the box dies) and can optionally renew the UTM - You'll still want this. As a rough estimate it'll be about 20-25% of the hardware for everything enabled.

For the highlighted support clause - Advanced replacement is available nationally. Be aware that until the Local RMA is in place these are shipped from Taiwan so take 3-5 days to arrive. That's the main reason resellers choose to offer 2 hour onsite :).




I work for a Hosting Provider - But my opinions are my own.

53 posts

Master Geek


  # 710582 1-Nov-2012 19:15
Send private message

For your reference, we have received a quote from a reseller for forticare 8x5 for 7 of our fortigate (various models) recently. it was roughly around 7k including GST. These are 1 year support licenses not including UTM. 

1 | 2 | 3
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45


Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30


JBL launches headphones range designed for gaming
Posted 13-Jan-2020 09:59


Withings introduces ScanWatch wearable combining ECG and sleep apnea detection
Posted 9-Jan-2020 18:34


NZ Police releases public app
Posted 8-Jan-2020 11:43


Suunto 7 combine sports and smart features on new smartwatch generation
Posted 7-Jan-2020 16:06


Intel brings innovation with technology spanning the cloud, network, edge and PC
Posted 7-Jan-2020 15:54


AMD announces high performance desktop and ultrathin laptop processors
Posted 7-Jan-2020 15:42


AMD unveils four new desktop and mobile GPUs including AMD Radeon RX 5600
Posted 7-Jan-2020 15:32


Consolidation in video streaming market with Spark selling Lightbox to Sky
Posted 19-Dec-2019 09:09


Intel introduces cryogenic control chip to enable quantum computers
Posted 10-Dec-2019 21:32


Vodafone 5G service live in four cities
Posted 10-Dec-2019 08:30


Samsung Galaxy Fold now available in New Zealand
Posted 6-Dec-2019 00:01


NZ company oDocs awarded US$ 100,000 Dubai World Expo grant
Posted 5-Dec-2019 16:00


New Zealand Rugby Selects AWS-Powered Analytics for Deeper Game Insights
Posted 5-Dec-2019 11:33



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.