I've been asked by a small pharmacy to install a firewall for their network. I am looking into the FortiGate 30E in this case because there are not many devices on the network (around 10-15).
I am wondering if anybody here has done an installation of a FortiGate for a medical facility in the past, and if so, which licenses did you purchase (IPS, antimalware, etc.)? I am trying to get an idea of which services would be most applicable for this facility so I can figure out licensing costs.
I don't think there are special needs for this customer but you may know better.
To protect a small network I would always offer antivirus (which includes botnet blacklisting), webfilter and, if there are servers, IPS. IPS includes application control which is very effective.
For hardware, I would not go for a 30E but for the 30F (or 40F). New generation, same price, 10fold performance.
For subscriptions, the UTM bundle includes all. Maybe ATP will do as well, but I doubt the price difference is worth it.
And, to economize, always buy a hardware bundle, that is, FGT plus 3 or 5 years subscriptions. They are heavily discounted when bought together with the hardware. The customer will skip all subsequent price raise s, and services will not expire too soon.
Usually, any network includes a WiFi nowadays. A FortiWiFi model with internal AP is not as powerful as an external AP, and sometimes includes only 1 radio (2.4 or 5 GHz). A single simple FortiAP has advantages here. The WiFi controller is built-in and does not require licensing.
I would avoid the 30E as it has no FortiOS 6.4 or 7.0 support. Latest software version available at present is 6.2.9.
I would go for a 40F which has much better performance and will support software updates for years to come.
One is "anything below a 60 is not a Fortigate" - if any FortiOS feature is not supported by hardware, it's in these small models. And "30B/40C/30D/30E are gas station models: made for a low-traffic VPN outposts, that is, single purpose, low demands, sold in 10 packs (which is true)".
The 40F is on the brink, powerful yes, but still not the full fledged model. Which might just be fine for some scenarios, nonetheless.
I am now leaning towards either the 40F or the 60F... what are the major differences between these models in terms of performance?
Although ideally I would like to implement all Fortinet equipment, this customer has stated that they would like to keep costs lower. As such, I was planning to use an unmanaged switch for the wired side of the network, and then connect a 3rd-party WiFi AP to a spare port on the FortiGate and enable VLAN on that port to separate wireless traffic.
Will the above scenario function reliably, or are there any significant benefits to using Fortinet equipment (FortiSwitch & FortiAP)?