Looking at FortiGate for NGFW, need insight into IPS, reporting and analytics, network visibility...
I work IT security for a SMB in the financial sector and I'm looking into PAN, FortiGate and Check Point for options for a better NGFW solution than what we currently have, which is Sonicwall. For about 6 years we've been using an NSA 3600 to cover our main company network and then a TZ500 to connect back to the main branch via point to point VPN at a single remote branch. I also have a subscription to their Network Security Manager (NSM) (hosted) mainly for reporting and analytics. The base functionality of our Sonicwalls have been fine, and I like them for the most part. However, things like reporting, analytics, network visibility into traffic and threat events and more, are pretty sub-par. The Security Services technically work, but they work very poorly. Also, NSM doesn't even function properly despite months of working with support to get it working. The end result is that it is not meeting our needs with regards to perimeter network security monitoring and reporting.
A while back, we had an IT vulnerability audit and pen test, which resulted in a finding that basically displayed that our Sonicwall's IDS/IPS/Security Services were not adequately reporting on external port scans and intrusion attempts. The auditor did an aggressive scan with nmap (among other things), and I was simply unable to spot the scan and report it back to them. Best I could do was dig through SIEM firewall logs to find the IP address, but there wasn't even any specific details as far as if the traffic was blocked or not (it showed accepted). This leads into another issue where the Sonicwall's Syslog logging doesn't seem to include all of the Security Services events in a way that our SIEM can adequately parse the log data, even with custom parsing.
The point is, all our Sonicwall's and their various security service components don't work well enough and I am really hoping to find a better solution. Can someone speak to the quality of FortiGate NGFWs to report on threats in real-time, with regards to things as simple as excessive port-scans and other intrusion attempts. I do understand that nodes on the WAN get scanned 24/7 which can result in endless alerts and things, but I would assume that there'd be some kind of visibility in the form of pop-ups and categorizations that can tell when/where/how frequently certain malicious activity is hitting our firewall.
Also, is there any integrated Wi-Fi with FortiGate firewall units? Currently we use SonicPoint APs integrated with the firewalls, I'm hoping FortiGate has something similar...
We have other Fortinet products such as FortiDDoS (DDoS protection), FortiAnalyzer (logging & reporting), FortiManager (Managing Fortinet devices), FortiWeb (WAF), FortiADC (application delivery) , etc. which might be a good fit in your network environment.