Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Backspace
New Contributor

Looking at FortiGate for NGFW, need insight into IPS, reporting and analytics, network visibility...

Hey all,

 

I work IT security for a SMB in the financial sector and I'm looking into PAN, FortiGate and Check Point for options for a better NGFW solution than what we currently have, which is Sonicwall. For about 6 years we've been using an NSA 3600 to cover our main company network and then a TZ500 to connect back to the main branch via point to point VPN at a single remote branch. I also have a subscription to their Network Security Manager (NSM) (hosted) mainly for reporting and analytics. The base functionality of our Sonicwalls have been fine, and I like them for the most part. However, things like reporting, analytics, network visibility into traffic and threat events and more, are pretty sub-par. The Security Services technically work, but they work very poorly. Also, NSM doesn't even function properly despite months of working with support to get it working. The end result is that it is not meeting our needs with regards to perimeter network security monitoring and reporting.

 

A while back, we had an IT vulnerability audit and pen test, which resulted in a finding that basically displayed that our Sonicwall's IDS/IPS/Security Services were not adequately reporting on external port scans and intrusion attempts. The auditor did an aggressive scan with nmap (among other things), and I was simply unable to spot the scan and report it back to them. Best I could do was dig through SIEM firewall logs to find the IP address, but there wasn't even any specific details as far as if the traffic was blocked or not (it showed accepted). This leads into another issue where the Sonicwall's Syslog logging doesn't seem to include all of the Security Services events in a way that our SIEM can adequately parse the log data, even with custom parsing.

 

The point is, all our Sonicwall's and their various security service components don't work well enough and I am really hoping to find a better solution. Can someone speak to the quality of FortiGate NGFWs to report on threats in real-time, with regards to things as simple as excessive port-scans and other intrusion attempts. I do understand that nodes on the WAN get scanned 24/7 which can result in endless alerts and things, but I would assume that there'd be some kind of visibility in the form of pop-ups and categorizations that can tell when/where/how frequently certain malicious activity is hitting our firewall.

 

Also, is there any integrated Wi-Fi with FortiGate firewall units? Currently we use SonicPoint APs integrated with the firewalls, I'm hoping FortiGate has something similar...

 

And input or insight will be greatly appreciated!

3 REPLIES 3
Anthony_E
Community Manager
Community Manager

Hello Backspace,

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

Thanks,

Anthony-Fortinet Community Team.
alif
Staff
Staff

Hello Backspace,

 

Looking at your requirements, I'll share some links below which might give an impression of Fortigate feature set.

 

Threats:
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/237934/threats

 

Threat Map:
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/432276/threat-map

 

Threat Weight:
https://docs.fortinet.com/document/fortigate/6.4.5/administration-guide/903511/threat-weight

 

DoS protection:
https://docs.fortinet.com/document/fortigate/6.2.9/cookbook/771644/dos-protection

 

FortiAP Datasheet:
https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/fortiap-series.pdf

 

We have other Fortinet products such as FortiDDoS (DDoS protection), FortiAnalyzer (logging & reporting), FortiManager (Managing Fortinet devices), FortiWeb (WAF), FortiADC (application delivery) , etc. which might be a good fit in your network environment.

 

In case you are interested in Fortinet products, please contact Fortinet local sales office:
https://www.fortinet.com/corporate/about-us/global-offices.html
http://www.fortinet.com/partners/reseller_locator/locator.html

Backspace
New Contributor

Nice, I will start looking through those :)