I'm curious what others feel is the lifespan of a FortiGate firewall. Obviously if a customer outgrows a firewall it would call for replacemnt. Otherwise, how long would you plan to keep a particular firewall in operation? I'm thinking primarily of the lifespan of FortiGate 60D, 50E, 60E, and 100D firewalls.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
When I look back we started deploying FG60D to our customers in 2014 and migrated gradually from FG40C. But 60D support started from v5.0.1 in early 2013 according to the download site. Now in this 2018 we started considering shifting toward 60E. But probably won't be committed until they stop selling 60Ds.
But when you check the software support, you can find 100D sotware existed even v4.3.x. So it's quite old hardware. I wouldn't consider installing 100D to any new customer but would recommend them to get 100E instead. Difference in performance is quite significant.
I was primarily wondering when, if ever. people would recommend replacing a firewall due to its age. We normally recommend replacing desktop computers, servers, and switches at about the 5 year point in their life thinking that the likelihood of failure would increase after this point in time. Do others treat FortiGate firewalls the same? If so, at how many years in operation would you recommend replacement?
3-5 years should be your plan, but I manage firewall as old as 2010. I would plan to budget a fw refresh for 3/5 years if your talking budgeting but in some case ORGs have units 6+ years old in service or older.
Ken
PCNSE
NSE
StrongSwan
We always recommend hardware upgrade when Fortinet stops releasing bug fixes or announces end-of-support because it's no longer supportable, just like other network devices like Cisco/Juniper routers&switches.
Compared to the hardware, I would say the out-of-trend OS inside would be more vulnerable.
Have EoL and EoS cycles are well defined in Fortinet and like others. Typical a schedule of gurantee support is provide. I have to agree to certain point
bug fixes or announces end-of-support because it's no longer supportable
More importantly when EoS happens you typically don't get IPS signature or other updates, but the true of the matter stateful-firewall is hardly impacted.
Also keep in my every vendor add new feature in newier releases. So if you stay on a 50B ( and yes I just found one in my storage box ; ) ) it will work but you can't do anything with it if you want cut edge protection.
I wrote a blog posting about this a few years back that you read in order to get the life-cycle.
http://socpuppet.blogspot...ortinet-lifecycle.html
PCNSE
NSE
StrongSwan
Just compare the price of the support contract renewal with the price of a new model bundle. If it's nearly the same, why shouldn't you take the new model. Also if you keep some models longer, you get problems migrating the configuration. For example most of the C models only support 5.2, and the E models only 5.4. This is annoying, because then you don't have a configuration file you can import which runs on the same firmware.
Understand. Thanks.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1468 | |
1006 | |
748 | |
443 | |
206 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.