Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
czhong
New Contributor

Migrated from Palo Alto to Fortinet or Vice Versa? SD-WAN use-cases?

Has anyone ever migrated at an enterprise scale from one to the other? Has anyone seriously looked and POC'd a competitor? What did you find?

Why did you / didn't you migrate?

How did the migration of the rules go for you and how many rules did you have?

Did you migrate the rules from Panorama <-> Fortimanager or from the firewall <-> fortigate?

Are you using Fortinet SD-WAN (please provide scale) and how is it working out for you? Are you using them full-mesh or hub/spoke?

Are the SSL Decrypt performance numbers as great as fortinet says?

Thanks!

https://19216811.cam/ https://1921681001.id/
3 REPLIES 3
Anthony_E
Community Manager
Community Manager

Hello czhong,

 

Thank you for using the Community Forum.

I will see someone already faced this situation and will ask to reply to your question.

 

Regards,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hello,

 

We are still looking for an answer.

We will come back to you as soon as we get one.

 

Regards,

Anthony-Fortinet Community Team.
gfleming
Staff
Staff

I have not personally done what you are asking but I can help with some of your questions.

First of all, Fortinet has a very good service, FortiConverter which can convert configurations from other vendor Firewalls to FortiGate configuration.

Once configurations are imported onto the FortiGate, it can be imported into FortiManager for central administration.

SD-WAN scales out incredibly well. This is because of the way Fortinet approaches SD-WAN. Fortinet does not offload the control plane from the Fortigate. Each Fortigate in the network is acting as its own local SD-WAN controller. There is no cloud-based or centralized controller that needs to be sized for the network.

The only real sizing consideration you need to make is the hub will need to support the number of VPN tunnels for your spokes. These numbers are readily available on the data sheet.

Speaking of data sheets, Fortinet has some of the most accurate data sheet numbers in the industry. They can be trusted! Just keep in mind the SSL Decryption numbers are for that process only so if you are doing other features like VPN, NGFW, etc the numbers become lower collectively.

Cheers,
Graham
Top Kudoed Authors