Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Prika
New Contributor II

Overall experience with Fortigate 80F

Hi community, 

 

I was trying to collect much as possible on 80Fs, but unfortunately I could not find much, (I used the data mostly of the reselling companies). We are replacing our 15 years old Junipers with FortiGate, and 95% we will go with 2x 80F. 


Some of my concerns were, does 80F support Link Aggregation, I found that the older models supported, so I have concluded that 80F supports also. Data Sheet is saying that supported HA is Active-Active, Active-Passive, Clustering, that is little bit confusing so I googled about FGCP and FGSP. I will not mention thing about List Price and stuff like that, but in my opinion there should be something like  recommended retail price listed somewhere ( I know that is not usual but it would be helpful) :)

I have also read that there is "Basic Functions" of the firewall (VPN, SD-WAN services, Application control and Forticare support) are those first 3 always included within device, (part of hardware price)?

 

I have seen here articel also that one of the guys had firewall restarting (temp. issue - bug) for few months and his problem was sovled by updating the OS, after several months.

 

What are your experiences with this Firewall and also with Fortinet support service? 

 

Thank you all in advance and am looking forward to starting this journey with Fortinet.

Cheers!
Cheers!
14 REPLIES 14
Anthony_E
Community Manager
Community Manager

Hello Prika,

 

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

Regards,

Anthony-Fortinet Community Team.
Prika
New Contributor II

Hello Anthony_E,

 

Thank you very much for your response. 

 

Have a nice start into the week.

Cheers!
Cheers!
gfleming
Staff
Staff

The 80F is a fantastic firewall. First thing to keep in mind is that it is a 'desktop' form factor so will not mount in a rack unless you purchase the rackmount kit.

 

To answer you questions, yes it supports link aggregation. All FortiGates support it: https://docs.fortinet.com/document/fortigate/7.2.1/administration-guide/567758/aggregation-and-redun...

 

High Availability with FortiGate is mostly done using Active-Passive configuration where configuration and sessions states are synchronized from an Active 'master' node to a Passive 'secondary' node. If the master node fails for any reason the secondary becomes active and continues with traffic flow.

 

Active-Active is rarely used as it only load-balanced the security inspection between firewalls. Typically you would see this in areas where you require very high amounts of throughput for security inspection (IPS, AV, etc).

 

If you're talking about price you can just ask your reseller what discount percentage you are receiving. Use that to figure out what list price is. :)

 

And yes the FortiGates come with an amazing amount of features and functionality built in with no license requirements including: SD-WAN, VPN, App Control, Wireless LAN Controllers, Wired LAN Controllers, etc, etc. FOrtiCare support, however, is a paid subscription along with FortiGuard services like IPS, AV, Web Filtering.

 

If you are running a stable FortiOS release like 7.0.X you should be OK with stability.

 

I would 100% recommend the FortiGate. I was a FortiGate customer 7 years ago and made it my mission to work here as I recognized what an amazing product it is.

Cheers,
Graham
Prika
New Contributor II

Hello Graham, 

Thank you very much for your response. I have also seen the guide for setting up port bundling, but there is no information that this series is supported. I mean if older is supported (E-Series), why the new one should not be, but the assumption is not enough for my team leader :D 

 

Example:LACP support on entry-level E-series devices 

https://docs.fortinet.com/document/fortigate/6.2.0/new-features/226063/lacp-support-on-entry-level-e....

 

80F Data Sheet:

High Availability Configurations: Active-Active, Active-Passive, Clustering

Here was the confusion "Clustering". What is the diffrence between Clustering and A-A, A-P

(I think I figured this one, the diffrence should be in Fortinet protocols FGCP vs. FGSP, am I right? :D )

 

 

 

And about VPNs, I think I found that VPN RAS (Remote Access) is also supported, but can you please confirm? We would switch our termination point to Fortigate.

 

Thank you for your support!

Cheers!
Cheers!
gfleming

Hi there, yes in the past only mid-range and higher FortiGates supported LACP. Today, all models support it on FortiOS 6.2 and above. Note the difference in the admin guides for FortiOS 6.0 and FortiOS 7.2. In the 6.0 docs it states "Some FortiGate models don't support aggregate interfaces. In this case, the aggregate option isn't available in the FortiGate GUI or CLI. Also, you can't create aggregate interfaces from interfaces in a switch port.". In the 7.2 docs it is absent as all models support it.

 

https://docs.fortinet.com/document/fortigate/7.2.1/administration-guide/567758/aggregation-and-redun...

 

https://docs.fortinet.com/document/fortigate/6.0.0/handbook/61184/aggregate-interfaces

 

Regarding HA, Active-Passive relies on FGCP and A-A relies on FGSP. Clustering takes FGCP protocol and, by use of multiple VDOMs allows you to gain some form of Active-Active functionality. That is, traffic from VDOM A will route through FW A and traffic from VDOM B will route through FW B.

 

https://docs.fortinet.com/document/fortigate/7.2.1/administration-guide/599385/ha-virtual-cluster-se...

 

Yes RAS VPN is supported and requires no licensing. However, there is an advanced client with additional features and functionality which requires a license. Look at FortiClient EMS. You also will not receive any support for RAS VPN using the free built-in client.

Cheers,
Graham
Prika
New Contributor II

Hello Graham, 

 

Thank you for your exesive response. I will read a more about FortiClient EMS. I hope it is ok, to leave this topic a little bit more unlocked, so I can responed here and not open new topic, in case I will have more questions. 

Maybe some other users will share their experience also.

Thank you! 

Cheers!
Cheers!
gfleming

Glad to help. I don't believe these threads ever get locked to feel free to respond anytime for more into. 

Cheers,
Graham
Prika
New Contributor II

Sorry for bothering you, I forgot to ask. I assume there is no need for additional licensing when building an cluster, but can you please confirm this one? 

 

THank you many times 

Cheers!
Cheers!
gfleming

You do not require an HA license.

 

However, each FW in the HA cluster needs the same licenses. So technically you do not need additional licensing to build a cluster. However, you can't just have on UTP sub shared between the two firewalls. Hope that makes esnse.

Cheers,
Graham
Top Kudoed Authors