I was trying to collect much as possible on 80Fs, but unfortunately I could not find much, (I used the data mostly of the reselling companies). We are replacing our 15 years old Junipers with FortiGate, and 95% we will go with 2x 80F.
Some of my concerns were, does 80F support Link Aggregation, I found that the older models supported, so I have concluded that 80F supports also. Data Sheet is saying that supported HA is Active-Active, Active-Passive, Clustering, that is little bit confusing so I googled about FGCP and FGSP. I will not mention thing about List Price and stuff like that, but in my opinion there should be something like recommended retail price listed somewhere ( I know that is not usual but it would be helpful) :)
I have also read that there is "Basic Functions" of the firewall (VPN, SD-WAN services, Application control and Forticare support) are those first 3 always included within device, (part of hardware price)?
I have seen here articel also that one of the guys had firewall restarting (temp. issue - bug) for few months and his problem was sovled by updating the OS, after several months.
What are your experiences with this Firewall and also with Fortinet support service?
Thank you all in advance and am looking forward to starting this journey with Fortinet.
High Availability with FortiGate is mostly done using Active-Passive configuration where configuration and sessions states are synchronized from an Active 'master' node to a Passive 'secondary' node. If the master node fails for any reason the secondary becomes active and continues with traffic flow.
Active-Active is rarely used as it only load-balanced the security inspection between firewalls. Typically you would see this in areas where you require very high amounts of throughput for security inspection (IPS, AV, etc).
If you're talking about price you can just ask your reseller what discount percentage you are receiving. Use that to figure out what list price is. :)
And yes the FortiGates come with an amazing amount of features and functionality built in with no license requirements including: SD-WAN, VPN, App Control, Wireless LAN Controllers, Wired LAN Controllers, etc, etc. FOrtiCare support, however, is a paid subscription along with FortiGuard services like IPS, AV, Web Filtering.
If you are running a stable FortiOS release like 7.0.X you should be OK with stability.
I would 100% recommend the FortiGate. I was a FortiGate customer 7 years ago and made it my mission to work here as I recognized what an amazing product it is.
Thank you very much for your response. I have also seen the guide for setting up port bundling, but there is no information that this series is supported. I mean if older is supported (E-Series), why the new one should not be, but the assumption is not enough for my team leader :D
Example:LACP support on entry-level E-series devices
Hi there, yes in the past only mid-range and higher FortiGates supported LACP. Today, all models support it on FortiOS 6.2 and above. Note the difference in the admin guides for FortiOS 6.0 and FortiOS 7.2. In the 6.0 docs it states "Some FortiGate models don't support aggregate interfaces. In this case, the aggregate option isn't available in the FortiGate GUI or CLI. Also, you can't create aggregate interfaces from interfaces in a switch port.". In the 7.2 docs it is absent as all models support it.
Regarding HA, Active-Passive relies on FGCP and A-A relies on FGSP. Clustering takes FGCP protocol and, by use of multiple VDOMs allows you to gain some form of Active-Active functionality. That is, traffic from VDOM A will route through FW A and traffic from VDOM B will route through FW B.
Yes RAS VPN is supported and requires no licensing. However, there is an advanced client with additional features and functionality which requires a license. Look at FortiClient EMS. You also will not receive any support for RAS VPN using the free built-in client.
Thank you for your exesive response. I will read a more about FortiClient EMS. I hope it is ok, to leave this topic a little bit more unlocked, so I can responed here and not open new topic, in case I will have more questions.
Maybe some other users will share their experience also.
However, each FW in the HA cluster needs the same licenses. So technically you do not need additional licensing to build a cluster. However, you can't just have on UTP sub shared between the two firewalls. Hope that makes esnse.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.