Page 2 of 2 First 12
Results 26 to 28 of 28

  1. Post
    #26
    Analgia wrote:
    Despite what DELL_Vulcan SWL_Vulcan Vulcan thinks you can get near Gigabit levels of protection (every feature enabled) from a 200E up

    Check out FortiSandbox (Physical/Virtual/Cloud), anything it catches is then blocked on both the network and endpoints. Ideally you have AV on Server+Endpoint+Network as a minimum then additional stuff like IPS/WAF/DLP/Sandboxing on top.

    "SSL Decryption Throughput - 200Mbps"
    I haven't worked there for a while

    The 200E is a fairly expensive box. It compares with the Sonicwall NSA range (2650).

    Last I heard Fortisandbox on their firewalls does not block, it only alerts. I'm not entirely sure why you'd include DLP or WAF for endpoint AV protection?

    And SSL throughput, yes we know what happens when you try and turn that on on a fortigate. Funny how nobody wants to turn it on (and all the forti specs are in most-of-my-features-just-disappeared-flow-mode) . I know the Fortigate architecture well enough that most sane forti admins are terrified of turning all those features on, and when I ask service providers they won't.

    How many boxes have you deployed with SSL decrypt fully enabled?

    I don't like having the same AV on server+endpoint+network, see what that did to sophos customers with wannacry.

    and stop trolling me...
    Last edited by Vulcan; 31st January 2019 at 10:48 pm.

  2. Post
    #27
    Vulcan wrote:
    I know the Fortigate architecture well enough that most sane forti admins are terrified of turning all those features on, and when I ask service providers they won't.

    How many boxes have you deployed with SSL decrypt fully enabled?
    About half, the rest with just cert inspection (depends on what they've licenced). It's not hard to scope above the customer requirements - https://www.fortinet.com/content/dam...uct_Matrix.pdf

    The E series products are significantly better than the D or earlier ones were.


    Vulcan wrote:
    Last I heard Fortisandbox on their firewalls does not block, it only alerts.
    You can have the FortiGate and FortiClient block stuff based on it

  3. Post
    #28
    I dunno why they put that number on the SSL performance, I always seemed to get higher in my tests.

    I just re-ran a speedtest, you can see the resigning cert in there (this is on a TZ-600). Of course all the usual security services are fully enabled.

    Name:  speedtest.JPG
Views: 23
Size:  107.2 KB

    Not bad for a us$2k product (bundled with 1 year of all the services). Pity you can't even find a price for it in NZ now. Dumbasses.