Associate
- Joined
- 19 Oct 2002
- Posts
- 1,925
- Location
- Welling/London
Bit of a rant and a vague hoe someone might have experience with the oddities of Fortgate firewalls.
Can I ask why people like Fortigate? Until recently I have worked exclusively with Cisco, Juniper and Sonicwall firewalls and SSL VPNs. I was recently working on a project where the phone system provider basically dictated we had to use Fotigate 200Ds to ensure SIP traffic worked as they would not support the Mitel phone system they supplied on Cisco or Juniper.
To me they seem a bit "enthusiast/geeks toy" rather than corporate level equipment, one device to rule them all provided you can follow the poorly written "cookbook" which half the time doesn't actually work and poor interfaces which are just confusing even coming from there others I am used to.
So far I have had nothing but problems with NAT where it works for 10 mins, then stops working again, rename the VIP rule and it works again for a short while and then stops, change the VIP config and then change it back and rename again..it works.. Firmware updates applied, support engaged. Issue appears fixed until the next NAT rule you setup and then its all broken again.
Currently also have voice calling issues because they seem to interfere with SIP despite disabling it in various places. Read up and there are plenty of people and Fortinet articles contradicting each other on if you should have SIP ALG on/off, VOIP profiles against the policies etc. Support got us to change settings which got it working to an extent but still problems forwarding calls which is potentially RTP being blocked but the logs are a bit meh and don't show any blocked traffic
Their support is a pain in the backside and refuse to provide one off paid for support so if you are in a bind at the weekend and you need something working and need their help, better pay for the 24/7 support in advance!
I don't think I've ever had these sorts of issues with other equipment, especially something basic like NAT, and it's not like this kit is cheap!
Can I ask why people like Fortigate? Until recently I have worked exclusively with Cisco, Juniper and Sonicwall firewalls and SSL VPNs. I was recently working on a project where the phone system provider basically dictated we had to use Fotigate 200Ds to ensure SIP traffic worked as they would not support the Mitel phone system they supplied on Cisco or Juniper.
To me they seem a bit "enthusiast/geeks toy" rather than corporate level equipment, one device to rule them all provided you can follow the poorly written "cookbook" which half the time doesn't actually work and poor interfaces which are just confusing even coming from there others I am used to.
So far I have had nothing but problems with NAT where it works for 10 mins, then stops working again, rename the VIP rule and it works again for a short while and then stops, change the VIP config and then change it back and rename again..it works.. Firmware updates applied, support engaged. Issue appears fixed until the next NAT rule you setup and then its all broken again.
Currently also have voice calling issues because they seem to interfere with SIP despite disabling it in various places. Read up and there are plenty of people and Fortinet articles contradicting each other on if you should have SIP ALG on/off, VOIP profiles against the policies etc. Support got us to change settings which got it working to an extent but still problems forwarding calls which is potentially RTP being blocked but the logs are a bit meh and don't show any blocked traffic
Their support is a pain in the backside and refuse to provide one off paid for support so if you are in a bind at the weekend and you need something working and need their help, better pay for the 24/7 support in advance!
I don't think I've ever had these sorts of issues with other equipment, especially something basic like NAT, and it's not like this kit is cheap!