*>>Fortinet probably removed some features because the lower-end machines couldn’t handle the required workload, I’m guessing.*
** We know that there will be tradeoffs with UTM. If a device can't handle it, then I'll make the decision to go with a larger device, or change the priorities of my desired features. However, if you remove the features from a device that *used* to support it, I'm going to consider a different vendor, not a different device. *ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>* **Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market…*** On Fri, Feb 15, 2013 at 6:29 AM, Tom Miller <[email protected]> wrote: > You may wish to inquire with your reseller about a trade-back. I had a > number of 40C devices, upgraded the firmware per support’s recommendation, > and it was a disaster. Utilization skyrocketed on all of them and it > turned out to be one of the core services that I could not disable, and it > caused the VPN tunnel to constantly drop (this didn’t start until a few > weeks after the firmware was upgraded). I worked out a pretty good deal > with my reseller for the next model up for a great price. I only got this > deal after I told the reseller (who was very helpful) that I’d be happy to > dump Fortinet and go with a competitor. **** > > ** ** > > Fortinet probably removed some features because the lower-end machines > couldn’t handle the required workload, I’m guessing. **** > > ** ** > > I didn’t see the issue on the higher models I used.**** > > ** ** > > *From:* James Hill [mailto:[email protected]] > *Sent:* Thursday, February 14, 2013 9:04 PM > > *To:* NT System Admin Issues > *Subject:* RE: Fortigate (was Guest network security)**** > > ** ** > > I came across the same issue with a recently purchased 40C and was also > disappointed.**** > > ** ** > > The 60C (soon to be 60D with 2 x the performance) has the traffic shaping > option and pretty much everything else.**** > > ** ** > > Maybe I didn’t look hard enough but it certainly isn’t made obvious on > their website that the lower end models have features missing.**** > > ** ** > > James.**** > > ** ** > > *From:* Andrew S. Baker [mailto:[email protected] <[email protected]>] > *Sent:* Friday, 15 February 2013 2:27 AM > *To:* NT System Admin Issues > *Subject:* Re: Fortigate (was Guest network security)**** > > ** ** > > One note: It looks like Traffic Shaping and the Explicit Web Proxy option > are no longer available under the new OS for certain pieces of hardware, > including my 40C. I suspect that anything in the SOHO range had it > removed.**** > > ** ** > > I'm going to downgrade to v4.0 MR3 patch 11, as advised by support.**** > > ** ** > > That's not cool. :(**** > > ** ** > > I've asked to see if that functionality will be brought back into the > device... > > (Actually, I found that MR3 patch 12 was released on the 13th, so I've > downgraded to that)**** > > > **** > > **** > > **** > > *ASB > **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>* > **Providing Virtual CIO Services (IT Operations & Information Security) > for the SMB market…***** > > **** > > ** ** > > On Fri, Feb 8, 2013 at 12:57 PM, Sam Cayze <[email protected]> wrote:**** > > Good to know, thanks!**** > > **** > > *From:* Andrew S. Baker [mailto:[email protected]] > *Sent:* Friday, February 08, 2013 8:10 AM**** > > > *To:* NT System Admin Issues**** > > *Subject:* Re: Fortigate (was Guest network security)**** > > **** > > Version 5.0 installed smoothly. The visual changes are somewhat minimal > for now, but the performance of the UI improved. Can't say for the rest of > the device (performance wise) as I haven't finished migrating to it. > > The backups are much smaller under 5.0 than under v4**** > > > **** > > **** > > **** > > *ASB > **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>* > **Providing Virtual CIO Services (IT Operations & Information Security) > for the SMB market…***** > > **** > > **** > > On Thu, Feb 7, 2013 at 12:46 PM, Andrew S. Baker <[email protected]> > wrote:**** > > I will, as soon as I finish setting this device up today. :)**** > > > **** > > **** > > **** > > *ASB > **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>* > **Providing Virtual CIO Services (IT Operations & Information Security) > for the SMB market…***** > > **** > > **** > > On Thu, Feb 7, 2013 at 12:26 PM, Sam Cayze <[email protected]> wrote:**** > > Speaking of Fortigate… (Much love btw).**** > > **** > > Has anyone taken the jump to V5 of the OS yet? They’ve patched it once or > twice already; should be stable.**** > > **** > > **** > > **** > > *From:* Andrew S. Baker [mailto:[email protected]] > *Sent:* Wednesday, February 06, 2013 8:06 PM > *To:* NT System Admin Issues > *Subject:* Re: OT: Guest network security**** > > **** > > Whoa!!! That looks awesome. Man, I could really have gone for that a > few weeks back. > > My Fortigate 40C arrives tomorrow. :)**** > > > **** > > **** > > **** > > *ASB > **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>* > **Providing Virtual CIO Services (IT Operations & Information Security) > for the SMB market…***** > > **** > > **** > > On Wed, Feb 6, 2013 at 8:31 PM, Richard Stovall <[email protected]> wrote: > **** > > I chose to build a new system so it would be small and silent rather than > use an old computer lying around the house.**** > > **** > > I went with:**** > > **** > > Intel D2500CCE fanless mini-ITX motherboard (Dual core 1.86 GHz Atom CPU > with dual Intel NICs onboard)**** > > **** > > 4 GB RAM**** > > **** > > 128GB Vertex 4 SSD**** > > **** > > It has been in 'production' for a couple of weeks now, and is stable and > very fast. I also really like having the content filtering and > antivirus capabilities of a UTM firewall at home.**** > > **** > > The management interface is a little weird at first, but you get used to > it.**** > > **** > > I demo'ed the software in a VirtualBox VM for a week or so before pulling > the trigger on the hardware expense.**** > > **** > > If anyone is interested, the page at Sophos describing the offering is: > http://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx > **** > > **** > > **** > > On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff <[email protected]> wrote:**** > > Our Sidewinders are EOL at the end of April, and my manager doesn't like > them. > > He's a Cisco bigot, and wants ASAs in here. > > I'm fighting him to at least take a look at the Palo Alto platform, or > perhaps the newest iteration of the Sidewinders (which are now called > McAfee Enteprise Firewalls). > > That's an interesting tip on the Sophos solution. What did you use for > the hardware? > > Kurt**** > > > On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall <[email protected]> > wrote: > > I was going to suggest using the SonicPoint solution from SonicWall, but > > you've got Sidewinders, don't you? > > > > Does McAfee have anything like SonicWall's wireless solution where it's > all > > managed from the firewall? > > > > PS Sophos has this too, and they give their UTM firewall away free for > home > > use. Just bring your own hardware. I just switched to this the other > day > > and love it so far. I should write a blog post about it. (But then I'd > > have to create a blog...) > > > > > > On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff <[email protected]> wrote: > >>**** > > >> All, > >> > >> Quite some time ago, I set up an unsecured guest VLAN in our network, > >> providing wireless access to all of the sundry devices that staff and > >> visitors carry. I set up a small FreeBSD machine to serve IP addresses > >> via DHCP, and that was dead simple. > >> > >> It is a layer2 VLAN, traversing our backbone, and terminating on our > >> corporate firewall. > >> > >> However, there are now other tenants in our building, and the subnet > >> is getting too much bandwidth and address consumption - the range I > >> set up is completely filled, and the VLAN is consuming about half of > >> our Internet pipe, which is far too much for my comfort. > >> > >> I suspect the other tenants are leeching. > >> > >> What I've read of captive portals seems to indicate that the portal is > >> part of the firewall. I could be wrong about that, though. Regardless, > the > >> corporate firewall will not be allowed to be part of this solution. > >> > >> The only other alternative I see right now is to set up a password on > >> the SSID, and have the front desk hand it out to guests, after mailing > >> it to staff, and I'm getting pushback on that from my manager. > >> > >> Does anyone have some ideas I could pursue on this? > >> > >> Thanks, > >> > >> Kurt > >> > >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >> > >> --- > >> To manage subscriptions click here: > >> http://lyris.sunbelt-software.com/read/my_forums/ > >> or send an email to [email protected] > >> with the body: unsubscribe ntsysadmin > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to [email protected] > > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > **** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > **** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > **** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > **** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ** ** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
