I am a Commercial Manager at a small tech services company.
I am currently researching alternative firewalls for Hillstone. Which FortiGate firewall model can you replace with Hillstone?
Thank you for you help.
There is no simple answer. Like Hillstone, FortiGate firewalls are a line with a huge range of capabilities. Here are some ideas based on our experience:
- Think about high availability? How stringent are your requirements? What would device reboot (minutes downtime), tripped circuit breaker (minutes to hours down), or hardware failure (days down or more) mean? Are you operating single or multiple installations? What is the availability of a replacement device? Based on that - are you considering a single device, a single device with a dual power supply, or a HA pair of devices? (We have quite good experience with a HA pair of 60F's.)
- What are the Internet and local network connectivity requirements? Is 1Gbit Ethernet enough, or do you need 10Gbit? Will FortiGate serve as a router for multiple segments of your local network? That may mandate 10Gbit interfaces on the LAN side even where your Internet connectivity does not require that bandwidth.
- Do you need a hard drive in the unit? Typically, it is used for local logging where remote logging options (FortiCloud, Syslog, etc.) are not practical or possible for technical, financial, or irregular reasons.
- Rackmount - do not worry too much about that - the low-end units (40F, 60F) are not rack-mounted per se, but you can get an original adapter kit or just use a shelf as we do.
- Remember that the HW cost is just a fraction of TCO, the subscription being a substantial part.
- On the HW capacity scaling - this one is tricky, as it heavily depends on the traffic patterns and on the depth of firewall scrutiny. Think more of the number of transactions (TCP connections, UDP "sessions") than the actual packet or byte rates. In our use case, it looks like the RAM is a more scarce resource than the CPU. FortiGate goes into Conserve Mode when hitting something like 75% RAM use, so it is a good idea to keep the normal usage around 50%.
- If you are using a virtualized infrastructure, you may consider a FortiGate VM form factor. Or you can request a free trial VM (feature-restricted) or full-featured evaluation VM (available on request) and use it for evaluation.
- Needless to say - FortiGate is a complex device with tons of features, and it has quite a learning curve. Additionally, some of the more advanced features are available in CLI only or have to be explicitly enabled to be visible in GUI.
- One more piece of advice - be conservative about FortiOS (FG firmware) major/minor releases. New releases tend to be quite buggy and it is a good idea to avoid anything that ends with a patch level less than about 5-6. On the other hand, do apply security patches diligently, some of them close really critical holes. For example, we are on 7.0.11 firmware, even though 7.2.4 and now also 7.4.0 is out.
I am a Network and Security Engineer at a small tech consulting company.
I am about to import the backup configuration file of my hardware-based FortiGate firewall onto my VM-based FortiGate firewall.
Can you please assist me with the procedure?
Thank you for your help.
Head of IT Infrastructure at a non-tech company with 1,001-5,000 employees
Apr 5, 2023
Certainly! While importing a backup configuration file from a hardware-based FortiGate firewall to a VM-based FortiGate firewall is generally possible, there might be some differences between the two platforms that you should be aware of. Here's a step-by-step procedure to help you with the import process:
Export the backup configuration file from your hardware-based FortiGate firewall:
a. Log in to the FortiGate web-based manager.
b. Navigate to System > Maintenance > Backup & Restore.
c. Click on "Backup" and choose "Configuration Only."
d. Save the .conf file to your local machine.
Review the exported configuration file:
a. Open the .conf file in a text editor and review it for any platform-specific configurations or settings that might not be applicable to the VM-based FortiGate firewall.
b. If necessary, make adjustments to the configuration file to ensure compatibility with the VM-based FortiGate firewall. For example, you may need to adjust interface names, hardware switch settings, or other hardware-specific configurations.
Import the configuration file to your VM-based FortiGate firewall:
a. Log in to the VM-based FortiGate web-based manager.
b. Navigate to System > Maintenance > Backup & Restore.
c. Click on "Choose File" and select the modified .conf file from your local machine.
d. Click on "Restore" to import the configuration.
Verify the imported configuration:
a. After the import process is complete, your VM-based FortiGate firewall will reboot.
b. Log in to the web-based manager again and review the imported settings to ensure they have been applied correctly.
c. Test the functionality of your firewall, such as routing, VPN connections, and security policies, to make sure everything is working as expected.
Please note that you should always test the imported configuration in a non-production environment first to avoid any disruptions or issues. Additionally, keep a backup of your current VM-based FortiGate configuration before importing the new configuration in case you need to roll back.
Yes, the SD-WAN (Software-Defined Wide Area Network) feature in FortiGate is suitable for small business applications. Fortinet, the company behind FortiGate, offers a range of products tailored for different organization sizes, including small businesses.
Some advantages of using FortiGate SD-WAN for small businesses are:
Simplified management: FortiGate SD-WAN provides a centralized management interface, which makes it easy to manage and monitor your network across multiple locations.
Cost savings: By leveraging low-cost broadband connections alongside traditional WAN links, you can reduce your overall WAN costs.
Improved performance: FortiGate SD-WAN uses application-aware routing and load balancing to optimize the performance of business-critical applications.
Enhanced security: FortiGate SD-WAN integrates advanced security features such as a next-generation firewall (NGFW), intrusion prevention system (IPS), and secure web gateway (SWG) capabilities, helping protect your small business from cyber threats.
Scalability: As your small business grows, you can easily scale up your FortiGate SD-WAN solution to meet your increasing bandwidth and connectivity requirements.
Before choosing FortiGate SD-WAN, be sure to assess your business requirements, budget, and existing network infrastructure to ensure it's the right fit for your organization.
Yes, the SD-WAN feature in FortiGate is suitable for small business applications. FortiGate offers SD-WAN capabilities that allow for more efficient and secure use of multiple network connections, which can benefit small businesses with limited resources.
Yes, you can implement it and it is very effective for SMB organizations.
Hi, Yes it's suitable for small business applications. We have implemented it for one of our clients.