Hi,
We are going to be purchasing a UTM solution for our organization and we want to know which one is best for a 500 to 800 machine users environment - Cyberoam or Fortinet. We have 30 MBPS ISP bandwidth.
Our major focus:
Please suggest which one is best and the Model number which can support 500 to 800 users.
Thanks.
I'm mentioning few options:
1. Fortinet Next-Gen Firewalls 500-300 series. Check this link: www.fortinet.com
2. Check Point - they have excellent UTM appliances especially catering to what you're asking. Check this one: 2200 Next Generation Threat Prevention Appliance
3. Cisco ASA with FirePOWER Services for SMB - don't underestimate the Cisco ASA and especially now that it comes with additional checks like Web Content blocking etc. This link has the info: www.cisco.com
Now, I've used all the types of firewalls. You've got good bandwidth so that's not a limiting factor. It comes down to your comfort level about each vendor. Check Point also offer cloud services and take the burden of reporting out of your hands. Its a handy feature if you wish to explore with them; they offer much more. That's not to say either Cisco or Fortinet are far behind. They have come a long way since I first used them 10 years back. For say 800 users you'd have support staff and all 3 firewalls come with a handy Web UI which will help your administrators enable and configure all the features you need. Note, be careful for the features you ask for and ensure you check their price, it will be licensed and you'll get exactly what you pay for.
Good luck with this. I would like you to take this on board and research with your team and select the best solution for your organization.
My advise always when it come to comparison between different UTN/NGFW vendor is to test the unit and see if meets your needs or not. Every box ( all vendors ) has its own strengths / weaknesses and your bad experience with one vendor does not necessarily apply to someone else
I deployed a proof of concept CR500iNG-XP Cyberoam and it handled all my difficult users right from the get go. Broke its defences using an app called iodine, which injects your data into DNS packets, but broke fortigate with that too. Enjoyed it so much that I purchased it. Clean build, simple to use, nice reporting. Haven't used Fortigate, called Faultygate by a former colleague. The exorbitant costs on Fortigate was a big decider for me, as well as my first hand experience of the cyberoam performing it's job effectively.
Hi
I strongly suggest Fortigate.
Suitable model is FG500D.
Let me know if you need anymore details.
My team would need more details to truly make a recommendation, but initial feedback was either a FortiGate 90D or Cyberroam 100iNG would meet the requirements. Cyberroam's after sale assistance has been better in our experience, and that unit also provides UserID. FortiGate is approx $1000 less and also meets the requirements.
Well...
If your concern was about routing or VLan management or even VPN, I would suggest a comparison table check.
But talking about the Web filtering, HTTPS checks and bandwidth management there would be not doubt that Cyberoam not only is better than Fortinet, but also is the best in the world!
Fortinet is very strong in infrastructure services check up, but when you come the the network management point, stick to Cyberoam!
Hi I am presales engineer from cyberoam from Kolkata managing east. All I can say cyberoam is way ahead in terms of web filtering database and categories, it's anti-spam detection rate is 99.5% where fortigate never publish their detection rate, we are the second company who holds six sigma certified when its come to support. Our box has its inbuilt reporting console called iview.. Shows 1200 different report types including all major compliance report lnbuilt. Our bigger boxes comes with redundant hard disk and flash also.. We keep 3 copies of OS unlike any other vendor. RPS. And many more like our patended layer 8 technology which enable you to control everybody as a single entity...
To answer the question for 500-800 user with 3 year visibility.. The box should be CR750iNG...
Thanks
Sujoy.ghosh@cyberoam.com
I agree with you that Cyberaom offers cost effective solutions compared to Fortinet / Checkpoint and maybe Dell SonicWall but you need to choose the right product based on your customer needs.
I don’t have an experience with Cyberoam but I do have with Fortinet / Dell SonicWall / CheckPoint / Netasq.
I am not sure if Cyberaom comes with a built in reporting module as other UTM vendors as they have their own reporting tool such as FortiAnalyzer for Fortinet and Analyzer / GMS for Dell SonicWall
For iodine, it looks like they missed a signature for this tool which happening all the time.
I would suggest you to have a serious look at WatchGuard.
It has great price/performance, but what is even more important, is the quality and performance of their UTM services.
WatchGuard uses Websense Triton for web filtering and their HTTPS inspection is unbeatable.
Logging and reporting is already included at no extra fee - and it is one of the better ones in the industry.
Hi
Cluster of Fortigate FG500D BUNDLED + Forticloud 500GB for the reporting
and logs container
or
*CR500ia*
I don't really know what Cyberoam has got in the stomach, Even though I think
both brandz should do the job properly, my preference would go to Fortinet.
What is important is how you want to manage your network authentication :
with a user ID or from a more classical way (LDAP, AD)
Rgds,
Erwin
I'm not an expert in either system although I have been on recent
engineering / sales calls with both vendors. I did not choose either,
having similar needs as the user below.
Fortinet is weak on reporting and a quite complex solution in general. They
are also quite expensive. I had difficulty getting their sales engineers to
give me consise demos on finding individual user / IP activity. Based on
the sales calls I got the impression I would be fighting for myself to get
support in the future when needed. Their solution, while very complete
requires many add-ons to fully operate. They are all Fortinet products
which means they will integrate well. But that adds significantly to the
complexity and price of the total solution.
Cyberroam by comparison has a very easy to use reporting engine. They have
a live demo online which you can take for a spin and see for yourself.
Their system in general is much easier to operate for setting policies.
Their https monitoring and enforcement seem very evenly matched. However I
did not get far enough with Cyberroam to get pricing. For my EDU use case
they were lacking some very specific features which it doesn't sound like
you have need of -- specifically offsite filtering and Google Apps SSO.
If I had to choose between the two I would go for Cyberroam. I was very
impressed by both ease of use and confidence of the engineer I spoke with
in their ongoing development. They have been acquired by Sophos in the past
year but their development is still going strong. And parts of their
feature set are beginning to be implemented into the Sophos UTM product
line. However I cannot speak so highly of the the Sophos product line. They
can be thankful they acquired such a high quality product as Cyberroam. It
would not surprise me if at some point things were flipped and Sophos UTM
were replaced by the Cyberroam series.
I would reach out to their sales for specifics on sizing. I cannot be
helpful on that front.
Hope this helps.
Fortinet for sure
The big problem here is, that from the information provided it is not really possible to say THIS modell and THIS license will be suitable for you. Not from the desk.
My advice is choose the fortinet Vm and source a high availability Vm solution to go with it. That way you are able to get value for money from hardware that you have source with as much or as little resources as you need. You can then also use the same hardware to host other virtualised Vm services bringing down the TCO of other potentially viable Vm capable services that you may need in the future
I'm sure there may be others that disagree, but Vmware has some really good high availability solutions to go with it that mitigate loss of hardware devices whilst maximising value for money
Kindest Regards,
Nathan Tlou
I advise you to go with Sophos since Sophos bought Cyberoam
Sophos is easy to manage
Simple for maintenance
You have something called policy test where you can know why some users are opening certain website directly from inside the UTM
It have an advanced reporting tools and it generate reports and send it by mail as pdf attached
You can give even quota per user per group and force google safe search for groups and user
As for the bandwidth management Fortinet have this feature on the network level and so Sophos but not on the web security level
I advise you to take a look to Sophos Next generation firewall (demo02.astaro.com)
Unfortunately, I don’t have any experience
with Cyberoam so I might not be able to provide such comparison.
But I can compare Fortinet with SonicWall :
- Web Content blocking and filtering:
Both they do the job but with SonicWall they have a problem “Rate images by
URL”, this feature is not working as expected especially with search
engines. Fortinet they doing great job with this part.
HTTPS strong blocking :
They both block malicious traffic over HTTPS but SonicWall they don’t do
very well with this part. Their DPI is still not mature enough and is not
working as expected. Add to this, since SonicWall is Mutli-Core UTM, they
have some limitation on how many HTTPs connections ( per model ) the
appliance can inspect. On the other hand, with Fortinet, they have a
dedicated ASIC engine to handle this job, so the limitation of connections
/ performance is much better ( I believe same apply for Cyberaom it is also
Multi-Core UTM).
Reporting and Bandwidth management :
Both SonicWall and Foritnet have a dedicated solution for reporting with
extra license. The Analyzer ( SonicWall) is easy to install / manage but
not stable at all and in most cases whenever you open a case with support
they will end up asking you to deploy. Also, backup your audit data is very
difficult. With FortiAnalyzer, this is not the case, the product is stable,
backup / restore process is easy and you have many predefined reports along
with the capability to add many custom reports based on your needs.
Recommended model : FortiGate 200 Series (FortiGate 100 Series might be
enough but with all secutiy services enabled, this will affect the overall
performance with that number of users ).
Note : Cyberaom is cheaper compared to Fortient but I am not a big fan of
Multi-Core UTM.
Regards,
Hamza Farhan
Something nobody mentioned yet, but especially pricewise very interesting: Barracuda Firewall www.barracuda.com .You see it on my Environment, satisfied and more than I Need for low Budget.
I recommend to use fortinet series products. They have wide range of solutions, FortiAnalyzer, Forticloud, Fortitoken, FortiAP (access points).
I recommend to use sizing tool:
competitive.myfortinet.com
As per my experience, Fortinet is the better UTM device than Cyberoam. If we compare overall UTM functionality, Fortinet is better than cyberoam.
Also it stands 2nd in UTM worldwide ranking but cyberoam stands at 11 position.
The only difference in which cyebroam leads, is firewall management. Cyberoam is easy to manage and configure but fortigate firewalls are little difficult to manage. The one more major difference is reports(logs). In fortinet, the reports of user access logs are better than cyebroam. Report can be generated as per requirement after customizing. But in Cyberoam, this option is not available.
For your requirement, you can consider the cyberoam 750iNG model. For more detail for specifications, please go through the following linkhttp://www.cyberoam.com/downloads/datasheet/CyberoamCR750iNG-XP.pdf
For Fortinet, you can consider Fortigate 800 C UTM firewall. For specification, please go through the following link
www.fortinet.com
FG500D will be suitable for this requirement with UTM bundle license.
attaching the details fr reference.
Fortinet will be better choice with all the required parameters.
Fortigate100D will suffice the requirment.
Hello,
Without knowing the budget for the proposed solution, I can only base my response on the products I’m familiar with.
I know nothing about Cyberoam except that it is a Sophos offering.
Fortinet is fine for small to medium sized businesses, but support can be an issue.
Why not Cisco ASA with firepower? A 5506-X would offer what you’re looking for and you’d have a much better vendor support model.
My two cents…
--Chris Palkowski
Hi
Based on my experience I believe Fortinet is better.
My knowledge of firewalls is currently limited to Sophos UTM's, SonicWalls and a little PaloAlto.
My understanding is Cyberoam is now part of Sophos and I believe the next versions of the UTM OS will be incorporating the Cyberoam "Layer 8" application firewall. I'm super keen in seeing that as the other "Layer 8" I have seen is PaloAlto and its extremely impressive if you have the budget for it. Sophos has released iView which I believe is cyberoams reporting technology.
So with that in mind, I would push Sophos UTM. 500 - 800 machines with total protection (Full Guard + EndPoint AV) will require a SG450. You could get away with SG430 if you take some of the modules away from the UTM (EG, EndPoint AV, Email Protection etc). This does not mean you don't use those technologies, you just deploy the enterprise consoles instead.
My assumption about 500-800 machines means they are segregated to different networks and the firewall is what is routing/monitoring the traffic between those networks. If that is not the case (one big flat network and the firewall is just acting as the external gateway), you could totally re-visit the models and go down to a SG310/330 or even a SG230.
I hope that helps.
Unfortunetely I didn't work on those FW (Cyberoam & Fortinet) so i can't give you the best benchmark.
But i'll try with my best to help you.
You need to answer the right questions:
Which One got the best support ?
If you will not or you don't have an inhouse person to maintain the solution, you must detect who's got the best support to achieve your needs
Configuration flexibility
Is the solution enough to provide the focus or not ?
High avalability
Of course, nobody wants to be down when maintaining or when a sinister is happening (overload,crash,etc)
500-800 users
It depends on how users are using the bandwidth & the FW performance (providers can help you with giving the right FW model)
I hope that will help you.
Did you think of WatchGuard?
You can try with XTM850
Includes Strong content blocking provided by websense
https blocking by application control and deep packet inspection
reporting using dimension.. try demo.watchguard.com (user: demo / pass: visibility)
Hi IT Central,
I don't know anything about Cyberoam but I can advise you about the
Fortigate.
The Fortinet is very feature in UTM. It can do what you want and much more.
It also has the following capabilities: Routing (static and dynamic), VPN
(S2S and Remote Access), Antivirus protection, web filtering, email
filtering, IPS. It also integrated with Active Directory.
The unit itself is limited in its reporting but you can get the
FortiAnalyzer which stores all the data for the Fortigate device for a
longer time period on a separate server or device.
It is both Web (http/https) and CLI managed using telnet or ssh.
Regards,
Samuel Mitchell
CCENT, VCA-DCV Certified
Hi
I would suggest Cisco ASA NG with Firepower Services. It's powerful and effective.
Fortigate is much better
Give me the Internet bandwidth and what are the features u need to activate.
Hello, here is the problem, different people = different taste.
I did a research among other UTM solutions and the truth is, that if you choose Fortinet, you will probably endup with minimum 2 appliances to purchase for HA + license or appliance for Reporting features as well. The reporting within their UTM is weak/simple, so you will need FortiAnalyzer app + maintenance. If you will need antispam in the future, also features weak/basic function within the UTM, all recommend to use appliance FortiMail - it features better antispam techniques and quarantine. But it costs additional fees ofcourse.
All in all it is not cheap solution, and it is not simple to manage eighter in my opinion. You have to maintain 2-3 admin gui and command line as well. Problem also is, that they have different way how to scan a HTTPS traffic with proxy. If you setup FortiGate to break the https and see the traffic inside, its throughput drops significantly, so beware of cheap models with gigabit throught for Firewall, it is much less powerfull in real world & when scanning http(s) in Proxy mode.
They use also another mode called stream scanning, but then with very limited number of legacy anitivirus signatures, so it can´t really protect against viruses and trojans etc.
Cyberoam is cheap and fast, has very nice features layer 8 (Identity based policy etc). Aquired by Sophos few years back, and some of the features will be soon available within Sophos appliances. Not sure what will happen with Cyberoam´s product line in 3years.
For the size you have mentioned is suitable Sophos SG430 appliance (14k EUR for complete set of 5 security modules is quite attractive bundle) and you won´t need to pay for additional log&reporting tool - it is build inside and you can also use a iVew in VMware - free for up to 100GB storage.
I would recomend Sophos SG, but do a trial/test run, and you will see what suits you best.
Cheers,
PS
Hi,
for better comparison we need know a little bit more about your environment to check the right model for Fortinet but even so, using that description I work with Sophos (which acquired Astaro and Cyber Roam) and Fortinet also.
You should keep in mind the company 'targets' since Sophos is more focused on endpoint management and maybe is 'why' they has low position in the 'Leader Quadrant' for 'Unified Threat Management' on the Gartner Magic Quadrant and 'No position' in the 'Gartner Enterprise Firewall Quadrant'. Sophos is recognized in the Gartner MQ for UTM and Enterprise Firewall, but have a lower standing. For example, Sophos is in the Niche Quadrant in the Enterprise Firewall.
Sophos has products only to deal with SMB market, while Fortinet can do up to MSSP/Carriers.
It has a software approach. This means the performance will dramatically drop with real world and small packet traffic, which causes latency and bad user experience. Time sensitive applications like web usage, VoIP, mobile application, and transaction based applications will have poor experience.
Sophos/ Astaro do not have ICSA IPS or NSS Labs NGFW, IPS validation on the performance or ability to protect against the latest exploits.
Sophos doesn´t offer option to create 'GeoIP' object, which means that if you need block traffic coming from China (just for i.e) you should do it for entire unit instead for a specific rule/policy as Fortinet do; the same difficult is to set a Q.O.S object for a specific rule/policy; I´m not sure right know but as I remember they don't offer integration with Active Directory in 'transparent mode', which means that you need to set Proxy in explicit way.
Pls, feel free to stay in touch with me.
tks,
Renato P
The Angel of Technology
renato.pereira@anjodatecnologia.com.br
Ah, can't put special characters in an answer here without getting cut off, at least the less-than sign. As I was saying I would not recommend Fortigates. Their tech support is horrid, laughable even at times. And you will need to contact them eventually. You open a case hoping to get a configuration example and the first thing they say you can do it, but want to do is open a webex session to show you how to do it. Then you find out through the webex that it really can't do it.
They say they have an easy to use GUI, but you cannot do everything with it, you have to drop into the CLI to do some things. The centralized management platform, while good for distributing signatures and such, just adds more confusion into the mix. Nothing like the GUI on the boxes themselves for configuring and still missing the options you need to drop into the CLI for.
They definitely need to enhance their support for third party NMS systems too, we use Solarwinds Orion which is pretty flexible, but Fortigates are difficult to work with and don't give you much.
The Fortinet is known as the better one of the two.
I work with Fortigate right now and would >not< recommend them. Horrid tech support, configuration is confusing. They say they have an easy to use GUI, but you can't do everything from there, you have to drop into the confusing CLI to get some things done. Their centralized management platform, while good for distributing signatures and such, just makes configuration even more confusing. Doesn't work well with network management systems.
Never used either. But for personally, this is how I would set it up: pfSense in a virtual environment. I've done this for years pushing bandwidth quite like you're talking about (a little more actually), all while using open source software. I don't have experience with Fortigate or Cyberoam, so I can't comment on those. But if you're looking for flexibility and the ultimate ROI, this is the best route to choose. If you need commercial support, the pfSense team provides that too.
Sounds like to me that you would need pfSense with Squid proxy and SquidGuardian enabled. I would also recommend SNORT, pfblockerNG and a few other bells a whistles. A central logging solution like Graylog wouldn't hurt either. I love pfSense's logs, but they are tabbed. With Graylog, I can make dashboards and categorize everything how I see fit.
Hi,
the throughput that you need is not high, so for example a
www.cyberoamworks.com meet al your requirements.
with 1M of concurrent session shouldn't have problem with < 1000 users
A key factor may be if there is to many traffic between the internal
networks and this traffic need to be managed by UTM,
this model is able to manage 3Gbps o firewall section, should be enough but
depends from your needs
Regards,
Enrico
Go for Fortigate
Hi,
There are multiple factors to consider when looking at a Firewall solution such as:
Cost Support Performance ROI Ease of management Ease of deployment Available documentation Future proofing Total cost of ownership
Given all of these aspects I would go with the Fortinet 1000-D as this has a proven track record of being deployed in environments similar to what you require.
Regards,
Daniel Legall
For small size network probably Fortinet can do the job.
FG 500D with FortiGuard NGFW Service and Web Filtering Service +Forticare will cover your major focus.
www.fortinet.com
www.fortinet.com
It is very risky to respond like that especially as UTM and FW does not offer the same features, capabilities and are not at the same level of investment.
I can answer by conducting a preliminary analysis for this but your client will have to use my services. For my part I have done this type of comparison in the context of a tender for a similar network (appliance perspective for internet access 34meg 600 users) but also internationally (SaaS versus local appliances).
seeking a job, if you client is interested, I can give him assistance.
Thanks
Best regards,
Valéry FLORENS
Definitely Fortinet, 2014 was the 6 year in Gartner on UTM.
www.fortinet.com
I recommend FG500D and FG1000D on this functionalities(FortiGuard NGFW
Service + FortiGuard Web Filtering Service)
· Web Content blocking and filtering
· HTTPS strong blocking
· Reporting and Bandwidth management( traffic shaping )
· IPS
Determining the size of an UTM is not only depended to user count or bandwith. I's also depended to user type. Torrent user is not as same as a telnet user. Also you may think the website which you visit the now and 5 years ago; the connection count(concurrent connections) size etc, you can easiliy see that site is at least doubled on work-load. I'm using the requirements x 2 = specs of the UTM formula. You can easly find the scaling guides on Vendor sites.
Hi,
From my experience I will advise Fortigate FW series
Br,
Stan
I think you should go with Cyberoam 200Ing, as all three requisites of yours will be fulfilled and it is quite user friendly and convenient to configure.
Regards,
Anil Raju SoreESDS Fully Managed Datacentre8806313322
Hi, I have only experience with Fortinet so I can't compare it with Cyberoam. From my experience I can tell you that Fortinet is satisfying all you requirements and as for the model you can start looking at 100D which is an entry level, but for many users you can use some from the mid range like 800D.
You didn't specify if the users are internal (behind nat) or some of them will use SSL VPN to rich your internal network? If so, I think 800D is fine for your needs.For redundancy you can use 2 FG in cluster acting active/passive or active/active based on needs.
Gabriel.
I'm usind Fortigate's, Chekpoints, pfSense, ipCop, untangle, open source software based custom UTM's, Watchguard's and Sophos since 2001 (was Astaro). Cyberoam is obtained by Sophos. Sophos was purhased Astaro. Cyberoam and Sophos (former Astaro) will be united in same device.(IMHO) I'm using and managing over 20 sophos UTM's; thet are Solid, easy to deploy and "what do you set, what do you get". You may try it on a pc, its free to use on home license(50 IP).
I probably prefer Cyberoam, because Cyberoam has l8 for authentication. That easy to manage large employee. and about the price.