What do you recommend for a firewall between Sonic Wall Tz500 and Fortinet FG-100E-BDL. I have two sites which are on different geographic locations and they are on two separate networks, one is production and the other is backup and both are running web applications which are accessible to our clients through an ssl connection. We intend to develop a hot site to mirror production in order to minimize time for restoration of services in case of disaster. We are still going to keep our traditional backup site in spite of our intention to develop a private mini-cloud infrastructure. At the back of our minds we are thinking of creating a VPN for mirroring production to the hot site which will be located where our backup site infrastructure is currently housed.
I have used Fortigates for 6 years. Like you, similar experiences augmented by an additional support subscription due to my early learning curves. What I did not realize was the speed compromises with all the security apps active - if I have a Verizon FiOS true Gig subscription, my speed was tapered down to 100 Mbps or less. That is a 90% reduction. With 6 users multiplied by cell phones accessing the same WiFi, you can imagine the data speeds we were actually working with.
So, I picked WatchGuard, the T70 specifically. The data speeds with everything turned on remains near the subscription (1 Gig) and I have the same types of protections as the Fortigate. It is too early to report the reliability and other specs since this has changed only in the last week, but the specs tell me a lot that helped me to understand what I missed on my first go-around with Fortigate. Don't get me wrong, I had zero issues over the last 6 years to Fortigate's credit. However, that speed compromise doesn't work for me. Perhaps I missed something, but my support knows the product and there were no adjustments available, other than turning certain features off. I couldn't afford that security risk, not these days.
Hello,
I think Fortigate with Soc3 (60E,80E,100E) will perform better due the higher vpn throughput.
If you plan to add ips, av and so on I would suggest to move to FGT200E or NSA2650 at minimum