Today I use Fortinet for both VPN SSL and WEB SSL. I'm considering returning to Citrix (Netscaler) but the products have changed so much that I no longer know what each one is for.
Is Citrix ADC a good solution for web app firewall? App delivery management? Gateway? There are so many out there, I'm not sure which is right. Fortinet seems to be used more by communications people. Citrix seems more for administrators.
SSL VPN is not 'for' IT people just like Fortinet is not 'for' communications people or Citrix 'for' administrators. Nobody can tell you which vendor/integrator/solution to go with as this depends on many factors, all of which relate to your business requirements.
One way to approach this, and in the process to obtain better understanding of not only the technology but also your specific busibess requirements and its constrains would be to create a product matrix. To start with compare functionality using for example MoSCoW prioritisation, than add costs, time scales, internal politicis and other constrains.
What problem SSL VPN is solving for your company?
Are there other ways to satisfy these business requirements (not other SSL VPN sollutions)?
Both Fortinet and Citrix are solid solutions backed by solid manufacturers. Based upon the specified business case my recommendation would actually be F5. F5 is far ahead of other application delivery controller solutions in respects to application security and access management. The manufacturer created F5Labs to perform independent security research across the industry, as well as invested in SOCs globally to support managed offerings for organizations to consume security services. F5's recent acquisition of Shape and NGINX further enhance the organizations strength as a leader in application security. F5's new Beacon ensures consistent and agile security integration into CI/CD processes by DevOps/SecOps/NetOps across any public/private cloud with F5 assets. Security is the strong suite of F5, along with Enterprise application delivery.
For SSL VPN fortinet firewall is OK. Any firewall will use specific link for outbound traffic only not for inbound traffic. But when you use application delivery, it is related with inbound traffic. Inbound traffic can reached at any firewall external interface it can come from any of the link with its IP Address. For application delivery you can use any ADC like F5, Radware, Citrix, FortiADC etc. So that for firewall when external user (from internet) try to came inside (by using WEB application) it will use any one link and its IP address.
I'm a Citrix Engineer and I supply CITRIX products to companies in Korea. Both products are excellent in my experience. So I will give you some data for Compare Citrix WAF with Fortinet WAF
In my opinion, Fortinet has a lot of experience as a security device, so I think WAF is equally fine.
Citrix and is one of the leading product holders in the SSL VPN. l would recommend CITRIX because of its better load handling as well as CITRIX has an onboard SSL decryption chip which reduces the decryption load from the processer which provides us optimal speed and maximum production.
You are making the right decision by going back to Citrix ADC. Historically it has been a solid solution but they have enhanced it further by adding new features making it even more powerful in its new flavors. The best part is that now Citrix Support has changed and the level of support standard has improved quite a bit.
I don't know the Fortinet solution. With NetScaler, you can use App Firewall with the Premium license and functionality like filter by Geographic IP, IP reputation.
NetScaler is a very good solution for App delivery (Content Switch, Load Balancing, cache, etc). Its main competitor in this case is F5.
Additionally, if you have a Citrix XenApp / XenDesktop deployment, it is the best solution.
You can check out SonicWALL Secure Mobile Access.
www.sonicwall.com