Fortinet training/Certification?

I work in an environment full of these fortigate firewall boxes and I know next to nothing about firewalls, let alone fortigate. They are giving me one to play with, but I want to find some training to get my warmed up to the stuff. Fortinet offers training, but at the cost of $1.5k for a two day course, I'm going to pass on that.

Anyone have any experience with this equipment that could shed some light on a means to tackle learning it?

Find more posts tagged with

Comments

forkvoid

You can get the online training for $500. Cert is only another $150 on top of the training.

I find that they're somewhat difficult to work with, mainly due to being quite cryptic and overly complicated. Best way to get to know them is to go hands-on by labbing with them. Set up a small network and enable VPN, content filtering and whatever else your organization uses. I find it helpful to have someone else come in and break something in the environment, so you can really get to know it well.

I'm being sent to training on these next month, I believe(still nailing down the date), so I can let you know afterwards.

Hyper-Me

The worst thing about the Fortinet boxes (at least the few i've seen) is that they dont do much extra than some of the better SoHo routers available at your local store. Aside from the virus scanning and mediocre content filtering, its just another medium featureset router.

I also agree with Forkvoid in that they make the configuration of it too difficult. There are arbitrary rules and "virtual" names and crap that need to be setup/used and it just makes the process take 2-3 times longer than it needs to.

chmorin

Hyper-Me wrote: »

The worst thing about the Fortinet boxes (at least the few i've seen) is that they dont do much extra than some of the better SoHo routers available at your local store. Aside from the virus scanning and mediocre content filtering, its just another medium featureset router.

I also agree with Forkvoid in that they make the configuration of it too difficult. There are arbitrary rules and "virtual" names and crap that need to be setup/used and it just makes the process take 2-3 times longer than it needs to.

All fine and dandy but I'm stuck with it so I gotta learn it

.

Thanks for the suggestions, but where is this $500 training you speak of? I'd sign up for that... but all I can find is this: http://campus.training.fortinet.com/mod/tab/view.php?id=3126

$1,500.

Chivalry1

I have managed Fortinet Firewalls and I love them. They truly offer a feature rich corporate level firewall without the corporate level sticker price (Cisco). I come from the old Cisco PIX days command shell days. These firewalls are easy to use and configure. And customer service was awesome. I considered the training and certification at one time but later changed my mind.

The firewalls I hate are Checkpoint!!!

NightShade1

Chivalry1 wrote: »

I have managed Fortinet Firewalls and I love them. They truly offer a feature rich corporate level firewall without the corporate level sticker price (Cisco). I come from the old Cisco PIX days command shell days. These firewalls are easy to use and configure. And customer service was awesome. I considered the training and certification at one time but later changed my mind.

The firewalls I hate are Checkpoint!!!

Im soo agree with you
And they are not difficult to configure thats a lie... i really like a lot these firewalls...
There are a lot of videos on the fortinet website of training
Also there are lot of webinars... but im not sure if i get them becasue we are partners...

Anyways itsl ike Chivalry said they are at corporate leve but they are not that expensive like cisco ones... or checkpoint.... which are like i want to use vlans... and then you need a licence.. you want to do something an you need a licence.... but with fortinet... you dont need any licence... you just need a bundle licence for the UTM services and of course for their support.. but basically they are cheap and they are really really good... i have done any kind of things wiht these equipment and they work pretty good.. i have installed a lot of them and didnt have any problems with them

For the training yes you would need hands on that would help A LOT with it...

NightShade1

Hyper-Me wrote: »

I also agree with Forkvoid in that they make the configuration of it too difficult. There are arbitrary rules and "virtual" names and crap that need to be setup/used and it just makes the process take 2-3 times longer than it needs to.

i dont get what you mean
could you give me an example of what do you mean?

What does make the process 2 or times longer that it needs?
you can configure them pretty fast...
plz explain

RTmarc

Hyper-Me wrote: »

The worst thing about the Fortinet boxes (at least the few i've seen) is that they dont do much extra than some of the better SoHo routers available at your local store. Aside from the virus scanning and mediocre content filtering, its just another medium featureset router.

I also agree with Forkvoid in that they make the configuration of it too difficult. There are arbitrary rules and "virtual" names and crap that need to be setup/used and it just makes the process take 2-3 times longer than it needs to.

What? Have you used / configure one before? I'm going to agree with some of the others in that these are some of the easiest firewalls I've ever had to deal with.

forkvoid

I think part of it is that Hyper and I are both systems guys, not network guys. That is, the majority of our expertise is not in networking, and if you lack a background in that, configuring a Fortinet can be bothersome.

I have a Sonicwall TZ170 at home and at the office. It's great, though EOL. What I love about it is the simplicity of configuration, much like working with a SOHO router. All the main things you're going to need are right in the open, but all the advanced options are accessed by clicking an 'advanced' button on the page. It keeps things neat and simple. Go look at the Fortinet admin page--why is the addressing mode(common item) right next to the custom MTU size(advanced item)? If you're a networking guy, no big deal. If you're a systems guy playing a part-time networking role, it's a big deal. (which is what both Hyper and I do) Solution to making Fortinet easier to deal with? Clean up the admin console to make it more friendly.

In contrast to the Sonicwall, I have a NetScreen 5GT at the office. When configuring the address, it asks me for CIDR notation instead of dotted. Why? Every other major player asks for dotted. Asking for CIDR means I then have to calculate it up. If you're a network guy, you do it in two seconds in your head. If not, that means pulling up a subnet calculator, which translates to a PITA.

The NetScreen and FortiGate can be made just as easy to use as the Sonicwall, but they're not. That's just how the manufacturers did it. For people like Hyper and I who aren't full-time network admins, this means we lean towards more friendly enterprise solutions, like Sonicwall.

And to Hyper: Sorry for speaking for you, but I think I've hit it right--if not, feel free to call me an idiot.

EDIT: For discussion purposes, my experience comes from the FortiWifi 60CM and FortiWifi 80CM.

Chivalry1

Sorry your experience has not been that good for Fortinets. Sonicwall's unfortunately dont offer the firewall features that most corporate level firewalls can offer. My recommendation is to hold on to these firewalls and start learning. I am keeping a close watch on this company they are making some big moves.

BTW, Fortinet currently offers a AV and I must say that Im impressed.

forkvoid

Chivalry1 wrote: »

My recommendation is to hold on to these firewalls and start learning.

Aye, I am... 201 training next month and I'll pick up the cert for it along the way. Employer-mandated, so I have no choice but to learn them.

chmorin

forkvoid wrote: »

Aye, I am... 201 training next month and I'll pick up the cert for it along the way. Employer-mandated, so I have no choice but to learn them.

Is the fortigate 201 training worth the $1500? I'll pay if the investment will actually teach me the basic configuration and some firewall basics. My work will cover half of it if I pitch it correctly.

forkvoid

chmorin wrote: »

Is the fortigate 201 training worth the $1500? I'll pay if the investment will actually teach me the basic configuration and some firewall basics. My work will cover half of it if I pitch it correctly.

I don't know, because I haven't taken it yet. It's two full days and is recommended for taking the FCNSA(Fortinet Certified Network Security Associate) exam. So, going on that, I would assume it would get you up to speed on it pretty quick.

chmorin

Ever try their 201 online courses? I see those are the $500 ones.

forkvoid

chmorin wrote: »

Ever try their 201 online courses? I see those are the $500 ones.

I haven't, no.

NightShade1

Chivalry1 wrote: »

Sorry your experience has not been that good for Fortinets. Sonicwall's unfortunately dont offer the firewall features that most corporate level firewalls can offer. My recommendation is to hold on to these firewalls and start learning. I am keeping a close watch on this company they are making some big moves.

BTW, Fortinet currently offers a AV and I must say that Im impressed.

Im agree with you

We used to sell Sonicwall but vs fortigate... hehe.... there was no way to win...we just used to sell sonicwalls to clients that had no money to afford a fortigate... but at the end we stop selling it... as it wasnt a good product...

Sonicwall is easy to configure becasue for the basic configuration you get ALL wizards.... thats why you find it easier... beause they are all wizards....
you want to create a vpn? you get a wizard... you want to public a server? you get a wizard and so on...
I personally dont like sonicwall... i have deal fortigate and sonicwalls.... and ihave to say i hate sonicwalls.... and im happy they stop selling that in my company

Forsaken_GA

I like Fortinet's, they're feature rich, and a fraction of a Cisco marked product.

The ones I hate are netscreens. Don't know why, can't stand their web interface or their cli.

Chivalry1

NightShade1 wrote: »

Im agree with you

We used to sell Sonicwall but vs fortigate... hehe.... there was no way to win...we just used to sell sonicwalls to clients that had no money to afford a fortigate... but at the end we stop selling it... as it wasnt a good product...

Sonicwall is easy to configure becasue for the basic configuration you get ALL wizards.... thats why you find it easier... beause they are all wizards....
you want to create a vpn? you get a wizard... you want to public a server? you get a wizard and so on...
I personally dont like sonicwall... i have deal fortigate and sonicwalls.... and ihave to say i hate sonicwalls.... and im happy they stop selling that in my company

Amazing....The consulting firm I worked for we had a similar solutions model. We offered smaller companies (SonicWall) medium-to-large companies (Fortigate) and enterprise's organizations (Cisco).

More often than not the smaller companies would complain about the limited features of SonicWalls. We quickly replaced the SonicWall small business solutions with the Fortigate UTM 60 series. What sold me on the Fortinet is there ease of clustering multiple firewalls and DMZ LAN configuration. If this is for a Small to Medium Enterprise I would recommend purchasing Fortinet, Inc. : Multi-threat Security Systems For Real Time Network Protection, Network Virus Protection, VPN, Intrusion Detection & Prevention for real-time analysis of your organization. It beats pouring through firewall logs for threat analysis reports for management.

NightShade1

Chivalry1 wrote: »

Amazing....The consulting firm I worked for we had a similar solutions model. We offered smaller companies (SonicWall) medium-to-large companies (Fortigate) and enterprise's organizations (Cisco).

More often than not the smaller companies would complain about the limited features of SonicWalls. We quickly replaced the SonicWall small business solutions with the Fortigate UTM 60 series. What sold me on the Fortinet is there ease of clustering multiple firewalls and DMZ LAN configuration. If this is for a Small to Medium Enterprise I would recommend purchasing Fortinet, Inc. : Multi-threat Security Systems For Real Time Network Protection, Network Virus Protection, VPN, Intrusion Detection & Prevention for real-time analysis of your organization. It beats pouring through firewall logs for threat analysis reports for management.

Nice...
Well in my country most of the companies are from small to large companies... there arent too many enterprises in here... my country is small... anyways thats why i guess we just offer fortinet as firewalls...
The bigger fortigate that i have configured is a 310B well actually 2 in cluster
so you can imaging well that the compnaies arent THAT big here... there are som really big ones but they just want cisco :P

creamy_stew

Hyper-Me wrote: »

The worst thing about the Fortinet boxes (at least the few i've seen) is that they dont do much extra than some of the better SoHo routers available at your local store. Aside from the virus scanning and mediocre content filtering, its just another medium featureset router.

I also agree with Forkvoid in that they make the configuration of it too difficult. There are arbitrary rules and "virtual" names and crap that need to be setup/used and it just makes the process take 2-3 times longer than it needs to.

This is simply not true.

FG 60's and above are incredible machines. The 50's were bad imo, but afaikt, I'm the only one who's had real problems with them.

We run an FG800 active/passive cluster, and the only time it's been rebooted is when I upgraded the firmware.