Question:

Upon inspection, it appears that while numerous security features are active, they are set to permit all traffic, effectively neutralizing their purpose. Notably, the Security Fabric feature is deactivated. The firewall, web monitor, and application control functionalities are operational but seemingly ineffective at traffic regulation. Additionally, there’s an inactive firewall designated for a ‘Voice’ subnet, presumably for a former phone system setup.

I’m contemplating whether to continue utilizing the Fortigate, which would require familiarization on my part, or to replace it with an Arista Untangle NGFW, a system I’m more acquainted with. Both devices seem to offer comparable features, yet if Fortigate proves superior, I’d prefer to retain it.

For the moment, I’m merely assessing without altering configurations to avoid disrupting the workflow. However, I believe a comprehensive reconfiguration of the security settings is imperative for actual network protection.

I would appreciate any insights or recommendations regarding the choice between Fortigate and Arista NGFW solutions.”

Answer:

When it comes to network security, the effectiveness of your Next-Generation Firewall (NGFW) is paramount. Your current situation with the Fortigate 60F presents a common dilemma: stick with a familiar but potentially suboptimal configuration, or switch to a new solution that might offer better protection?

Your Fortigate 60F is operational, but its security features are not configured to actively regulate traffic. This includes a deactivated Security Fabric, which is essential for a cohesive security posture. The firewall, web monitor, and application control are enabled but not blocking any traffic, which raises concerns about their current effectiveness.

The Voice Subnet Conundrum

The presence of an inactive firewall for a ‘Voice’ subnet suggests legacy configurations that are no longer in use. This could be an opportunity to streamline your security setup by either repurposing or decommissioning this component.

Fortigate vs. Arista Untangle

Both Fortigate and Arista Untangle NGFWs boast similar features. However, familiarity and comfort with the system play a significant role in its management. If you’re more comfortable with Arista Untangle, it might lead to a more intuitive and thus secure setup. On the other hand, if the Fortigate’s features are superior and you’re willing to climb the learning curve, it could offer better long-term benefits.

Recommendations

1.

Assess Your Security Needs

: Determine the specific security requirements of your network. Consider factors like the size of your network, the types of traffic, and the level of security needed.

2.

Evaluate the Features

: Compare the features of both NGFWs in detail. Look for independent reviews or case studies that demonstrate their performance in real-world scenarios.

3.

Consider Management and Support

: Evaluate the ease of management and the quality of support available for both systems. A NGFW that’s easier to manage and well-supported will likely serve you better.

4.

Test Configurations

: If possible, set up a test environment to trial the configurations without affecting your production network.

5.

Plan for Transition

: Whether you choose to reconfigure the Fortigate or switch to Arista Untangle, plan the transition carefully to minimize disruption.

Conclusion

Ultimately, the decision between Fortigate and Arista Untangle should be based on which system better aligns with your security needs, expertise, and the resources available for managing the NGFW. A comprehensive reconfiguration of your current setup is essential, regardless of the choice, to ensure that your network is truly protected.