+1 Palo Alto. They seem to get it. Usual network equipment caveats apply, vendor performance claims should generally be taken with a box of salt.
theevilsharpie,
>If anybody knows what the draw of these devices are, please chime in. I simply can't see any compelling reason to use them at all.
The CCNP class taught them that ASA is the firewall. Just like EIGRP is the routing protocol.
Also, I've seen a lot of folks who know Cisco - kind of - and don't want to, or aren't capable of, learning anything else. So they go with what they know. I've watched this trump all sorts of logic and reason.
Demo24,
>However their products are too expensive for my application, especially when I have to cover small offices with 3-4 PCs in it and really can't justify a 2k appliance there.
Have you considered a topology where you have a non-split tunnel VPN based on inexpensive devices taking ALL small branch traffic back to your main site, and then do your firewalling there with one better device? Obviously, factor in extra bandwidth and main site and extra slowdowns, but that might be an option, depending very much on the details of your situation.
All,
Two things to remember about these products:
1. Fortinet key people were the old key people behind Netscreen, which got bought by Juniper, and later they bailed. So Juniper's products are short many of the key/original people, while Fortinet is those same people's next generation. Also, Juniper seems to really just want to graft the Netscreen functionality into JunOS, which on the surface is a great strategy, but the process of getting there is ugly.
2. Dell bought SonicWALL. I have not been happy with the results I've seen of any of the acquisitions Dell has done - in my opinion every product they have acquired has either atrophied or actively gotten worse. (also, in general, I've just had a ton of bad experiences with Dell the company and Dell products)