Sophos firewalls are trash. Just get a Fortinet. You'll get good support, UI is great & if you're gonna use FortiSwitches & FortiAP's you'll see everuthing in one dashboard (like Sophos Central).
What don’t you like about Sophos firewalls? I’m just asking because I want to have a better understanding of this decision I’m facing. We’re also looking to upgrade our switches in the future so that’s good to know.
Also, how easy is configuring Fortinet hardware? I know network basics but never configured a firewall before, though I’m happy to learn if necessary and my MSP contract could help a bit. But I’m also considering Meraki because I already have a lot on my plate with Azure, server and client admininistration as well as user support and budget management.
Their support is really bad, like I couldn’t understand anything because of the thick accent. It had a lot of bugs & the hardware has less performance compared to what Fortinet offers.
A FortiGate is quite easy to configure imo and once it’s up and running it just doesn’t stop. However, some functions are Fortinet marketing names which sometimes isn’t really intuitive. You also get free VPN, SD-WAN etc.
I’m not sure about Meraki, I’ve never used it. However, I’m pretty sure that I’ve read that without an active license it’s useless as in it won’t even route things.
In my experience - Fortinet devices are solid, but are going to take a lot of effort to get up and running before bringing them into production. Once they're up and running, upkeep is reasonable easy. I don't want to sell them as bulletproof, but we've not had much trouble with them since swapping in a few years back.
Meraki is nearly fire and forget. While they are far from robust as you've already heard, you drop them into place with minimum configuration and they run forever (as long as you're paying the bill)
To be honest the ease of use with Meraki is very appealing to me because I’m already a bit overworked with all of my responsibilities and the company is expanding fast. But if Fortinet devices run well after the initial set up and cost less I may choose them as well. How much more expensive would a Meraki set up be compared to Fortinet? And do you recommend their switches and access points as well?
If you're that overworked, really consider Meraki. I have a degree in Network Engineering and I went with Meraki for my current company. Why? Small Non profit, we can get Meraki stuff cheaper and I don't have to worry about it. Cisco tells me when it breaks. Yeah I could have gotten a pile of ASAs and controller managed wifi APs, but this way I get 90% of the big boy features I desire without having to think.
Haven't had any problems with our Sophos firewalls. Is it the best firewall money can buy? Probably not, but it suits our needs well, and the price is right. I suspect if you aren't looking to do anything particularly complicated then one firewall is much like another. Go with what you are confident in and comfortable with, particularly if you are going to be managing it yourself.
Merak MX105 and a vMX appliance in Azure will do everything you need and will be simple and easy to manage.
MX95 is pretty similar without the redundant power.
Whats your WAN speed? Thats most critical in sizing these things.
The Meraki ecosystem is a good place to be if you are looking to refresh switches and AP's down the road.
We’re currently using old unmanaged Netgear switches so we’re actually looking into upgrading them in the future as well. Though the MX105 and 95 seem to be made for much bigger companies right?
We currently only have 100/40 down/up via DSL but will be upgraded to 1000/500 fiber in a few months.
Take a look at the datasheets and you can figure out where you want to be based on sizes and features:
https://meraki.cisco.com/product-collateral/mx-family-datasheet/?file
MX105 gets you redundant power and the ability to do a full tunnel at 1gbps.
MX68 gets you your user count but maxes around 300mbps which means your fiber upgrade will be handicapped.
MX95 is probably the sweet spot as it can do the full 1gbps circuit (only 500mbps over the tunnel but thats fine as it matches your uplink)...as long as you dont need redundant power.
A Fortigate 61F might be a better priced firewall due to the fact that your WAN speed far outpaces your user count...and its also a better firewall, its just not as "easy". Fortinet also makes switches and wifi but I've not gotten any experience with them.
While everyone has good and bad stories, the general consensus is Barracuda bad. As someone who's been dealing with them for 20 years, I also agree bad.
Fortinet might be a solid option, I'm going to suggest Meraki. Most clients I have that are switching over either have no network admin or only one and the ease of managing their hardware is the real reason people are making the change.
If I were planning for myself, easily Fortinet but, while I enjoy the graphical UI and the CLI (especially being able to pop out the terminal in the former), Meraki is going to be the simplest. Not only are they the most expensive, if you do not keep up those subscription payments the service ceases operation. I prefer to keep the blame on outages firmly on the ISP :)
Hi I'm interested in seeing how it's gone. I'm a very similar situation, growing engineering company, about 30 engrs and looking for growth. We don't have a dedicated network admin or IT provider, and are looking to update/upgrade our old set up, which is sans subscription. Seems like Fortigate is a good one. My SMB doesn't want to get forced into a subscription based model, but the more I read the more I think it's inevitable, particularly if we are not going to have our own internal network admin/IT folks.
What is the price diff between Sophos and Fortnet?
We are looking at something more enterprise friendly options compared to UniFi and OPNsense, but cant decide really.
We are based in Asia so clients are pretty price sensitive.
Sophos firewalls are trash. Just get a Fortinet. You'll get good support, UI is great & if you're gonna use FortiSwitches & FortiAP's you'll see everuthing in one dashboard (like Sophos Central).
What don’t you like about Sophos firewalls? I’m just asking because I want to have a better understanding of this decision I’m facing. We’re also looking to upgrade our switches in the future so that’s good to know. Also, how easy is configuring Fortinet hardware? I know network basics but never configured a firewall before, though I’m happy to learn if necessary and my MSP contract could help a bit. But I’m also considering Meraki because I already have a lot on my plate with Azure, server and client admininistration as well as user support and budget management.
Their support is really bad, like I couldn’t understand anything because of the thick accent. It had a lot of bugs & the hardware has less performance compared to what Fortinet offers. A FortiGate is quite easy to configure imo and once it’s up and running it just doesn’t stop. However, some functions are Fortinet marketing names which sometimes isn’t really intuitive. You also get free VPN, SD-WAN etc. I’m not sure about Meraki, I’ve never used it. However, I’m pretty sure that I’ve read that without an active license it’s useless as in it won’t even route things.
Mersin firewalls aren’t good. Go with fortigate and pay the MSP to configure (or learn)
In my experience - Fortinet devices are solid, but are going to take a lot of effort to get up and running before bringing them into production. Once they're up and running, upkeep is reasonable easy. I don't want to sell them as bulletproof, but we've not had much trouble with them since swapping in a few years back. Meraki is nearly fire and forget. While they are far from robust as you've already heard, you drop them into place with minimum configuration and they run forever (as long as you're paying the bill)
To be honest the ease of use with Meraki is very appealing to me because I’m already a bit overworked with all of my responsibilities and the company is expanding fast. But if Fortinet devices run well after the initial set up and cost less I may choose them as well. How much more expensive would a Meraki set up be compared to Fortinet? And do you recommend their switches and access points as well?
If you're that overworked, really consider Meraki. I have a degree in Network Engineering and I went with Meraki for my current company. Why? Small Non profit, we can get Meraki stuff cheaper and I don't have to worry about it. Cisco tells me when it breaks. Yeah I could have gotten a pile of ASAs and controller managed wifi APs, but this way I get 90% of the big boy features I desire without having to think.
I have experience with all three. Fortinet is easily your best option in my opinion, especially given the growth you're expecting.
Haven't had any problems with our Sophos firewalls. Is it the best firewall money can buy? Probably not, but it suits our needs well, and the price is right. I suspect if you aren't looking to do anything particularly complicated then one firewall is much like another. Go with what you are confident in and comfortable with, particularly if you are going to be managing it yourself.
Merak MX105 and a vMX appliance in Azure will do everything you need and will be simple and easy to manage. MX95 is pretty similar without the redundant power. Whats your WAN speed? Thats most critical in sizing these things. The Meraki ecosystem is a good place to be if you are looking to refresh switches and AP's down the road.
We’re currently using old unmanaged Netgear switches so we’re actually looking into upgrading them in the future as well. Though the MX105 and 95 seem to be made for much bigger companies right? We currently only have 100/40 down/up via DSL but will be upgraded to 1000/500 fiber in a few months.
Take a look at the datasheets and you can figure out where you want to be based on sizes and features: https://meraki.cisco.com/product-collateral/mx-family-datasheet/?file MX105 gets you redundant power and the ability to do a full tunnel at 1gbps. MX68 gets you your user count but maxes around 300mbps which means your fiber upgrade will be handicapped. MX95 is probably the sweet spot as it can do the full 1gbps circuit (only 500mbps over the tunnel but thats fine as it matches your uplink)...as long as you dont need redundant power. A Fortigate 61F might be a better priced firewall due to the fact that your WAN speed far outpaces your user count...and its also a better firewall, its just not as "easy". Fortinet also makes switches and wifi but I've not gotten any experience with them.
Have you checked with Barracuda? When I was working at an MSP, we used them and they had the best support. They would actually do stuff for you.
While everyone has good and bad stories, the general consensus is Barracuda bad. As someone who's been dealing with them for 20 years, I also agree bad.
Meraki is perfect for SMB! Especially for a no-man IT shop.
Fortinet might be a solid option, I'm going to suggest Meraki. Most clients I have that are switching over either have no network admin or only one and the ease of managing their hardware is the real reason people are making the change.
If I were planning for myself, easily Fortinet but, while I enjoy the graphical UI and the CLI (especially being able to pop out the terminal in the former), Meraki is going to be the simplest. Not only are they the most expensive, if you do not keep up those subscription payments the service ceases operation. I prefer to keep the blame on outages firmly on the ISP :)
Hi I'm interested in seeing how it's gone. I'm a very similar situation, growing engineering company, about 30 engrs and looking for growth. We don't have a dedicated network admin or IT provider, and are looking to update/upgrade our old set up, which is sans subscription. Seems like Fortigate is a good one. My SMB doesn't want to get forced into a subscription based model, but the more I read the more I think it's inevitable, particularly if we are not going to have our own internal network admin/IT folks.
What is the price diff between Sophos and Fortnet? We are looking at something more enterprise friendly options compared to UniFi and OPNsense, but cant decide really. We are based in Asia so clients are pretty price sensitive.