Fortinet vs Watchguard WiFi

V

Valnar

Supreme [H]ardness
Joined
Apr 3, 2001
Messages
4,321
I'm being asked to evaluate different firewalls for my company, and for a small office, it might make sense to use the firewall vendor's WiFi option, as pedestrian as they may be.

As part of the "kitchen sink" movement, vendors like Watchguard, Sonicwall, Fortinet and others are including basic wireless controllers in their firewalls with "proprietary" WAP's.

Imagine my surprise when I compared the Watchguard AP to the Fortinet AP. :eek:

Box.jpg


Back.jpg

.

So, does anyone know who really makes these?
 
The housings are the same. It is the internal hardware and firmware that makes the difference though.
 
For shits and giggles take them apart though. Curious as to the difference between that 221C and the 200
 
Soldier101 said:
For shits and giggles take them apart though. Curious as to the difference between that 221C and the 200
Click to expand...

I'll do that later this week. I imagine the radios are the same too, but we'll find out.
 
Order the Fortinet, so someone has to approve an invoice for FAPs...

yes it's childish, but who in their marketing team @Fortigate thought this was a good idea??
 
summy said:
Order the Fortinet, so someone has to approve an invoice for FAPs...

yes it's childish, but who in their marketing team @Fortigate thought this was a good idea??
Click to expand...

I am a fortinet partner. We sell a LOT of FAPS....and I laugh every time I invoice them that way haha
 
We have Watchguard now, and will be replacing those firewalls with Fortinet because we're a partner with them. I'm evaluating the WiFi too, but would rather stick with Cisco (Aironet) products. It's not even a comparison..except those FortiAP's are dirt cheap.
 
Yup. FortiAP's are dirt cheap and the results I am seeing from the 221C and 320C units is impressive. (Definitely for the price). We are switching a university over from AdTran to Fortinet because of how improved the performance was with our demo 320C.
 
Watchguard on left; Fortinet on right. Looks like the guts are different.

IMG_1240.jpg
 
Wow interesting, thanks for the comparison. Which one do you prefer op?
 
So far Fortinet, but that may be tainted that I like the firewall better too. Watchguard has better reporting, but I like the Fortinet interface, management and performance better. It also seems less buggy.

So far both suck at WiFi. The configuration options are as rudimentary as they come. They are adequate, but nothing like a Cisco WLC & Aironet AP's.

If your WiFi footprint in the building is small, and don't have a lot of interference, both work fine.
 
I never got a chance to actually test out the fortinet gear, about year ago i was comparing juniper and fortinet. I was leaning towards the fortinet but ended up going with watchguard oddly enough though i haven't looked back, its easy to manage, upgrades are not a pain and i really like it.
 
Modus said:
I never got a chance to actually test out the fortinet gear, about year ago i was comparing juniper and fortinet. I was leaning towards the fortinet but ended up going with watchguard oddly enough though i haven't looked back, its easy to manage, upgrades are not a pain and i really like it.
Click to expand...

We have Watchguard now and are moving to Fortinet.

We've had issues with Watchguard. Their proxy feature is nice when it works, but a pain when it does not. I had to disable the http proxy to get some video conferencing software to work. Yes, obviously a non-http protocol running over port 80 sends a red flag to that feature, but Watchguard tech support could not help. Today I disabled the ftp-proxy feature because FTP/TLS did not work. I haven't investigated that one yet. I've also had a lot of strange issues with the Watchguard AP's in our main building, but we have 20 AP's there. With luck, it'll all get ripped out for a Cisco WLC solution.
 
My only complaint about Fortinet is how they do their NGFW. If they ran their NGFW portion like Palo Alto does I would be Fortinet all day every day.
 
Soldier101 said:
My only complaint about Fortinet is how they do their NGFW. If they ran their NGFW portion like Palo Alto does I would be Fortinet all day every day.
Click to expand...

Funny, I don't like the way Palo Alto does it. I read/watched their marketing blurb, but it didn't convince me of their superiority.
 
Soldier101 said:
My only complaint about Fortinet is how they do their NGFW. If they ran their NGFW portion like Palo Alto does I would be Fortinet all day every day.
Click to expand...

I manage a large fortinet shop. IMO, the biggest benefit PA has over Fortigate is how they rate throughputs. Once you learn how to properly size a fortigate, they are excellent appliances and still more cost effective.

Your sentence starts out just like every PA sales pitch I've entertained.
 
Valnar said:
We have Watchguard now and are moving to Fortinet.

We've had issues with Watchguard. Their proxy feature is nice when it works, but a pain when it does not. I had to disable the http proxy to get some video conferencing software to work. Yes, obviously a non-http protocol running over port 80 sends a red flag to that feature, but Watchguard tech support could not help. Today I disabled the ftp-proxy feature because FTP/TLS did not work. I haven't investigated that one yet. I've also had a lot of strange issues with the Watchguard AP's in our main building, but we have 20 AP's there. With luck, it'll all get ripped out for a Cisco WLC solution.
Click to expand...

I've had the same issue with the http & dns proxy with video streams, but that's not new media streams don' t like to be filtered anyway. I created non proxy rules for the media streaming and it been fine since.
 
Valnar said:
We have Watchguard now and are moving to Fortinet.

We've had issues with Watchguard. Their proxy feature is nice when it works, but a pain when it does not. I had to disable the http proxy to get some video conferencing software to work.
Click to expand...

Watchguard's more advanced firewall features require you to be intimately familiar with them. This problem just sounds like lack of familiarity... you just have to make your own proxy policy set for your own particular traffic needs. Yes, its more work than less, and if you have never done it before the first time's a bitch to figure out on your own from scratch, but its easier and cheaper than throwing your hardware solution in the trash and switching providers. Or like Modus said, just switch that traffic from a proxy action to regular port filter... then no interruption in the stream.

(My company is a Watchguard Partner. We recommend and install Watchguard firewalls all day, but use Ruckus for wireless hardware... )
 
ghost6303 said:
Or like Modus said, just switch that traffic from a proxy action to regular port filter... then no interruption in the stream.
Click to expand...

Easier said than done. I'd have to be intimately familiar with the protocol to have a rule in front of the proxy for it. It uses a variety of public IP's, so I can't filter on that. I had a packet capture and Watchguard tech support couldn't help.
 
my company also resells watchgaurd. we too generally stick with other brand AP's. trendnet tew-653
is cheap and has a proven track record for us. If the trendnet doesnt cut it i usually throw a meraki at it.

watchguard wifi has been steadily improving over the years from what i've seen. It used to be pretty poopy.

From a managment standpoint you can get like 8 of those watchgaurd AP's and manage them from a central location which is a cool feature. Beats trying to reprogram 8 ap's manually.

we only have a handful of clients that need that many ap's though. so again, minimal experience with them.

as for the watchguard routers themselves they are fantastic. way easier to program than a sonicwall IMO (and i also resell dell). the watchguards are really best managed not through the web gui of the router but the watchguard system manager application you install on your pc of choice.
 
You must log in or register to reply here.
Back
Top