I've recently agreed to do some development and test work for a non-profit organization, and am configuring my home site as a full internet site. In discussing this with my upstream provider's networking honcho, who is also my neighbor, we identified "a better firewall" than the D-Link DI808-HV I'd been using, and he is very high on Fortinet. However, his operation is primarily Windows, and I am
100% Solaris 8/9 running on Sun Ultrsparc hardware, currently a 4-node setup.
Looking over the current hardware firewall scene, Cisco offers the PIX 501, which is a bit limited for my needs, and the next step up is the 515E, which is much too big and expensive. Similarly with Sonicwall, I was underwhelmed by the TZ170 (against the PIX 501), and their next step up is the PRO-2040. Anyway, I decided to look at Fortinet, and it looks as though their model 60 might be a good box for me to consider.
I put in a call to Fortinet sales, after looking at their website and identifying at least one item (their remote managment client) that was Microsoft-specific. I'm awaiting a definitive answer from their technical people on Solaris compatibility (i.e., how much longer is their exception list) before considering their box any further.
I don't know anyone else besides my neighbor who is running Fortinet appliances----everyone else has Ciscos, and there is a part of me that says "don't gamble---buy a 501 and live within its limits for a year or two, then replace it---there is sure to be something better that isn't $2K+ or Windows-targeted by then." The other half says that for a couple hundred more, I can use the Fortigate 60 added capabilities---if it will run with Solaris, and is as good as they claim.
While nobody ever got fired for buying Cisco, I'm retired, and doing this just to keep my hand in, in a very rural part of the country, and feel a bit blessed to have high speed internet access from a local provider. I think I'm this outfit's only Unix-based customer. And I'm really wondering which way I should jump. I'm not going to spend a lot of time and money on buying even an el-cheapo windows consumer mox and learning how to use it (which I already know is a nasty affair for a Unix guy), and 45 years in the computer business was enough.
So my question really is whether to gamble on the Fortigate 60 working well for me, or just settle for the Pix 501?