#351 in Computer networking products
Use arrows to jump to the previous/next product
Reddit mentions of Fortinet FortiGate-60D, FG-60D Next Generation (NGFW) Firewall UTM Appliance FG-60D
Sentiment score: 5
Reddit mentions: 8
We found 8 Reddit mentions of Fortinet FortiGate-60D, FG-60D Next Generation (NGFW) Firewall UTM Appliance FG-60D. Here are the top ones.
or
The FortiGate/FortiWiFi 60D Series are compact, all-in-one security appliances that deliver Fortinet's Connected UTM. Ideal for small business, remote, customer premise equipment (CPE) and retail netw
Specs:
| Height | 1.49606 Inches |
| Length | 5.82676 Inches |
| Weight | 1.984160358 Pounds |
| Width | 8.50392 Inches |
I have used Fortigate 60D in the past and it handled dual-wan failover, QOS, web filter,application filter, IPS, VPN, etc with ease. This was for a medical facility.
You sound like a small outfit so that should work fine. You can always move up to a larger unit later on.
https://www.amazon.com/Fortinet-FortiGate-60D-FG-60D-Generation-Appliance/dp/B00B9HZ5QM
Price is good too.
We are deploying Fortinet Fortigates at each of our new sites. Might want to give it a try. Their documentation is good and their support team acts fast. We have the exact same setup for up to 20 people that you mentioned above.
https://www.amazon.com/Fortinet-FortiGate-60D-FG-60D-Generation-Appliance/dp/B00B9HZ5QM
I could be reading it wrong, but the 60D on Amazon is $460 from the vnedor.
Amazon 60D
Use the same stuff from work at home. Love it works great although it might be a bit overkill.
http://www.amazon.com/Fortinet-FortiGate-60D-FG-60D-Generation-Appliance/dp/B00B9HZ5QM/ref=sr_1_1?ie=UTF8&qid=1450883662&sr=8-1&keywords=Fortinet+60D
We use Fortinet's at work. we have some locations with 50+ users and the fortigate 60d's work well.
I get all of what you're saying, but the honest truth is that if a VPN goes down for us it's not the end of the world. Most of our inter-company data is performed on our websites, so as long as the internet stays up our regular staff can do 90% of their jobs. It'd mostly be me, the IT, affected by a VPN going down. And that 90% is probably going to rise to 98% once we move our mobile devices off of WindowsCE and onto Android. We're going to be doing everything by in-house apps, more or less.
$550 is just not something I can justify for our use cases, when really all I want is IT management out of it and not anything beyond that. I can't justify that price for an office for < 5 people who are basically sitting on the internet all day doing their job and not sending inter-company data over the VPN.
The SG300's are layer 3 switches which can do some routing for you but they will not be able to manage WAN connections. As far as trunking over fiber, you have some options. If IDF will have its own (2) Vlans then we will set that switch up in L3 mode (there is a radio button in the web app; or the command “set system mode router” from the CLI) and have it be the hop (from our router) to those subnets. Let’s assume you have Vlan 1 as native which is insecure but we can discuss that in a moment. So our L3 INF switch will have two vlans (10 and 20) with subnets 192.168.10.0/26 and 192.168.10.64/26. For each vlan on the switch, you will give the switch an address so for vlan 10 it will be 192.168.10.1 and for vlan 20 it will be 192.168.10.65. Now assign your ports to the proper Vlan depending on their purpose and set a default route for the switch (which will be the router’s IP on Vlan 1). Make sure your fiber link AND the link between the two IDF switches are on Vlan 1. Now we will do the same thing for MDF networking giving it Vlan 30 and 40 with subnets 192.168.10.128/26 and 192.168.10.192/26. Again add your ports to your vlans as needed. Make sure your router port and fiber port are on vlan 1.
Now, on the router you will provide routes; this usually will ask you for a network address, mask, and destination IP address. After you give it this info correctly, it will know to send all packets destine for network 192.168.10.0/26 to 192.168.10.1 and so on for each vlan. You will have 4 vlans /subnets so there will need to be 4 separate routes. This is assuming you use an off the shelf business solution like Sonicwall, Fortinet, etc. In the event you decide to go with something more robust, the basic idea is the same but the method to enter the route may differ a bit. Also, your VOIP system may have something to say about the use of 2 separate VLANS in one VOIP Call manager. In that case, you may need to use a single Vlan throughout for VOICE.
Assuming you want 2 vlans (voice and PCs); you can go under the “Vlan Management” section of any port and label the fiber link a Trunk link with a native Vlan (there are a few different menus where this can be accomplished, I find “Port Vlan Membership” to be the best; you will need to establish the trunk at both ends of the link). If you decide to go this route, I would change the native Vlan to something different (for security reasons) and be sure you also make the change on the firewall also ensuring the firewall is aware the link is a trunk.
As for the routers membership: if cost is a serious issue, there are Fortinet firewalls that can handle the load you are talking about and have multiple interfaces which you can assign to different Vlans. Take two ports on the switch, have one port assigned to each Vlan THEN plug them into separate ports on the firewall which you will then add to their respective VLANs through the firewalls web app. This will prevent the need for a trunk going to the router from the MDF switch. You can then shape the links by giving priority to your Voice vlan on a link level if need be. In doing this, you will not be required to enable L3 mode on the switches but you will rather give the routing job to the firewall. So for Vlan 10, we will give 192.168.10.1 and Vlan 20 192.168.10.65. Given that the router now has “skin in the game” (interfaces that are connected to both VLANs) it knows what port to use to get to each vlan/subnet.
This is all predicated on the notion that you will be using the SG300 series but, no matter what you decide to go with, the underlying theme is the same. You can use that fiber connection as a “barrier” of sorts if it does represent a true separation of two parts of your company (i.e. Warehouse and Accounting/CEO Office). If your growth is truly explosive the 4 vlan solution will be the better approach (imo, I’m sure there will be 50 other opinions). I base ALL of this on the switches you said you were considering; they are the SMB class and cheaper. If your boss is willing to give you a somewhat blank check, I would build this network entirely different with your growth in mind. Good Luck and let us know as it progresses if you need any further help!
Fortinet Fortigate-60D
https://www.amazon.com/Fortinet-FortiGate-60D-FG-60D-Generation-Appliance/dp/B00B9HZ5QM/ref=sr_1_1?ie=UTF8&amp;qid=1473186466&amp;sr=8-1&amp;keywords=Fortigate+60D
i would suggest Small box of fortigate firewall very ok for SMB . OR Buy 5505
EDIT
http://www.avfirewalls.com/FortiGate-60D.asp
http://www.amazon.com/Fortinet-FortiGate-60D-FG-60D-Generation-Appliance/dp/B00B9HZ5QM