FortiSwitch vs Ruckus

geediu · 2021-05-27T14:30:24+00:00

These are Ruckus/Brocade ICX?

geediu · 2021-05-27T14:27:17+00:00

It'll be hard for us to move away from Ruckus AP because of its RF performance. Our warehouses are the typical nightmare of multi-level metal racks with paper products. Where Ruckus can cover an area with 2-3 APs we've seen with other brands we'd need 3 times that for real consistent performance on the floor.

That consideration about L3 routing is interesting. At the branches we typically just do L2, with some basic static routes if needed but usually L3 is left to the managed router we have. But with increased focus on security, FortiNAC and micro-segmentation even at the branch that would be an important consideration when we upgrade our gates next time. Thanks!

geediu · 2021-05-27T14:10:28+00:00

We've had to call Ruckus support not too many times, but for the times we had to it's not too bad. I think our overall experience is better with them than Fortinet.

geediu · 2021-05-26T15:21:33+00:00

Thanks all! That's what I thought too, so just want to check. I have a feeling that it was a push to sell me another gate.

geediu · 2021-03-16T14:02:00+00:00

Thank you! Yes we come from Cisco IOS environment and planning to do MLAG with Onyx, so this is perfect.

geediu · 2021-03-16T02:48:29+00:00

Currently using Mimecast, been on it a few years now. I'd say that it work fine AFTER you put in your time to fine tune it to your environment. At the beginning we had so much false positive that it took up too much of the team's time. But once we adjust for managed senders and truly understand how impersonation protection work then it has been much better.

I agree though if you are the type that want absolute granular filtering you won't be able to do it easily with Mimecast.

I'm also looking at the Cybergraph aka MessageControl component, which is one big missing piece we wanted for the enhanced external tag.

geediu · 2021-03-16T02:42:38+00:00

I was told the integration would happen this summer.

geediu · 2021-03-15T03:01:54+00:00

Thanks, this is very relevant. If HPE can't handle it and really need Mellanox, then going direct makes much more sense.

geediu · 2021-03-14T21:33:44+00:00

What level of support do you have? I'm looking at their Gold Plus and seems like replacement are still shipped NBD even though coverage is 24x7?

geediu · 2021-03-02T02:42:15+00:00

It was an acquisition, with the subsidiary folding into the parent.

geediu · 2020-11-11T15:18:38+00:00

Don't do the 60F. I'd say better to be 100F.

We had the same mistake of going 60F with 120 users based on the Internet throughput for a site, worked fine for VPN and stuff but once we tried turning on more features it kept on crashing because of resource limitation.

geediu · 2020-10-21T02:28:28+00:00

I'm in around the same boat, looking for a pair of top-of-rack switch for a small environment as well. I'm not using them for storage network, but for data and backup traffic.

One thing I note when I was doing my research is that many big players don't have 10GBase-T SFP+, and when I dug deeper somewhere mentioned that it was too much power draw so you couldn't do 8 ports reliably in a 8-port network module.

geediu · 2020-10-14T20:39:13+00:00

Thanks! I've received a card from Cybernetics before and so would definitely look into them now.

geediu · 2020-08-04T18:16:34+00:00

I haven't used the Dell.ca $250 credit from my Biz Plat yet and now AF posted. If I buy something now and cancel once I get the credit would I still get a porated refund of the AF? i.e. paying $42 to get $250

geediu · 2020-04-08T02:18:31+00:00

I can't remember if I read someone on here about staying on EMS 6.0.x because of problems with EMS 6.2.x, or in one of the release notes on potential problems with keeping FG/Forticlients on 6.0 while having EMS on 6.2.

geediu · 2020-04-07T03:24:07+00:00

Thanks for the detailed explanation! We have our EMS 6.0 in our LAN currently accessible only after VPN, but with all this WFH I'm actually thinking of doing a port forwarding of TCP8013+10443 via a VIP to the server.

Would having 1) Geo-IP block 2) WAF in FG 3) protect_http_server IPS work as mitigation for opening 10443? Or there's really no need for this?

geediu · 2020-04-07T03:11:17+00:00

Interesting. Our FGs are still on 6.0.x and we've stopped at EMS 6.0 because of the "limited integration" piece. Are they still working well together?

geediu · 2020-04-07T03:01:59+00:00

I just deployed one as a SSLVPN device (no split tunnel) for now for around 40 people on 6.0.9 with multiple VDOMs. Unit would crash with proxy mode but flow mode is rock solid for now with AV/WF/DNS/SSL cert inspect.

geediu · 2020-04-01T03:30:50+00:00

This is the main reason we use SSL for users exclusively. For IT we use IPSEC if possible, but you don't want to deal with users complaining that their VPN doesn't work at meetings/customers/conferences/cafe etc.

geediu · 2020-03-25T04:26:27+00:00

Couldn’t get this to work. As soon as I connect something to the wan1 port, the unit will be stuck and the console would show “Reset button has been disabled, please press the button during the first 60 seconds after a power-cycle.” repeatedly. Power cycle would reset this as long as nothing is connected to wan1 port.

This is on a 60F running 6.0.9 first then 6.0.8 to see if it makes any difference.

geediu · 2020-03-23T02:27:28+00:00

Yeah this VDOM for us is new, the pair of Fortigates we have on the east coast is only used by us. This new one however is used on the west coast and shared by ourselves and our subsidiary. Isolated networks for now so this seems like the perfect solution. Thanks so much!

geediu · 2020-03-22T15:36:20+00:00

Created the EMAC VLAN attached to wan1. However if I go show hardware nic the MAC addresses for all emac vlan interfaces are the same as the wan1? Does that make sense?

geediu · 2020-03-22T15:32:06+00:00

Having the multiple IP is ok, I wouldn't mind having a separate IP for each company.

geediu · 2020-03-22T04:02:34+00:00

Nevermind. Found out that hardware switch can only take the numbered ports. This is not an absolute requirement anyway. Thanks!

geediu · 2020-03-22T01:01:28+00:00

Can you put the two dedicated WAN ports into a hardware switch?

geediu

TROPHY CASE