Fortinet vs SonicWall

We IT people always have our candy brand favorites for practically every hardware or software solution for our clients. I have always been a strong Fortinet buyer/implementer for my clients. Four months ago I decided to replace a client’s firewall/router with a SonicWall unit because another IT friend of mine swears on them. This client has 85 workstations.

I am not impressed

From day one, I have not been able to get the SSL control to work properly. As soon as the SSL sniffing is turned on, the end-users page load crawls to unbearable surfing speeds - and yet the bandwidth is still at it’s peak for the workstation. There are many forum inputs by others regarding this issue and yet SonicWall doesn’t seem to care to fix them. My replies for a fix on their own support portal continue to go unanswered and it baffles me that they just ignore a functionality of a firewall that is standard in the business.

Recently I received notification from SonicWall that their devices are getting hacked just in the same manner as SolarWinds and that there were a couple functions that needed to be switched off on the unit to prevent such a mishap.

Here’s the Fortinet part of this discussion. There is none. In my 15 years of purchasing and installing Fortinet/Fortiguard products, I have yet to have poor customer service or breach of security notifications. Everything has always worked and when I had an issue it was my configuration about 99% of the time. While both products feel, smell, and operate remarkably the same, I have no maintenance issues with the Fortinet brand.

Today, I received a “personal” message from SonicWall CEO, Bill Connor. It was almost an apologetic newsletter about how they are working on developing their products better against threats and attacks. When you have a continued problem with a product, the last thing you need is a feel-good letter from the company CEO. I really just wanted them to fix the issue I have had since day one.

Maybe the reason experts are switching to the OpenSource methods of security?

Fortinet has improved but has in the past been a collection of bad security practices. The worst of which was in May 2019 whe FortiOS included a “magic” string value that had been previously created at the request of one of their customer to enable users to implement a password change process when said password was expiring. Through some clearly mishandled internal processes that “magic” string ended up in their main code base then into everyone devices. I stay far from Sonic wall, just not a good product, but like so many companies that offer strong revenue via their channel partner programs they will continue to have a loyal base of IT companies pushing their products not because they are good, but so they can keep collected their margins on the license renewals.

Further reading on the the issues and incidents from Fortinet:

I’m a big Fortinet fan too for my smaller customers. When dealing with SSL decrypt you need horsepower and Sonicwall has always had issues with that. Palo Alto and Fortinet seem to do it best.

GOOD STUFF!

Yeup, it’s those registration keys that get you bound in

The new SonicWALL devices/firmware are trash… their older units outperform their newer ones… ironic eh?!
I love pfSense in comparison… never used fortinet/fortigate. I quite like Draytek also, but it’s really annoying that they randomly reboot whenever you make a config change (a simple one that shouldn’t require a reboot).

We had a Sonicwall at one point and I hated the piecemeal approach to licencing - and I preach the same over and over again. The fortinet product line is pretty impressive, but the same approach for licencing is often expensive and that’s why I initially switched to pfSense. I’ve not heard any report that pfSense has been hacked or shown a huge vulnerability (unless someone can point me in that direction) which is why I think I stick to what works…