Yes, they took out the functionality from firmware on some of the models. I "downgraded" to v4.0, but only really lost some of the GUI ease, and the device identification stuff.
I got back the web proxy, and the traffic shaping control, which is what I cared about. They suggested that it was because of performance issues why they removed the features, but I'm still annoyed. It's not like those features are mandatory, or that it is so hard to get them working on even less hardware. I still have an 11-year old Netscreen 5XP that does traffic shaping. If it could support multiple WANs and had better than a 10mbit interface, I would be inclined to use it still. Yes, the UI was slow, but the performance of the device itself was fine. They're just hurting themselves if they cut out the low-end. I've downloaded the Sophos UTM appliance and will look at this for viability for customers. http://www.sophos.com/en-us/products/free-tools/sophos-utm-essential-firewall.aspx (Thanks, James!) Another option that I looked at, although it's not *quite* there for SOHO is ZyXel. I had a USG-50 which is a very cool device, but the features are a little quirky, and they tied some of what should be core (like traffic shaping) to subscription services. http://www.newegg.com/Product/Product.aspx?Item=N82E16833181137 I also saw lots of complaints about the SSL tunnels, although I didn't try it myself. If Fortinet stops bringing value to the low-end of the spectrum, they'll lose in the end, because the SOHO and SMB market is ripe for a solid product, and those people are going to be more inclined to go with a name brand (like SonicWall) or with cost (like ZyXel) than play the feature roulette. There is no place on their website that clearly states which models are lacking which functionality items under v5, and that's the worst part of this whole ordeal. *ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>* **Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market…*** On Thu, Feb 14, 2013 at 9:03 PM, James Hill <[email protected]> wrote: > I came across the same issue with a recently purchased 40C and was also > disappointed.**** > > ** ** > > The 60C (soon to be 60D with 2 x the performance) has the traffic shaping > option and pretty much everything else.**** > > ** ** > > Maybe I didn’t look hard enough but it certainly isn’t made obvious on > their website that the lower end models have features missing.**** > > ** ** > > James.**** > > ** ** > > *From:* Andrew S. Baker [mailto:[email protected]] > *Sent:* Friday, 15 February 2013 2:27 AM > > *To:* NT System Admin Issues > *Subject:* Re: Fortigate (was Guest network security)**** > > ** ** > > One note: It looks like Traffic Shaping and the Explicit Web Proxy option > are no longer available under the new OS for certain pieces of hardware, > including my 40C. I suspect that anything in the SOHO range had it > removed.**** > > ** ** > > I'm going to downgrade to v4.0 MR3 patch 11, as advised by support.**** > > ** ** > > That's not cool. :(**** > > ** ** > > I've asked to see if that functionality will be brought back into the > device... > > (Actually, I found that MR3 patch 12 was released on the 13th, so I've > downgraded to that)**** > > > **** > > **** > > **** > > *ASB > **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>* > **Providing Virtual CIO Services (IT Operations & Information Security) > for the SMB market…***** > > **** > > ** ** > > On Fri, Feb 8, 2013 at 12:57 PM, Sam Cayze <[email protected]> wrote:**** > > Good to know, thanks!**** > > **** > > *From:* Andrew S. Baker [mailto:[email protected]] > *Sent:* Friday, February 08, 2013 8:10 AM**** > > > *To:* NT System Admin Issues**** > > *Subject:* Re: Fortigate (was Guest network security)**** > > **** > > Version 5.0 installed smoothly. The visual changes are somewhat minimal > for now, but the performance of the UI improved. Can't say for the rest of > the device (performance wise) as I haven't finished migrating to it. > > The backups are much smaller under 5.0 than under v4**** > > > **** > > **** > > **** > > *ASB > **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>* > **Providing Virtual CIO Services (IT Operations & Information Security) > for the SMB market…***** > > **** > > **** > > On Thu, Feb 7, 2013 at 12:46 PM, Andrew S. Baker <[email protected]> > wrote:**** > > I will, as soon as I finish setting this device up today. :)**** > > > **** > > **** > > **** > > *ASB > **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>* > **Providing Virtual CIO Services (IT Operations & Information Security) > for the SMB market…***** > > **** > > **** > > On Thu, Feb 7, 2013 at 12:26 PM, Sam Cayze <[email protected]> wrote:**** > > Speaking of Fortigate… (Much love btw).**** > > **** > > Has anyone taken the jump to V5 of the OS yet? They’ve patched it once or > twice already; should be stable.**** > > **** > > **** > > **** > > *From:* Andrew S. Baker [mailto:[email protected]] > *Sent:* Wednesday, February 06, 2013 8:06 PM > *To:* NT System Admin Issues > *Subject:* Re: OT: Guest network security**** > > **** > > Whoa!!! That looks awesome. Man, I could really have gone for that a > few weeks back. > > My Fortigate 40C arrives tomorrow. :)**** > > > **** > > **** > > **** > > *ASB > **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>* > **Providing Virtual CIO Services (IT Operations & Information Security) > for the SMB market…***** > > **** > > **** > > On Wed, Feb 6, 2013 at 8:31 PM, Richard Stovall <[email protected]> wrote: > **** > > I chose to build a new system so it would be small and silent rather than > use an old computer lying around the house.**** > > **** > > I went with:**** > > **** > > Intel D2500CCE fanless mini-ITX motherboard (Dual core 1.86 GHz Atom CPU > with dual Intel NICs onboard)**** > > **** > > 4 GB RAM**** > > **** > > 128GB Vertex 4 SSD**** > > **** > > It has been in 'production' for a couple of weeks now, and is stable and > very fast. I also really like having the content filtering and > antivirus capabilities of a UTM firewall at home.**** > > **** > > The management interface is a little weird at first, but you get used to > it.**** > > **** > > I demo'ed the software in a VirtualBox VM for a week or so before pulling > the trigger on the hardware expense.**** > > **** > > If anyone is interested, the page at Sophos describing the offering is: > http://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx > **** > > **** > > **** > > On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff <[email protected]> wrote:**** > > Our Sidewinders are EOL at the end of April, and my manager doesn't like > them. > > He's a Cisco bigot, and wants ASAs in here. > > I'm fighting him to at least take a look at the Palo Alto platform, or > perhaps the newest iteration of the Sidewinders (which are now called > McAfee Enteprise Firewalls). > > That's an interesting tip on the Sophos solution. What did you use for > the hardware? > > Kurt**** > > > On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall <[email protected]> > wrote: > > I was going to suggest using the SonicPoint solution from SonicWall, but > > you've got Sidewinders, don't you? > > > > Does McAfee have anything like SonicWall's wireless solution where it's > all > > managed from the firewall? > > > > PS Sophos has this too, and they give their UTM firewall away free for > home > > use. Just bring your own hardware. I just switched to this the other > day > > and love it so far. I should write a blog post about it. (But then I'd > > have to create a blog...) > > > > > > On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff <[email protected]> wrote: > >>**** > > >> All, > >> > >> Quite some time ago, I set up an unsecured guest VLAN in our network, > >> providing wireless access to all of the sundry devices that staff and > >> visitors carry. I set up a small FreeBSD machine to serve IP addresses > >> via DHCP, and that was dead simple. > >> > >> It is a layer2 VLAN, traversing our backbone, and terminating on our > >> corporate firewall. > >> > >> However, there are now other tenants in our building, and the subnet > >> is getting too much bandwidth and address consumption - the range I > >> set up is completely filled, and the VLAN is consuming about half of > >> our Internet pipe, which is far too much for my comfort. > >> > >> I suspect the other tenants are leeching. > >> > >> What I've read of captive portals seems to indicate that the portal is > >> part of the firewall. I could be wrong about that, though. Regardless, > the > >> corporate firewall will not be allowed to be part of this solution. > >> > >> The only other alternative I see right now is to set up a password on > >> the SSID, and have the front desk hand it out to guests, after mailing > >> it to staff, and I'm getting pushback on that from my manager. > >> > >> Does anyone have some ideas I could pursue on this? > >> > >> Thanks, > >> > >> Kurt > >> > >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >> > >> --- > >> To manage subscriptions click here: > >> http://lyris.sunbelt-software.com/read/my_forums/ > >> or send an email to [email protected] > >> with the body: unsubscribe ntsysadmin > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to [email protected] > > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > **** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > **** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > **** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > **** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ** ** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
