Fortinet’s Key Competitive Advantages against Cisco PIX
· Fortinet provides a total security solution offering protection from network layer attacks (DoS, DDoS, IP Spoofing…) to application layer attacks ( Anti-Virus and content scanning, URL filtering, and email SPAM protection ) and offers higher VPN performance across the entire product line. This is done all from the same ASIC based hardware platform.
· For the Cisco PIX to offer similar layer 3 to 7 security, the customer must purchase a separate IDS solution such as Cisco Secure IDS and use a third party solution for URL filtering and content scanning. This means the customer must manage multiple boxes as opposed to managing a single Fortigate Antivirus firewall.
· Fortinet offers a much richer and more robust set of features and functionality that offers a complete network security solution compared to Cisco’s Firewall-VPN only solution.
a. o Network-based Antivirus – Scans or blocks files in both incoming and outgoing traffic for worms and viruses
b. o Content filtering – Blocks by keyword, URL, cookies, and other malicious scripts
c. o IPS/IDS – Application protection from 1300+ attacks and growing, Fortinet has a dedicated team scanning the internet for the latest attack signatures to update the attack database
d. o Integrated Antispam protection
e. o DoS and DDoS – ASIC powered Fortigate AV firewalls offer high session ramp rates to protect against denial of service attacks
f. o Firewall virtualization to protect multiple network segments - Lowers the total cost of ownership when firewalling at the core of the network or securing multiple DMZ’s. Ideal for Web hosting, large enterprise and service providers ***Note: the PIX does support VLAN tagging and the creation of separate policies based on the VLAN tag information, but it does not offer separate virtual domains that Fortinet offers.
g. o Traffic management for time sensitive applications such as VOIP and streaming media
h. o Breadth of product line – Fortinet offers 13 Fortigate products which scale from the SOHO to the Service provider market
i. o High Availability – Fortinet offers stateful failover for firewall and VPN sessions. The PIX offers stateful failover for only firewall sessions
j. o Transparent mode operation – Available across entire Fortigate product line. Offers seamless installation of Fortigate system into existing networks
k. o FortiManager – Network Management appliance that can centrally manage up to 5000 Fortigate Antivirus firewall systems
l. o Logging – Fortinet offers detailed logs and reports supporting Syslog, Webtrends and Fortinet’s FortiLog and FortiReporter Security analyzers which have over 400 pre-defined report templates
VPN throughput – FortiGate Antivirus Firewalls 3DES performance is up to 3 times faster than the Cisco PIX series with the accelerator card. Superior price/performance most noticeably on the high end – 3-5 times difference between FortiGate units and Cisco PIX. ***Note: to manage the PIX securely using SSH, SSL or IPSec a DES or 3DES-AES license must be purchased as this is not included with the base price of the system.
A leader in the enterprise and service provider router markets; Cisco leverages its large base of existing enterprise and service provider customers and distribution channels to sell the PIX series of firewall protection appliances. Its reputation is strongest in the enterprise market but it also positions its high end products for service providers and Telco’s.
The PIX series are plug and play firewall appliances that include stateful inspection firewall protection,standards-based IPSec VPN, and intrusion detection. The PIX Firewall series includes a range of products for small/home offices, small to large enterprises, service providers and Telco’s.
Both the Fortinet and Cisco product lines span SOHO to service provider performance needs, but Fortinet offers a more complete security solution by providing application level services such as content filtering, and protection from AV/worm attacks, in addition to firewall and VPN protection. Fortinet Antivirus Firewalls are the only products that use ASIC-based antivirus and content filtering, providing better performance than Cisco PIX firewalls in a single, easy to manage security solution.
Target market:
Cisco may leverage its existing customer base by offering reduced prices on firewall products to customers that have purchased other Cisco equipment. This may be attractive to Cisco customers with limited budgets.
Performance/Price
Fortinet provides more functionality and better performance at lower prices consistently throughout the FortiGate family of Antivirus Firewalls.
FortiGate Antivirus Firewalls offer:
- Anti-virus/worm and content filtering
- Better content filtering including keyword, and script and cookie filtering
- Faster firewall protection and 3DES VPN throughput