• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 333
  • Last Modified:

Does a network with a fortigate 400 firewall need a router or a router/firewall between it and the internet?

A diagram of the basic setup:

T1 connection (i.e. the internet you typically see on these diagrams)
|
router about 4-6 years old (sorry about the lack of brand/model, I'm writing this from offsite, and I don't have the info at hand)
|
fortigate 400 (used as a firewall, AV, etc.)
|
Internal Network

They are ready to replace the router. They like cisco.

The Q: Is there a cisco router that would be secure on the edge of the network, or do they need a router with firewall built in (potentially making at least some of the fortigate 400 capabilities redundant)?

Added info - there are about 150 employees. there is an exchange server and two web servers behind the fortigate, and they'd like to use the new fortigate SSL VPN.

Thanks for the help. Help with style is welcome - this is a first time post.
0
youngslim
Asked:
youngslim
  • 6
  • 5
1 Solution
 
noctotCommented:
What's your budget?
0
 
youngslimAuthor Commented:
Not sure. 1K - 2K perhaps. Some of it will depend on what's appropriate.
0
 
youngslimAuthor Commented:
Sorry about the delay in answering. A different fire came up over the weekend. :-)
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
noctotCommented:
Check out the Cisco 2800 series. Probably a 2801 would work and be close to that price range. A used 2811 or 2821 would probably be more than you need and be under budget. The 2800 series should be powerful enough to replace your router and firewall. Firewalls are really just routers that are specially designed to do traffic analysis work.
0
 
youngslimAuthor Commented:
Noctot,
1. Are you suggesting the 2801 could or should replace the Fortigate firewall? the fortigate serves other functions as well. If yes, would the router handle the NAT?

2. "With the Cisco IOSĀ® Software Advanced Security feature set, the Cisco 2800 provides a robust array of common security features such as a Cisco IOS Software Firewall, intrusion prevention, IPSec VPN, advanced application inspection and control, Secure Shell (SSH) Protocol Version 2.0, and Simple Network Management Protocol (SNMPv3) in one secure solution set."

Is the above included in the router?



0
 
noctotCommented:
  The 2800 can definitely handle NAT. The advanced security feature set is a firmware upgrade but I'm sure you can purchase the router with the security feature set included.
   What other features of the Fortigate are you using? The only one I know of that a Cisco router doesn't handle is virus protection.
0
 
youngslimAuthor Commented:
The content filtering is good. They use the anti-spam in addition to a different vendor on their exchange. (same story for AV)

0
 
youngslimAuthor Commented:
I'm about ready to close out this question. Appreciate the help so far.
I'm going to suggest they leave the fortigate in place because they like it, know it and use its features, and purchase a a Cisco 2800 model t(probably the 2801) to replace the current router.

Can they continue to use the fortigate vpn or would they be forced to switch to the one in the cisco router. Any last thoughts?
0
 
noctotCommented:
  If you just want to replace the router then the 2801 is a perfect choice. They should be able to continue using the Forigate exactly as it is with no configuration changes whatsoever. Just make sure you are very clear on the router-to-be-replaced's config as you will need to recreate it in the Cisco.
0
 
youngslimAuthor Commented:
Thanks for all your help.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now