[Webinar] Learn how to a build a cloud-first strategyRegister Now


Cisco 1841 vs Fortinet 100

Posted on 2007-08-06
Medium Priority
Last Modified: 2013-11-05
Experts, we are in the process of moving from a ADSL line to full Internet T1 line.  Currently we have a Business Class ADSL line with a maximum download of 1.5, but since we are now been doing some VPN Connections to some remote offices and remote users we would like to move to a Full T1.  We currently have a Fortinet 100 that I am very familiar with its integrated FW, AV, IPS, VPN, Web Filtering, and SPAM Fortiguard service. The ISP provider that is offering the new T1 wanted to sell us a new 1841 Router.  We have an 1841 Router that we can use for this connection.  What are the advantages of upgrading the IOS of the 1841 from IP Base to Secured Advanced and placing the Router as a Gateway Firewall and VPN Router?  Is the performance better on the Cisco Router versus the Fortinet 100?  What would be the advantage if any to make the switch.  Will it allow us to do port forwarding?  Now if we just need a Router to make the connection to the ISP's T1 line then I would just make the 1841 a router and not implement the Firewall and VPN software and still use my Fortinet 100 as my firewall.  I have been looking all around the net to see if I can find a comparison between these two models.  Any input would be greatly appreciated!
Question by:scopeortho
  • 2
  • 2
LVL 29

Expert Comment

by:Jan Springer
ID: 19646894
My suggestion:

If the Fortinet does want you want, has no open security vulnerabilities and protects your network, use the 1841 just as a router.

I am a fan of the 1841 with both IP Services and as a firewall but I also suggest that people use technology that they have and are familiar with.  The Fortinet offering AV and anti-spam is a plus.

And, if the ISP wants to manage the 1841 for you, definitely keep the firewall software off of it.  That should be internal to your company.

Author Comment

ID: 19648278

Thanks for the response!  I see no problem with adding more "Defense in Depth" by configuring the Firewall on the 1841.  In fact I believe that would be a plus for the company in case we would need a DMZ Zone.  Have the 1841 with Firewall and IPS enabled and then have the Fortinet 100 Firewall for our corporate private network.  I think that is added security.  How would you rate the Firewall and the IPS on the 1841?  Is the IPS an updated configuration by Cisco or do you manuall configure your traps?

I just wanted to know if the Cisco 1841 was better than the Fortinet 100 but since the 1841 does not offer AV and Anti-Spam, then I will keep that as our gateway Firewall.  So I was thinking to have the Network like this:

1841 W/FW and VPN
Fortinet 100 FW
Corporate Network

What is your input?  And what is your experiences with the 1841 as a FW GW and VPN Router?

LVL 29

Accepted Solution

Jan Springer earned 500 total points
ID: 19648548
if you were to do:

                               Cisco 1841
                                |                 |
                             |                      |
                         DMZ            Fortinet

it would make more sense.  i personally like the physical and logical layer separation.

the 1841s have performed very well for me in all aspects.  as a vpn router, i've configured both dynamic and static vpns.

the  only thing to watch out for is double-nat -- avoid it (tho I've done it and it can work depending upon your corporate use).

ips signatures can be updated dynamically.  here's a good link that further explains how cisco ips works (read the part about the IPS config determining which signatures to load):


and, I'm going to take back my statement regarding AV -- Cisco does offer NAC but I've not used it.

overall, I'm very please with this device and the features offered.  I haven't tried the web-based SSL vpn but am planning on doing that in the near future.

did I hit all of your questions?

Author Comment

ID: 19648600
You got all of my questions...

Thanks for the insight jesper!  Great input!  I will take the double NAT into consideration when deploying!  If I have any problems during roll out you'll probably see another posting in EE!


Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question