Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 473
  • Last Modified:

can fortinet affect internal applications?

Hello experts!

Our IT group recently installed a fortinet appliance about 3 weeks ago. Almost immediately, we had DNS problems and no one could log into a critical-mission web-based application. That was resolved, but since then, we have been having major performance issues in that, sometimes, we are unable to log in or if we can log in, a simple search that used to take 1-2 seconds now takes 4-5 minutes, if it comes back at all. IT immediately ruled out the fortinet saying that becuase of it's location and function on the network, it does not affect internal applications. Hardware, network, virus, application, disk space, and MS SQL server have also been ruled out. IT is now recommending a complete re-install including OS, IIS and application, and if that doesn't work, next recommendation is to move the app out of the the HP Blade system it has been running on to a more traditional setup of individual servers.

I am not in system administration and such, instead I'm in data warehousing, so I really don't know much about this stuff. But, it seems to me that with all other things ruled out, it is just to big a coincidence that things broke as soon as fortinet was installed. is it really impossible for fortinet to affect internal applications, even in some indirect way? Any and all thoughts are welcomed!
0
Zugarus
Asked:
Zugarus
2 Solutions
 
shalomcCommented:
try taking out the fortinet and testing before reinstalling everything :)

I assume that you speak of the Fortinet IPS. It is installed on level 2, similar to a router, and inspects all traffic based on signatures. Despite the vendor's promises to support certain amounts of bandwidth and to be transparent to the traffic, it ain't necessarily so. Especially if the appliance was not sized correctly, or if the IPS is configured for overkill.

I was not responsible for the Fortinet in my previous job, but it took time and 3(!!) resizing sessions to make it work right.

Demand from IT to take out the fortinet BEFORE reinstalling everything.
0
 
giltjrCommented:
It can.  Assuming you have a IPS and it is in-line you can image it as police check point on the road.  Every car must stop and be checked out.  It will back traffic up.  Now a properly sized and tuned IPS will add a very small amount of overhead and done correctly will not add any noticeable about of time to the end user's response time.

Do NOT allow IT re-install everything or move the server off of a blade yet.

Which Fortinet do you have?

Did it replace something else?

    If it replaced something else, was it in-line or out-of-band?

Where there other changes made?  

    New version of the application deployed?  
    New data loaded into the database?


If they are pushing moving away from blades to "traditional servers" then I would question everything they say.  Blades are just like "traditional servers."  The only difference is the physical connectors into the rest of the environment.  I'm a real networking guy and it took me 4 hours of architectural overview to get that through to the guys that manage our distributed servers.  If you don't understand how blade servers are setup, then you tend to think they can't perform as well as stand alone.  

The only time stand alone servers perform well is when need more resource than physical the capabilities a blade server can provide.  Example: You have an application that needs 32 "processors" or needs 512GB of RAM.  A blade server can't handle that (today), so you must go with a stand alone.
0
 
ZugarusAuthor Commented:
thank you for your insight. turns out that around the same time as installing fortinet, anti-virus software was also installed on these same machines....and exclusions specific to the application were not properly set up. those were added today and performance improved tremendously.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now