I've updated the firmwares at work a couple of days ago. Seems never ending of these security issues. One of the reasons why I shutdown SSL-VPN back in December and glad I did. What kills me why the web part is accessible to the internet when my users don't need to use it long as they have the client installed? There is no way to turn that part off without turning off SSL-VPN entirely. Fortinet needs to spend more time going through their code vs just releasing new features for the sake of marketing. I'll be investing more into pfsense for our Enterprise environment.
I'm a fortinet fan, but I'm getting fed up with these lack of response to obvious CVE failures on the part of FortiNet. I appreciate you Tom for shining more light on these problems.
Tom, you said it "the history speaks for itself". Awesome video and thanks for your input. As far as I am concerned, every Fortinet customer is just a future Netgate/pfsense customer.
Honest question, because I'm not familiar with netgate/pfsense but is there a solution for a centralized management of 50+ productive sites in an enterprise environment? For example to centrally manage 1000+ firewall rules which need to be pushed to remote firewalls?
haha oh man, I just commented elsewhere that we ditched Fortinet back in 2014 because I was fed up with the memory leaks ... and we switched over to pfSense 😎
Brave video to put out. The networking subreddit loves Fortinet and god help you if you post anything negative there. That being said being security conscious means acknowledging when a vendor does a really crap job. Fortinet does a really crap job. This is an objective fact. Nevertheless great video
When’s the last time you posted in the networking subreddit? Last I checked you were dog piled for mentioning anything outside of Cisco or Palo. Sysadmin subreddit is the real deal
I just love when people buy this expensive appliances just to get hacked, stick with open source, is cheaper and at least you have a lot of eyes on it.
People who love to have every single network component from the same brand, because it saves a lot of time and money. These latest vulnerabilities are ridiculous, but people here dont really understand the benefits of Fortinet and are just saying "just use pfsense or palo" and join the general bashing even though they have never really worked with these Fortinet products at all.
Im a Forti-Fan as well... This video saddens me though, SSL VPN, BIG CVE... AGAIN... I very much hope Fortinet comes to similar conclusions RE:Code Base Audit starting with all world facing services their devices can host.
This anecdotally reminds of that time, when Netgate added wireguard support in 22.05 (AFAIK). When it was discovered that the code for the wireguard package wasn't up to the industry standards, Netgate removed it altogether for a major rewrite, and re-released it much, much later. Interesting that Netgate could do this, albeit being a smaller player than Fortinet.
So I deployed about 18 of them last Friday. The literal day this CVE came out. Physically drove out to all the sites, replaced onsite stuff, installed, etc....only to drive back to the office and get a CVE notification a few hours later. Sometimes, you're just cursed. 🤣
@@xephael3485 yeah I can and did - it's just the timing of having everything in "perfect" condition - and by the time I get back, they all needed patching.
No Firewall is perfect, but some are alot less not perfect than others, amazing how many people will just blindly say X is best and you shouldn't use anything else
As someone that works with Fortinet products regularly, you are spot on Tom. There is an established history and they need to mitigate it by doing a code audit.
Indeed. Im working with Fortinet products as well, and its really shame how they behaved last time regarding security. They are announcing great financial socres that they hit every year, but they cant properly secure theirs products. Hope its gonna change
Tom, you forgot to wage in on whether the company is lead by marketing or developers. That’s could be their root problem. SSE is all the rage (diluted from SISE)and I’m sure Forti don’t want to lag behind!! I can hear the marketing team, but Palo Alto is doing this, but Cisco is doing that!!!
This is the exact same problem with Checkpoint. You will see bugs fixed and later reintroduced. For e.g. r80(bugs found) > r80.1 (bugs fixed) > r80.2 (bugs reintroduced). I agree with you - these large companies have the budget and should be able to rewrite the code, but profit is more important over security. When will they ever learn!!
Their firewalls are horrible so much CVE`s and their patches break stuff, they sell themselves as an all in one firewall that can do SD-WAN and security and it`s been a flop, imagine having to disable NPU due to weird site to site vpn bugs, thank god ima throw out all their firewalls soon over 50 of them.
What's good of all this, is that Fortinet is fixing it because it was exposed. So that means Fortinet's product will become even better than before - even with their history (hey, dont kid yourself: you are all still using Windows even with their track record, so you can't bash Fortinet and say it is bad). At the same time, the "other" black box vendors might seem better because they have no bad publicity and no issue found, but don't get me wrong, they probably have much worse issues than Fortinet have, but these vendors are not aware of it and bad actors are using those flaws. Fortinet's ecosystem is much more than just a periphery firewall like pfsense is, and it probably stops a lot more threats each day in the enterprise than most other vendors combined. I design and manage networks with Fortinet hardware and services, and even with those flaws that are not trivial to exploit (a thing that Tom didn't mention in his videos), your network is better protected with it then any other solution out there.
Fortigates are fine if they weren't such in a hurry to release new versions of the FortiOS without going through the proper security audits. Right now they have 4 trains of FortiOS and it's getting to be ridiculous. Like most of us Fortigate admins are getting tried of these stupid mistakes and worry if our network been compromised or not. It's happening way too often than you think.
@@markhahn0 You mean that leaving it unfixed is better? So if your car has a sensor issue that make your car consumes more gas than it should, we should leave known defectived sensor in your car, that's what you mean?
@@Traumatree don't be silly. fixing something that is broken-at-delivery is merely reaching zero after starting negative. sure, pedantically, a fix is a positive move, but it's totally different from an improvement. if you need a car analogy, imagine that you suddenly discover that your car only has three wheels. sure, you never noticed it before, but how grateful are you when they fix it?
@@markhahn0 Broken at delivery? Everything is broken at delivery and you/we/I are all alpha/beta testers for the entirely life of the products - you just don't know it. And you car analogy is kind of bad as anyone would noticed that a wheel is missing because it doesn't require advanced knowledge to find that, vs having a sensor issue that requires investigation and tests, just like the issue with Fortinet. When people are looking at something to see if it is broken, there is a higher chance that an issue might be found. And fixing it will make the product better. Not investigating a product that has supposedly no flaw is a false sense of security - and this is even worse. Now, I am not saying Fortinet is clear of all sins, and I do hit them often with their QA testing that is subpar. But the more we found issues in their products, the more they will fix them - just like Microsoft or any big software/hardware vendors that are under the scrutiny of experts, they will have to fix their mistakes if they want to remain on top.
I used to manage a fleet of fortigates and when we where migrating settings the team was like for liking setting up the PaloAlto’s and the palo would not commit . As the senior guy I would look at the issue and it was always some typo that the fortigate took and some how worked, but it was not correct. I think fortinet codes around every stupid helpdesk ticket they received. I much prefer the hard reality of Palo Alto’s . If you do something incorrect , it’s just not going to work or not even commit . This easy one thing . It was many times .
We utilize a Fortinet in the environment I manage at work. I’ve been following the VPN exploits for a period and ultimately decided to disable VPN on our firewall. Currently we utilize Rvnc to remote into our network, although this is setup by a case by case basis. It’s a temporary hold over until Fortinet addresses this properly, or we wait until our license lapses, and move to another product. Being a brand advocate has never been a positive experience, and this is just another example in a near infinite number of cases where being as such results in egg on one’s face. Thanks for the video Tom.
People are moving to 7.4 to mitigate this CVE, but 7.4 has been a nightmare for me. The admin portal crashes, various GUI bugs, and worst of all a memory leak that requires me to reboot a 400F every 3.5 days days. Performance wise it's been fine but the bugs are unacceptable
you've upgraded your productive Fortigate 400F to release 7.4.0?! Don't ever upgrade a productive environment to a .0 firmware, this means it is brand new and a lot of bugs need to be fixed first. In lab enviroments you can upgrade to a .0 version, but never ever in a productive environment!
We ditched Fortinet back in 2014, because I was just utterly fed up with the memory leaks they had back THEN. Switched to pfSense and never looked back.
@@Silu848 Normally I would never take on a .0 release, but a number of factors made us decide to take a risk and instantly regretted it. Luckily we were able to identify the bug and develop a workaround, then shared it with support
What's the point of using a firewall with a poorly written firmware? It seems to me like that's buying problems instead of solutions. You can afford to have some poorly written software inside your network (unless it results on a backdoor, of course), but not on a device exposed to the internet.
No one tool deserves any special treatment compared to any other tool, even if you're a fan. Bigg’s Law: “Don’t fall in love with your mathematical tools. They will not love you back.”
As a Fortinet customer I'm disappointed looking at all these latest vulnerabilities. It really saddens me. Tom you are right with your concerns, I can agree with you. But it also seems that a lot of people here, have not much experience with Fortinet at all, and are just bashing against Fortinet, because others do it too. What I love about Fortinet, is their big variety of different products/solutions. For example you can have accesspoints (indoor, outdoor and a lot of sepcial equipment), switches, 3G/4G/5G-routers, and much more from the same company. The fortigate acts as a manager for these products. A lot of you guys are obsessed with CLI configuring Cisco switches for 2 weeks or something. But with Fortinet, you can do a lot of basic tasks really really easy and time saving. Imagine being responsible for about 50-100 productive sites all arround the globe, with just a small team of network eingineers. You simply dont have the time to manually configure Cisco switches, Aruba APs etc. This is what I really miss from other suppliers. Nobody else has such a big variety of products for an affordable amount of money. Let the debate begin :)
Tom, Tom, Tom.... let's be serious here. No one will say that about you. (jk) I know there are people out there that don't understand you are just being informational and honest. I appreciate it! More than you know!!!
Exactly. Great products on paper, but a shockingly long history of hardcoded backdoors. That not only got shipped, but were only patched due to being discovered by 3rd party researchers. So you just can't trust them not to do it yet another time...
Like someone said, if you cannot afford Palo Alto you buy Fortinet. I'm not saying Palos don't have issues but man, all those critical flaws in FortiOS are very concerning.. wouldn't be surprised if we had another Solarwinds on our hands in the future!
Thankfully I dodged this mess because I was not using SSL VPNs when the CVEs were published, but a couple months ago I had to enable them because IPSec was being blocked everywhere for us. Guess I have to speed up our plans to migrate to Mikrotik VPNs, their new offerings are great and for a single contract renewal I can switch all our units.
Code auditting is beeing done , but as you can imagine , there's more work to be done. Especially SSLVPN is a high target as it's usually an open service towards the wan. They are working on it, but it's only a matter of time when another issue will be found though... it remains software. SSLVPN has already been changed back in 6.2 (or something) when it was using quacamole but then it had the same issues as pulsesecure and needed to be changed asap. When creating new modules you have to settle on certain dependencies , especially when dealing with multiple firmware releases. There are 4 of 5 code trains that are beeing worked on for around 100+ devices. Making sure nothing outright breaks is already hard enough. Add in the acquired products they are also streamlining to their own OS with API integration and once again making sure nothing breaks. OpenSSL also had some issues along the way, which is also used by Forti. However there is light at the end of the tunnel and the word is containerization... not going to be for a while though, but stick around. I'm not trying to defend Fortinet here, I've read trough the issue and I also agree they need to get these issues sorted asap. Trust me , they are already getting a lot of push =)
It's funny when the tool meant to protect network becomes the only risk. But still it's better than the other '***gate' company's products? which not sent any update for past few months :)
I rallyed HARD to keep our Palo Alto FWs but noooooo they're too expensive. But they were fine with dumping 3x the cost on Cisco switches and we went with Fortinet. Not a fan.
I've updated the firmwares at work a couple of days ago. Seems never ending of these security issues. One of the reasons why I shutdown SSL-VPN back in December and glad I did. What kills me why the web part is accessible to the internet when my users don't need to use it long as they have the client installed? There is no way to turn that part off without turning off SSL-VPN entirely.
Fortinet needs to spend more time going through their code vs just releasing new features for the sake of marketing. I'll be investing more into pfsense for our Enterprise environment.
I've been considering the same . Did you change over to IPsec for VPN, or go with another solution?
I'm a fortinet fan, but I'm getting fed up with these lack of response to obvious CVE failures on the part of FortiNet. I appreciate you Tom for shining more light on these problems.
Tom, you said it "the history speaks for itself". Awesome video and thanks for your input. As far as I am concerned, every Fortinet customer is just a future Netgate/pfsense customer.
Honest question, because I'm not familiar with netgate/pfsense but is there a solution for a centralized management of 50+ productive sites in an enterprise environment? For example to centrally manage 1000+ firewall rules which need to be pushed to remote firewalls?
@@Silu848I've been researching this for a few days now. The best I can find is a handful of third party services and an Ansible module
haha oh man, I just commented elsewhere that we ditched Fortinet back in 2014 because I was fed up with the memory leaks ... and we switched over to pfSense 😎
How is the ssl decrypt performance? Garbage compared to even a low end FGT.
Probably the SSL VPN developer group... That's what almost all of these critical vulnerabilities are found in
They might need to replace the entire team. Quality of staffing seem to be the problem if the vulnerabilities keep being found in the same area.
The issue is that the SSLVPN is basically a modified Apache Guacamole server. Other security vendors code their own portal.
Brave video to put out. The networking subreddit loves Fortinet and god help you if you post anything negative there. That being said being security conscious means acknowledging when a vendor does a really crap job. Fortinet does a really crap job. This is an objective fact.
Nevertheless great video
Reddit is a slum
This is youtube.
When’s the last time you posted in the networking subreddit? Last I checked you were dog piled for mentioning anything outside of Cisco or Palo.
Sysadmin subreddit is the real deal
Back door whaaaaat…? Those are major red flags
I just love when people buy this expensive appliances just to get hacked, stick with open source, is cheaper and at least you have a lot of eyes on it.
We ditched them. Terrible products with sales promises that were not met on delivery.
Seriously? who is a Fortinet fan besides Subaru?
Defense contractors, startups, others
People who love to have every single network component from the same brand, because it saves a lot of time and money. These latest vulnerabilities are ridiculous, but people here dont really understand the benefits of Fortinet and are just saying "just use pfsense or palo" and join the general bashing even though they have never really worked with these Fortinet products at all.
Im a Forti-Fan as well... This video saddens me though, SSL VPN, BIG CVE... AGAIN... I very much hope Fortinet comes to similar conclusions RE:Code Base Audit starting with all world facing services their devices can host.
This anecdotally reminds of that time, when Netgate added wireguard support in 22.05 (AFAIK). When it was discovered that the code for the wireguard package wasn't up to the industry standards, Netgate removed it altogether for a major rewrite, and re-released it much, much later. Interesting that Netgate could do this, albeit being a smaller player than Fortinet.
It is actually things like this as to why I trust Netgate a lot more than Fortinet.
So I deployed about 18 of them last Friday. The literal day this CVE came out. Physically drove out to all the sites, replaced onsite stuff, installed, etc....only to drive back to the office and get a CVE notification a few hours later. Sometimes, you're just cursed. 🤣
You should be able to update remotely...
@@xephael3485 yeah I can and did - it's just the timing of having everything in "perfect" condition - and by the time I get back, they all needed patching.
@@xephael3485you can’t charge a trip charge if you ever leave the office lol
Haha, that's hilarious - and I've been in pretty much the same position several times with Fortinet now. :D
Palo Alto aren’t much better, when you have large market share you definitely have more targets on your back.
No Firewall is perfect, but some are alot less not perfect than others, amazing how many people will just blindly say X is best and you shouldn't use anything else
As someone that works with Fortinet products regularly, you are spot on Tom. There is an established history and they need to mitigate it by doing a code audit.
Indeed. Im working with Fortinet products as well, and its really shame how they behaved last time regarding security. They are announcing great financial socres that they hit every year, but they cant properly secure theirs products. Hope its gonna change
🤡🤡🤡
@@NapojiMolerjo clown.
Tom, you forgot to wage in on whether the company is lead by marketing or developers. That’s could be their root problem. SSE is all the rage (diluted from SISE)and I’m sure Forti don’t want to lag behind!! I can hear the marketing team, but Palo Alto is doing this, but Cisco is doing that!!!
The fact that I made this video offers an answer to where their priorities are.
Nsa was the customer
This is the exact same problem with Checkpoint. You will see bugs fixed and later reintroduced. For e.g. r80(bugs found) > r80.1 (bugs fixed) > r80.2 (bugs reintroduced). I agree with you - these large companies have the budget and should be able to rewrite the code, but profit is more important over security. When will they ever learn!!
Their firewalls are horrible so much CVE`s and their patches break stuff, they sell themselves as an all in one firewall that can do SD-WAN and security and it`s been a flop, imagine having to disable NPU due to weird site to site vpn bugs, thank god ima throw out all their firewalls soon over 50 of them.
what is the new product? Palo? Checkpoint?
I am an installer. I install more Fortigates (in retail and food service) than anything else. I guess they were the lowest bidder ¯\_(ツ)_/¯
Good partner programs that have good commissions goes a long way to boost sales.
What's good of all this, is that Fortinet is fixing it because it was exposed. So that means Fortinet's product will become even better than before - even with their history (hey, dont kid yourself: you are all still using Windows even with their track record, so you can't bash Fortinet and say it is bad). At the same time, the "other" black box vendors might seem better because they have no bad publicity and no issue found, but don't get me wrong, they probably have much worse issues than Fortinet have, but these vendors are not aware of it and bad actors are using those flaws.
Fortinet's ecosystem is much more than just a periphery firewall like pfsense is, and it probably stops a lot more threats each day in the enterprise than most other vendors combined. I design and manage networks with Fortinet hardware and services, and even with those flaws that are not trivial to exploit (a thing that Tom didn't mention in his videos), your network is better protected with it then any other solution out there.
Fortigates are fine if they weren't such in a hurry to release new versions of the FortiOS without going through the proper security audits. Right now they have 4 trains of FortiOS and it's getting to be ridiculous. Like most of us Fortigate admins are getting tried of these stupid mistakes and worry if our network been compromised or not. It's happening way too often than you think.
Fixing disclosed flaws does not really make the device better.
@@markhahn0 You mean that leaving it unfixed is better? So if your car has a sensor issue that make your car consumes more gas than it should, we should leave known defectived sensor in your car, that's what you mean?
@@Traumatree don't be silly. fixing something that is broken-at-delivery is merely reaching zero after starting negative. sure, pedantically, a fix is a positive move, but it's totally different from an improvement.
if you need a car analogy, imagine that you suddenly discover that your car only has three wheels. sure, you never noticed it before, but how grateful are you when they fix it?
@@markhahn0 Broken at delivery? Everything is broken at delivery and you/we/I are all alpha/beta testers for the entirely life of the products - you just don't know it. And you car analogy is kind of bad as anyone would noticed that a wheel is missing because it doesn't require advanced knowledge to find that, vs having a sensor issue that requires investigation and tests, just like the issue with Fortinet.
When people are looking at something to see if it is broken, there is a higher chance that an issue might be found. And fixing it will make the product better. Not investigating a product that has supposedly no flaw is a false sense of security - and this is even worse.
Now, I am not saying Fortinet is clear of all sins, and I do hit them often with their QA testing that is subpar. But the more we found issues in their products, the more they will fix them - just like Microsoft or any big software/hardware vendors that are under the scrutiny of experts, they will have to fix their mistakes if they want to remain on top.
I used to manage a fleet of fortigates and when we where migrating settings the team was like for liking setting up the PaloAlto’s and the palo would not commit . As the senior guy I would look at the issue and it was always some typo that the fortigate took and some how worked, but it was not correct. I think fortinet codes around every stupid helpdesk ticket they received. I much prefer the hard reality of Palo Alto’s . If you do something incorrect , it’s just not going to work or not even commit .
This easy one thing . It was many times .
I read Fortnite
We utilize a Fortinet in the environment I manage at work. I’ve been following the VPN exploits for a period and ultimately decided to disable VPN on our firewall. Currently we utilize Rvnc to remote into our network, although this is setup by a case by case basis.
It’s a temporary hold over until Fortinet addresses this properly, or we wait until our license lapses, and move to another product.
Being a brand advocate has never been a positive experience, and this is just another example in a near infinite number of cases where being as such results in egg on one’s face.
Thanks for the video Tom.
I’m new to Fortinet. Just purchased my first FortiGate, a 40F to try out and learn from. Not sure what to think when I listen to this 🤔
That they should fix their old code
In my organization, I voted with the company wallet. Wonder if they noticed? probably not.
Not at all surprising. Typical of black box vendors.
I'm actually mass patching Fortigates as we speak.
I wish you luck!
People are moving to 7.4 to mitigate this CVE, but 7.4 has been a nightmare for me. The admin portal crashes, various GUI bugs, and worst of all a memory leak that requires me to reboot a 400F every 3.5 days days. Performance wise it's been fine but the bugs are unacceptable
you've upgraded your productive Fortigate 400F to release 7.4.0?! Don't ever upgrade a productive environment to a .0 firmware, this means it is brand new and a lot of bugs need to be fixed first. In lab enviroments you can upgrade to a .0 version, but never ever in a productive environment!
We ditched Fortinet back in 2014, because I was just utterly fed up with the memory leaks they had back THEN. Switched to pfSense and never looked back.
@@Silu848 Normally I would never take on a .0 release, but a number of factors made us decide to take a risk and instantly regretted it. Luckily we were able to identify the bug and develop a workaround, then shared it with support
@@mauirixxxcool story bro, guess you never needed any actual performance or low latency
Glad I found this! I'll be patching tonight.
I use Forti at work, but I don't use their VPN. For that I use pfsense and OpenVPN.
What's the point of using a firewall with a poorly written firmware? It seems to me like that's buying problems instead of solutions.
You can afford to have some poorly written software inside your network (unless it results on a backdoor, of course), but not on a device exposed to the internet.
Thanks very much for making us all aware about this.
No one tool deserves any special treatment compared to any other tool, even if you're a fan.
Bigg’s Law: “Don’t fall in love with your mathematical tools. They will not love you back.”
Tom what security appliance do you recommend that includes IPS and IDS?
pfsense has it, but it's very manual. Cisco Meraki offers it but it's kind of expensive.
Untangle
As a Fortinet customer I'm disappointed looking at all these latest vulnerabilities. It really saddens me. Tom you are right with your concerns, I can agree with you. But it also seems that a lot of people here, have not much experience with Fortinet at all, and are just bashing against Fortinet, because others do it too. What I love about Fortinet, is their big variety of different products/solutions. For example you can have accesspoints (indoor, outdoor and a lot of sepcial equipment), switches, 3G/4G/5G-routers, and much more from the same company. The fortigate acts as a manager for these products. A lot of you guys are obsessed with CLI configuring Cisco switches for 2 weeks or something. But with Fortinet, you can do a lot of basic tasks really really easy and time saving. Imagine being responsible for about 50-100 productive sites all arround the globe, with just a small team of network eingineers. You simply dont have the time to manually configure Cisco switches, Aruba APs etc. This is what I really miss from other suppliers. Nobody else has such a big variety of products for an affordable amount of money. Let the debate begin :)
And none of that matters if you get hacked because of their poor security practices.
Can I join your team?
thanks for the updates
Reminds me of print nightmare (Windows), one patch after another.
Microsoft really fumbled all over the place with that patch.
Fortinet is cheap and their training is free. That's why it's popular.
Don't forget their $partner $program
Cisco provides free training as well, better quality too with their skills4all platform.
at this point im just tired... can sslvpnd be salvaged?
I feel they have the resources to rebuild it, here in June 2023 they have a market value of $54.24B
Tom, Tom, Tom.... let's be serious here. No one will say that about you. (jk) I know there are people out there that don't understand you are just being informational and honest. I appreciate it! More than you know!!!
These are the least of their issues. Do you have any idea how many MSPs still have 60D units sitting in production.
Exactly. Great products on paper, but a shockingly long history of hardcoded backdoors. That not only got shipped, but were only patched due to being discovered by 3rd party researchers. So you just can't trust them not to do it yet another time...
I am, or at least was a fan of Fortinet... but lately they've been very disappointing. Magic Back Door gave me some pretty bad headaches.
That's populist IT opinion.
Only use Checkpoint, tried Fortinet was so disappointed...
Like someone said, if you cannot afford Palo Alto you buy Fortinet.
I'm not saying Palos don't have issues but man, all those critical flaws in FortiOS are very concerning.. wouldn't be surprised if we had another Solarwinds on our hands in the future!
Thankfully I dodged this mess because I was not using SSL VPNs when the CVEs were published, but a couple months ago I had to enable them because IPSec was being blocked everywhere for us. Guess I have to speed up our plans to migrate to Mikrotik VPNs, their new offerings are great and for a single contract renewal I can switch all our units.
Might be worth setting up a jump box in favor of using the VPN. Just a thought
Code auditting is beeing done , but as you can imagine , there's more work to be done.
Especially SSLVPN is a high target as it's usually an open service towards the wan. They are working on it, but it's only a matter of time when another issue will be found though... it remains software.
SSLVPN has already been changed back in 6.2 (or something) when it was using quacamole but then it had the same issues as pulsesecure and needed to be changed asap.
When creating new modules you have to settle on certain dependencies , especially when dealing with multiple firmware releases. There are 4 of 5 code trains that are beeing worked on for around 100+ devices. Making sure nothing outright breaks is already hard enough.
Add in the acquired products they are also streamlining to their own OS with API integration and once again making sure nothing breaks.
OpenSSL also had some issues along the way, which is also used by Forti.
However there is light at the end of the tunnel and the word is containerization... not going to be for a while though, but stick around.
I'm not trying to defend Fortinet here, I've read trough the issue and I also agree they need to get these issues sorted asap. Trust me , they are already getting a lot of push =)
Everytime I see a notice about a security applicance with flaws its always Fortinet.
Every time I see trust on a car is a Toyota. See the problem?
It's funny when the tool meant to protect network becomes the only risk.
But still it's better than the other '***gate' company's products? which not sent any update for past few months :)
This software is a bad joke. Critical CVE and no response.
I rallyed HARD to keep our Palo Alto FWs but noooooo they're too expensive. But they were fine with dumping 3x the cost on Cisco switches and we went with Fortinet. Not a fan.
You can pretty safely pronounce XOR as "zor" btw. 😊
Never heard it pronounced zor throughout all my cs/math classes ;) not saying you can't but x or is definitely not wrong
@@ironfist7789 I didn't say it's wrong, just that zor is easier.
Magic string? How laughable! If I were a custome, I’d cry.
Fortinet firewalls are a waste of money…
“Fortie net” 😂
Is it pronounced fort-e-net, if so I've been doing it all wrong.
I have been pronouncing it "Box of Bad Code" for a while 😜
Tom! It‘s called FortiNOT… 😂
Fortiknot?
if you would choose between Pfsense and fortinet which appliance will give more security features and less CVEs
You know the answer: bugs are proportional to features.
Can you really use Pfsense for enterprise usage?
😂😂😂