After unboxing and starting two Fortigate 100E firewalls the following things failed. Fortinet should really work on QA I think:
- When starting the Webgui for the first time the box asks to register or login to activate the box. I tried to register and the box asks so many questions, doesn’t Fortinet know GDPR ? Don’t force users to enter data that you don’t need to provide your service. We are not talking about a free service that tries do sell ads. This is a paid product , I don’t want to give you information about my company the number of employs and so on.
- The registration on the box itself does not work, after filling out the form and clicking “OK” nothing happens, no error message. no response.
- After registering on the Fortinet webpage, I entered login/password, the system complained about “username password wrong”. This error message was wrong, because it actually activated the box, despite the error message.
- Then I tried to update the software (was 6.02). First the System Firmware page said there is no update. I downloaded a new version. When coming back some minutes later the “firmware” page says, that there is an update. (6.03). I installed it with a mouse click.
- Then I tried the update on the second box. Some behavior “there is no update” wait some minutes “there is an update”. But now 15 minutes after the first update it says 6.04!
- Start over with the first box. Which says there is not update for 6.03. This time I used the downloaded update from the Fortinet website.
- Then I tried to connect them to a cluster. I tried several settings double, tripple checked cluster name, password, percentages. No success no error messages.
- While checking back and forth, I was connected to one mgmt port directly and to the WAN side of the other box using the local notebooks WLAN. I recognized that the box connected to WAN often lost the connection. The reason: both boxes seem to have the same MAC and therefor the same IP! Two boxes not connected to a cluster have the same MAC? Fortinet, really ?
- The cluster was still not connected. No error message, no hint, until I recognized that HA1 was connected to HA2 of the second box, and the other way round. After swapping cables the cluster nodes saw each other. Why does this matter ? And if the developers think I is ok to let the sysadmins swap the cable for them, why is there no reasonable logfile information. I didn’t find any.
- Cluster was still not in sync, I had to enter a CLI execute command to activate synchronization
I work a lot with hardware from different vendors like Cisco, F5, Juniper, HP Flexfabric, Ubiquiti, Mikrotik. This user experience was the worst in the last years.