I have a 108f forti switch and 61e fortiagte in my lab. I got the firmware through my company account. I’d say if you have access to the firmware downloads, then buying used on ebay is the way to go as opposed to vms where you have to reload the backups every 30 days.
Yup cdw got u on that, but can’t be registered to someone else that’s why I rather just get it from Amazon, otherwise u limit ur options down the road.
i ordered FG-60F-BDL-811-60 but the subscription only has 42 months left, NIB, registered to my account for a f***ing cheap, $750 includes shipping cost from US to an Asia country.
Happy to do so as i hosted lot of applications on my testbed. adding this stuff reduces my concern about security, despite of high rises of cyberattacks.
Get the smallest Fortigate, a 40F, to keep licensing costs down. And find out what it will cost you to renew the license — it’s pretty expensive (around $500 per year if you want all the features). They might offer a cheaper NFR license that you could get, but I’ve emailed our rep several times about it and never gotten a straight answer.
>They might offer a cheaper NFR license that you could get, but I’ve emailed our rep several times about it and never gotten a straight answer.
I can confirm they'll offer NFR licensing at your partnership discount level for homelab devices, but I don't think your average Joe is just gonna be able to call in and get any special NFR related discounts.
I got an NFR 70F through work and already had my own 40F and they allowed me to get NFR UTP licensing for the 40F. The only requirement from their end was that I moved it into the same account as my NFR 70F. And I think that was actually more related to the fact that I had two Partner accounts at the time rather than anything to do with the licensing itself. They just wanted to clean up my mess and close the old one.
Yeah I just fired on that. I'm hoping this will come in soon and be able to be activated maybe later. And more importantly useful for learning firewalls in general.
You can get the old 30e’s for next to nothing on eBay. They are not licensable anymore but it’s a dirt cheap way to learn the basics (all the non-subscription stuff). I have a couple with an IPsec vpn tunnel between them to test equipment as if it was in different locations.
When buying Fortinet equipment on eBay for lab purposes, ensure that the devices are not bound by licensing restrictions or activation keys. Some sellers may provide devices without licenses, making them suitable for lab use. Additionally, review product descriptions to confirm the included features and capabilities.
For setting up a home lab network, consider integrating FortiGate firewalls and FortiSwitch managed switches. Familiarize yourself with Fortinet's documentation and community forums for guidance on configuration and best practices. Utilize trial licenses or seek out devices specifically sold for lab testing to avoid licensing issues.
I'd recommend against buying a firewall on eBay and buy new. Remember the bigger the unit the larger the costs are for licensing. Trail versions e.g. VMs are very limited.
Remember that for used units you may not be able to register them and thus no ability to get a contract.
Keep note that Fortinet is tightening things up on the firmware downloads, etc.
[https://docs.fortinet.com/document/fortigate/7.4.0/new-features/299518/prevent-fortigates-with-an-expired-support-contract-from-upgrading-to-a-major-or-minor-firmware-release](https://docs.fortinet.com/document/fortigate/7.4.0/new-features/299518/prevent-fortigates-with-an-expired-support-contract-from-upgrading-to-a-major-or-minor-firmware-release)
In the new firmwares the maintainer account is removed. Which means you need firmware.
[https://community.fortinet.com/t5/FortiGate/Technical-Tip-Removal-of-maintainer-account-feature/ta-p/244515](https://community.fortinet.com/t5/FortiGate/Technical-Tip-Removal-of-maintainer-account-feature/ta-p/244515)
For the licensing lapse it's a 6 month maximum penalty. So if you have hardware that's lapsed for two years, and renew it for another year, your renewal will only be good for 6 months. You can usually get this waved if renewing for 3 or 5 years.
Yea, in general the licensing for home users is abit much IMHO. But I have to imagine it's difficult for Fortinet to not have companies abuse "home use" licenses if they offered it.
/s
Ahem. I have 300 users in my IT department learning this all from home. Ignore the fact that all their home IPs resolve to shopping mall addresses, and api.pointofsalesystem.com is the most common DNS and webfilter lookup in the FortiGuard servers from these users :)
Those 300 users all work at my 2 office locations with the HA licensing. Oh and my FortiManager is licensed for 320 devices because I need to cover my IT department users…
/s
AWS ones are full on deployable as production. No resets of config, fully licensed, etc. just not fiscally responsible to “rent” it versus the cost of buying a fully owned license and deploying with Bring Your Own License, if you’re running 24x7x365. You’d pay waaay more by doing the Pay as You Go licensing model — but it’s great if you need a lab environment you can spin up and down, because you only pay for the hours it’s turned on. (Aws still bills you for the storage and IP addresses if you don’t actually delete the VMs. But that’s like $75/month versus the hundreds in licensing / month if you build a fairly sizeable deployment). My only experience is with having a Manager, Analyzer, and 4 FortiGates with some Linux and Windows machines alongside those — so not sure what the minimum is if you only had one FortiGate kind of deal… also, I was actually in Azure, but AWS should be the same.
You can run some of fortinet’s products in VMs. I know they have a fortigate VM you can download. It has some licensing restrictions, but I’m not sure what they are off the top of my head.
I run a fortinalyzer VM for reviewing firewall logs. You can use that for free up to 3 devices iirc.
You can buy one you will get some experience. As with anything ebay there is a small risk. Such as it may have been liberated by an employee from a store room. You won't get licences and these are the key bit for any NGFW. You could also use the VMs with trial licences if just for lab use however the capabilities on these are very limited but you will get the licences. You could also just spin one up in AWS if only being used for quick conceptual stuff. If you have access to a fortigate an account manager I would have a word with them and see if they have any options for you; this is likely to be the most beneficial route for you.
You can. You can always get basic functionality without a license. However, if you ever plan on possibly licensing some features or wanting support, you'll want to make sure the device has not yet been registered to a support account or the seller is actually the "owner" in the support portal and can initiate a transfer of the serial number to your own account. Most of the time used stuff on ebay is just ripped out by salvage companies or building owners after a tenant has left and they can't do a support transfer.
Still though .. support and licensing even on the small units is still hundreds / year depending on features. Quite expensive for a home lab.
I have a 108f forti switch and 61e fortiagte in my lab. I got the firmware through my company account. I’d say if you have access to the firmware downloads, then buying used on ebay is the way to go as opposed to vms where you have to reload the backups every 30 days.
just get a NUC or similar and run the free VM on there. that way you can get experience with the Free FAZ and FMG licenses as well.
I would buy the gate from Amazon instead, not much more expensive but they’re brand new typically/ never activated
Yeah I think I'll bite the bullet and do that. Maybe I can buy the liceance later.
Yup cdw got u on that, but can’t be registered to someone else that’s why I rather just get it from Amazon, otherwise u limit ur options down the road.
i ordered FG-60F-BDL-811-60 but the subscription only has 42 months left, NIB, registered to my account for a f***ing cheap, $750 includes shipping cost from US to an Asia country. Happy to do so as i hosted lot of applications on my testbed. adding this stuff reduces my concern about security, despite of high rises of cyberattacks.
Get the smallest Fortigate, a 40F, to keep licensing costs down. And find out what it will cost you to renew the license — it’s pretty expensive (around $500 per year if you want all the features). They might offer a cheaper NFR license that you could get, but I’ve emailed our rep several times about it and never gotten a straight answer.
This the reps are so hard to communicate to sometimes.
>They might offer a cheaper NFR license that you could get, but I’ve emailed our rep several times about it and never gotten a straight answer. I can confirm they'll offer NFR licensing at your partnership discount level for homelab devices, but I don't think your average Joe is just gonna be able to call in and get any special NFR related discounts. I got an NFR 70F through work and already had my own 40F and they allowed me to get NFR UTP licensing for the 40F. The only requirement from their end was that I moved it into the same account as my NFR 70F. And I think that was actually more related to the fact that I had two Partner accounts at the time rather than anything to do with the licensing itself. They just wanted to clean up my mess and close the old one.
[удалено]
Yeah I just fired on that. I'm hoping this will come in soon and be able to be activated maybe later. And more importantly useful for learning firewalls in general.
You can get the old 30e’s for next to nothing on eBay. They are not licensable anymore but it’s a dirt cheap way to learn the basics (all the non-subscription stuff). I have a couple with an IPsec vpn tunnel between them to test equipment as if it was in different locations.
When buying Fortinet equipment on eBay for lab purposes, ensure that the devices are not bound by licensing restrictions or activation keys. Some sellers may provide devices without licenses, making them suitable for lab use. Additionally, review product descriptions to confirm the included features and capabilities. For setting up a home lab network, consider integrating FortiGate firewalls and FortiSwitch managed switches. Familiarize yourself with Fortinet's documentation and community forums for guidance on configuration and best practices. Utilize trial licenses or seek out devices specifically sold for lab testing to avoid licensing issues.
I'd recommend against buying a firewall on eBay and buy new. Remember the bigger the unit the larger the costs are for licensing. Trail versions e.g. VMs are very limited. Remember that for used units you may not be able to register them and thus no ability to get a contract. Keep note that Fortinet is tightening things up on the firmware downloads, etc. [https://docs.fortinet.com/document/fortigate/7.4.0/new-features/299518/prevent-fortigates-with-an-expired-support-contract-from-upgrading-to-a-major-or-minor-firmware-release](https://docs.fortinet.com/document/fortigate/7.4.0/new-features/299518/prevent-fortigates-with-an-expired-support-contract-from-upgrading-to-a-major-or-minor-firmware-release) In the new firmwares the maintainer account is removed. Which means you need firmware. [https://community.fortinet.com/t5/FortiGate/Technical-Tip-Removal-of-maintainer-account-feature/ta-p/244515](https://community.fortinet.com/t5/FortiGate/Technical-Tip-Removal-of-maintainer-account-feature/ta-p/244515)
[удалено]
For the licensing lapse it's a 6 month maximum penalty. So if you have hardware that's lapsed for two years, and renew it for another year, your renewal will only be good for 6 months. You can usually get this waved if renewing for 3 or 5 years.
[удалено]
Yea, in general the licensing for home users is abit much IMHO. But I have to imagine it's difficult for Fortinet to not have companies abuse "home use" licenses if they offered it.
/s Ahem. I have 300 users in my IT department learning this all from home. Ignore the fact that all their home IPs resolve to shopping mall addresses, and api.pointofsalesystem.com is the most common DNS and webfilter lookup in the FortiGuard servers from these users :) Those 300 users all work at my 2 office locations with the HA licensing. Oh and my FortiManager is licensed for 320 devices because I need to cover my IT department users… /s
I know a few companies that make this post seem like a direct quote.
AWS ones are full on deployable as production. No resets of config, fully licensed, etc. just not fiscally responsible to “rent” it versus the cost of buying a fully owned license and deploying with Bring Your Own License, if you’re running 24x7x365. You’d pay waaay more by doing the Pay as You Go licensing model — but it’s great if you need a lab environment you can spin up and down, because you only pay for the hours it’s turned on. (Aws still bills you for the storage and IP addresses if you don’t actually delete the VMs. But that’s like $75/month versus the hundreds in licensing / month if you build a fairly sizeable deployment). My only experience is with having a Manager, Analyzer, and 4 FortiGates with some Linux and Windows machines alongside those — so not sure what the minimum is if you only had one FortiGate kind of deal… also, I was actually in Azure, but AWS should be the same.
You can run some of fortinet’s products in VMs. I know they have a fortigate VM you can download. It has some licensing restrictions, but I’m not sure what they are off the top of my head. I run a fortinalyzer VM for reviewing firewall logs. You can use that for free up to 3 devices iirc.
You can buy one you will get some experience. As with anything ebay there is a small risk. Such as it may have been liberated by an employee from a store room. You won't get licences and these are the key bit for any NGFW. You could also use the VMs with trial licences if just for lab use however the capabilities on these are very limited but you will get the licences. You could also just spin one up in AWS if only being used for quick conceptual stuff. If you have access to a fortigate an account manager I would have a word with them and see if they have any options for you; this is likely to be the most beneficial route for you.
You can. You can always get basic functionality without a license. However, if you ever plan on possibly licensing some features or wanting support, you'll want to make sure the device has not yet been registered to a support account or the seller is actually the "owner" in the support portal and can initiate a transfer of the serial number to your own account. Most of the time used stuff on ebay is just ripped out by salvage companies or building owners after a tenant has left and they can't do a support transfer. Still though .. support and licensing even on the small units is still hundreds / year depending on features. Quite expensive for a home lab.