I am considering a move from Sophos AV and Sonicwall UTM to a Fortigate UTM with the endpoint AV using the Forticlient.
I am hoping there are community members with some first hand experience that can tell me the good or bad points about these devices, particularly related to the endpoint AV.
My main concerns are whether the AV is very effective at protecting against viruses and also the ease of managing the endpoint clients from the UTM.
The sales rep was not able to answer the question “If a PC has a virus, can I remove it using the UTM portal, or do I have to walk over to the PC”.
I appreciate any input the community may have.
Chris
6 Spice ups
We have 100D with full UTM and I will be honest, I don’t find it worth it. I find the throughput is affected when UTM policies are active. Haven’t had a virus come through so I cannot answer your second question, but I still think having a software based AV is preferred to a UTM at the firewall level.
I have a 60D and yes the throughput is affected, but as far as band per buck, you cannot beat it. We still run software A/V on the clients as well, but between the fortinet and the software solution we have had no instances of infection in the last 2 years.
We do not use the forticlient due to licensing costs. What I can say is that there are (as with any A/V solution) things that are not detected at the firewall level that the software component has detected (very few I might add).
I would advise not to put all your eggs in one basket and have a tiered approach to this, better detection rates from multiple detection systems.
I once had a virus go through 3 different levels (brands as well) of scanning (in the early days) and be stopped by my last ditch catchall monitoring on registry changes.
Spread your detection base for better protection.
1 Spice up
I am curious as to why you are moving away from Sophos AV? I have been very happy with Sophos over the years. I can understand the Sonicwall though 
