I want to talk about a fun fact concerning my blog statistics: Since a few years I have some “CLI troubleshooting commands” posts on my blog – one for the Palo Alto Networks firewall and another for the FortiGate firewall from Fortinet. If you are searching on Google for something like “palo alto cli commands” or “fortigate troubleshooting cli” my blog is always listed amongst the first 2-4 results.
But for some reasons the article for Fortinet has much more hits. I don’t know why but I have two different ideas. What do you think?
Let’s have a look at the stats. Following are two screenshots from my Google Analytics widget over 90 days that show about 12k views on the Palo and 22k views on the Forti blogposts. The averages per day are about 132 views for Palo while 246 views for Forti.
So, how can we explain these differences?
Interpretation 1: Fortinet has more firewalls out there
This might be obvious: If Fortinet sells more firewalls around the world, more admins must troubleshoot them, hence more views. Simple result: Palo Alto has not sold that much firewalls.
But this relies on the assumption that both firewalls need the same amount of CLI troubleshooting, which is not the case, hence:
Interpretation 2: FortiGates need more CLI troubleshooting
Comparing the two “next generation firewalls” just about the troubleshooting possibilities you will see that you can gather lots of information directly from the GUI on the Palo Alto while you must use some CLI commands on the FortiGate.
You want to know your OSPF neighbors and counters? -> Palo: GUI, FortiGate: CLI.
You want to show the used ciphers for IPsec VPN sessions? -> Palo: GUI, FortiGate: CLI.
You want to find out which LLDP neighbors are connected? -> Palo: GUI, FortiGate: CLI.
And even when you are comparing the CLI commands you have to deal with get, diagnose, execute, show on the Forti while Palo Alto almost uses show . Or you can use the find command keyword ... command on the Palo to actually find your command. ;) Great feature.
Hence: My FortiGate CLI troubleshooting cheat sheet has more hits since more admins actually MUST use the CLI compared to Palo Alto.
So, what do you think? I am really interested in some other opinions. Please write a comment if you have one. And don’t take it too serious. ;) Cheers.