Fortinet FortiProxy Reviews

The main use cases for the Fortinet FortiProxy are to segment internet access among departments, as not every department is supposed to have full internet access. This involves specifying URLs to specific departments that need to access particular URLs. I have used Fortinet FortiProxy to segment users that need access to services and URLs for daily operations.

1 Application Control

2 URLs control 

The App Control feature in the Fortinet FortiProx

1. Deep Packet Inspection (DPI):
   FortiProxy analyzes traffic at the application layer to detect applications even if they use non-standard ports or are encrypted.
2. Application Signatures:
   Uses FortiGuard’s application signature database (constantly updated) to recognize thousands of applications.
3. Policy Enforcement:
   You can create policies to Allow, Block, Monitor, or Shape (QoS) based on application type, category, or specific apps.

For me it may be the wildcards for urls whitelist or blacklist, somehow the page loads.

Aside from that there no other..

I have worked with the solution over the years.

It’s very stable.

I did not switch but I have worked with other proxy services from the competitors, like Barracuda.

No it’s just based on what the customer want..

My advice to others who are considering Fortinet FortiProxy is that it is seamless, easy to use, and quite straightforward. On a scale of 1-10, I rate this solution an 9.

The main use case is to protect internal enterprise users in an enterprise network. Users from different departments such as finance, IT, and sales who want to access the internet, search social media, or visit websites are protected from potential threats when using Fortinet FortiProxy. It allows adding antivirus and provides visibility over users' internet activity, enabling actions to be detected and controlled.

The most valuable feature is intrusion prevention (IPS) and antivirus profiles. These features help control user activity, ensuring that they access only permitted websites and protects from downloading viruses.

One issue is the limitation in using Fortinet FortiProxy for remote users, as it requires users to be members of the Active Directory. Additionally, the VM version is buggy and shows IP addresses instead of usernames. The on-premises version is more reliable.

We have been using it for about four years for our client in the Saudi region.

The hardware version is stable, but the VM version is not stable and contains bugs that cause issues.

Customer service and support are good, but they are not excellent, especially with major issues where time is critical.

Positive

The setup is easy and similar to FortiGate, which many find user-friendly and does not require significant effort to implement.

Fortinet FortiProxy is much cheaper compared to other products like Cisco, Palo Alto, and others. It is reasonably priced and user-friendly.

Before implementing Fortinet FortiProxy, study your enterprise architecture and know your needs. Consider using the hardware appliance instead of the VM to avoid bugs. Evaluate whether FortiProxy or FortiGate meets your needs, particularly if your business is on the cloud.

I used Fortinet FortiProxy as a network security engineer to help configure it for a client's environment.

I liked the tool's ability to provide detailed access control. For example, we could allow users to watch YouTube videos but not post comments. This level of control wasn't available in FortiGate.

It effectively protects against web-based threats through its application control and ability to block specific applications. I also appreciated its caching capabilities.

Integration with existing infrastructure was generally easy, especially if you had tools like LDAP. However, I had to go through a lot of documentation as it was my first time working with a proxy server. We did experience some issues with certain web applications not working properly after implementing Fortinet FortiProxy.

The documentation could be improved. I had to use external YouTube videos to figure out some configurations.

I have been using the product for three months. 

I haven't encountered any stability issues. 

The product is scalable, with different configurations available based on the number of users.

We did contact support once for an issue with a web page not working properly. Their response time varied, possibly depending on workload.

For reporting, we used FortiAnalyzer to analyze logs from one centralized location. 

Overall, I'd rate Fortinet FortiProxy an eight out of ten based on my short time using it. The user experience is good, similar to FortiGate.

I wouldn't universally recommend the tool to others - it depends on the company's use case. FortiGate already has most of Fortinet FortiProxy's capabilities, so it might only be necessary if you need something focused specifically on web traffic.

I use the solution in my company for our firewall, for searching the web, and to secure our campus LAN.

The solution's most valuable feature is that it is the best tool I have used. It is also the best product I have used if I consider the tool's response time and management efforts.

The only problem is that my company is right now in a country with French as the language, and I see that the solution's interface is not in French. In my company, we have to translate some words into French to understand what a word means or what certain parts can do in the tool. It is not easy to know what some words are since we are a country using French as a language. It is not easy for us to know what features a component can do. It would be good for our company if we could have the tool interface in French.

I have been using Fortinet FortiProxy for eight years.

It is a really stable solution. It does not go down without some shortcut. Everything is there in the tool.

In my company, around 20 engineers support the system. The company can have maybe 600 employees.

I have never spoken to the solution's technical support because I use it as an end user. When we have some trouble with the tool, we contact our provider.

The product's initial setup phase is easy.

The solution can be deployed in a week.

I don't know about the tool's price, but it is not too hard to buy the equipment or its components. It is not too much of a hassle. Our job is to manage and deploy the tool.

I don't know why my company chose the tool, but it may be because it is a leading management tool. I know they say it is more efficient to use Fortinet than another component or equipment.

It is good to use since its unified management system is really easy. If you have some knowledge of English, you can easily use it without any problem, beginning from the deployment to the execution. Only basic knowledge can help you to use it.

I rate the tool an eight out of ten.

The primary use case of FortiProxy for my client is to serve as a proxy that prevents internet-borne threats from reaching users, ensuring a secure browsing environment. Coupled with seamless authentication through the Fortinet Single Sign-On (FSSO) feature, it provides robust protection without disrupting the user experience. This combination of security and convenience makes it an essential solution for safeguarding the client's network. 

Fortinet FortiProxy has significantly improved my client's organization, particularly with the Fortinet Single Sign-On (FSSO) feature. FSSO has streamlined the authentication process, allowing for a seamless user experience by automatically identifying and authenticating users without manual intervention. This has not only enhanced security but also eradicated the need for maintaining user accounts manually, saving time and reducing the likelihood of errors. The integration and automation provided by FSSO have led to more efficient operations and a better overall user experience.

FortiProxy offers several valuable features, with granular access control on web surfing being one of the most notable. This feature allows administrators to define detailed policies that control how users access the web, ensuring that browsing is aligned with organizational security policies.

Granular access control includes the ability to filter content based on categories, block specific websites or URL patterns, enforce time-based browsing restrictions, and apply different policies to different user groups or devices. This level of control not only enhances security by preventing access to malicious or inappropriate content but also optimizes bandwidth usage by restricting non-essential browsing. Additionally, it provides visibility into user activities, enabling detailed reporting and auditing, which is crucial for compliance and monitoring.

FortiProxy could improve by addressing bugs in policy testing and blocking, which are particularly challenging in large organizations with numerous policies. Enhancing policy management tools, such as better policy testing, organization features, and more intuitive debugging, would make it easier for administrators to track and configure policies effectively. These improvements would streamline operations and reduce troubleshooting time in complex environments. FortiProxy could benefit from an improvement in the web rating feature by introducing a enhancing local priority. This would allow organizations to prioritize their own internal web ratings over cloud-based or global ratings, ensuring that specific content aligns more closely with the organization's needs and preferences.

Additionally, Improvements in web categorization accuracy and customization would enhance the ability to filter content effectively

I have been using the product for two years. 

I rate the solution's stability a six out of ten. 

I think Fortinet's support is quite remarkable, but they have their SLAs and methodology of support. It depends on the problems you are facing. I would rate their support as eight out of ten.

Positive

Deployment ease depends on understanding on your requirements. If you know what you need, it can be deployed quite easily.

The client found the Fortinet's secure web gateway  worth its money. 

Price-wise, Fortinet FortiProxy is moderate - not the highest among competitors, but not cheap either.Additionally, the licensing model, currently based on a per-user structure, could be optimized to better suit different organizational needs.

I suggest planning and understanding your network architecture for first-time users first, then choosing the right deployment mode to use Fortinet FortiProxy. It has add-on features like client browser isolation and DLP that can protect an organization from serious threats.

It's easy for beginners with two to three years of networking experience to learn. Integration with the current IT workload depends on whether you're in the Fortinet ecosystem (security fabric). Integration with Active Directory for single sign-on is easy if you understand how AD works.

Overall, I'd rate Fortinet FortiProxy six out of ten. It can still be used as a secure web gateway compared to competitors' innovations.

Its primary use case is serving as a web security gateway.

One of its standout features is its exceptional user-friendliness. It seamlessly integrates with various security products, enhancing threat intelligence and improving indicators of compromise. In terms of security, it collaborates with leading security companies like Trend Micro, Forcepoint, FireEye, and others to bolster threat intelligence.

For IT administrators and managers, the reporting features are the main issues that should be addressed in order to improve the performance, security, and effective utilization of the product. As per the experience of my team and customers, this feature should be improved.

We have been using it for two years.

It is a reliable product, but there have been instances where we encountered certain challenges. For example, during peak usage times, when the licenses are based on token users but the user sessions surge significantly, we faced issues. In such situations, when attempting troubleshooting, including running debug commands, we encountered a specific challenge with the firmware's stability. We discovered some bugs in that firmware version, leading to occasional crashes. Consequently, during peak hours, as we executed troubleshooting and debugging steps, our FortiProxy encountered issues and went into a critical state, requiring a restart from the backend, typically through Hyper V or the Hypervisor. Presently, the firmware is much more stable, and we continue to use it without major issues. I would rate it nine out of ten, as it has proven to be highly stable in its current state.

While it has been deployed effectively in a virtual environment with an active topology, it faces challenges when user numbers increase significantly. In situations where there is a substantial user base, it might not meet the user's requirements and usability expectations.

The support is available around the clock and it consists of highly knowledgeable and product-savvy individuals who are adept at assisting. They quickly grasp the nature of the issues presented to them and, within a few steps, are often able to identify both the root causes and potential solutions. This level of competence and responsiveness makes for excellent support, and I am thoroughly satisfied with the provided assistance.

Positive

The initial setup process is quite straightforward. When dealing with virtual machines or hardware appliances, you simply need to deploy the system and configure the necessary interfaces. It starts by configuring the incoming LAN interface and the outgoing interface and then proceeds to set up DNS, explicit proxy, and various proxy features, including vulnerability management. If you're using an extensive proxy setup, you also configure the IP for web proxy and analytic proxy. Following that, you establish policies and handle other network-related settings such as routing and switching.  While the initial setup is straightforward, it can become more complex as you integrate additional features and services over time.

It is a virtual machine specifically deployed within a Hyper-V environment. I have had the opportunity to deploy it in the banking sector, actively participating in operational activities, which included troubleshooting numerous cases.

It offers a more cost-effective solution than alternatives like FortiMail, FortiGate, and various Barracuda devices.

Our organization works both as a user and deployer of this product. The primary reason our customers opt for FortiProxy is because it not only fulfills their web security requirements but also offers a rich set of features that many other products do not provide. It encompasses content filtering, threat intelligence, WAN optimization, VPN tunneling (including IPSec and SSL VPN tunneling), and functions as a firewall, including a web application firewall and gateway firewall. It even includes features for configuring Active Directory settings and integrates sandboxing capabilities. When a threat originates from outside sources, the system sends the file to a cloud sandbox for examination. If the file is deemed clean, it proceeds; otherwise, it halts and neutralizes the threat.

Overall, I would rate it eight out of ten.

We use the solution to allow any application to access the proxies and policies.

We can use Fortinet FortiProxy configuration for your network. We can use both a graphical user interface and a CLI.

I have been using Fortinet FortiProxy for two years.

A very large number of people are using the solution.

The solution’s initial setup is easy.

The solution is neither too expensive nor very cheap.

I would recommend the solution to other users for safety purposes. It will not take much time for a new user to learn to use Fortinet FortiProxy.

Overall, I rate the solution a nine out of ten.

It provides web application security, email getaway security, and wireless security. It ensures secure connectivity downstream and upstream while helping to enforce web access policies, protect against web-based threats, and inspect encrypted web traffic.

I appreciate that it provides granular application control and DNS filtering to protect against sophisticated DNS-based threats, such as DNS tunneling, server identification, and domain development. It helps to secure the networks at the DNA level and ensure proper identification and filtering of DNS traffic.

Its web filtering capabilities could be improved. It utilizes FortiGuard to detect and prevent credential threats, phishing attacks, and botnet attacks, but it still requires certain updates and enhancements in reducing false negatives and filtering features. FortiProxy has an intrusion detection system but lacks an intrusion prevention system, which is typically found in FortiGate. It can detect attacks like SQL injections and algorithm manipulation using signatures, but to prevent such attacks, it needs to cooperate with other tools.

I have been using it for the last three years.

The stability depends on factors such as storage, networking interface, and memory.

I would rate its scalability features seven out of ten.

They offer excellent technical support through their continuous availability. They provide different levels of support and efficiently address customer cases, with a significant level of reliability and dedication. I would rate it seven out of ten.

Neutral

Fortinet FortiProxy stands out in terms of synchronization and providing a single pane of glass solution. When used in conjunction with FortiGate at the network edge, it offers features like single sign-on, and certificate management which are not typically available in other products and solutions. By integrating multiple Fortinet products, FortiPRoxy ensures holistic security and seamless synchronization. Its FortiManager and FortiAnalyzer features provide enhanced administration and comprehensive reporting capabilities.

The initial setup is relatively easy, as it primarily depends on identifying the copiers based on the current network usage and available connectivity downstream. Implementing features such as data loss prevention, intrusion prevention, and application control should be straightforward, depending on the network configuration.

It can be considered expensive, with a limited lifespan and support that eventually requires updating to newer solutions. In terms of private and public cloud deployment, it is more affordable. Compared to competitors in the web security market, it offers good value for the quality of the product. I would rate it six out of ten.

It is a suitable solution for deployment in various corporate institutions, banks, and government organizations due to its advanced features and scalability. It can be used in hybrid cloud environments and as a managed service, catering to different user requirements. I would rate it seven out of ten.

We use Fortinet FortiProxy for traffic inspections from a terminal side. 

The tool's most valuable feature is traffic inspections. 

Fortinet FortiProxy should integrate AI/ML technologies. Its pricing needs to be more flexible. 

I have been using the product for three months. 

I rate the tool's stability a ten out of ten. 

I rate Fortinet FortiProxy's scalability a ten out of ten. 

The technical support's quality and response time are good. 

The tool's initialization takes two weeks. However, customization can take around three months. 

The tool's pricing is in the middle. 

I rate the solution an eight out of ten. 

The most valuable features of Fortinet FortiProxy are its simplicity and performance.

Fortinet FortiProxy should improve by adding more documentation and guides.

I have been using Fortinet FortiProxy for approximately seven months.

Fortinet FortiProxy is scalable. My client has approximately 2,000 users using it.

The technical support is good and it is better than Forcepoint.

I rate the support from Fortinet FortiProxy a nine out of ten.

Positive

Fortinet FortiProxy is simple to implement.

This is a new solution in the market. I have not used it very much.

I rate Fortinet FortiProxy a nine out of ten.