FortiGate Next Generation Firewall (NGFW) Reviews

The solution is used as a perimeter firewall, and all traffic is routed through the appliances before accessing the Internet. FortiGate Next Generation Firewall is also used in policy-based routing. The solution has features such as IPS  and web filtering. 

Presently I am carrying out a POC to evaluate where the SD-WAN functionality of the solution can be utilized by our company. 

It's an out-of-the-box solution with impressive ratings. FortiGate Next Generation Firewall has a stateless balance proposition. The updates from the vendor ensure that the product remains up to date in terms of threat intelligence capabilities. 

I personally go through reports on utilizing FortiGate Next Generation Firewall resources, bandwidth and applications that are present in the company's environment. The product has been capable of providing the aforementioned reports for the last 280 days, and such features are highly valuable for reporting purposes. The reports provided by FortiGate Next Generation Firewall also help in analyzing the traffic condition in a network. 

When the SD-WAN is integrated with solutions like Citrix, it can appear complicated, which only tech professionals can implement. The solution should allow more user-friendly integrations or deployment. 

I have been working with FortiGate Next Generation Firewall for five years. 

I would rate the stability an eight out of ten. But recently, we needed to undergo regular patching of the network in our company, but that's probably due to increased hacking activities or attacks. At our company, we are still confident with the solution in spite of the recent breaches. 

The solution is highly scalable. I would rate the scalability a nine out of ten. At our company, we can scale the solution effortlessly for enterprise networks. There are two professional users of FortiGate Next Generation Firewall in our company. The other solutions which are being evaluated in our company are FortiNAC and Fortinet SD-WAN. 

I have received satisfying support for every issue I raised with the team. The support team is responsive and helpful in resolving issues. I would rate the customer support an eight out of ten. 

Positive

Previously, Cyberoam was used in our organization. Our company has also used Check Point to deploy a multi-layered firewall solution. Check Point has numerous partners and offers satisfying support, which makes it a formidable competitor of FortiGate Next Generation Firewall. 

There are various local partners of FortiGate Next Generation Firewall who offer effective support for the solution. 

While integrating FortiGate Next Generation Firewall in our company's infrastructure I faced an error while implementing a secure LDAP server. I had to roll back for the aforementioned issue and review the authentication certificates. 

The learning curve of the solution varies depending on the use cases and the different features the user starts interacting with within a specific environment. The initial setup of the FortiGate Next Generation Firewall can be claimed to be straightforward. I would rate the setup a six out of ten. The deployer's CLI understanding will also be a major factor in the deployment process of the solution. 

The solution's initial setup can be completed in a few days, but much more time is required to learn about the environment, evaluate the policies' interference with the services, and implement optimizations based on the insights. In total, the complete deployment takes a few weeks. 

It's an expensive solution. FortiGate Next Generation Firewall costs our company around $12000 per year. There are no additional costs involved with the product. 

I have confidence in the threat detection capabilities of FortiGate Next Generation Firewall. I haven't witnessed any downtime in the solution, even after using it for multiple years. 

An automation API integration is available with FortiGate Next Generation Firewall. For instance, the solution allows integration with CrowdStrike and Darktrace to enhance the threat intelligence capabilities. I would recommend others to use FortiGate Next Generation Firewall.

It's a reliable solution for real-time threat intelligence. In the security industry, FortiGate Next Generation Firewall is a highly praised product and I am able to embed policies for effective operation. I would rate FortiGate Next Generation Firewall an eight out of ten. 

On-premises

In a scenario where FortiGate Next Generation Firewall (NGFW) notably enhanced my customer's network performance, we discussed many points. The graphical user interface is very good, both feature-wise and technology-wise.

The effective feature in FortiGate Next Generation Firewall (NGFW) is DLP.The FortiGate Next Generation Firewall (NGFW) has the feature image of 7100 D.

In FortiGate Next Generation Firewall (NGFW), my concern regarding improvements is the licensing model. In the latest versions, everything moves to licensing only, and to work from SSL VPNs and integrate those features, it is similar across all vendors, but my main concern is the DLP part, which has not advanced significantly.Regarding the AI capabilities of FortiGate Next Generation Firewall (NGFW), these AI features are not present in the latest versions, which is why we are working on those versions. They aren't suitable in a live environment, and while AI features exist, I don't have details about their availability in versions after 7.0, as I believe only versions 6.0 and below have those features.For future improvements in FortiGate Next Generation Firewall (NGFW), features-wise, SD-WAN enhancements are expected, especially in configuration or viewing SD-WAN monitoring, as some minor enhancements would be beneficial.The complexity in configuring the policies needs improvement, and the SD-WAN template should be available in the tunnel. When we create the tunnel, we need to add in SD-WAN, allowing the creation of VPN tunnels from SD-WAN, which requires technical expertise to configure. Automating that would strongly enhance it, as SD-WAN is number one now with FortiGate, and going forward, more customers will move to FortiGate.

FortiGate Next Generation Firewall (NGFW) is recommended for various industries, and its GUI has many enhancements in the latest version, making everything good.In FortiGate Next Generation Firewall (NGFW), we are expecting the effective DLP feature with threat detection capabilities, which works with deep inspection. Some customers are not accepting to install the applications, and sometimes in the guest tunnel, content filtering should be blocked, such as domain blocking for Gmail, as users access only their particular consumer account. If they try to access personal accounts, it should be blocked, requiring configuration settings with deep inspection that needs certificates installed in all systems, which is a time-consuming process that some customers do not accept, questioning the need for installing certificates without deep inspection.The licensing model for FortiGate Next Generation Firewall (NGFW) depends on various types such as the earlier UTM license, FortiCare, and Enterprise license. The Enterprise license includes all features such as FortiManager, FortiAnalyzer, and converter. The UTM licenses include only UTM features such as AV, web filtering, application control, and IPS, while FortiCare is only for hardware.

The most valuable features we found are the SD-WAN, FortiGate SD-WAN, and the standard UTM protection, among others.

If someone doesn't have a certified or skilled technician/engineer, certain configurations, like setting up VLANs and SD-WANs, might not be difficult but can be simplified within FortiGate. The areas that might require more expertise are related to setting up VLANs and configuring SD-WANs, among others.

Therefore, the setup process could be made simpler. 

I've been working with FortiGate Next-Generation Firewall for three years. We are currently working with its latest version.

I would rate it as a nine. It is a stable solution.

I would rate the scalability a five out of ten. It is not very scalable because scalability depends on the model. For instance, the FortiEdge, which is the entry-level model (the smallest model), supports up to about 15 users. Then the next model supports up to around 30 to 40 users, and the following one supports a hundred users. The price increases significantly with more users, which can be a concern.

If I make a guesstimate, I'd say about 20 to 30 of our clients, but they all have multiple branches. So, in total, we have about 200 FortiGate firewalls deployed for our customers, spread across 20 to 30 clients.

Most of our clients fall under the medium to enterprise category. We have clients from financial institutions and big corporate organizations. It's not an entry-level solution, as it might be challenging for small businesses to afford.

Based on the support we receive from our supplier, who is a reseller or vendor of FortiGate, I would rate it at about six. Because it takes time to get support from the vendor. So it is not very fast.

Neutral

I rate my experience with the initial setup six on a scale of ten, where one is difficult and ten is easy. The initial setup of the solution is not difficult; if you have an engineer with certification and experience on other firewalls. For them, it's relatively easy. However, someone without certification and experience with other firewalls might find it a bit more challenging to grasp the FortiGate format and its platform layout.

FortiGate is primarily deployed on-premises. We also have a cloud option for certain referrals with tier-three engineers. We have it in our own data center in our cloud, and we also provide it to some of our customers. However, most of the ones I sell are for end customers, and they typically choose the hardware for on-site deployment.

The duration of the deployment can vary depending on different factors. The timeline can involve various stages, such as ordering from overseas, ensuring stock availability, and finally, setting it up for a specific project. As such, the duration can differ based on these factors. 

Eventually, once we have the stock, we can set up the firewall within about an hour.

I would rate the pricing in the middle, around five out of ten. It also depends on how you sell it. If you want to sell it as a one-time purchase, then I'd put it at a seven. But if you amortize it, it can go down to a four because some customers prefer to pay it off over thirty-six months, as the licensing is for that duration.

There are additional costs to the standard license. While the standard licensing fees include UTM and a few other features, for additional features like FortiAnalyzer, FortiManager, and other PCs that you might need, there are additional costs. For features like FortiManager and FortiAnalyzer, the additional costs do add up. So, while getting the entry-level firewall with basic UTM protection and web filtering is not too bad if you want to add features like analyzer reporting, cloud managers, and FortiManager, the costs can become significantly higher.

Overall, I rate the solution an eight out of ten.

Organizations with about 50 to 100 employees use the solution for VPN, ZTNA, and remote connectivity between branch offices and site-to-site VPN. The solution acts as a gateway-level firewall that secures the office infrastructure against threats in mid-size enterprise organizations.

FortiGate Next Generation Firewall is a good solution because it has a range of options and a clear ecosystem. It has good availability of solutions that complement the next-generation firewall. For example, it has a good range of switches and access points. The solution also has a good ecosystem where cloud services like FortiMail complement the whole solution. The solution has a better ecosystem for community support.

FortiGate Next Generation Firewall could be made a little less expensive.

I have been working with FortiGate Next Generation Firewall (NGFW) for around three years.

Bugs appear whenever a new firmware or operating system is uploaded into the device for certain modules. These bugs might cause certain services not to work, which has been the case in the past. There have been certain things that were resolved with the new firmware update. FortiGate Next Generation Firewall comes with a six version or a seven version.

The 6.1, 6.2, and 6.3 versions would have bugs, but the 6.4 version would be pretty stable and precise without any issues. Hence, I generally prefer to go ahead with the later version of a particular generation. For example, instead of going with the first version of the sixth generation, I would go in for a third or a fourth version. These things are there in most vendors, but I've noticed these, particularly in FortiGate Next Generation Firewall.

FortiGate Next Generation Firewall is a pretty scalable solution, and mostly, small and medium companies use the solution.

Although FortiGate Next Generation Firewall's customer support is spontaneous in responding, their actual responses are a little slow. They take time. When I say spontaneous, I mean the case ticket gets logged immediately, but the response from Fortinet doesn't come so fast. You have to follow up and then get things done.

Neutral

FortiGate Next Generation Firewall’s initial setup is straightforward.

The solution’s deployment takes one hour. Two to three engineers are required for the deployment of the solution. One or two people maintain the solution by monitoring and fixing breakdowns, which rarely happens.

FortiGate Next Generation Firewall is an expensive solution. I rate FortiGate Next Generation Firewall an eight out of ten for pricing. The solution has a yearly license, and you have to pay additionally for the deployment and partner-led services.

FortiGate Next Generation Firewall charges additionally for migration. Suppose you're upgrading from an older appliance to a newer appliance. In that case, the partner has to buy a FortiConverter Service or a FortiConverter tool on a per-incident basis, which is charged. On the other hand, partners can use the tools available in SonicWall. Compared to FortiGate Next Generation Firewall, SonicWall is better in terms of support and pricing.

We work with the latest version of FortiGate Next Generation Firewall.

Overall, I rate FortiGate Next Generation Firewall a nine and a half or ten out of ten.

Hybrid Cloud

Microsoft Azure

The most valuable feature of FortiGate Next Generation Firewall is its SD-WAN. The way it has been structured makes life easier. We have used it for remote access, especially at the height of COVID. It works very well.

There are times when we would want to set an IP address on a physical interface and then attach secondary IPs or sub-interfaces on that. I'd like to have as many as possible. There's a limitation wherein you can only have about 30 virtual or secondary IPs on a particular interface. I would like that to be expanded to 254 or 256 secondary IPs.

I have been using FortiGate Next Generation Firewall (NGFW) for five years.

I rate FortiGate Next Generation Firewall ten out of ten for stability.

The good part of the solution is that you can have Virtual Domains (VDOMs) that allow you to use it for multiple use cases. Around 20,000 users are using FortiGate Next Generation Firewall in our organization.

I rate FortiGate Next Generation Firewall an eight out of ten for scalability.

Whenever I have a problem and have to call their technical support team, I can email them. In the next few minutes, we'll get on a Zoom or Teams call and exchange notes.

Positive

The solution’s initial setup was easy. I rate FortiGate Next Generation Firewall an eight out of ten for the ease of its initial setup.

The solution's deployment does not take long. If everything goes fine, you will complete the initial configuration in an hour and test afterward. The testing phase is where you face issues. If you are migrating from another device to FortiGate, you would want everything that was running previously to run even on the newer one.

Three people were required for the solution's deployment, including an external person, myself, and a colleague.

I rate FortiGate Next Generation Firewall a five out of ten for pricing.

I learned from some reviews that FortiGate ranks quite highly compared to Palo Alto and Check Point. Considering our budget, we thought we could manage with FortiGate Next Generation Firewall.

I would strongly recommend FortiGate Next Generation Firewall to others because it's a brilliant next-generation device.

Overall, I rate FortiGate Next Generation Firewall a nine out of ten.

On-premises

Conventionally, the solution is used for perimeter security. Whenever we find our organization's customer without an existing firewall, we use FortiGate Next Generation Firewall both for perimeter security as a firewall and as a VPN appliance to allow work-from-home employees at the VPN end. In the aforementioned instance, our company also uses the solution to connect different branches.

If our organization is establishing the network for a company with different branches spread geographically, we will use the VPN in IP set and FortiGate. The solution is highly flexible and is available at a cost-effective price. 

When using FortiGate Next Generation Firewall, availing the FortiGuard subscription is very important due to the vast threat intelligence with an international network.

Using the aforementioned network, FortiGate has been able to procure intelligence about the threats and incorporate the mitigation and protection against those threats in FortiGuard. So when you have FortiGuard integrated with the firewall, you have a robust perimeter solution to protect against malware. 

The pricing of the solution should be more affordable. 

I have been working with FortiGate Next Generation Firewall for seven years. 

FortiGate Next Generation Firewall has excellent stability. Fortinet is a top-tier IT security infrastructure company. 

I would rate the scalability a nine out of ten. The solution exhibits impressive stability. Once the solution is installed, it's used 24/7. 

We never had to rely on or communicate much with the tech support. The free resources, documentation, training, and community feedback have been enough to resolve 99% of our company's issues with the product. In our organization, we directly interacted with the support team once or twice and had a positive experience. I would rate the tech support eight out of ten. 

Positive

We used Cisco previously, but it was too expensive for our company. FortiGate Next-Generation Firewall was available at a better price and performance; it was a better fit for our company as a networking vendor. 

I would rate the initial setup an eight out of ten. Our company deals with only the on-premise version of FortiGate Next Generation Firewall. It took about half a day in our organization to deploy the solution. 

Our company has several firewall projects. When our organization identifies a company that needs a firewall but doesn't have one, we contact them. Our company strongly advises potential customers to adopt a firewall, and we provide reasons why the company shouldn't operate without a firewall today, we try to sell them the FortiGate Next Generation Firewall and FortiGuard solutions.

If the potential customer doesn't have access points or the latest switches, our company tries to sell that as well in the form of an integrated solution. 

Our company prefers to program solutions as much as possible in-house before approaching the customers. 

FortiGate Next Generation Firewall has a very high ROI. A customer can realize nearly 100% ROI when it is used along with FortiGuard to establish a robust perimeter firewall based on an international vendor with a global-level threat intelligence network. 

I would rate the pricing a seven out of ten. There are penalties if you don't renew the FortiGuard subscription, and I think the vendor should've refrained from imposing such penalties. If a customer fails to renew for a year, there shouldn't be any penalties on Fortinet solutions, the vendor should eradicate such policies. 

We evaluated Palo Alto, but we still chose Fortinet because, as per our company's evaluation, Palo Alto doesn't offer switches or access points. Before adopting FortiGate Next Generation Firewall, we also concluded that Fortinet offered everything for networking infrastructure, including switches, access points, antivirus, and firewalls. 

FortiGate has end-to-end solutions, they have switches, access points, and a native antivirus and threat management solution. When you onboard FortiGate Next Generation Firewall, you choose a vendor that covers every aspect of the IT infrastructure.

So, if you avail yourself of other products from the same vendor later on, it makes the management processes easier, as the command interface is similar across all the products from Fortinet, including switches, access points, and firewalls. The aforementioned benefit removes the need for training your team when a new solution is onboarded in the organization. 

I would advise others to do a proper assessment in terms of the sizing before onboarding FortiGate Next Generation Firewall. Before adopting the solution, one should know how many users need access to the Internet so that the firewall can be sized or scaled ideally.

A sizing chart is available online to assist users in procuring the correct firewall size. FortiGate Next Generation Firewall offers comprehensive reports on user activity; potential customers should also analyze the reporting aspect before choosing the solution.  

FortiGate Next Generation Firewall handles new and latest security threats satisfyingly. FortiGuard has some AI influence in its threat intelligence features in its international network. I would overall rate FortiGate Next Generation Firewall an eight out of ten. 

On-premises

FortiGate Next Generation Firewall's design is good. Technically, I haven't used many of its features. The primary purpose we use the solution in our organization is for its SNAT and DNAT functionalities. The solution is also used for its vulnerability patching mechanism.

The solution's GUI is not very appealing. When using a tool from another vendor, we found the GUI of that tool to be quite appealing. FortiGate Next Generation Firewall uses a very old type of GUI, which is not very appealing. The GUI can be improved.

I have been using FortiGate Next Generation Firewall (NGFW) for six months. My company is just a customer of the product.

I am very impressed with the product's stability. Stability-wise, I rate the solution an eight and a half out of ten.

Scalability-wise, I rate the solution a six out of ten.

My company has 2,000 users of the product.

I didn't need any support. The support is good. I wouldn't say the support is bad. I rate the support a seven and a half out of ten.

Neutral

My company seeks the help of vendors to do the initial setup of the product. After that, we just work on policies, SNAT, DNAT, and virtual IPs.

The setup phase was neither difficult nor easy. I rate the setup phase as three or four out of ten on a scale where one is difficult, and ten is easy.

The solution is deployed on-premises.

The solution's deployment took two to three weeks.

Two people were required for the deployment of the product.

The solution's vendor executed the setup phase.

The solution's pricing is quite high when compared to other vendors. I rate the pricing an eight and a half on a scale of one to ten, where one is low, and ten is high.

I highly recommend the solution to those planning to use it.

Overall, I rate the solution a nine out of ten.

On-premises

The use cases of the solution depend on what the customer wants from the tool. If a customer is looking for a core firewall, I provide them with FortiGate Next Generation Firewall (NGFW). Suppose a customer is looking for a tool from a patch connectivity perspective with multiple branches and wants those branches to be connected to the data center. In that case, we can suggest FortiGate Next Generation Firewall's features to them.

Routing and reporting are two areas where the product has an added advantage compared to any other product.

Vulnerabilities owing to viruses in the OS need to be reduced in FortiGate Next Generation Firewall from an improvement perspective.

Some vulnerabilities get added to the system every two months, which may be code execution or backend and backdoor issues.

In the future, the product should be able to tackle vulnerabilities. Research and development to increase the product's security capabilities is needed.

I have been using FortiGate Next Generation Firewall for a year now. My company has a partnership with Fortinet.

From a stability perspective considering OS and if the vulnerabilities are present, I rate the stability a seven out of ten since it creates a lot of issues in general.

We suggest FortiGate Next Generation Firewall to small and medium businesses.

When it comes to enterprise-level businesses, and considering the need for two-layer security, consider a perimeter firewall, while I can suggest FortiGate only at a level of a core firewall. Suppose an enterprise customer has multiple branches and more branch networks. In that case, they need SD-WAN connectivity with security, for which I suggest they go for FortiGate's SD-WAN feature.

In general, it will not be enough for enterprise companies to have only Next Generation Firewall alone.

I am not familiar with the technical support team because my support team works with them. The solution's technical support is good. We do not face many issues when dealing with the solution's technical support team.

Previously, we were using Check Point in our company.

Compared to Check Point, FortiGate Next Generation Firewall needs to look at how to improve the way it deals with the vulnerabilities which are not there at Check Point and the security effectiveness provided by Check Point.

It is easy to use and implement since anyone can do its configuration part, but there is some requirement for someone with proper technical skills to implement it properly. I can implement anything in any way, but that doesn't mean I can implement any product properly. The implementation requires certain technical expertise.

The implementation of the solution can take two days.

One person is required for the implementation phase.

The solution's pricing is competitive.

The usefulness of the product is an aspect that depends on the customers using the tool. We cannot even compare two products and say one is good for the customer and the other is bad. If a customer asks me to be an architect for their data center, I would say that for a perimeter firewall, they need to go for Check Point. Coming to a core firewall, if a customer says that they need two layers of security and two different vendors, it should be Check Point on the perimeter level. At the core level, a customer can go for Fortinet. Certain customers prefer the SD-WAN feature from Fortinet if they have branch firewalls and want an SD-WAN feature too. FortiGate has an added advantage because they have an SD-WAN feature with security that we can provide to their branch devices.

I don't have any suggestions for those planning to use the solution since we are pretty new to the solution, and we need to devote time to be able to comment on the solution.

I rate the overall product an eight out of ten.

On-premises