Fortinet FortiAnalyzer Reviews

Fortinet FortiAnalyzer is a solution that focuses specifically on analyzing and monitoring the performance and security of Fortinet security products. By utilizing this solution in conjunction with Fortinet products such as FortiSwitch, FortiGate, and FortiClient, the user is able to centralize all logging services and analysis in one place, allowing for easy correlation, playbook automation, and comprehensive visibility within the Fortinet services. However, the limitations of the solution are highlighted by the speaker, who wishes for expanded compatibility with other non-Fortinet products such as servers.

One of the greatest advantages of Fortinet FortiAnalyzer is its ability to integrate with a variety of software and solutions, providing comprehensive visibility into the network. The solution's strength lies in its capability to work with Fortinet's own products, such as the FortiAP access point, which allows for deep monitoring, automation, correlation, and incident management. However, this functionality is not present when utilizing other products, such as those from Cisco, limiting the visibility and benefits that can be gained.

The solution could improve by allowing the ability to search logs in integrated solutions.

If a new iteration of Fortinet FortiAnalyzer were to be released, and the option arose to incorporate a feature that would simplify my work processes, I would wish for the integration of various log sources. This includes fetching logs through APIs, as well as from non-Fortinet switches and firewalls. This feature would allow me to seamlessly access logs from various sources and ultimately enhance the overall functionality of the software.

I have been using Fortinet FortiAnalyzer for approximately two years.

The solution is stable.

Fortinet FortiAnalyzer is highly scalable. You can easily adjust its capabilities to meet your evolving needs. Unlike other solutions I've used in the past, this one does not present any licensing restrictions. I had a requirement for increased terabytes per day and I smoothly upgraded my license through a simple process. I was provided with a trial license for the interim period and then my previous license was updated accordingly. The upgrade resulted in the desired terabytes per day and I was thoroughly satisfied with the experience.

At my company, there are four individuals who are utilizing this solution. These individuals consist of two network engineers, one security engineer, and myself serving as an administrator.

I have not needed to use the support. It's a very simple and straightforward solution.

The initial setup of Fortinet FortiAnalyzer is straightforward. The process does not take more than 15 minutes.

The critical step is the virtual machine (VM) startup, which is dependent on the virtualization aspect, not the FortiAnalyzer itself. It took me no more than 10 minutes to complete this process when I was utilizing a high-performance hyper-converged infrastructure. Currently, deploying a VM with one terabyte should take less than 60 seconds.

The company's choice to utilize Fortinet FortiAnalyzer was based on the overall security strategy and compatibility with existing solutions. It was deemed the best fit as it provided a centralized point of visibility for all of their security solution, including Fortinet FortiGate firewall, FortiClient, Forti EMS, and FortiAP. The company conducted a thorough evaluation of various solutions in the market but found that none of them could fully integrate and manage all their solutions as effectively as Fortinet FortiAnalyzer.

I advise others that are thinking about using Fortinet FortiAnalyzer to only do so if they already have some Fortinet solutions. This is the best use of Fortinet FortiAnalyzer if they already had some Fortinet solutions.

I rate Fortinet FortiAnalyzer a nine out of ten.

We use Splunk over SOC, the security operations center because it is more user-friendly for our team. Our team uses the solution extensively for traffic analysis and threat hunting.

The event handling solution in the platform is very good and useful. We can automate event-based handling solutions for example, if we have some events or issues on top of traffic, it triggers that function, and it can even get API for our firewall to ban that IP, or we can add a playbook for our attack, into the solution, and just manage the whole network based on that playbook.

The solution has very heavy features. Similar to when we get an app, usually, it's less than what we want. When we send all our logs over to the analyzer, it almost crashed on the first try. We must first get our logs tuned up and then set up the Fortinet FortiAnalyzer or it will crash. This is very complicated and heavy work for such a simple task, and it's a big issue for that app. 

The setup of the solution can be improved because it is currently complex.

The cost of the solution is high and can be improved.

I have been using the solution for seven years.

The solution is very stable.

The solution is not really scalable. The solution is the largest. The solution is not in the security world and they don't have to have a threat on them to be secure. When we have a threat, we can't get distributed because our chain of logs is broken, and we don't get very regular events. We can't depend on this in the event of an accident or if they have to be reported because the chain is broken.

Previously I used the ManageEngine Eventlog Analyzer. The solution is very lazy, it's heavy, and it has some bugs with reports. ManageEngine Eventlog Analyzer is a very bad solution.

The initial setup is complex.

Setting up and launching a network, depending on the size can take anywhere from one or two days up to a week or more. However, in order for the network to run smoothly and be effective, it is important to continually tune and optimize that network. This is not a solution that can be set and forgotten; we need to be constantly adjusting Fortinet FortiAnalyzer to meet the needs of our network and the services we are providing.

The solution has a very high return on investment because when we encounter any problems, even functional problems, not technical problems, it is very easy and very fast to fix them and detect them using Fortinet FortiAnalyzer. With the heavy traffic, we have a lot of difficulty in the network, we can't get through. But when we have visibility on the network, and we force it, the solution is for us on the firewall. We know that the firewall is very complex because nothing is easy to configure, from the interface to the IP addresses and connectivity. We also have one filtering layer over that, even in new-generation firewalls with layer seven features we may not know what happened to our traffic if it's blocked at layer three or layer four. We need visibility, and the solution can give it to us.

Fortinet FortiAnalyzer is very expensive. Solutions from companies like Fortinet, F5, and Juniper are very expensive, due in part to the high license fees and technical support they charge.

I give the solution a nine out of ten.

Currently, we have five people using the solution, and we have plans to increase the solution's usage. As business owners, we need to grow our business structures and grow our staff to manage those structures.

I highly recommend the solution for a business with high and heavy traffic.

Fortinet FortiAnalyzer is for log collection and reporting.

The most valuable feature of Fortinet FortiAnalyzer is the capturing of traffic for reports.

Fortinet FortiAnalyzer should come bundled with other Fortinet solutions. Additionally, the performance and updates could improve. They need to test their updates better so there are not as many bugs.

I have been using Fortinet FortiAnalyzer for approximately 10 years.

Fortinet FortiAnalyzer is stable.

The scalability of Fortinet FortiAnalyzer is good.

We have approximately 2,800 people using this solution in my organization on a daily basis. 

The solution is suitable for all sized businesses.

The support from Fortinet FortiAnalyzer is responsive. If the Indian support can support only the lowest priority work and the global team can support any kind of topic. The global support is experienced and technically sound. The Indian support can improve by having better knowledge.

I have used Palo Alto and when comparing it to Fortinet FortiAnalyzer, Palo Alto is better. However, it is priced too high.

The initial setup of Fortinet FortiAnalyzer is simple.

I rate the initial setup of Fortinet FortiAnalyzer a four out of five.

We did the deployment of the solution in-house.

We pay approximately $11,000 for a three-year license to use Fortinet FortiAnalyzer. When we compared the price of this solution to others it is not expensive. Palo Alto is a more expensive solution.

I rate the price from Fortinet FortiAnalyzer a four out of five.

My advice to others is if there are not any budget restraints then I would recommend choosing Palo Alto or FireEye. If there is a budget then Fortinet FortiAnalyzer is good.

I rate Fortinet FortiAnalyzer an eight out of ten. 

We are using the solution only for ticket logs and security logs, et cetera.

How the applications are working has been quite useful. It helps the users and how they are using the applications. We can see, for example, the utilization of all of the security fabric in a report. We are getting PDFs and Excel sheets that we can use to analyze everything, including how users are working on our internet services. We can generate reports quite easily.

It's been generally very efficient.

It is user-friendly and has a good GUI. 

The product works well with other products. 

The solution scales well. 

It's stable.

We found the pricing to be very reasonable. 

There are no areas that need to be improved. 

Technical support could respond to queries faster. 

We've been using the solution for five or six years. 

It's stable and very easy to use. Everything is generated very easily. The performance has been fine.

We have ten network engineers in India working on this product. There are between ten people directly working with it. 

In my location, we have 2,000 people and they are all users integrated into FortiAnalyzer. We are getting all logs for all these users through it. 

It is a very scalable solution.

The technical support, we are taking from SNS team. Whenever the SNS team is talking on any ticket, they may get help from FortiGate. My concern is that they are taking too much time to respond. They should respond faster to requests for help. 

Neutral

I have not installed or configured FortiAnalyzer. I came into this organization one year ago and it was already configured. I do not have that much of an idea about the installation.

I'm not sure what, if any, maintenance is required. 

The pricing is very good. I'd rate it four out of five in terms of affordability.

We are a customer and end-user.

Our firewall is FortiAnalyzer's 200D and it is not a new one. We are using the older one only. 

If an organization is using the FortiGate Firewall, then they should go with the FortiAnalyzer also. It is very helpful in terms of getting logs and tracking security threats. We can check the reports very easily.

I'd rate it eight out of ten.

We have multiple firewalls linked through a VPN. There is traffic from several branches and multiple points of failure, so you need to analyze this traffic to know what's coming in and going out. When you have more chains, there are more points of failure that can be exploited.  

I use FortiAnalyzer on-premise and on the cloud. I update the solution at least once a year. I always update the firewall to the latest edition, so I can have three months or four months to test it in the VM. I use even more products and also AWS and Azure Cloud. About 9 percent of my company is responsible for security and networking. Everybody's on my team works with FortiAnalyzer.

Our department has three security architects and four network engineers. They are beginning to place assistant administrators on the network. 

FortiAnanalyzer ensures you have an accurate view of all your devices, so you don't need to check each one. The analyzer creates a central point of management and control, giving you insight into what is going on. 

So you want to move through that traffic that's coming in as the lock the analyzer will like to analyze the traffic in real-time so you can know what is going on. Yeah, so you customize it to be able to analyze what you want it to be able to analyze.

One of the most valuable features is the ability to analyze data in real-time using AR features to pull data from the industrial DB. You can know what is going on and see in milliseconds where the network is underperforming. 

FortiAnalyzer also has good storage capacity for storing the logs. The notification capabilities are excellent, too. It sends alerts so always know what is going on. For example, if you're on a break and something goes wrong, it lets you know so can immediately go back and fix it. You don't need to be constantly sitting in front of it. 

The UI could use some improvement. It can be tough for a beginner to navigate because you don't know what to do even if you read the guide. I've talked to some users who said that they couldn't figure out what to do even after looking at the documentation. 

They need to update guide so it's more aligned with what the UI shows. The guide has lots of stuff in it, there sometimes you still don't get it. It takes too long for a new version of the documentation to come out. It still works, but the problem is that the UI is completely different, so it's challenging to find things. 

I have used FortiAnalyzer for the last three and a half years.

FortiAnalyzer is stable at the time of release. You don't have problems when you install it. There aren't configuration breaks that you have to go fix. When you update, the transition is smooth. 

FortiAnalyzer is scalable.

I have contacted Fortinet support once or twice, but not for FortiAnalyzer. Some of my clients had a problem with FortiGate and the traffic-shaping policy. The traffic-shaping policy in the later version of FortiGate doesn't work like it used to. 

Fortinet's technical support was dependable, helpful, and knowledgeable about the product. They were prompt and responsive, so it was good. I rate Fortinet support 10 out of 10. 

I was using Cisco ASA before FortiAnalyzer. I started using SonicWall six years ago, and five years I discovered FortiGate. I find FortiAnalyzer easier to use than the other products.

Setting up FortiAnalyzer is a bit complex for a beginner because you have a shallow understanding of what it is. Configuring the advanced features is somewhat challenging, but the basic setup isn't that tough. 

Setting up FortiAnalyzer takes around five to 10 minutes. I rate my setup experience 10 out of 10. After deployment, there isn't too much maintenance. It's just the usual updates. That's it.

I do the setup in-house. If I'm setting FortiAnalyzer for a client, I will typically walk them through step by step with the team, so they know how to set it up and what everything does. 

I rate FortiAnalyzer six out of 10 for affordability. FortiAnalyzer pricing isn't steady. It changes each quarter or year. That's one of the main problems in West Abaco because most businesses here are small or medium-sized enterprises. It makes budgeting complicated. You always want to pay the same price on the subscription.

At the same time, I think Fortinet pricing is reasonable compared to all the others. The value you get from Fortinet is better because it beats other vendors in terms of performance, functionality, and efficiency. New firewalls like Alexa are trying to compete in pricing, and people are looking into it to see, but Fortinet is good for now. However, they need to work on keeping the price consistent.  

I rate FortiAnalyzer nine out of 10. My advice to anyone implementing FortiAnalyzer is to read about a product. If you do your homework, it's easier to set up. The next thing is to understand your environment, especially if you have multiple links over your network that leave you more vulnerable to attacks. 

The more links you have, the more exposed you are to attacks. It is possible that one link can be vulnerable, and you won't take notice.FortiAnalyzer is the best choice. 

We use Fortinet FortiAnalyzer for logs and reports. We have a SOC subscription to monitor the end users' login activity and traffic.

Fortinet FortiAnalyzer is deployed by us in both on-premises and cloud environments.

Fortinet FortiAnalyzer provides more visibility into the logs.

The traffic log information we receive from Fortinet FortiAnalyzer is valuable.

Fortinet FortiAnalyzer needs to have more out-of-the-box connectors for integration with other solutions.

I have been using Fortinet FortiAnalyzer for three months.

Fortinet FortiAnalyzer is stable as long as we keep it up to date. 

Fortinet FortiAnalyzer is scalable.

The technical support is great. We receive support within 24 hours of opening a ticket.

Positive

The initial deployment of Fortinet FortiAnalyzer is straightforward. There are two network interfaces involved: the Internet interface and the LAN interface. The LAN interface must be configured on the same subnet as the other Fortinet products to enable visibility of the network connector from the Fortinet console. Upon successful configuration, an authorization message will be received, allowing us to proceed with adding the devices to the FortiAnalyzer device manager and initiating log data collection. The deployment process is well-documented, requiring minimal personnel, and can be completed within five hours.

The number of licenses required directly corresponds with the number of devices connected.

I would rate Fortinet FortiAnalyzer a nine out of ten.

FortiAnalyzer enhances network security visibility with its comprehensive logging and analysis capabilities, making it a valuable tool for organizations seeking to improve their security posture. I highly recommend it.

The primary use case for our clients revolves around robust reporting capabilities, addressing key aspects such as understanding diverse utilizations and the performance of network links. They specifically sought insights into bandwidth usage and detailed reporting at the application level. Additionally, an essential requirement was efficient log management. This is crucial because FortiGate has limitations on retaining logs for an extended duration, and our clients needed a solution, such as FortiAnalyzer, to effectively manage and analyze logs over an extended period.

The most valuable is its robust and comprehensive reporting functionality, providing a thorough overview of various metrics. Additionally, its ability to centrally capture logs from multiple devices proves indispensable for our SOC. This centralized log management facilitates automation processes, and we also greatly appreciate the effectiveness of its analytics features.

I believe that its technical support is the only aspect that requires significant improvement. With the current trend toward AI advancements, there's an opportunity for improved AI analytics. This could empower us to better leverage technology to detect attacks in a more effective manner.

I have been working with it for more than five years.

It offers excellent stability capabilities. I would rate it nine out of ten.

It offers a capacity of up to two thousand gigabytes of logs daily, showcasing considerable scalability. I believe it is a scalable solution that can easily accommodate increasing needs without compromising performance. Our clients fall into the enterprise category. I would rate it eight out of ten.

The support services are often outsourced to specific regions, resulting in varying levels of technical expertise. While regions like America, the USA, Europe, and certain countries in Australia benefit from reasonable and proficient engineers, other locations may experience subpar tech support. Consequently, issue resolution can be time-consuming, leading customers to sometimes address problems independently. Particularly in terms of time efficiency, there is a need for improvement to expedite the support process. I would rate it six out of ten.

Neutral

The initial setup was straightforward. I would rate it eight out of ten.

The deployment process is straightforward and efficient, requiring minimal time and effort. It takes approximately thirty minutes and it's quite user-friendly.

The pricing is reasonable. The cost structure is primarily based on factors such as the number of logs, log sizes, and the daily log storage capacity, with a minimum requirement of two gigabytes per day. The maximum storage capacity can extend up to eight thousand gigabytes of logs per day.

I would strongly recommend utilizing it. It's an excellent product with abundant features, offered at a very reasonable price point. Overall, I would rate it eight out of ten.

We take all the logs from FortiGate. 

We have it deployed on-premises, and we are definitely using its latest version because we are creating a new virtual machine.

Special notifications about compromised phones are valuable because we have some guest networks, and sometimes, people are connecting phones that are connected to compromised websites. We want to be informed about it. We sometimes have some cases where we want to analyze the connection from inside to outside ports. So, it helps with a lot of things. It depends on our needs.

The interface or GUI does not work properly on Microsoft Edge. The behavior or the view is different on Microsoft Edge versus on Chrome or Firefox. When some buttons do not work, I am forced to switch to Firefox.

There could be better analysis from the client's perspective. If you have FortiClient EMS, you should be able to analyze users more than the connections.

We started using Fortinet FortiAnalyzer this year. It was bought by our main company in the Netherlands.

It is now stable, but our previous instance was unstable. We had problems with connectivity. It was strange because it is a virtual machine, and it was on the same hypervisor or host, but only Fortinet FortiAnalyzer had connectivity problems. The connection was dropped, and it was not always possible to log in. We moved it to a different environment. We have now moved it to a Hyper-V cluster on a different site in Poland, and it is now stable.

It is scalable. We could change the size. It was easy.

We have mainly two people working with Fortinet FortiAnalyzer. My colleague and I from the Netherlands work on it. All IT departments also can access it. In total, we have five or six users, but mainly, two of us work on it.

I use their technical support when I have problems. They solve my problems, but sometimes, they take time because it is difficult to understand each other. I prefer a phone call over the email or ticket system because we can share more information in a short time. I would rate them a nine out of ten. They sometimes do not have a fast solution, but they always resolve an issue in the end.

Positive

I did not work on any similar product previously.

It was easy to deploy. It took one hour.

We deployed it ourselves. We know the product. We know how to register devices and how to join devices. It was easy. We used our knowledge.

I do not know the price of Fortinet FortiAnalyzer. I did not pay for it, but I know the price of other Fortinet products. They are not cheap. I am from Poland. We have Zloty, not Euro, so for us, everything is expensive. 

I had also tried to buy it in the past, but it was too expensive.

If you have FortiGate and FortiClient EMS, FortiAnalyzer is a natural choice. You can have notifications and alerts. Some things are automatically done by FortiAnalyzer. From a security perspective, it is a very good product.

Overall, we are satisfied with it. I would rate Fortinet FortiAnalyzer an eight out of ten.