Fortinet FortiGate Reviews

I'm managing security rules, bandwidth for the internet, switches, and fifty access points. Everything, including the network in Afghanistan, is managed from there, and it's something critical for us.

FortiGate's ability to perform as expected and fulfil our needs has been the most compelling feature for network security. FortiGate has proven to be secure and effective in terms of threat intelligence, as it alerts us about external login attempts and suspicious scripts, contributing to our system's overall security.

FortiGate can improve its token system, as it requires a purchase before use. Additionally, the VPN system could be more efficient, especially regarding VLAN passing through, which is currently a limitation. Another suggestion for improvement would be better timezone coordination for customer support. Currently, there are issues with calls coming at inconvenient times due to timezone differences. Another area for enhancement could be the response time for support tickets, as there is a delay of at least twelve hours, even for urgent tickets, which can be frustrating.

I have been using Fortinet FortiGate for the past three years.

It is scalable as we expand our usage of FortiGate as our company grows. We're currently using one, but we plan to use two as our network expands.

I open a ticket and communicate with the engineers when I encounter issues. Although it may take some time, they always get back to me with a resolution. There are mainly due to these issues with time zone coordination and response time.

Neutral

The setup process for FortiGate depends on the complexity of your network. For simpler setups, a user-friendly interface is easy to use. However, for more advanced configurations, it may require expertise. Integration into the ecosystem is neither too easy nor too complex.

The maintenance process is relatively easy.

Regarding return on investment, I believe FortiGate is worth the money. It has helped us stay safe, and considering what we are paying for such a system and service aligns well with our expectations and financial goals.

The price of FortiGate is reasonable as I plan to buy new switches. The initial gadgets are already booted, and the pricing seems normal on the market. As for additional costs, I haven't subscribed to many extra features, so I'm only using what I need. Last year, I renewed the support for three years, which can sometimes be expensive but depends on the security benefits and how it helps us.

Overall, I would rate the solution an eight out of ten.

FortiGate is a hardware firewall that we deploy for our customers. I work on the system integration team and install whichever solution the clients choose. We also provide support, including maintenance and service. The customers contact us if they have any problems. 

The firewalls are deployed on-premise, but you can also implement FortiCloud, which can integrate with public or private cloud platforms. If you have five or six locations in various countries, FortiCloud can provide centralized security support for those offices.

FortiGate is on the cheaper end, and it offers good value. 

Palo Alto has a feature called WildFire Analysis that is unavailable in FortiGate. WildFire is better than a sandbox because it can address zero-day threats and vulnerabilities. It can immediately identify zero-day threats from the cloud. 

Fortinet uses a separate solution called FortiSandbox. It needs to download signatures to identify malware, which takes significantly longer. WildFire is a cloud-based platform that collects threat information from users worldwide. 

I have used FortiGate for eight months, but I have worked with Fortinet products, including FortiManager, for three years. 

I rate FortiGate nine out of 10 for stability. 

I rate FortiGate nine out of 10 for scalability. Fortinet sells models that can accommodate more people. You can choose a cheaper model if you only have 20-30 users, but you will need to spend more money for a FortiGate solution that covers 5,000. 

I rate Fortinet support eight out of 10. Sometimes, the Level 1 support can't fix the issue, so it needs to be escalated, and we can't get help until the next day. Otherwise, it's okay. Their frontline support can fix most basic issues, but we may need to wait a day or two for special problems. 

Positive

I also deploy Check Point and Palo Alto hardware for my clients. Check Point has been in the Indian market longer. Palo Alto came into the picture about three or four years ago. 

In my opinion, Palo Alto is the better solution. It has WildFire Analysis, and you can configure virtual routers within the system, but Fortinet is less expensive. We deploy Check Point for our larger customers. It's more appropriate for multinational companies with 10,000 employees or more. 

Deploying FortiGate is straightforward. You have to check with the customers to see if their offices use other devices. Next, you must do the basic configuration and connect all the networks available at the customer's site individually. 

The SD-WAN setup is the most time-consuming task because you need to configure the address and service objects. After that, you implement basic policies and connect the office network with Fortinet. Deployment only requires one person. 

FortiGate is on the cheaper end. The price varies depending on the model of appliance you're using. It's affordable for a university or a small business. A firewall typically has a license for three years that includes installation and support, but maintenance is separate. 

I rate Fortinet FortiGate eight out of 10. FortiGate is a solid solution, but Palo Alto is the best. I recommend Palo Alto to customers who can afford it. The second best is Check Point. When considering which firewall solution to use, you should look at your budget and the number of users. 

Generally, government and PSU, diamond companies, textile companies, and chemical companies are using Fortinet FortiGate in the Gujarat segment. We are also working with the Fortinet FortiSwitch and Fortinet AP. 

Fortinet FortiGate has SD-WAN, FortiView, antivirus, sandbox, and IPS, which are generally well-known features. Fortinet FortiGate has a threat detection capacity compared to other vendors.

Fortinet technical support is lacking, as OEM support is slightly better. Improvement in their technical support could include response time as well as having more technically sound people in tech support.

I have more than 12 years of experience with Fortinet FortiGate.

This product is very scalable because Fortinet offers models ranging from thirty gigs to six thousand series and also offers solutions as VMs, making it highly scalable.

Their support could be better.

Neutral

We are working with both Fortinet and Check Point. Fortinet FortiGate is better compared to Check Point because I have worked with the Check Point model CP15,500.

Financial and operational ROI from Fortinet FortiGate is very fine compared to other products.

There is no challenge in Fortinet FortiGate pricing. There is a little bit of extra cost for FortiManager and logging and reporting solutions. Fortinet can offer solutions such as FortiAnalyzer and FortiManager for free for SMB customers.

We are not working with AI features in Fortinet FortiGate, but from my knowledge, FortiGuard is using AI tools for threat intelligence and protection. 

We recommend Fortinet FortiGate to other businesses with similar security needs. 

I would rate Fortinet FortiGate an eight out of ten.

We use the solution on the perimeter. We are a government entity. We have other organizations monitoring our network. We also have our own firewall to separate the DMZ and different things on our external servers.

The solution provides good threat intelligence feeds.

The advanced models are expensive.

I have been using the solution for five to six years.

The tool’s stability is good. I rate the stability a seven or eight out of ten. The stability could be improved.

The tool is very scalable. It connects to its own wireless access points. The firewall is supported by other technologies. We can add more products and extend the features and the network.

Fortinet has a tool that migrates all the policies from the previous firewall to the new one.

The vendor helped us with the setup. It was quick. We connected the new firewall first. Then, we exported the policies from the live firewall to the new one. On a weekend, we deployed the new firewall.

If we buy licenses for a longer duration, we get discounts.

Fortinet has better models, but we are using the one within our budget. It's a good product. Besides Fortinet, we're using Microsoft 365 and Microsoft Defender, as well as the safety features that come with these products. There are many products in the market. The monitoring team is using Palo Alto. Palo Alto is better than Fortinet, but it's more expensive.

We use Fortinet for VPN, too. We have not faced any major issues with the tool. It has a lot of capabilities that enable us to customize tunnels and allow traffic from certain countries or regions. The vendor provides cloud-based models, but we do not use them because they are subscription-based models that are not within our budget.

The vendor has a lot of free and paid training courses. It is the best way to learn about the product. It is similar to Palo Alto. All the good companies have a lot of training materials and training courses to understand the product. The initial versions are free of cost. The certifications will help people understand the process and make administration easier. The cloud version has AI features.

Overall, I rate the product a seven or eight out of ten.

We utilize the Fortinet FortiGate firewall to safeguard our network and provide secure VPN access from external locations.

We implemented FortiGate because we needed a firewall to protect our data.

FortiGate helped us meet our ISO requirements.

In the time we have been using FortiGate, we have not had any security breaches. 

FortiGate has reduced the risk of cyberattacks that can disrupt our production. Since implementing FortiGate we have not dealt with any such attacks.

I'm unsure whether centralized FortiGate management enhances efficiency, but our experience with it has been exceptional. We haven't encountered any issues, and the operational aspects have been seamless. Additionally, there was no downtime, which is crucial for our operations.

Our Fortinet security fabric has enhanced security across our industrial control system. By safeguarding our production environment and ensuring the security of VPN access granted to individuals, we have achieved comprehensive data protection. We have not experienced any incidents that would have occurred if our firewall was inadequate.

FortiGate does a lot of research, and the product is regularly updated, especially in the ransomware area. I know of a couple of other companies around us that had some ransomware incidents, but we never have. From that perspective, FortiGate has helped mature our approach to cybersecurity a lot.

The email protection and VPN features are the most valuable.

The process of configuring firewall rules appears excessively complex. While FortiGate offers greater functionality than other firewall solutions, its user interface could benefit from simplification.

I would like the log viewing process to be improved to provide a clearer understanding of the logs.

I have been using Fortinet FortiGate for five years.

I would rate the stability of FortiGate ten out of ten. We have never had any issues.

We used the limit of our FotiGate firewall which was around 150 users and we never noticed any performance issues. 

I would rate the scalability of FortiGate eight out of ten.

The technical support is good.

Positive

Our decision to switch from FortiGate to Sophos was solely driven by the seamless integration with our existing Sophos antivirus system. Had this integration not been an advantage, we would have maintained our FortiGate system.

The initial deployment was straightforward due to our understanding of the product and its operation. It was completed in one day by a team of two.

The price of FortiGate is comparable to that of most other firewall solutions and is more affordable than Cisco.

I would rate Fortinet FortiGate eight out of ten.

Except for the firmware updates we have to do now and then, there is no other maintenance required for FortiGate.

We had FortiGate deployed in one location in a big server room. We have 150 users.

I would recommend FortiGate to anyone. FortiGate is an out-of-the-box firewall with good pricing and excellent features.      

I used this solution while working with my last organization. I handled plain firewall deployment as well as SD-WAN deployment. 

I was providing consulting services to various Telco customers. It helped customers save on the cost of highly expensive MPLS links. With the help of Secure SD-WAN, they were able to utilize broadband or even LTE connectivity, which saves costs. That's the flexibility that Secure SD-WAN gives to various customers. In addition to saving costs, they are also able to utilize active-active load balancing, where you can have two parallel links: primary and secondary. The secondary one used to sit idle in traditional scenarios, whereas now, the solution gives you the flexibility to configure both links as active-active, so you can prioritize critical traffic from link one and other traffic from link two. At the same time, you also have the option to maintain redundancy.

Secure SD-WAN is a great way to manage your entire organization network, especially the WAN network. Customers don't have to hop to multiple places. Fortinet has a solution called FortiManager. With the help of that, you can monitor, configure, and maintain your entire organization's network. It's a very convenient option. It's a single pane of glass from a customer's point of view. They don't have to log in to individual devices, and they can see the real traffic. They can see what's coming into the network, what sort of alerts or logs are there, and what sort of applications are being consumed.

Secure SD-WAN doesn't help with tool consolidation, but it's a secure way or mechanism they provide so that if branch users are accessing the internet, they can directly break out from the branch location rather than coming back to the data center. In that way, it improves the user experience while also giving security at the highest level.

I have not interacted much with Secure SD-WAN in terms of API integration or third-party integrations. However, they have pretty good integration with the RADIUS, LDAP, and AD servers. In that way, they have everything in-built. You can make the firewall a DNS server or some sort of DHCP server. Such features are included there. From a security standpoint, they have open API integration with their own SIEM or SOAR solutions. Third-party API integration is also possible, but the API details that are exposed are very limited.

The integrated application protection provided by Secure SD-WAN is a cool feature. They have real-time scanning of the application with the help of SSL inspection. You get to see the real-time traffic of applications, and you can protect your network from harmful websites. They have a signature database for that. This data also gets refreshed. It's a direct feed that the device takes from the central intelligence.

When you have Secure SD-WAN in place, you are more secure from the outside internet. They have a flavor of SASE, but I have not worked on it.

When you have a granular view of your entire network including users and security features being enabled, you get more visibility into your network. You get to know what's coming in and going out. If an administrator sees that some traffic is being hit repetitively from a particular location, functionality is available to block a region, country, or even an IP or domain.

In terms of Secure SD-WAN reducing our mean time to resolve, in the case of issues specific to SD-WAN, I've seen instances where customers can look into the dashboard and inform the support team that this is the issue they are facing. This helps them to have some visibility into these firewalls and isolate the entire issue from the technology perspective; for example, when a wireless client is facing some sort of challenge accessing the internet, whereas some of the wired users are able to access the internet. The testing tools given in the FortiGate GUI dashboard come in handy during troubleshooting. With the very user-friendly interface, it becomes very obvious and easy for any IT guy to simply follow the workflow to resolve any day-to-day operational issues.

The security features that they have are quite good. On top of that, their licensing model is quite nice where they don't charge you anything for the SD-WAN functionality for the firewall. The routing and firewall features are also good.

The unified view that they have built into this firewall is good. Within the same dashboard, you get to see the security profiles, the type of traffic that's passing through, the top applications that are being consumed, etc.

It's also very easy to use.

I was not looking after the operations part, but sometimes, I did get engaged in some critical activities related to operations. There are some caveats in every product. Tunnel flapping was one of the major things I had seen wherein your internet link remains but your VPN tunnel is down. However, since I got a fix from the TAC team, I have not noticed it, but the customer complained a few times that they couldn't access the internet because of this problem. There were tunnel issues where there was already established connectivity, but at the kernel level, there were some issues. For example, there's a feature for auto-site connectivity wherein whenever it automatically creates a new tunnel, at the kernel level, it also creates an interface. Sometimes, that interface crashes and a new interface could not be created, which results in connectivity loss. 

Fortinet has established itself in the SMB market segment. It's doing pretty well in that space, but when it comes to the enterprise segment, they are lagging a little bit. It all boils down to the performance of the hardware. If I enable all of the security features available on my device, the throughput degrades quite a lot. If I have put 10 GBPS of throughput on a firewall and I enable all of these features available, such as IPS or UTM functionalities, the throughput comes down to 1 GBPS.

I used Fortinet FortiGate for seven months. I last used it in February of this year.

I'd rate it a seven out of ten in terms of stability.

The solution offers the option of deploying VMs or virtual machines to any public cloud, such as AWS or Azure. It provides such flexibility. If you have any application hosted in the cloud space, you can have a VM spin of the FortiGate over there and have a site-to-site tunnel established, so the scalability is there. Otherwise, at the site level, it's mostly hardware-based work. If you size it properly, then you have the option to expand. You might have chosen a low-end model because of the tight budget. In that case, it's not scalable on a specific site. However, if you have a certain number of sites, for example, if you have 400 of them and you want to expand to 500 or 1,000, there is simply a license that goes at the FortiManager level to support additional devices. FortiManager provides a single pane of management. 

I'd rate it a seven out of ten in terms of scalability.

My experience was not that rewarding. It took me around three hours in total to get a simple issue identified and fixed. I escalated it to their L3 engineer, and after that, I was able to resolve the issue. The entire process took around three hours. First, their initial level person was troubleshooting, then it went to the next level, and then it went to the highest level.

Neutral

From the security perspective, I have not used any other solution, but I did have a glance at Cisco's portfolio. Cisco Meraki is one of the solutions that you can compare it with. Others were more specific to the routing and switching domain. I know the concepts and theory of Cisco SD-WAN, but I have not used it in a real environment for any customer.

For one of the clients, it was deployed on the Azure public cloud. Initially, it was not easy. It was complex. Every product and technology requires a certain type of prerequisite, and when you have anything hosted on a public cloud, it becomes a tedious job to get things done quickly because multiple stakeholders are involved in that.

I have deployed Secure SD-WAN specifically for many customers. I find it easy, but you need one person to be at the site for remote connectivity. That person just needs to do the basic configuration. Once the device has IP reachability, you can easily discover it from FortiManager, which is the central controller. So, once you have the device on FortiManager, it takes a few clicks to onboard the device because you already would have a template in place.

The deployment duration depends on the number of sites. For a customer with ten sites, it would take a week's time because there are a lot of dependencies. It also depends on the customer's readiness and availability, but a week's time would be enough for the deployment of ten sites. If there is proper planning in place, you can also deploy 50 sites in a week, but that's something you cannot control from your side because there are a lot of dependencies on the customer and the service provider. If you have to integrate it into a customer's existing network, it becomes quite challenging to make them understand your prerequisites. There are instances where nobody is available from the customer side from the technical standpoint to help you. Those are the roadblocks, but from the solution perspective, it's quite easy to onboard devices.

The deployment can be done by one person if that person is dedicated to a single project, but if more projects are running in parallel, you would require a few more people.

It does require maintenance, which includes upgrading the operating system and installing patches. Two to three people would be enough for around 500 site maintenance but not in the 24/7 case. If it's 24/7, then nine people would be required for that.

By default, they give SD-WAN along with the firewall. They don't have separate licensing for the SD-WAN functionality. However, they have security licenses that are sold separately on a subscription basis. Customers can consume these security features to protect their users from internet traffic.

To those evaluating this solution, I'd advise doing a PoC of different vendors who are meeting their requirements. They can then decide for themselves after seeing the demo.

Overall, I'd rate it an eight out of ten. It's user-friendly. It's also good features-wise, but their support is weak, and on the architecture front, it's not true SD-WAN. It's not decoupling the control chain functionality from the device to the controller. 

My company's customers use the solution for VPNs, specifically for SSL VPNs, IPSec VPNs, and other areas like web filters and application filters.

The most valuable feature of the solution revolves around SSL VPN. SSL VPN is good since I stay in a family where we use some other servers with port forwarding features, and so there is a lot of risk with it. Last time, my server got hacked with a ransomware attack. After that, we got a firewall and gave an SSL VPN to my client to connect to their servers, after which, such kind of activities involving ransomware attacks stopped.

Though the tool's GUI is user-friendly, it can be considered as an area with certain shortcomings where improvements are required.

I have been using Fortinet FortiGate for five years. I am a reseller of the solution. I work with Fortinet FortiGate 40F and 60F.

Stability-wise, I rate the solution a ten out of ten.

Scalability-wise, I rate the solution an eight out of ten.

The challenges faced by our company related to the product are associated with the activation part. Whenever my company tries to activate the product, there are some challenges. Previously, my company had given a new product to our customer who had used Fortinet FortiGate in the past. When my company tried registering the product on the portal and activating the trial license, we saw that only 30 days of use remained in the tool. We installed the product's license after all the trial licenses were activated.

I have seven to ten customers running medium-sized businesses using Fortinet FortiGate.

After connecting to Fortinet Firewall, I have not faced any complaints related to large-scale traffic or attacks.

The solution's technical support needs to be fast since whenever my company raises a complaint, it takes almost two to three hours to get a callback from the customer support team. I rate the technical support a seven out of ten.

Neutral

I don't have any experience with SonicWall because it is not very user-friendly. Fortinet FortiGate is more user-friendly than SonicWall, so we are currently working with Fortinet FortiGate and Sophos.

The product's initial setup phase is easy. I rate it as an eight, where one is difficult, and ten is easy. Sometimes, when configuring the SD-WAN policies, I have seen issues with the tool not working properly. After updating the firmware, the tool worked properly, but there was some issue with the SD-WAN part.

For the product's deployment phase, I configured LAN and WAN, followed by the web filter policies. If a customer requires it, you can configure the VPNs.

The solution is deployed on an on-premises model.

The solution can be deployed in half an hour.

It is a bit expensive. On a scale of one being cheap and ten being expensive, I rate the tool's price as an eight. The price is justified for the features and capabilities offered by the product.

I can't describe how Fortinet FortiGate has been most effective for security posture since I haven't configured any security settings. It has a setting like in Outlook's configuration involving SMTP and POP. I didn't configure any security settings in the tool.

The tool's VPN functionality supports our company's customers' remote workforce since we have given an SSL VPN connection to support those working from outside the company. After connecting to the VPN, one needs to connect it to the server directly as it is better for security.

Whenever you upgrade firewall firmware, the user interface doesn't really change. If I upgrade to a new firmware with other tools, the user interface has slightly changed.

On the portal of Fortinet, there are VMs that are available for FortiGate. Our company can give the solution to the customer on a trial basis to check how it is working, so that there are no issues.

I rate the tool a nine out of ten.

We use it for managing access to our data center, regulating the communication tools employed among servers, and ensuring overall security.

Its performance in fulfilling our requirements has been satisfactory. The graphical user interface is straightforward to navigate.

There is room for improvement related to the logging and reporting aspect. It was somewhat challenging as I delved into the logs during an incident. Navigating through the logs to trace the specific information we needed, as well as generating the corresponding report, proved to be less intuitive. In comparison, when considering Sophos XG, which we also use, the logging and reporting functionality is notably more efficient.

I have been working with it for two years.

It offers good stability capabilities.

We have approximately two hundred users within our company.

I would rate its customer service and support ten out of ten.

Positive

Its performance justifies the cost, there is a prominent ROI.

The pricing is very reasonable.

I would highly recommend it. Overall, I would rate it eight out of ten due to the reporting and logging issues.