Fortinet FortiGate Reviews

The most valuable features for us are

• VPN
• WebFilter
• Firewall

It's features are highly customizable. This means that when our different business groups have different needs, the implementations can be customized to meet the demands of those groups and needs.

I'd like to see an improvement in the Bandwidth Management and Traffic limit control.

Also, the licenses are expensive, turning off some users.

We've used all units for five years, except the FortiGate 200D which has been in use for one year. Alongside FortiGate, we also have FortiAnalyzer 1000B and the FortiManager 200D.

There have been no issues with the deployment.

There have been no stability issues.

It has not been a problem to scale it.

Customer service is very good.

Technical support is very good.

I depend on different products from different vendors depending on the required function.

The initial setup is simple in the CLI or Web GUI.

An in-house network engineer implemented it using the best practice recommendations from the vendor.

The appliances and licenses are expensive, and I know some people use other vendors because of this.

You should know the customization you want from the beginning, and plan your requirements appropriately.

• Flexibility
• Flow tracking
• B2B VPN

It's good for what it is. I could achieve the same results with a pfSense firewall. This one just comes in a nice hardware package.

Better documentation about usage of the CLI. I learned most of what I know in diagnostic functionality through saving SSH sessions with the customer support staff while in WebEx sessions.

I have tried looking up the manuals. They are OK in some respects, but I feel exhaustive documentation about the CLI "with examples" should be there, and I feel it's not.

I'm saying, hey lets consolidate some of the primary real world scenarios like:
Section A: - Troubeshooting B2B VPN peering with a business partner or client when initially setting up the VPN tunnel.

Inevitably, there are always quirks and nuances between the fortigate vendor versus peering with a Palo Alto or an ASA firewall or even a Juniper SSG.

Imagine providing all steps, command line syntax, and GUI (if available) and how to take steps to debug the flow and see what's failing.
Sometimes it's super hard to figure out what's wrong with a fortigate VPN unless you know the commands on the CLI to see the flow and how to interpret it.

If they had all the methods / syntax and the "how's and why's" for a scenario; even possibly an instructional video showing how via the CLI and gui alongside the documentation. It would be like the pearly gates had opened and I had gone to heaven.

I have used it for three years.

I never encountered any stability issues. It is a very stable product.

Scalability's not been an issue for my org. We only utilize it for certain applications.

Technical support is excellent, although it can be a bit difficult to understand the tech. As with most support staff from almost all vendors now, the support comes from somewhere across the pond.

On the site where the FortiGate is stationed, it's never been changed out.

Initial setup was straightforward.

Buy the support package! Upgrades, advice about upgrade paths, and troubleshooting help is paramount. There have been some times where, without it, I'd have been dead in the water.

This was an in-place firewall when I integrated the site to my org.

Figure out what features you want, and what policies you want. Look up how to do it in advance, and create an implementation plan.

Plan for policies, routing, NATting, etc. Create a step-by-step process in advance, possibly create the environment in a DEV sandbox, test it, then implement.

It has a good feature set. However, sometimes you are forced to solicit technical support to get it working.

Also, I find the web interfaces sometimes do not display things properly.

The UTM (application control) features have been very important, because they have solved many issues that other firewall providers have not developed as Fortinet has.

A clear example of this feature advantages is blocking and allowing the Google suite. For example, without UTM, we would not have been able to execute some customer requirements like this one:

A customer asked us that some host on their LAN is going to be assigned to be a POS workstation. They needed that workstation to have permissions to some applications and some URLs, and they needed to block users from opening sites like YouTube, Google+, and Google Drive, but they needed to get in to some POS URLs hosted in the Google cloud. We were working with rules allowing some specified URLs, but it didn’t work because the subnetting IP address the customer needed to be allowed, sometimes matched the YouTube service. Google support engineers told us they rotate their IP addressing subnets to be more secure and they do not always attach an IP address to a domain name. So, sometimes the customer’s workstations were able to open YouTube sites too.

The way we could block YouTube and allow the customer POS URLs sites, was by configuring an application control sensor, where we were able to block some categories like this:

Another requirement was to allow some specified applications, so we configured the next sensor structure:

Another customer reported to us they had issues working with Gmail attachment files; they could not do it. Executing some packet captures and with the Fortinet TAC help, we found they were using the latest Chrome versions that use the QUIC Google protocol, which is not supported by Fortinet because it is not a valid protocol. We proceeded to block the QUIC protocol using an application control sensor.

After this blocking action, the customer was able to work without any issue.

It can block applications in level 7.

Even though other companies have latest-generation firewalls, FortiGate’s database is bigger.

They could improve performance with all the UTM features working.

Sometimes, we have seen that when you enable the antivirus sensor, customers report slow web browsing. We know this is normal, but we would like to know if it is possible to make feel the customer their web browsing is fast with not as much delay. The antivirus sensor analyzes all the protocols and packets we specified, and this is an important performance affectation. In my personal point of view, I don’t think it is a serious issue, but we receive many reports from users who browse the web with antivirus sensors applied to their firewall policies.

I have been using it for seven years.

It is working in route mode, with all UTM licences active; it has FSSO configured to give permission to the users. It is configured to provide VPN SSL service.

I have encountered stability issues only when we enable all the UTM features.

I have not encountered any scalability issues.

Technical support is 9/10.

We have been using FortiGate solutions for eight years. We have been upgrading when solutions in the family become unsupported.

The initial setup is easy; no issues with doing it.

My company did not evaluate other options. They decided to purchase FortiGate directly.

Work a lot with all of the UTM features because they can be very helpful right now with configuring firewall policies. The policies became very whole.

With the application and web filters, we were able to block social network websites and any other websites that could lead staff being less productive. We were able to stop use of VPN applications on the school’s network. We were able to prevent the use of torrent applications.

It was used in a school network, so it kind of helped in preventing staff and students from getting carried away with their browsing.

I feel they need to work on the alert and event logs. We were not able to get anything much out of it when we were facing issues. Not sure if it was a configuration issue; we were, in fact, not able to see any system-related logs.

I used it for two years. I had to replace it as the number of staff increased to beyond its limit.

We did have an issue with it hanging occasionally. But then later, we figured out that it was handling traffic beyond its limit.

Technical support is average.

This was the first device we used.

It was installed by the IT solution provider while setting up the school.

It is a good device for a medium-sized company. But if you have over 150 staff/devices, I wouldn’t advise using this.

The web content filtering and application control allow us to control which websites and online applications our users can access and those they cannot, thus preventing access to pornographic sites, online gaming sites, social media and many others during office hours.

The application control reinforces the blocks, preventing, for example, users from using specific applications to bypass the web content filter blocks. An example is a user running the UltraSurf proxy, attempting to access banned sites. With the application control function, FortiGate is able to prevent the operation of this application.

IPS - Intrusion Prevention System: It is the main component that detects and blocks hackers and malware attacks.

Other valuable features are SSL VPN and WAN link balancing.

It provides real security for business customers.

The reports provided by the equipment could be more detailed, and not so dependent on the FortiAnalyzer.

The FortiGate internal reports are good, but could have more details and options for viewing certain network data. For the client to get the richest reports, they need to buy the FortiAnalyzer appliance or hire FortiCloud service. These two aim to catch all of the FortiGate logs and turn them into friendly reports, many of which are not present in FortiGate itself.

I have been installing and configuring this product for at least 10 years with different companies, including other models such as the Fortigate 60D and 80C.

The product has always been stable and performed quite well.

I have not encounter any scalability issues.

Technical support is very good. Fortinet professionals are well trained.

For commercial UTM solutions, I have always worked with Fortinet; I had no reason to trust another third-party solution.

It's simple: Just turn it on, access your Web console via the default IP address and then perform the settings.

I installed and configured the 200D for one of my clients.

The full license is UTM Bundle Full Guard. The license fee varies according to the Fortigate model; prices can be low or too high.

If you need real and effective security for your network, do not hesitate to buy a Fortigate appliance. It is no wonder that it is the best according to Gartner, for several years running. It delivers what it promises and more when it comes to performance, stability and security functions.

I enjoy the combination of an intuitive graphical interface and also a traditional shell command line environment for more advanced administration. The option to configure policies in a graphical environment is very easy to understand and also simple to teach someone else unfamiliar with the product.

It’s much easier to share administration tasks with more people. Due to the flexibility and ease of certain features, I can delegate more simple and routine tasks to other administrators and I don’t have to be the “Firewall” guy all the time.

I think the graphical interface always has room for improvement. I would like to see more attention put towards the logging functions as well.

I worked with this solution daily for over 12 months.

I encountered several strange issues in v5.0 (and earlier) OS versions. Strange anomalies like random reloads, VPN instability and unexplained policy changes. However, all of these issues were resolved in v5.2.

I always had great experiences with Fortinet. I worked with them several times to resolve configuration issues and process RMA’s on failed equipment, which was rare.

I’ve personally used Cisco ASA and PIX architecture and after using Fortinet, I always prefer FortiGate products in terms of functionality and ease of use. I recommend these to clients looking for a firewall solution.

Usually always simple and straight forward. I can get a client up and running with most standard policies and inbound/outbound control in a single day and make adjustments as needed. I can usually preconfigure Fortinet products and send them out for install.

I always implemented via in-house. I think the most important advice is to always test new configurations in the lab especially, when upgrading firmware.

From my experience, FortiGate products are affordable and worth the investment.

I think for almost any small to mid-size business this is a great solution. Fortigate should definitely be considered before choosing a more expensive and complicated product.

• Policy control
• Web filtering
• Application filter works smoothly.
• Controlling and tracing with web console works nicely for windows systems.
• Better QoS than Checkpoint, I believe.

Previously, my organization had the Checkpoint firewall solution, which has been replaced by the Fortinet Fortigate solution, which is cost effective and more manageable from a beginner's perspective.

Fine QoS and Web based filtering solution is a plus.

• Maybe Linux system monitoring can be improved by the developers of the product.
• Although it has policy control and web filtering, these could be better.
• Application filter needs more control options.
• IP tracing works only so-so.
• Controlling and tracing with web console for Linux only obtains IP addresses.

• Performances
• VDOM
• UTM
• Consolidated Management
• FortiGuard

• Endpoint control of mobile devices with Security Profiles compliancy checking, captive portal redirection, Antivirus, IPS and Web Filtering enabled on outgoing traffic (coupled to FortiClient solution)
• Identity-based policies used to authenticated and profile users and guests whatever the media used to access the network (ie. Wired and WiFi)
• Dynamic BGP routes injections to divert traffic requiring UTM inspection or DDOS mitigation
• Two-Factor Authentication VPN SSL for itinerant users (coupled to FortiToken solution)
• Active/Active cluster load-balancing http/https traffic
• GTP tunnels inspections over GPRS backbones for pure-player telco operators
• Distributed WiFi infrastructure with UTM enabled and managed from the central console like signatures and firmware updates
• Classical IP/IPv6 Firewall with consolidated-management

• Fix all pending bugs present in 5.0.x branch
• Improve the testing process of newly published firmware like using real and representative configurations submitted to consequent traffic load during a while
• Support SNMPv3 INFORM requests
• Uniform the scheduled backup between FortiGate, FortiManager and FortiAnalyzer
• Integrate graphical troubleshoot tools for policies based on devices or user identities

4.5 years

Some few non-blocking bugs present in the latest release and which are now solved. In the past I encountered serious bug regarding SCTP and GTP supports. Fortinet helped me to qualify the bug, implement a temporary workaround and then published appropriate patches rapidly.

No. I always used the latest qualified-stable firmware recommended by Fortinet and check by own testing methods the stability of HW and SW before deploying anything into customer premises.

With design and dimensioning parts well achieved I never encountered scalability issue. However it happened I had to troubleshoot some slowness and latency issues on existing projects already running live. Most of the time they were due to some design issues and non-optimized configurations like for instance “in” and “out” ports not handled by the same NP, policy rules non-optimized and non-used features enabled.

Very good.

Very good.

• CISCO ASA: Too expensive, performances issues, non-consolidated management between traditional ASA and inspection ASA CX, not the best security engines
• Checkpoint: Very expensive but good solutions, not the leader in UTM segment
• Juniper: Expensive but good solutions, not the leader in UTM segment
• Cyrberoam: Attractive prices but not yet tested, looks like promising
• Arkoon/Netasq: Obsoletes (Stormshield not yet tested)

It was quite simple if you have at least a minimum of experiment with Firewalls integration. It is now even simpler thanks to the FortiExplorer application.

In-house.

Taking into account the price criteria, nowadays Fortinet always wins offers in front of competitors like CISCO and Checkpoint. Mixing this key-point with other success keys like UTM features and performances.

Contact Fortinet or Fortinet’s partner and ask for a POC.