Fortinet FortiGate Reviews

I use Fortinet FortiGate to secure our infrastructure, user data, data encryption, and to prevent DDoS attacks. 

I also have experience with FortiManager and FortiCloud. I have experience in integrating SD-WAN capabilities with Fortinet FortiGate because I am using SD-WAN with multiple ISP lines, using it as a load balancer and for specific route traffic.

Fortinet FortiGate has positively impacted our organization by preventing hackers from accessing our network.

The performance of hardware-assisted DDoS protection in Fortinet FortiGate when managing data center traffic is very good.

One of the best features of Fortinet FortiGate is VLAN. Dynamic Segmentation and SD-WAN are also very good. 

It is stable and easy to use. There are a lot of good resources available on the web.

Fortinet FortiGate could be improved in terms of user friendliness at the policy level and assigning URL based and keyword based features.

I have been working with Fortinet FortiGate for around three years.

Fortinet FortiGate is a stable solution and the best solution.

The scalability of Fortinet FortiGate is good.

I would rate technical support from Fortinet a ten out of ten.

Positive

Before choosing Fortinet FortiGate, I was using Sophos Cyberoam, which is outdated. I switched from Sophos to Fortinet FortiGate because the Sophos device was outdated, not providing the same SD-WAN features at the same cost and central level.

We got our ROI in the second year due to its stability.

The licensing cost is at the intermediate level.

I would rate Fortinet FortiGate a ten out of ten. 

I was involved in deciding on Fortinet FortiGate, but I am not the one who's using it on a day-to-day basis.

We want to make sure that our on-prem servers are protected. We basically use VPN to configure that on Fortinet FortiGate, so that is the major purpose, and that part is working well.

We have not had any incidents where our servers got compromised. It's all good.

For security, it has all the required features, such as the web filter and DNS filter. Also, for accessing the network, we have various rules.

Our IT staff says that some of the security features are better than Sophos's.

Its usability is good. We can easily navigate the system, and we have a very good user experience. It's easier to understand the software compared to Sophos, which I feel is a little more technical and could be difficult for a first-time user.

I want some additional features. For example, I want something to ensure that when we are using Google email or Microsoft email, or Google Workspace, emails can only be accessed on designated machines given to our employees. I would like them to access data from designated machines, not from any machine. It should work for designated mobiles and laptops. I don't know if Fortinet provides something like that out of the box.

We have just installed Fortinet FortiGate, and it has been two months since our installation.

Fortinet FortiGate is stable.

Fortinet FortiGate is scalable.

We are going through the vendor for technical support. If we have any issues, we raise a ticket, and they respond immediately.

Positive

Previously, we were using another firewall device, Sophos. Compared to that, Fortinet FortiGate provides more features and better security. Fortinet FortiGate supports WAN migration. Fortinet FortiGate is also better in terms of speed. In the dashboard, we can get all the stats reports and logs.

Deployment is not very difficult because they have their migration tool.

We are facing some challenges. We are working with a third-party vendor, not FortiGate directly, for the installation and other things. The problem is that their knowledge is very limited. We are facing some challenges. With Sophos, we could enable multi-factor authentication for VPN users. FortiGate also allows that, as per our initial analysis. The people we are working with are not able to configure MFA. They are having some technical issues. Fortinet needs to ensure that its partners are well-trained.

Only two people were involved in the deployment process. The vendor side had their own technician, and we had one person here.

Cost-wise, there is not much difference from Sophos, but feature-wise, we get more features.

We did some comparisons between Fortinet FortiGate and Sophos. We went with Fortinet FortiGate because of the security features and easy-to-understand console.

I would rate Fortinet FortiGate an eight out of ten.

We have a Fortinet FortiGate 900 series that is a big UTM. We also have 10 Gig switches, all fiber, for distribution of the service provider's connections.

The key features include SD-WAN, firewall use, intrusion prevention, intrusion detection, and application control. 

I have tested 90% of the features that Fortinet FortiGate offers. This type of solution helps us integrate all communications of our company. They guarantee operational continuity of our company and reduce risks by eliminating and detecting threats. This solution gives us agility.

The area that Fortinet may improve is customer support. When you have an incident, situation, or open a case, the support is not as good as Cisco or other platforms I have tested. There are many opportunities for improvement.

I've been using the solution for eight years.

Currently, we are experiencing a general outage of one of the main internet service providers of the Dominican Republic, and we have not been impacted in our operations because with SD-WAN, we have another internet service provider and we are working with the second WAN connection without any disruption.

The area that Fortinet may improve is customer support. When you have an incident, situation, or open a case, the support is not as good as Cisco or other platforms I have tested.

Before Fortinet FortiGate, we had Cisco.

It was not easy. While it might be easier now than eight years ago, you have to be careful and ensure you use a great partner that helps you implement this solution as easily as possible.

The experience is good when you use a quality partner or integrator. We use an integrator, located in the Dominican Republic. They have great support here and extensive knowledge.

The return on investment is great. Previously, we were using a dedicated point-to-point connection from the service provider that cost approximately $3,000 a month. When we implemented Fortinet FortiGate, we changed to two internet high-speed dedicated connections, costing approximately $2,000 in total, resulting in significant cost savings.

The cost efficiency is notable because it is an overall product with a mid-range price point, and you receive more value for the price.

Before Fortinet FortiGate, we had Cisco.

The only product that I have not integrated yet is the Unified SASE. This gives my team agility because as the Chief Information Security Officer, I do not have frequent contact with the platform, but my team has this interaction. 

On a scale of one to ten, I rate this solution a nine.

The SD-WAN feature of Fortinet FortiGate has been most impactful in maintaining our network's integrity.

Fortinet FortiGate's threat detection capabilities are good for our use because it's an internal firewall; however, we haven't enabled some of the features that are there. We've enabled IPS and antivirus generally.

They could improve the response time and quality of support.

I'm not sure what additional features they need to have in the future to make it better. For the purpose that we use it, it is doing the job, but I haven't explored some of the features.

I have been using Fortinet FortiGate for seven years.

I haven't had any issues with the stability or performance of the actual firewall. It has been fine with no bugs.

We didn't have to think about upgrading or anything; it does what we bought it for. If it wasn't for the end of support and the end of sale, we would not think about changing it. We are considering similar products for upgrading, maybe newer or bigger hardware.

The product is scalable. Currently, 120 people are using Fortinet FortiGate in my company.

I would rate their technical support about six out of ten; I'm not fully satisfied. They could improve the response time and quality of support.

Neutral

Fortinet FortiGate has delivered financial and operational ROI to my organization. It took about two to three years to realize ROI with Fortinet FortiGate.

At the time we bought them, I was satisfied with their pricing; I don't know how the new pricing will be.

We have to pay additionally for maintenance or support; it is not all included.

I would rate Fortinet FortiGate a seven out of ten.

We utilize Fortinet FortiGate appliances at six branch offices, one data center, and one DLP site. Our network is driven by SD-WAN, and we employ FortiGate as our firewall, FortiEDR for endpoint protection, and FortiSwitch for alerting on all layers of the network.

For me, the best practice is to deploy on-premises for data centers. However, for small branch offices with over ten to twenty staff members, I can deploy the devices remotely. We can provision our cloud and push the configuration to those devices from the cloud.

The visibility that FortiGate provides into our devices is crucial for network segmentation. I want to see the output in a specific way. The traditional approach has shifted slightly, as I'm accustomed to Cisco networking equipment. Typically, we have a call feature, but I'm currently using all the call features for internal routing. However, with FortiGate, most security subnets are segmented and protected behind the firewall. This allows me to lock down or secure sensitive subnets, such as HR or departmental information. I can log in from there, and all other subnets for client users require centralized access. This means that all traffic must go through the firewall, enhancing security.

FortiGate enabled us to achieve compliance with governance requirements. The FortiGate, along with fabric security and checkpoints, essentially act as regulatory checkers, reviewing our security practices against industry best practices and guidelines. If they identify any discrepancies, they alert us, allowing us to develop and implement mitigation plans to address the issues. For instance, if our SSH configurations don't meet security standards, such as algorithm or cipher requirements, FortiGate will notify us, enabling us to take corrective action and regain compliance.

We utilize API calls for FortiGate, including those related to our PRTG monitoring system. Additionally, we employ HVAC calls and leverage another MDR solution from Arctic Wolf to trigger specific events on the FortGate. This API functionality enables us to generate API keys and seamlessly integrate with API features across various platforms.

Integrating FortiGate into our environment is straightforward. Our transition from Palo Alto to FortiGate was seamless, utilizing our existing policies and migration tools. FortiGate also provides provisioning capabilities for defining branch office configurations. As long as branch office devices can access the internet to communicate with Fortinet Cloud, we can remotely implement provisioning for these devices, offering greater convenience for small branch offices.

The built-in APIs streamline integrations with other vendors, reducing deployment time. They effortlessly generate API keys upon logging into the Fortinet network, facilitating the deployment of our PRTT monitor tools. These tools seamlessly integrate with each other, fostering rapid deployment. Most platforms, including Cisco Meraki, Palo Alto, and Check Point, now adhere to industry standards and support API calls.

FortiGate has been instrumental in mitigating the risk of cyberattacks that could potentially disrupt our production operations. I am particularly impressed with Fortinet's cloud-based FortiGuard service, which continuously updates our systems with the latest zero-day attack protection, significantly reducing the threat landscape within our industry. Given the energy industry's heightened vulnerability to cyberattacks, we have implemented measures to restrict access to our network based on geolocation IP addresses. This includes restricting access from countries such as Russia and China, further safeguarding our environment from potential threats. Additionally, FortiGuard's regularly updated list of malicious websites provides an invaluable layer of protection for our industry.

In the event of a production-disrupting attack, we can utilize FortiManager to remotely isolate and mitigate the threat by shutting down specific subnets or networks. We can easily navigate through the unpacked data, and upon detecting a suspicious event, we can initiate automation or SOAR processes to notify the Cloud Service Provider team with whom we have been collaborating. Additionally, we can establish traffic alerts. For instance, since not all users access the AD server simultaneously each month, if we observe such suspicious behavior, we can remotely shut down that network, thereby minimizing our risk exposure.

FortiGate provides us with actionable insights to guide our decision-making regarding the appropriate actions to take. We generate 20 gigabytes of log data daily, which we utilize to establish a baseline for network traffic on our servers and compare it to our generated report. This approach allows us to set a threshold for the read volume of 20 gigabytes of FortiGate data attempting to reach a server from an external source. If this threshold is exceeded, an alert is triggered, prompting us to take corrective action. The centralized monitoring of our environment provides significant value.

Security is not a single, isolated element. It encompasses the entire network infrastructure, including firewalls, routers, switches, endpoints, and even mobile devices. The Fortinet Security Fabric seamlessly integrates these components to provide comprehensive protection. It generates detailed logs, including those from access points linked to FortiSwitch. The FortiSwitch, fully integrated with the FortiGate Fabric, relays security alerts to the FortiViewer in the SOC. This centralized view provides complete visibility into the network, including SSIDs, wireless networks, subnets, and devices protected by FortiClient. The Fortinet Security Fabric tracks individual devices connected to the network, including compromised laptops. FortiClient triggers alerts and sends them to FortiCloud, which also receives logs from the EMS server and the firewall. These logs are consolidated in the FortiAnalyzer and forwarded to the cloud-based log server for analysis. This comprehensive approach to security ensures that all potential threats are identified and addressed promptly.

FortiGate has contributed to a reduction in our operational expenses. Prior to adopting Fortinet, we utilized Palo Alto for firewalls and Cisco for call switches. However, as we began using Fortinet, we gradually transitioned to their products. Currently, we employ FortiGate for our firewall, FortiSuite, and FortiAP Access Points, phasing them in one at a time. This approach has effectively minimized downtime and lightened our workload by enabling centralized management through a single pane of glass.

FortiGate has significantly reduced our time to remediation. We can now check logs from servers, firewalls, switches, access points, clouds, and even devices from different brands, all from a single centralized location. This has greatly reduced the time required for threat hunting and security event investigation.

Fortinet has been instrumental in enhancing our cybersecurity approach to safeguard our industrial machinery. We rely on some heavy equipment that is critical to our industry's operations. To protect this equipment, we have isolated it on a single subnet and implemented strict access controls, allowing only authorized users and MAC addresses to access the network. This ensures that only internal staff can operate the equipment unless authorized maintenance personnel are present. The high level of security we have implemented is essential because our industry's operations are closely tied to the core applications of our industry. We are committed to safeguarding our equipment and preventing any potential risks.

I appreciate FortiGate's flexibility, which allows for centralized management through FortiManager. Additionally, its integration with FortiAnalyzer, which can be deployed in the cloud, enables centralized monitoring of all firewall logs.

Fortinet needs to overhaul its documentation. Our current reliance on outdated documentation has resulted in significant time wastage. While we can locate the necessary documentation, the constant daily revisions necessitate meticulous identification of the relevant documents to prevent the use of outdated information that could jeopardize our environment. At the very least, Fortinet should classify its documentation to clearly indicate the applicable version, as our attempts to do so manually are becoming increasingly tedious.

I have been using Fortinet FortiGate for over three years.

Fortinet FortiGate is stable. I have not encountered any performance issues.

Fortinet FortiGate is scalable. 

The speed of Fortinet's technical support is significantly faster compared to Palo Alto. I recall an instance where I experienced an issue with Palo Alto, and it took an hour to connect with a real technician from Palo Alto. However, when I call Fortinet, it takes a maximum of two minutes to get a knowledgeable individual to address my concerns. Considering the stark contrast in service levels, imagine having a network issue with Palo Alto and having to wait an hour for support. Conversely, with Fortinet, we can receive proper assistance within two minutes. The difference is immense. This is the one aspect I find lacking in Palo Alto.

The reason I don't give Fortinet's support a perfect score is that I've worked in this field for many years and have come to expect a certain level of expertise. Even when we call Palo Alto, Cisco, Check Point, or any other support service, our experience can vary depending on who we get on the phone. If we're lucky, we'll get a highly experienced expert who can quickly resolve our issue. However, we may also get someone who is new to the team or to their role, and they may take a long time to understand our problem. While Fortinet's support is generally excellent, I have had a couple of experiences where I felt like the person on the other end was inexperienced and asked me irrelevant questions. Despite these occasional issues, I am still very satisfied with Fortinet's support overall, but I wouldn't give it a perfect score.

Positive

We previously used Palo Alto for five years and switched to Fortinet FortiGate. Palo Alto is expensive.

The initial deployment is simple. We need to determine which interface is the WAN interface and which is the internal interface.

With Fortinet, we should prioritize a centralized approach to ensure synchronization and consistency across the network. This centralized management strategy will streamline the implementation of SD-WAN, as it allows for the deployment of standardized templates and traffic configurations. Centralized management also simplifies future modifications, as minor changes can be pushed down without requiring complete redesigns. Conversely, deploying SD-WAN without prior centralized management can lead to complexities and potential disruptions. For instance, if WAN interfaces are configured independently of SD-WAN, integrating SD-WAN later will necessitate removing and reconfiguring existing data, policies, firewall policies, and rules. This process can be time-consuming and error-prone.

For medium and enterprise organizations, FortiGate is more affordable. We can choose from a variety of bundles to find the right license for our needs. The software is reliable and easy to install, and it will run smoothly on our systems. FortiGate is priced lower than Palo Alto.

I would rate Fortinet FortiGate nine out of ten.

I compared SD-WAN solutions offered by companies like Cisco Meraki, and Palo Alto. I'm impressed with SD-WAN solutions in general, but I recommend considering purchasing Fortinet's SD-WAN solution, as it could lead to significant cost savings. However, proper planning and design are crucial before deployment to avoid incurring additional expenses due to rework. That's my suggestion.

Fortinet FortiGate is our primary security solution for network communication. It enforces segregation between the IT and OT networks. All communication, integrations, and other traffic between IT and OT must pass through the FortiGate, which inspects and controls it.

FortiGate also serves as our VPN concentrator. Both internal users and partners connect their VPNs to FortiGate. We manage the entire VPN process, including access control and security policies.

All web traffic within the organization flows through the FortiGate for inspection and security controls. We leverage FortiGate's UTM capabilities, including web filtering, intrusion prevention, and application control.

While we have several websites running behind FortiGate, they are primarily static content sites with limited business activity. Therefore, we utilize the basic WAF functionality within FortiGate instead of a dedicated WAF device. This approach has proven effective for our needs due to the low volume of transactions and sensitive data on these websites.

FortiGate also manages communication between our internal IT units. With five units in operation, efficient inter-unit communication is critical. FortiGate ensures secure and controlled data exchange between these units.

FortiGate provides us with both visibility and segmentation for our industrial devices. This allows us to achieve good segmentation and also gain a clear view of the assets that reside behind them. Now, if I need to find a specific asset within our industrial environment, I can simply access Fortinet and check the assets listed there. Additionally, FortiGate utilizes sensing technology that identifies the type of each device, further enhancing our overall visibility.

FortiGate helps a lot to reduce the risk of cyberattacks that could disrupt our production.

FortiGate enables centralized management of our organization's network and security operations, providing comprehensive visibility into our environment for proactive threat detection and mitigation.

The effectiveness of our response to a production disruption depends on the affected environment. Some environments have sufficient redundancy to continue operating without the system, while others require immediate intervention. To address this variability, we utilize a strategically deployed FortiGate across all environments. This firewall enforces pre-defined rules to manage traffic and data flow effectively, ensuring that disruptions are minimized and operations continue smoothly.

FortiGate provides us with actionable data, enabling us to make informed decisions. The visibility it grants into the devices operating within our environment empowers us to take timely action and safeguard them.

All our OT traffic traversing to and from our IT environment passes through our Fortinet FortiGate firewall, which helps to reduce our operational expenses.

The security fabric helps reduce our mean time to remediation.

Fortinet has helped us take a more serious approach to cybersecurity. 

The Intrusion Prevention System and the web filtering are both working well. The Deep Packet Inspection is also functioning properly, allowing us to see all network traffic, including encrypted data. I find the DPI to be a valuable and user-friendly feature. Additionally, the logs are clear and easy to understand. Having worked with Cisco and Check Point in the past, I can confidently say that these logs are on par with those of other leading security solutions. They greatly aid in troubleshooting, investigations, and general network monitoring. Overall, I am impressed with this solution's web filtering capabilities and robust IPS functionality. It is both easy to manage and deploy, making it a valuable tool for our network security.

While FortiGate offers a wide range of security features, I sometimes feel that the platform could benefit from more extensive improvements. Given the multitude of functions it provides, I wonder if the developers have enough time to adequately refine each aspect. However, for our specific needs, FortiGate currently performs adequately.

The debugging and troubleshooting has room for improvement.

I would like to see greater integration with third-party solutions. For instance, one example would be integrating Endpoint Protection with FortiGate, such that if an issue arises with Endpoint Protection, an action could be automatically triggered on FortiGate.

I am concerned about Fortinet's ability to help us meet regulatory compliance because its optimal functionality requires deploying all solutions within the mesh as Fortinet products. This raises questions about the compatibility and integration of non-Fortinet technologies within the Fortinet Security Fabric. 

I have been using Fortinet FortiGate for two years.

I would rate the stability of Fortinet FortiGate an eight out of ten. 

I would rate the scalability of Fortinet FortiGate an eight out of ten.

The technical support responds quickly.

Positive

I have worked with Cisco, Check Point, and Palo Alto. I worked with Cisco for ten years and I find Fortinet FortiGate to be a better solution.

The price is fair for what we get with FortiGate.

I would rate Fortinet FortiGate a nine out of ten.

Although we currently don't use any Fortinet devices designed for extreme environments, we are planning to test a few Fortinet switches in such conditions. This initial experiment aims to assess their performance and suitability for our harsh environment. If the switches perform well, we may consider switching our current supplier. While we don't frequently change our OT networks, prioritizing long-term stability has been our main objective, and we've achieved that so far. However, since Fortinet is our network supplier, testing their switches and confirming their reliability is a prudent step for when we need to update our switches.

Potential users should understand their needs before purchasing the solution.

I primarily administrate the solution as a firewall. It's a perimeter solution. We filter content in order to ensure protection. We use it to publish services on-premises.

The GUI is good.

It's a basic firewall and it's a simple configuration. It can be ported very easily to our unit.

All of the licenses are included. We don't need to buy more licenses per pack of users. It is cost-effective. 

We'd like to see what they will do when AI attacks are generated. They will need to ensure their prevention continues to be exceptional. 

The solution isn't missing any features. Maybe they could make some features more accessible, such as a way to translate directions between two networks that share the same subnets.

I've been using the solution for ten years. 

The solution is very stable. It is a robust unit.

It's scalable. You can grow as you need. If you need more, you can use a model to upgrade to the next model. 

We don't have users per se; I provide the service to clients. 

I very rarely contact technical support. If I need to scale, they have very knowledgeable sources and solid workbooks. The resources they offer ensure I always have a solution. 

I've worked with SonicWall and Cisco. Fortinet offers a good license model. It's also very clean in terms of configuration. It offers high performance. It is a bit more expensive compared to SonicWall, however, if you take everything into consideration, the pricing is quite reasonable. 

We have a FortiGate appliance. We are using the 2000F version of FortiGate and running the license for FortiOS. 

First, we design our network, then we update policies. 

Fortinet makes the process very easy. I try to make it more efficient by replicating policies using the GUI. 

How long it takes to deploy depends on the complexity. I have 20 or so subnets and some services and I can manage the deployment in two to three hours. 

It is not difficult to maintain the solution. 

I'm able to handle the deployment myself. 

The licensing model is very good. It's less expensive than Check Point. 

I'm an independent consultant. 

Users have to understand the size of the network. That would dictate the model you need. You also need a qualified technician to configure the unit. 

I'd rate the solution nine out of ten. It's very easy to use.

We use Fortinet FortiGate for the firewall as well as for the VPN. Any of the users outside the organization use the VPN. Any staff members working outside the office headquarters or our office location use the VPN.

The main aspect that I deal with is URL blocking and web access. I don't work with other aspects of this firewall.

It has upscaled our security posture, especially regarding external connectivity, because any access or connection from the company has to go through the Fortinet FortiGate firewall. It's doing a pretty good job. We do not have any complaints there.

Anything that we don't want to allow is not coming in. Anything we want to allow is not being blocked. We always have the granular control where we can block malicious IPs or subnets if needed.

Geofencing allows us to limit the countries from which we allow IP connections. There are many features that I may not even know or haven't explored, but in general, Fortinet FortiGate is doing a pretty good job for us. 

The web controls are what I appreciate about Fortinet FortiGate. We have extensive controls over areas where we could block external-facing IPs, external URLs. We can do geo-fencing with the firewalls, which is a good feature. 

There are too many updates coming for VPN, and the VPN keeps disconnecting frequently, which I find problematic. It does what it's supposed to do, but I practically face reconnection issues with the VPN. 

Regarding the Fortinet FortiGate firewall, I don't have any input. My scope is limited.

I have been using Fortinet FortiGate for around three years.

Fortinet FortiGate is stable. We haven't seen any latency issues related to it, though we do experience latency from ISPs.

I would rate the scalability as eight out of ten based purely on my exposure to security controls relating to URL blocking and website access. 

I haven't had a chance to work with Fortinet FortiGate technical support, but from my colleagues' experience, they say the Fortinet FortiGate people are easy to reach but hard to schedule time with. It's not as easy as having the Fortinet FortiGate engineer on the call and getting other teams involved; it requires careful arrangements to join in with the Fortinet team. I would give their support a neutral score of maybe five.

Neutral

I don't know why we switched to Fortinet FortiGate from Juniper; it's a management decision.

I was not involved in the deployment. I think it's not that difficult; there's no complexity involved as long as we are clear on what we want to do.

We have it on both cloud and on-premises.

I was not part of the team that implemented it. I don't know how much they invested, but it would be worth the investment.

My overall experience with Fortinet FortiGate rates as eight out of ten.