Fortinet FortiGate Reviews

We have both on-premises as well as virtual firewall servers. We have quite a few FortiGate firewalls as part of our infrastructure. We are using Check Point more from the perimeter perspective. It is only there on the perimeter.

The virtual firewall feature is the most valuable. We have around 1,500 firewalls. We did not buy individual hardware, and the virtual firewalls made sense because we don't have to keep on buying the hardware. 

FortiGate is easier to use as compared to Checkpoint devices. It is user friendly and has a good UI. You don't need much expertise to work on this firewall. You don't need to worry much about DCLA, commands, and things like that.

FortiGate is really good. We have been using it for quite some time. Initially, when we started off, we had around 70 plus devices of FortiGate, but then Check Point and Palo Alto took over the place. From the product perspective, there are no issues, but from the account perspective, we have had issues. 

Fortinet's presence in our company is very less. I don't see any Fortinet account managers talking to us, and their presence has diluted in the last two and a half or three years. We have close to 1,500 firewalls. Out of these, 60% of firewalls are from Palo Alto, and a few firewalls are from Check Point. FortiGate firewalls are very less now. It is not because of the product; it is because of the relationship. I don't think they had a good relationship with us, and there was some kind of disconnect for a very long time. The relationship between their accounts team and my leadership team seems to be the reason for phasing out FortiGate.

I have been using FortiGate for the last four to five years.

It is stable.

I currently have about 36 to 40 devices that are being used. We use a certain number of devices from business to business.

We were not getting proper support from Fortinet. That's the reason we had to phase out FortiGate.

We implemented it on our own. It took around one hour. We have one or two engineers for its deployment and maintenance. 

We installed FortiGate four or five years ago. We are just phasing out FortiGate and not doing new installations of FortiGate. Whichever model is getting end of life, we're just replacing it with a Palo Alto device. We can use it in the future, but I don't see any presence of Fortinet in my company at this time. I see a lot of push from Palo Alto, Check Point, and other vendors, but I don't see Fortinet around at all.

With the current COVID situation, I don't know how FortiGate behaves when working from home, which is an entirely different concept. In other firewalls, we create HIP profiles and similar stuff, but I am not sure how FortiGate works in such an environment.

I would definitely recommend this solution, but I think Fortinet has to first create a presence. That is more important. Nobody says anything bad about the product. The product is still widely being used.

I would rate Fortinet FortiGate an eight out of ten.

We utilize the Fortinet FortiGate firewall to safeguard our network and provide secure VPN access from external locations.

We implemented FortiGate because we needed a firewall to protect our data.

FortiGate helped us meet our ISO requirements.

In the time we have been using FortiGate, we have not had any security breaches. 

FortiGate has reduced the risk of cyberattacks that can disrupt our production. Since implementing FortiGate we have not dealt with any such attacks.

I'm unsure whether centralized FortiGate management enhances efficiency, but our experience with it has been exceptional. We haven't encountered any issues, and the operational aspects have been seamless. Additionally, there was no downtime, which is crucial for our operations.

Our Fortinet security fabric has enhanced security across our industrial control system. By safeguarding our production environment and ensuring the security of VPN access granted to individuals, we have achieved comprehensive data protection. We have not experienced any incidents that would have occurred if our firewall was inadequate.

FortiGate does a lot of research, and the product is regularly updated, especially in the ransomware area. I know of a couple of other companies around us that had some ransomware incidents, but we never have. From that perspective, FortiGate has helped mature our approach to cybersecurity a lot.

The email protection and VPN features are the most valuable.

The process of configuring firewall rules appears excessively complex. While FortiGate offers greater functionality than other firewall solutions, its user interface could benefit from simplification.

I would like the log viewing process to be improved to provide a clearer understanding of the logs.

I have been using Fortinet FortiGate for five years.

I would rate the stability of FortiGate ten out of ten. We have never had any issues.

We used the limit of our FotiGate firewall which was around 150 users and we never noticed any performance issues. 

I would rate the scalability of FortiGate eight out of ten.

The technical support is good.

Positive

Our decision to switch from FortiGate to Sophos was solely driven by the seamless integration with our existing Sophos antivirus system. Had this integration not been an advantage, we would have maintained our FortiGate system.

The initial deployment was straightforward due to our understanding of the product and its operation. It was completed in one day by a team of two.

The price of FortiGate is comparable to that of most other firewall solutions and is more affordable than Cisco.

I would rate Fortinet FortiGate eight out of ten.

Except for the firmware updates we have to do now and then, there is no other maintenance required for FortiGate.

We had FortiGate deployed in one location in a big server room. We have 150 users.

I would recommend FortiGate to anyone. FortiGate is an out-of-the-box firewall with good pricing and excellent features.      

We have been using it for our internal infrastructure, but mainly, we are providing it as a service to our customers.

In one of the use cases, a customer is using FortiGate, and they also use FortiAP. To collect the usage and monitor the traffic, they use FortiAnalyzer. So, they have FortiGate, FortiAP, and FortiAnalyzer. It is not a very big deployment. It is a midsized company with less than 50 people.

The UTM feature is quite good. FortiAP is easy to deploy because both Fortigate and FortiAP are under the same brand. Otherwise, you need to do more work on the configuration.

Price, of course, can always be more competitive or better.

If a customer has a requirement for firewall, security, WiFi, and analytics, it is good if we can propose a solution from the same vendor, but we have found that no distributor in Hong Kong has sufficient knowledge to deploy Network Access Control (NAC) solutions. They have a wide range of products, but apart from the popular ones, such as a firewall or an AP,  there is not sufficient support here in Hong Kong for NAC solutions.

I have been using this solution for more than 10 years.

It is reasonably stable.

Our customers are mainly small to medium businesses. I really didn't have a chance to scale it up. We have a customer with two subsidiaries on the same floor. They are changing from traditional features to SD-WAN features. Based on what I heard from my colleagues, migration work is quite smooth, and there are no big issues.

I'm not doing hands-on work for the projects, but from my colleagues, I haven't heard of any delay or incompetency in support.

It is quite easy. The duration depends on the complexity. If you are using a firewall from one brand and WiFi from another brand, then you probably would need more time to do the setup. Overall, the saving is around 25% in terms of labor hours.

Their licensing costs are annual. The UTM feature license along with their support is called FortiCare. We include that as a part of the annual maintenance cost. Palo Alto or Juniper also have an annual subscription charge for UTM.

Price, of course, can always be more competitive, but it is not the most expensive product. The price-performance ratio is quite high for FortiGate.

I would recommend this solution to others as well as to our existing customers who are not using FortiGate. I would rate it an eight out of 10.

My primary use case for this solution is using it as a key net and as a firewall.

For Fortinet Fortigate,I have to have a Fortigate access point. In my opinion, it should have been a universal access, which supported the universal access point. At this point, our campus is large with some 10 thousand students and staff on board at any given time. Every time I have to use Fortigate, the access point portal has to be a universal type. It would be nice if I did not have to "marry" Fortigate for everything.

The only feature is that I don't have to be worried about categorization of the websites. I am able to put on the policies for the blog because this is an institution.There are several restrictions out there to get onto the websites. It creates a "headache free" environment for us.

A couple of things I've seen that need improvement, especially in terms of a hard coding. The driver-level active moment really is out-of-the-box and we have to have contact the customer support and sometimes it is difficult to resolve.

My only solution would be please don't make it as a closed source. Don't make it as
a closed source. Give some kind of a power to the user so that they can consider it
according to their determine that it should have some flexibility on concurrent
connections not be restricted. I agree that to some concurrent connections the CPU and
the box may be a lower model and it need some higher scale level with this. But, there
should be a provision. There should be a provision to go to at least to 60-70% onto the
threshold to go beyond the designed capacity of something. Like we call it as a design
capacity, and since 70% addition to the 100% of it.

If I compare with the open source, it has really frustrated me for a couple of things. Whenever my students or faculty goals increase, then in Fortinet, I need to change the model for going with the higher model, or better model more better first tier it can deal with it.

It should have been scalable. But, it is not quite so. There are limitations, I need to change the box or I have 1500 D. That means I can make 1000 connections, but some kind of vestibules are going on and the advances are going on. Then, I find it very difficult to give  a connectivity simultaneously and upon current connections. As a result, I have to deprive my faculties, my staff, or my students of certain functions.

Tech support is not very efficient in India.

We have considered the Linux Suite and HP BSM.

As I said, that at least one part I am "headache free" that I don't have to categorize all the websites and that security has been pre categorized by the people, and that the services are getting updated. At least one part of my problem is over.

There is no need to buy physical firewall hardware when you host multiple customers requiring individual secure access to their FW. You just create virtual domains (VDOMs).

You can create multiple Virtual Domains (VDOMs), which are treated as separate firewall instances. The reporting you receive out of this appliance is excellent. You will not need an external management system.

1. sFlow and NetFlow

I could not configure sFlow from the FortiGate graphical user interface. I realized that the sFlow configuration is available only from the CLI, and discovered that sFlow is not supported on virtual interfaces, such as VDOM links, IPsec, or GRE.

NetFlow is a network protocol developed by Cisco for collecting IP traffic information and monitoring network traffic. It is not supported on FortiGate for those who have a NetFlow analyzer/collector already setup in their network.

2. Policies

To control traffic in a firewall, you need to create and apply policies to the FW interfaces. By default, policies are sorted by FW interfaces and this makes FW interfaces an integral part of the policies. Zones provide the option to logically group multiple virtual and physical FortiGate firewall interfaces. Then, you apply security policies to those zones (logical groups of interfaces) to control traffic flow on those interfaces.

In a FortiGate unit with a lot of interfaces (including virtual interfaces), there is a high probability of having duplication of policies.

These devices are very stable.

They are easily scalable with multiple built-in interfaces. It supports a minimum of 10 VDOMs. VDOM supports all dynamic routing protocols like RIP, OSPF, BGP, and IS-IS. You do not need to reboot after enabling the VDOMs.

Area for improvement - there is one big configuration file with no separations for the unique VDOMs. Maybe they could separate individual VDOM configuration files with the root VDOM configuration file referencing the individual VDOM config files.

Customer Service:

Customer service is great, an eight out 10.

Technical Support:

I will give technical support an eight out 10.

We previously used different solutions as well. We did not switch, we have different requirements for different customers.

The user interface is relatively easy. The devices are easy to deploy and figure out if you have experience with other security appliances.

It was an in-house installation.

The ROI is great. These boxes are not that expensive compared to what they can do, their functionality, and the reporting you receive.

Fortinet licensing is straightforward and less confusing compared to Cisco. Fortinet has one or two license types, and the VPN numbers are only limited by the hardware chassis make.

I already have experience with Cisco ASA, so it was simply a customer preference and well within the budget.

Great appliances, and it is affordable.

We use it for managing access to our data center, regulating the communication tools employed among servers, and ensuring overall security.

Its performance in fulfilling our requirements has been satisfactory. The graphical user interface is straightforward to navigate.

There is room for improvement related to the logging and reporting aspect. It was somewhat challenging as I delved into the logs during an incident. Navigating through the logs to trace the specific information we needed, as well as generating the corresponding report, proved to be less intuitive. In comparison, when considering Sophos XG, which we also use, the logging and reporting functionality is notably more efficient.

I have been working with it for two years.

It offers good stability capabilities.

We have approximately two hundred users within our company.

I would rate its customer service and support ten out of ten.

Positive

Its performance justifies the cost, there is a prominent ROI.

The pricing is very reasonable.

I would highly recommend it. Overall, I would rate it eight out of ten due to the reporting and logging issues.

It's mainly used to secure our clients' network access because they do not have any servers. The only things we have connected to the FortiGate firewall are access points, CCTVs, and a printer. It's just used for web browsing and internet access.

It definitely helps with intrusion prevention. When managing a firewall, you need to create policies to dictate the traffic flow within your environment. And once you enforce a policy, it has an intrusion prevention assistant that you can activate, so it's not just acting as a firewall.

Like most next-generation firewalls today, it helps control network traffic. I don't have any problem managing the network traffic within our network. It's very easy to access and manage.

FortiGate has also helped reduce the risk of cyberattacks. If such an attack happened, the main consequences for us would be data breaches, where some of our company's most important information might be leaked and used by other people. That would endanger our production and security.

And with the System Events page, I can easily access and see the events that are happening within the device and the network. It's easy to track if something has happened and, based on that, make a decision about the next step that I should take. I can see if it is severe or if it is just something that is not critical but more than a nuisance. Even in that case, I have to think about the steps that I will take to prevent it from happening again.

Mostly, it's about protecting the internet access of our end users in the production area of our company. It protects us during our web browsing and from internet-related activities.

The feature I like most is the SD-WAN. It allows you to manage more than one ISP at the same time. And there is a high-availability mode, so if one of your ISPs is down, you still have a backup.

It also provides us with visibility because we are able to track the IP addresses, as well as the type of device, OS, vendor name, and the name of the devices.

In addition, Fortinet Security Fabric helps us meet regulations and compliance requirements.

The built-in APIs enable us to integrate with different vendors, such as TP-Link and Luigi. We did not have any problems with the integration. It's very easy to configure and connect. This helps reduce deployment time, but that has more to do with network knowledge than with the product. If you're familiar with basic networking, it would be easy for you to understand the application of a certain device and integrate it with the API of your choice.

I've been working with Fortinet FortiGate for about 10 months.

I would like to see improvements in the support from Fortinet. Here in the Philippines, whenever we have problems with a Fortinet product, we mostly ask for support from distributors and resellers and not directly from Fortinet.

Neutral

I don't know why our company acquired FortiGate because I'm not the account manager. I'm just the technical person who installed the product. But I can assume they just looked at other companies that are securing their networks and decided to secure their internet access like those companies do.

Including the reconfiguration of the network setup, the deployment took at least five days. But the actual deployment of the device only took one day. There were four people involved.

I have no idea what the difference in pricing is if you buy it from a reseller or distributor compared to Fortinet, or even if Fortinet gives that option. The pricing is justified. It's a little pricey, but what you pay for is what you get.

I can't say how much it has reduced MTTR because I have not experienced any issues with FortiGate.

When I first built the FortiGate firewall, it enabled me to learn more about the network security field.

We use Fortinet FortiGate for web filtering, IPS reporting, and firewall policy routing.

What we like about Fortinet FortiGate is that it's fast. You can also use it immediately, e.g. you don't have to wait and apply the policy before you can use it. It's robust and offers immediate usage, unlike Check Point, which we noticed was a slow product.

Fortinet FortiGate is also more secure, depending on how you set up the SD-WAN technology.

We also like the zero trust access, arrays, and the EDR features on this product. It's also 100% more user-friendly, e.g. even when I worked with them configuration-wise. The availability of the support hotline and their knowledgebase articles, e.g. the Cookbook, help a lot. Those articles are accessible to everyone, and they're free.

Whenever you implement a solution, you can run through Cookbook, then you can install the Fortinet certificate if you aren't able to, if you're stuck, but most of the time you are likely to get it right. The Cookbook explain everything straight to the point, and this makes it much easier.

Fortinet FortiGate can be integrated with different platforms. They have integrations in place, but I can't say they're 100%.

I've used Fortinet FortiGate for three years, and the last time I used it was last year.

The product is very stable. It's a powerful product.

Fortinet FortiGate is a scalable product.

Installing Fortinet FortiGate is straightforward. The Cookbook tells you where the issue is, then the packs that come with the software, they are quick to advise on what bugs you can expect, and how those bugs can be fixed. I enjoyed installing the product.

The initial setup for Fortinet FortiGate took less than a week. We spent another week migrating the policy, or recreating the policies on the new object, because of the incompatibility with Check Point. We had to recreate the policies, otherwise, the change was quick, and we just had to mount them and connect the HA link and the other internet link. The setup was quick.

The product has different licensing models, depending on what you're going to do. For the IoT service, initially the program was for free, then the IoT service and the mix firmware that we had, we had to pay.

Services are separate in terms of Fortinet FortiGate license models, e.g. you could have IPS, AV scanning on high availability, etc. The license could be on annual renewal.

I evaluated Check Point, but my problem was that it was too slow to install, and you have to wait long while your environment is down. With Fortinet FortiGate, it was instant. Fortinet FortiGate is very easy to install, unlike Check Point. Fortinet FortiGate is a better product.

I have experience with Fortinet FortiGate. I used to manage the product in the past, but in a different company. I transferred to another company into a new position, and Fortinet FortiGate is being used in my current company.

This product can be deployed both on-premises and on cloud. We use version 300E for on-premises, and VM04 on cloud.

They are doing a lot of things to improve Fortinet FortiGate, that I can't think of anything else I'd like added to it. There's zero trust access, the EDR, and the arrays. I can't really say that there's anything that they have not started. They're able to provide what I want.

We started with 100 users of Fortinet FortiGate in the company, then it went up to 270 users, because we also had a child company with end users of this product.

We didn't have to contact technical support for Fortinet FortiGate, because we had a third-party guy who was helping us, and we seldom contact him. If we find an issue, we just email, and he'll write back to us. We also get advise on the old firmware, for example, that there's a higher chance it's static and could be affected by vulnerabilities. Any help was done quickly, and it was nice. Nowadays, we are doing all the work, e.g. not having to contact our third-party guy.

We don't really need a team for deployment and maintenance. There's another engineer we're sharing ideas with, otherwise, deployment and maintenance are both very straightforward. You just need to know what you're doing, e.g. a good path, IPsec channels, etc., and it'll be much easier.

I can recommend Fortinet FortiGate to others, especially because I understand it the most now. We do know everybody won't choose it, because Check Point, Cisco, and other competitors are coming up with robust devices. Everyone wants to win against their competitors, but I'm happy with FortiGate. It's a product I can recommend to others.

I'm rating Fortinet FortiGate a ten out of ten, because it doesn't give me any issues. It's very easy for me to rate it a ten.