Fortinet FortiOS Reviews

I used FortiOS, the Fortinet firewall operating system, to connect two additional sites. I set up IPSec VPNs to connect all three sites. I also configured firewall rules to block certain countries and websites, such as gambling and social media sites like Facebook. Additionally, I implemented firewall rules to protect our web servers from XSS and SQL Injection attacks. Initially, I configured the VPN using IPsec, but when I couldn't find a suitable client for our workstations and desktops, I switched to SSL VPN. Fortinet provides dedicated FortiClient VPN software, which I used for this setup.

At the beginning of this month, we experienced DDoS and SQL injection attacks. The attack originated from a botnet and seemed to be associated with BroadNet. It was coming from a Fortinet device. I had to contact Spectrum to inform them about the botnet attack and provide them with the specific IP addresses to block. This action likely prevented us from being hacked and protected our web servers that were exposed to the public. This incident highlighted the usefulness of FortiOS's threat intelligence features.

The firewall options in FortiOS allow us to open up access to our vendors for EDI and all its features.

Fortinet could integrate something like a YubiKey for 2FA with their SSL VPN clients. Additionally, Fortinet could support WireGuard for our small office locations.

These small offices have two clients that log into our VPN from their workstations. Since all our sites use FortiGate, it would be great if I could set up WireGuard on the Fortinet device. Instead of using IPSec, having WireGuard support for site-to-site VPNs would be wonderful.

I have been using Fortinet FortiOS since February this year.

They handle the support because it's their device. We don't own it; we lease it from Spectrum. So, I can't speak to that for now. However, when we used to own the FortiGate, every time I called Fortinet for support, I would rate their response time at eight out of ten and their problem-solving ability at nine out of ten.

Once they respond, because it takes me a while to navigate the bureaucracy, I call the 800 number. They ask for various information, tokens, and other details. After I explain the problem, they call me back again. Usually, they assign the issue to an engineer, which also takes time. The engineer then calls me and solves the problem. So, I have to deal with a lot of bureaucracy. 

Positive

We had a really old FortiGate there, and when we switched to the newer FortiGate, it was cheaper than the old one.

When we purchase a FortiGate, it comes with FortiOS. Overall, the pricing for the device and related components is better than average. In comparison, FortiGate offers more competitive pricing than Palo Alto and Cisco.

If they could log in, it would be possible only if FortiOS is included. With FortiOS, you can manage all your devices. Let's say you have ten devices and need to manage all of them, including patching FortiOS. FortiCloud helps you with that, and it's nice to have FortiCloud as a bundle with FortiOS. Even if you only have one device, I would still recommend it.

I suggest incorporating AI or machine learning to anticipate threats in the future. For instance, if you configure a new site with your FortiGate, AI could detect any misconfigurations. It would be beneficial for FortiOS, FortiGate, or Fortinet to have an AI feature that alerts you to potential misconfigurations in devices, like an edge router, communicating with others. This AI could also analyze your logs to identify patterns, such as frequent false positives, and recommend reconfiguring the device to minimize unnecessary alerts. 

It's good. In my case, I was the only one dealing with the devices at that time. I would get all kinds of false positives and alerts. Sometimes, if there's a new device, the configuration from the old device to the new device doesn't translate. Maybe on the old device, everything defaults to open, and you must close everything. On the new device, everything might be defaulted to closed, and you have to open up the required ports. So, something like that would be nice, where it's easier to configure and find out if you did something wrong.

Overall, I rate the solution an eight-point five to nine out of ten.

We use the solution for automated solutions.

Fortinet FortiOS's valuable features include intuitive policy creation and deployment, precise parameter settings to determine thresholds, and security profiles such as web filtering and remote application filtering, among others. These features greatly enhance the platform. It includes every available application in terms of features. For example, in RDP, we must control the application. It’s already there whenever we want to apply their role or policy to that application.

Fortinet FortiOS's integration could be improved. It has extensive integration features, such as collectors for other services and third-party intelligence feeds.

I have been using Fortinet FortiOS for six months. We are using the latest version of the solution.

The product is stable.

The solution is scalable. We have around 300 users using this solution.

We initiated support from our servers because the other part of the company was not working. They helped us adjust the tuning, and it is working now.

The initial setup is not complex. It will take around two or three days to deploy. Product cleaning, readjustment, and screening are continuous tasks, as the nature of the work requires tuning and adjustments. To connect the PC to the console, we assign the networking settings, including data capabilities, and then reconfigure them on the web interface (UI). Some settings are also presented in a web-based format in the CLI because they are easier to navigate.

The reserve utilization is very low. Based on my learning, my expectation is for every product to have a good intelligence system and frequently updated threat intelligence. Overall, I rate the solution a nine out of ten.

We are using the solution as a firewall. It provides portal access.

Feature-wise, the solution is strong. It has SD-WAN, site-to-site VPN, load balancing, and application-based load balancing. 

It's very user-friendly. 

Compared to other OEMs, due to the SD-WAN and the IPsec VPN, there is no need for the licensing for SD-WAN and the IPsec site-to-site on the remote access VPN.

Chipset wise they're using an ACS chipset dedicated to FortiOS.

The interface and dashboard are good. 

We've been happy with the pricing. 

The initial setup is easy.

There aren't any features missing at this time. 

For monitoring purposes, we don't have any option to monitor the ISP link. If the ISP link goes down, then there is no monitoring tool or in-built monitoring tool. We can use a third-party application, like Zoho or PRTG. However, we would like something in-built. 

They need to improve the solution at the application level. 

I've been using the solution for five years. 

Sometimes it is unstable. However, they'll easily fix the issue. We get upgrades and updates. If there is even any vulnerability or malware, we'll get it fixed immediately. They give good responses to the customers.

While there are bugs, sometimes the development team is on top of it and fixes everything fast. They'll send a patch in the next update.

We work with more than 100 customers. 

Technical support is helpful and responsive. 

Positive

I worked on FortiGate and Palo Alto.

The solution is very simple, very straightforward. It's not complex a all. 

How long it takes to deploy depends on the client's requirements. 

For a mid-level customer, we can deploy within an hour. We can complete everything and have it up and running, and the users get internet access. If they need more rules, they need more things, then it could take time, depending on the configuration.

The cost of the solution has been fine. 

You do have to pay for a license. I'm not sure of the exact cost. I'm more of a technical person.

We're a customer and end-user.

We have the solution deployed on the cloud and on-premises. 

I've deployed the 600F model a couple of times.

New users need to do some homework, and then we proceed with the configuration. Security-wise, they need to make the customized port. 

I'd rate the solution eight out of ten. 

Our company is a partner with Fortinet and uses the VDOM to deploy and service virtual firewalls for our customers. 

The solution provides good firewall and antivirus protection via IPX and its security profile.

The solution needs improvement with DDoS protection. 

I have been using the solution for nine years. 

The solution is stable and I rate it an eight out of ten. 

The solution is scalable and I rate it an eight out of ten.

The technical support is excellent. 

Positive

The initial setup was not very easy but the solution does integrate without much complexity. 

Our internal team of two engineers deploys the solution in about three days. 

The licensing costs are paid by our customers on a monthly basis and include maintenance and technical support provided by three of our engineers. 

The solution is quite affordable and I rate the cost a four out of ten. 

The solution is a leader in security according to the Gartner Report and I recommend its use. 

I rate the solution an eight out of ten. 

We primarily use the solution as a firewall operating system.

The built-in SD-WAN is the most valuable aspect of the product.

It is simple to set up. 

The solution has been stable so far. 

It's easy to scale. 

The pricing is excellent. 

SD-WAN configuration could be easier. 

The support could be better.

We'd like to see bandwidth optimization and traffic prioritization capabilities. These are the two things that I'm looking for, especially in SD-WAN.

I've been using the solution for three years. 

It's stable as a product. However, SD-WAN has some issues. The route policies and how you prioritize traffic are the areas of concern for us.

I'd rate the solution seven out of ten in terms of how stable it is. 

The scalability is great. 

We have 1,500 users using the solution. 

We are not very pleased with the support. It could be better. 

Neutral

We are using Fortinet, however, we are exploring Palo Alto.

While the initial setup is not an issue, the SD-WAN configuration is a little complex.

There are three people here who are maintaining the firewalls.

The solution is the cheapest on the market. I'd rate it five out of five in terms of affordability.

I've compared this solution to other vendors. Palo Alto is number one in the world. Then I would go with Check Point. Then my third preference would be Fortinet.

We are end-users.

I'd rate the solution five out of ten. 

We use the solution as a perimeter firewall. 

It's simple to use in terms of inbound and outbound traffic management, traffic shaping, and connectivities, as well as the VPN. Everything is built into it, so it gives us quite a good well-rounded solution.

With assistance, the initial setup is easy.

The solution is stable and reliable. 

I would like to see more statistics in the monitoring part. There is monitoring, there are DSCPs, and everything; however, I would like to have more active monitoring of the traffic.

Sometimes we would like to monitor some threats. For example, where are some bots, and how do we detect these kinds of things. That would be good for us.

I've been using the solution for more than five years. 

We've been happy with the stability. It's been good so far. There are no bugs or glitches. It doesn't crash.

We are not scaling it right now. We bought it sometime back and we didn't need to scale it. We bought a higher end for our use case, which is still sufficient for another few years.

We have 200 or so users of different levels and positions on it.

We do not have plans to increase usage. 

This firewall is quite a capable firewall - even up to 1000 users. Due to that, we didn't find any requirement to expand it or replace it somehow. It has helped us build our software-defined WAN, LAN, et cetera. It is sufficient for us. It gives us Gbps throughput, which is good enough. The firewall itself is 32Gbps capable, which is more than what we need.

We have used support sometimes. That said, mostly we use it via the third party directly. They are helping us with support of any type that we need.

There was something else that was used. However, I don't remember what was that previously.

The initial setup was easy for us as we had assistance. 

For the deployment, one person was involved from the outside, and two people we assisting from our side. In total, three people were involved.

The deployment itself took a few days as we were rebuilding policies as well.

The initial setup was done by the contractor. For that reason, we had no problem implementing this.

The ROI we have witnessed is good. I would rate it five out of five. 

We started with a three-year license and have since renewed it. 

For three years, we paid about 2,800 KD, which is about $9,000.

The product is pretty affordable overall.

We are just customers of the solution. 

We're not using the most recent version. We updated it a few years ago and we are still using that version.

I'd rate the solution ten out of ten. We are really happy with it in general. 

Potential users should plan what they want to do with it before buying something this big and this good. They should know what they want to do first and then act accordingly.

The best aspects of the solution are the wire signature and VPN, secure VPN encryption, and bulk packet monitoring.

It is a stable product. 

The product is scalable and easily expands. 

Setting up the solution is easy.

We like the technical support on offer. 

It should be controlled in the local environment as well. Its gateway security is more powerful. However, it should also manage the local DSCP network, so the policies, local LAN policies, and other stuff should be there.

I've been using the solution for the last two years.

The stability is good. 

It's running in many places and in different organizations. There's a huge market.

 I found the solution to be scalable. 

We use it in more than one location. We have more than four or five people using it at each location. 

Technical support's good. When we register a ticket, they are always prompt in their response. There are two types of support. It's paid or unpaid support, depending on the service we are using.

Positive

We've also used SonicWall. 

The initial setup is straightforward. It's not complex, You should know where it exists in the OS. Then you can work with it easily. Otherwise, the complexity is something you have to contend with for a new user.

We have witnessed an ROI. 

You need to repurchase a license every year or two. Costs are negotiable and sometimes they offer promotional prices. A yearly subscription might be around $20,000 to $30,000.

We're a customer and end-user.

We would recommend the solution.

Fortinet is a good product. However, other products are good as well. It really depends on the customer experience.

I'd rate the solution seven out of ten due to the cost of quality of services, and due to the fact that we know other firewalls are more powerful than Fortinet. That said, Fortinet is very economical and gives us an appropriate solution based on what we require.

Fortinet is used for security. FortiOS is the operating system. FortiAnalyzer, for example, can be used on it and it is used for log management, et cetera.

The solution is very easy to use. It's a solution that has a powerful CLI and a very powerful graphical user interface.

The solution scales well.

In terms of stability, the solution is reliable.

It's not too hard to implement the solution.

Technical support is helpful and responsive. 

The pricing of the product is too high. They should work to lower it.

I've been using this solution for three years. It's been a while. 

The solution is stable. There are no bugs or glitches. It doesn't crash or freeze. The performance is reliable 

We have found the product to be scalable. It's not a problem if you want to expand it.

There are 1,000 users on the solution at this time. 

While there may be plans to increase usage in the future, I'm not sure if that's the case just yet. 

The technical support on offer has always been quite good. We are satisfied with the level of service they provide.

Previously, we were mainly using Cisco firewalls and products.

We enlisted some assistance with the implementation process. The setup was pretty easy. It wasn't overly difficult.

We have three people who are able to maintain the solution. They include me and two team members who are both engineers.

We used an integrator to help us deploy the solution.

The solution is fairly expensive. The cost is around $40,000.

It would be ideal if they offered more licensing options.

We were presented with some other solutions such as Palo Alto and Check Point. We prefer Fortinet due to the features on offer.

I'm an end-user and customer. 

We are using a few versions of the solution, some with 6.2, which is not the most updated version, and some others with almost legacy versions such as 5.6.

I would advise users to not stick with the last version if a new release comes out.

I would rate the solution at a nine out of ten. We have been largely pleased with its capabilities.