Fortinet FortiOS Reviews

Our company is a partner and we install the solution for our customers as a firewall for remote VPN use. 

We also use the solution to protect our own company that includes more than 1,000 users. 

The solution constantly adds features that are useful and user-friendly such as the ability to tweak firewalls through the CLI. 

The solution's graphic interface could be a bit more responsive and include notations when changes are made

I have been using the solution for seven years. 

The solution is stable. In seven years of use, I've only encountered two or three occasions where a bug affected the firewall's behavior. 

I rate stability an eight out of ten. 

The solution is very scalable and it is quite easy to add users. 

I rate scalability a ten out of ten. 

Technical support has issues with knowledge base at the first tier. It sometimes takes hours of explanation before support fully understands and can troubleshoot or escalate problems. 

Response time could also be improved. 

I rate support a six out of ten. 

Neutral

Our company has always used the solution and is not interested in other products. 

The initial setup is easy, it only requires one engineer, and the main interface is self-explanatory. 

Users who are familiar with the solution can always dig further in the CLI to change the properties. 

We deploy the solution for our company and our customers. 

One engineer spends about two days configuring, testing, and deploying. 

The solution is easy to configure and has good performance. 

Anytime I have thought of a possible feature I'd like added to the solution, it seems the developers are on the same page and it is available within a few months. 

I rate the solution a nine out of ten. 

FortiOS is the operating system of the FortiGate firewall. So whether it's an actual device or virtual machine, FortiOS is the actual software running.

FortiOS is dedicated to the next-generation firewalls. You can't really use it for anything else.

Essentially, their IPS and DNS filtering databases are the most useful for us. The industrial protocol database, which is the main one that we use, is great. They do extensive research to make sure that all the CVEs that they include in the IPS database are up to date and they keep it up to date. And that they don't miss any threats.

Their classification inside of that database of the various threats is typically very, very good. It's, for that matter, one of the best we've seen.

The IPS, IDS database with the DNS and industrial database are the three core main features that are the best for us.

We don't really find a lot of issues on it.

If I really have to complain about something, and there's not much, is the free VPN solution is a bit limited. Then again, it is a free solution. That's essentially it. Nothing else on the FortiGate or on the Fortinet OS side is really an issue. That's one of the main reasons why we use them: everything works and works well.

For what we use, there isn't really any missing feature. In fact, we actually want to get rid of some of the features that they have due to the fact that, for the security model that we need to implement, having more features actually opens up potential risk. We actually would like to have a device that is more focused specifically on OT environments the operational technologies.

We would prefer a device that's stripped down, that doesn't have all the other fluff in the more enterprise system. We actually want a feature where we can remove features that are there that we don't use. That is actually a thing that we find. We use it now in an operational technology environment. We use normal IT equipment. However, it's not a normal IT network. It differs significantly from a normal corporate IT environment. In a normal corporate IT environment, you like the fluff, and the additional features, and you can click, click, click, and you're done.

However, all of those features you add to a device open up risk for us. And that is something we do differently in the OT environment in operational technology. We prefer to not have the fluff. We prefer to have only what is needed for the device to do what it needs to do.

For example, imagine an additional feature for some sort of additional VPN technology has been added. However, it's not really needed for the OT environment, and it's not configured on the device, yet there's some sort of security threat in there. Now, all of a sudden, somebody can hack your system, and he's in there, and he's switching the lights on and off the entire city. And you don't know about it due to the fact that the additional fluff that we added to the system, we weren't aware of that issue was on there.

You can enable and disable certain modules in it. However, with disabling, nobody can really tell us if that module is disabled. Is it really disabled? Is it actually unloaded? Is it uninstalling Word from your laptop, or is it just not running Word?

I've been using the solution since 2009, give or take. That's almost 13 years.

We don't have any instability issues.

The solution can scale reasonably well, within the means, of course, of the device itself. You buy the device based on the current network requirements. We typically build in a bit of extra expandability into there to ensure that the device can cope with the additional load on it.

It greatly depends on the unit itself and what the limitations are. However, typically, expanding past that limit it's not complicated. Still, you'll have to procure a new unit. It's very crucial for us at the beginning phase to make sure that we know exactly what the customer's networking requirements are in terms of bandwidth, IPS, IDS, and throughput.

If a VPN needs to come in, we’ll need to consider what is done with the requirements of the VPN. And then, based on that, we'll specify the unit with additional capacity. However, if you go outside of the unit's capacity, you'll have to get a new or bigger unit.

It's actually an OT environment, not an IT environment. The actual user base is relatively small as not many people are allowed to use the operational side of things.

It's not like a normal enterprise network where you have thousands of people connected to it. It's very small. And when I say very small, it's typically ten or maybe 20 users.

If you log a support call, they have support engineers that jump on that support call very quickly to try and sort out your issue. There are absolutely no complaints that we have on their support side.

Positive

If you are a novice person that has never worked with any firewall and don't really understand the concepts, you may find it challenging to set up. However, there are help files, online tutorials, and videos that guide you on any of the topics you have in it.

It really helps you a lot to get to it in order to do the configuration. So it varies. It depends on how you install it. It may be fairly easy for your average user at home or for an average enterprise guy. However, for a process environment, it may be a bit more challenging since there are different approaches that we follow in order to install it. That said, Fortinet itself is not very difficult to use and its knowledge base and help are very extensive.

We only need one person to deploy the solution.

How long deployment takes depends on the customer requirements and what they require for their network that we need to implement. For the actual deployment of the FortiOS and the initial testing, you're looking anything from a day to about four days' worth of work.

That said, your pre-prep, in other words, all your pre-definition of your firewall rules and what security model you need to run and what security level in your Purdue model that you need to implement, can take a good couple of months to do since it's purely based on how you apply the IEC 62442.

It also greatly depends on what the customer needs are. The pre-prep work is actually the most important. The actual configuration is quick. However, the pre-prep work takes quite a while.

It's probably one of the best devices you have for ROI, especially regarding the current security landscape that we are in with the current kinds of security threats and stuff flying around. FortiGate is one of the best solutions regarding your return on investment.

If you look at the way that you'll typically have to try and clean systems, let's say, if you were infected with very bad ransomware, the amount of cost and effort and money that you'll have to spend in order to clean all your systems and get all your IT equipment and everything running in top form condition.

If you don't have a FortiGate unit protecting you, and you compare that to installing a proper FortiGate unit with all the correct modules and stuff like that, your ROI on it is much better than trying to clean everything after an attack. It's definitely well worth your investment.

There are different types of licensing. It depends on what kind of licensing you decide to take, if it's on an annual basis or if it's a three-year basis. It also depends on what modules you have selected in your firewall.

If you have the next business day on-site warranty, and if you have the actual hardware replacement, the normal RMA on devices like Cisco and those devices where the device fails, the company comes out and swaps the device out for you free of charge, that comes at a price.

It greatly depends on what options you take with their warranties and guarantees and stuff. It's very difficult to say what the licensing is until you break down which module you will take.

You need to buy the modules or the add-ons based on your needs. Licensing then will be directly connected to that. It’s like purchasing Windows. You can just buy Windows. However, you won't get Office working necessarily. It's the same with the FortiOS licensing. You buy the OS; then you buy everything you want to run on it.

You can just buy the operating system, the FortiOS. However, it won't give you IPS or any other advanced firewall rules. That will be an additional cost on your licensing.

They are slightly on the pricey side. They are affordable. However, they are not cheap. I’d rate them a two out of five in terms of affordability.

All of the infrastructure is hosted locally on-prem. We can't host it in the cloud due to security reasons.

We’re resellers more than partners. We provide the solution to customers. It's an industrial process environment.

Whether we use the latest deployment or not depends on the customer. However, we prefer to not install the latest version. We typically install two or three versions backward. The reason is, that your latest versions typically have a lot of bugs that are not necessarily known yet. Since this is a process plant, which is not directly connected to the internet, effectively, you go through a Purdue model, which connects to layer three or layer four before they get to the corporate network.

That then will break them out to the internet. The risk model for that is okay to have them not on the latest version. Also, since it is a process environment, literally, it's a process plant; it's an industrial process plant. The performance and uptime is king, not so much anything else. In a normal corporate environment, uptime and security is king. However, in a process environment, you need to keep the plant running 24/7 in order to pay the bills. The way that you look at how you install the product is quite a bit different than normal enterprise IT.

I’d rate the solution ten out of ten.

It is the best solution for users if they start out in a secure environment. They just need to make sure that they partner up with the correct partner that can guide them through the processes of obtaining the correct device and obtaining the correct training for themselves in order to use the device. That said, it's a highly recommended device to use from a perspective of security, usability, and installability.

We're using the solution for firewall segmentation, including segmentation of the network, authentication purposes, logins, et cetera.

Compared to other firewalls, segmentation is much easier in FortiGate.

The initial setup is straightforward. 

The support could be better. Their first-level support is often poorly trained. 

We don't have any other requirements in terms of needing new features. 

I've used the solution for ten years. 

The solution is stable. There are no bugs or glitches. It doesn't crash or freeze. 

It's scalable. The model we bought is highly scalable. However, if you buy a device on the low end, it may not be scalable. You need to consider what you need in advance and buy more than you need if you believe you will need to scale. 

Technical support is okay. Compared to Palo Alto, they need to improve a bit. Palo Alto is better. The first-level team isn't very knowledgeable. 

Neutral

I work with Palo Alto, Cisco, Fortinet, et cetera.

The initial setup is very simple and straightforward. It's not overly complex or difficult. You only need one person to implement the solution. 

The deployment will take only one hour, however, the policy web creation based on the user requirements may take time. That is the nature of every firewall. Usually, the deployment takes only one to two hours.

We handled the setup in-house. We didn't need any outside assistance. 

I don't directly deal with licensing. I can't speak to the exact costs.

I'm an end-user. I used to be a partner. 

We're using the latest version of the solution and update regularly.

I'd rate the solution seven out of ten. 

I am using Fortinet FortiOS for firewall security.

The most valuable feature of Fortinet FortiOS network segregation, UTM, and antivirus, freight management protection, such as DDoS. Additionally, the command-line interface(CLI) and the graphical user interface(GUI) are easy to use. The architecture makes sense, and the commands in the CLI are organized well. They have quite a lot of features are easy to use, and are user-friendly. Any novice can use Fortinet FortiOS without an issue.

I have been using Fortinet FortiOS for approximately eight years.

The stability of Fortinet FortiOS initial setup is simple and it is user-friendly. To do the whole process of transferring the firewall configurations and updates took approximately one day. 

We have approximately 2,000 users that use what hardware Fortinet FortiOS manages. All types of verticles are passing through the solution.

I rate the support from Fortinet FortiOS a four out of five.

There is some room for improvement in the support.

Fortinet FortiOS initial setup is simple and it is user-friendly. To do the whole process of transferring the firewall configurations and updates took approximately one day.

We have seen a return on investment because a lot of the features are effective. We do not need to train our engineers to use the solution, it is very easy to use.

The price of Fortinet FortiOS is comparable to other similar solutions on the market. We are on an annual license to use the solution.

I rate Fortinet FortiOS an eight out of ten.

We use Fortinet FortiOS to protect our office, and we have another deployment in production. We have the PCI DSS environment on which we have deployed the Fortinet Firewall.

I am satisfied with Fortinet FortiOS. It's a cool product and has a lot of UTM features. It has application control, web filtering, antivirus, IPS/IDS, DNS filtering, and many things in that firewall. It also has a web application firewall WAF feature. On the feature side, it's a good firewall.

It would be better if AWS instances were available. If I want to upgrade from T2.small to T2.medium, it should be available rather than having a big instance and paying a lot of money for that.

The issue is that we had deployed in AWS Cloud, and we were using a very small instance. Recently we wanted to move in-house and deploy it on the big instance because it was struggling with the RAM. If we use T2.small, we cannot upgrade it to the T2.medium. It has predefined instances in the marketplace with a lot of cost differences.

If I can increase the RAM, I have to choose the T3.large instance. If I'm paying $270 for the small instance, I have to pay more than double the cost for T3.large. It is about $850, and this is not good. So, it would be better if it was cheaper.

I think both AWS and Fortinet should think about that. They should provide it on lower instances as well. If I want to upgrade it from T2.small to T2.medium, it should be available, but it's a problem.

I have been using Fortinet FortiOS since 2019, so more than three years.

Fortinet FortiOS is a stable product.

Fortinet FortiOS is scalable. 

Technical support is good. When I create the ticket, they respond to me, engage the engineer, and support is good. No issue at all.

The initial setup is not too complex; it's simple.

It would be better if it were cheaper. We have the firewall in our office, and the license is expiring in 20 to 25 days. We got a quote for almost 80,000 Pakistani Rupees, which is a little costly.

If I compare Fortinet FortiOS with Cisco Adaptive Security Appliance (ASA), it's a cool product. The deployment of ASA is a little bit complex because it's GUI-based, and ASA also has a graphical user interface. But I still think Fortinet is a good firewall compared to ASA because if you want to use the IPS/IDS feature in the ASA, you have to deploy the management center and integrate it with the firewall, which is a little complex.

I recommend this solution to potential users because it has many features, and it's a stable product.

On a scale from one to ten, I would give Fortinet FortiOS an eight. 

We use it for end-point gateway protection and also use the FortiOS for external user connection and server VPN. We love that clear synchronization as it's almost invisible with the fabric for the guests, externally to connect. The zero-choice engine that they use is pretty good. It is perfect for setting up one-to-one channels for different services that have to pass through the firewall. So it does that seamlessly.

The most valuable features of Fortinet FortiOS are its constant updates and definitions. The new definitions and the content information coming out to the threat labs keeps you updated on your signatures so that you know what's happening out there. And also doing well, for my system, we have, like, what is called, active scans.

It's constantly accessing Sophos into your gateway, even Sophos that you authorized.

I want to see a better integration or a better integration with the endpoint protection or with EDR with the security life cycle. I want to see if that enhances a bit more so I have granular datasets and the user level through to the gateway because that's where most of our threats come from. It's from user activities on the Internet and passes into your files over that gateway. That's where most of our threats would appear and where our exposure to vulnerabilities lies.

So if we can tighten that up, we can harden our infrastructure much better.

I have been using the solution for quite some time.

The customer support team is good and responsive.

We did the initial setup ourselves, so it was easy. The learning curve was that great once you have any experience with any firewall or any experience with any security appliance, you can pull around it. We did get some help from our providers. But that was basic.

The EMS setup was all in-house. Our service provider assisted with the firewall setup. The implementations were very smooth. And the transition of our current from our current security device to that when we did it a couple of years ago, it's seamless.

The pricing is competitive for the medium and high markets but for the small markets it can be expensive.

You have to see what works best for your environment. Each environment is different depending on the applications and different services you are running in that environment. Suppose it's a full Windows environment versus a mixture if you have a hybrid environment. It all depends on the type of environment you're running and finding the right tools that meet your domain.

But for the regular Windows environment, it's perfect.

I rate it eight out of ten.

We are using it for security purposes. 

The security on offer is good.

It's quite stable.

The scalability has been great.

We found the initial setup to be straightforward. 

Technical support has been good overall. 

The UI could be a bit better. The coming generation will not be from the Sierra, and therefore they have a chance to make it much better and more user-friendly. Right now, we have to contend with CLI. We'd like it to be easier. We need the features to be in a UI.

I've been using the solution for more than five years. 

The solution has proven to be stable and reliable. The performance is good. There are no bugs or glitches. It doesn't crash or freeze. 

We find the solution to be quite scalable. If you need to expand it, you can do so.

We have more than 5,000 people on the solution right now. 

Technical support has been good in general. They are helpful and responsive. I have no complaints in regard to their level of service. 

Positive

It offers a pretty simple and straightforward setup. I'd rate it four out of five in terms of ease of implementation. It's not something that's too complex or difficult. 

I don't have many details surrounding the licensing. It's not an aspect I directly deal with. My understanding is the solution is moderately priced.

We are Fortinet partners. 

If a company is looking for a local security enhancement, we tend to recommend or select this kind of solution.

I'd rate the product nine out of ten overall. 

The most important feature of Fortinet FortiOS is the IPS.

Fortinet FortiOS need to manage its memory and CPU utilization better. It peaks at times, which sometimes can be challenging.

In a feature release, if Fortinet FortiOS could have better cloud functionality would be a benefit.

I have been using Fortinet FortiOS for approximately seven years.

The stability of Fortinet FortiOS is good.

Fortinet FortiOS is scalable.

I rate the support from Fortinet FortiOS a five out of five.

Positive

The initial setup of Fortinet FortiOS is simple.

We evaluated Checkpoint and Cisco before choosing Fortinet FortiOS.

The manageability suit is better in Fortinet in terms of device manageability and  OS upgrades. It has the capability of terminating a leased line, RF, and a USB dongle. When we evaluated Fortinet FortiOS, back in 2015, Cisco and Checkpoint did not have a 4G termination feature. Today if my MPLS goes down, the lease line goes down, I can connect a 4G dongle. In Cisco, you need to have a SIM  embedded in a device and you need to open the device, put it on, and then you need to connect it and extend the cable. It is very complex. In Fortinet it is easy.

I rate Fortinet FortiOS a nine out of ten.