What needs improvement with FortiGate Next Generation Firewall (NGFW)?

I have not used the Unified SASE capabilities in Fortinet FortiGate. I do not have the AI or ML enhanced FortiGuard with machine learning or AI. My impression of the dynamic segmentation feature in Fortinet FortiGate is that while some customers use it, I believe it is not granular enough. It can separate VLANs, but it cannot separate individual users. We use it with FortiSwitch or AP to expand Fortinet FortiGate ports to every switch port. Regarding stability, I have experienced performance issues with Fortinet FortiGate. Sometimes it does not work correctly in certain situations, such as DNS or URL categories, where it might block incorrectly. When it comes to scalability, I find Fortinet FortiGate somewhat scalable, but not highly scalable because we usually replace it. We always buy a larger model to replace the old one. For better scalability, Check Point performs best as it offers products that allow for adding more firewalls to expand performance or bandwidth. In assessing the performance of the hardware-assisted DDoS protection in Fortinet FortiGate, I think it does not work effectively in critical events, as DDoS protection is challenging due to the number of attackers. In the future, I would like to see improvements with Fortinet FortiGate, especially as all firewalls emphasize AI or machine learning. I do not see significant use of AI in Fortinet FortiGate, whereas I can see how AI improves functionality in Palo Alto.

I wish Fortinet FortiGate's UI updates would be done in a more simplified way to improve it. I choose nine for my rating because I think there's always room for improvement, and I think some of the things in the UI need to be adjusted so they're a little bit more simplified and not overcomplicated.

We did not use Fortinet SASE, and I do not remember if our data center team utilizes it. Currently, I think Fortinet should enable more cloud, virtual, or unified solutions. One point against them is that their solution lacks a unified approach. Sometimes the licensing is not clear, and when you purchase a product, you find that you need certain licenses or additional products. There is not one comprehensive solution.

The FortiGate Next Generation Firewall (NGFW) could be improved in application control if they can have a bigger baseline of applications that they can identify, because this is something that is always growing. I know that Fortinet with the team is updating this database, but it's something that grows at a pace that is very difficult sometimes to keep up. This applies to all vendors, not only Fortinet.

I do not utilize the intrusion prevention and web filtering features of FortiGate Next Generation Firewall (NGFW). The ability of FortiGate Next Generation Firewall (NGFW) to inspect SSL encrypted traffic is not applicable in the current position, but in previous companies, it was really seamless whenever we used it. It just worked seamlessly. I don't recall if we use a centralized management console for FortiGate Next Generation Firewall (NGFW) in maintaining oversight across distributed networks. In my opinion, FortiGate Next Generation Firewall (NGFW) could be better by having specific models for home usage. I'd wish to have a FortiGate in my home, but the licensing isn't something that I want to purchase for home usage.

I'm not completely sure how Fortinet can improve the FortiGate Next Generation Firewall (NGFW), however, there were situations of availability related to their switching solutions due to box errors. Fixing the bugs in their switching solutions is necessary because I have faced several situations where we lost connectivity because of their firmware.

In FortiGate Next Generation Firewall (NGFW), my concern regarding improvements is the licensing model. In the latest versions, everything moves to licensing only, and to work from SSL VPNs and integrate those features, it is similar across all vendors, but my main concern is the DLP ( /categories/data-loss-prevention-dlp ) part, which has not advanced significantly.Regarding the AI capabilities of FortiGate Next Generation Firewall (NGFW), these AI features are not present in the latest versions, which is why we are working on those versions. They aren't suitable in a live environment, and while AI features exist, I don't have details about their availability in versions after 7.0, as I believe only versions 6.0 and below have those features.For future improvements in FortiGate Next Generation Firewall (NGFW), features-wise, SD-WAN enhancements are expected, especially in configuration or viewing SD-WAN monitoring, as some minor enhancements would be beneficial.The complexity in configuring the policies needs improvement, and the SD-WAN template should be available in the tunnel. When we create the tunnel, we need to add in SD-WAN, allowing the creation of VPN tunnels from SD-WAN, which requires technical expertise to configure. Automating that would strongly enhance it, as SD-WAN is number one now with FortiGate ( /products/fortinet-fortigate-reviews ), and going forward, more customers will move to FortiGate ( /products/fortinet-fortigate-reviews ).

FortiGate Next Generation Firewall (NGFW) could be improved by including more templates for setting rules or regular jobs. I do not recall if the software includes any AI features.

It would be better if there was more transparency regarding what the automatic rules do. When a site is blocked, it is necessary for me to consult the logs to understand what the Next Generation Firewall policy has blocked. There is usually no information about what is included or not included in these automatic rules.

There should be more testing before releasing software since it can be a little buggy sometimes when new features come out after updates.

The main area needing improvement is the user-friendliness of FortiGate's integration with other Fortinet tools like FortiAuthenticator and VPN services. Configuring these services is quite complex and not very user-friendly, requiring technical steps that are difficult for normal users to understand. Fortinet support's resolution of issues is slow, and the research on making the solution user-friendly needs to progress further.

I would like to see improvements in some of the hard drive features on FortiGate so that we can generate reporting within a single box.

The solution’s pricing is high.

The performance can be improved.

More SD-WAN features can be integrated into the FortiGate Next Generation Firewall. The vendor can make efforts to make the solution more budget-friendly.

When the SD-WAN is integrated with solutions like Citrix, it can appear complicated, which only tech professionals can implement. The solution should allow more user-friendly integrations or deployment.

Support for courses available on the platform

FortiGate has been solid for us, but I see room to explore its integration with Secure Service Automation for a more comprehensive security view. The initial migration had some challenges, but they were manageable. Now, my focus is on automating responses to alerts, especially during nighttime attacks. I want to investigate how FortiGate can connect with other solutions, like SIEM, to enhance our security measures while offline.

The solution's stability should be improved because it is extremely unstable.

In terms of solutions, for now, we don't have any SD-WAN. Yeah. We are planning to implement SD-WAN due to some failures we experienced last year. For our high availability design, this would be beneficial. So I would like to have SD-WAN as a part of the Next Generation Firewall. It would enhance high availability.

I see problems with the licensing. If I have to add a new feature, we need to add a license. There may then be extra costs for our maintenance budget.

There are multiple firewalls, and I mainly worked with Sophos and FortiGate. To weigh the pros and cons, different types and aspects should be considered in different firewalls. The support for FortiGate in the Indian region can be improved along with the scalability. The pricing of the solution is expensive, so it could be cheaper.

FortiGate Next Generation Firewall's performance and threat intelligence could be improved.

In order to make it even better in the future, improved integration with other vendors' solutions could be beneficial. FortiGate is compatible enough with other infrastructures, but I encountered difficulties when attempting integration with other infrastructures. So, better compatibility could be an area for improvement. Another area of improvement could be in terms of changing passwords. For instance, when using FortiGate firewall, you can have the option to set up SSL VPN, allowing users to connect to the network externally. It's like using FortiClient software. But here's the thing, when you have a local account on FortiGate, and you use it to access the network, there is no option to change your password, and that becomes a problem. Especially when you are not using Active Directory and instead relying on the local FortiGate database to create accounts. The admin creates the account for you with credentials and a password. But when you try to access using the VPN client software, you have the ability to change your password, and that's not ideal. It's quite challenging. So, if you need to change your password, you have to contact the administrator to change it on the equipment, and that's not convenient, especially in large environments. So, that could be the only solution.

The price of licensing could be better. The security of the FortiOS needs improvement, and features are available only in CLI. They could be available also in GUI. Features like forward traffic capture or NAC in the VPN should take into consideration both Linux devices and Apple devices.