We performed a comparison between Fortinet FortiGate, Juniper SRX Series Firewall, and WatchGuard XTM [EOL] based on real PeerSpot user reviews.
Find out what your peers are saying about Netgate, Fortinet, OPNsense and others in Firewalls."It's very easy to set up, it's very easy to make policies and, for an organization, that means you don't need IT expert in firewalls. You just need to have somebody who knows a little bit of IT, and that's it. With other products, you need someone with a "Masters" degree in firewalls."
"The most valuable feature is the ease of use."
"Its administrative panel is very intuitive and simple. It is simpler than the other solutions that we had. As an administrator, we are always looking for the easiest solution to manage network policies. We are able to filter everything on our network and also use the VPN feature, which is important these days when people are working remotely during COVID."
"I have found Fortinet FortiGate to be scalable."
"The VPN is the most valuable feature."
"The security fabric is excellent."
"Virtual Domains (VDOMs) are a feature that we found valuable."
"There are lots of features and most of them are deployed for internet security. Users are protected if they accidentally go to some malicious sites."
"We did not have problems with scaling, as we have less than 500 users in our organization."
"The most powerful feature in Juniper SRX is definitely NCLS."
"It'sa very secure device, it has good attack prevention capabilities using UTM."
"The technical support is quite good."
"It protects from distributed denial-of-service attacks with Screen Options."
"The GUI is simple to use."
"I have used technical support quite a bit, and they are really good."
"Juniper SRX is a very powerful firewall and sometimes can be used as a router."
"They have a reporting system which can store data over a very long period of time. Not many other firewall vendors provide a reporting system, but if they do, like Fortinet does, then you've got buy that as an additional product and that can be more than twice as expensive as the initial investment in the firewall. And without reporting over a long-term period, you're just about wasting your time."
"It configures in all-in-one place."
"I like the hostwatch because I can see what traffic uses the most bandwidth and I can block that site."
"Reputation Enabled Defense indicates that some websites are so infested that it's not even worth visiting them, and therefore saving the bandwidth of going through the detection process."
"SNMP status monitoring and the Central Management Software."
"It is stable and does not require you to reboot all the time."
"Application Control is fantastic with over 2,500 applications and the granularity that we can either allow people to view but not be able to log on to Facebook; or view it and log onto it if they're in the marketing department, but not play Facebook games. There are all sorts of different options like that. So it's highly granular."
"After installing the product, we achieved awareness of our data protection needs and email misuse."
"The support costs and licensing are sometimes so expensive."
"You do need some IT knowledge in order to effectively work with the solution."
"Its reporting can be improved. Sometimes, I don't get proper reports."
"I would prefer to have more detailed logs within the FortiGate products themselves rather than relying on a separate tool."
"Currently, without the additional reporting module, we only have access to basic reporting."
"My only complaint about FortiGate is a lack of QinQ VLAN tunneling. I haven't found this feature in any Fortinet product. You can do this on all Cisco routers, including the smaller models. However, QinQ isn't available on the biggest, most expensive Fortinet units. They still don't have that. I think now we're on software version 6.0, and they still haven't found a solution for QinQ. It isn't a dealbreaker, but that's my main complaint."
"They should improve the interface to make it more user-friendly."
"Maybe they could make some features more accessible, such as a way to translate directions between two networks that share the same subnets."
"In some cases, customers encounter issues related to network interfaces, while others prioritize security concerns."
"While the GUI is pretty good on the Juniper side, there can still be tweaks made to it that will make it even better."
"J-Web, Juniper Web, is sometimes not working great when users are increasing their internet use. Additionally, they need to improve the GUI, graphical user interface, and the firewall management needs to improve. Their CLI is good, but sometimes the GUI is very slow."
"In the next release, I would like to have a better web interface. It needs to be more user-friendly. Right now, you can only access many features through the console."
"it would be more powerful if Juniper brought out a security product other than the firewall, like anti-spam, endpoint protection, etc. Customers who want to deploy security solutions are not just thinking about firewalls... Juniper should have an end-to-end solution, from the endpoint to the network level."
"Third-party support for Juniper is a lot less than Cisco. This is no surprise, but a definite consideration if you are expecting to use a lot of third party support. In my guesstimate, for every 100 Cisco shops, you will find one Juniper shop."
"Its logging is very good, but we would like to have an easier way of creating more reports. We would like to be able to manipulate the reports or manage the way the reports are coming out."
"The big thing is performance. With all the features turned on it slows down."
"Syslog (Dimension) is focused on presentation, but needs more focus on utility like SonicWall syslog (GMS/Analyzer)."
"Sometimes we have had issues with stability of the product."
"The initial setup is neither simple nor complex. If you know the base in networking and how the firewall works, you will be able to figure it out."
"I would like them to improve the product's overall protections. This would be good for all product users."
"WatchGuard doesn't have a product that allows them to get into the data center. And that's just because there is no hardware to do the job. The software could do it, but there's no hardware that allows that to happen at the moment. So it doesn't scale as well as some other products, that's for sure."
"The setting policies need improvement. It needs an easier way to do static NAT and check on what policy is being used for that specific traffic."
"One huge issue with WatchGuard XTM is that I'm not getting reports in a readable format. Readable means, I don't want Excel online. We repeat auditing when we trigger the report or setup calendar. That functionality is what we are looking for from WatchGuard XTM here."
"The VPN errors are not helpful when troubleshooting."
Earn 20 points