We performed a comparison between Fortinet Fortigate vs. WatchGuard Firebox based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, Fortinet FortiGate came out ahead of WatchGuard because of its stronger support and better pricing.
"Fortinet FortiGate's ease of management is the most valuable feature."
"We use a southern institution that's audited for IT security and the reporting that automatically comes off the unit makes it much easier to meet compliance standards and makes it easier as far as the amount of time that has to be spent to compile that information. If you get your reporting set up correctly when you initially set it up, you just select the one you want and hit print. The auditing trail on it is the best feature."
"The user interface is relatively easy. The devices are easy to deploy and figure out when you have experience with other security appliances."
"Security management tool that's easy to integrate and easy to work with. No issues found with its stability and scalability."
"The security features are about the best that I've seen anywhere."
"Fortinet FortiGate's reliability is valuable."
"Centralized monitoring, policy management, and virtualized appliances allow us to take control over our public and private infrastructure."
"The threat prevention is the solution's most valuable aspect."
"It's pretty simple to understand when you want to do any diagnostics on your network. If you want to go in and see what packages are having trouble getting through, what's being held, stalled, etc., it's very easy to use in that way."
"I like intrusion detection the most."
"There are many fantastic features."
"The most valuable feature of WatchGuard Firebox is its ease of use."
"The set up was quite straightforward and we handled it in-house. It took a few hours to deploy the product."
"The most valuable feature for small and medium businesses is the support for various protocol proxies."
"I have found the DNS Watch feature for intrusion and prevention response and APT Locker most valuable to me."
"What I found most valuable in WatchGuard Firebox is that it's a functional platform that works, and each of its features works well. The solution also has good reporting and dashboard capabilities. I also find the overall performance of WatchGuard Firebox great."
"The support team for Fortinet FortiGate needs to be more customer friendly."
"They need faster serviceability and more security features."
"Lacks sufficient security options."
"I would prefer to have more detailed logs within the FortiGate products themselves rather than relying on a separate tool."
"It needs to improve its ISP load balancing."
"Fortinet FortiGate could improve by having better visibility. Palo Alto has better visibility."
"Fortinet needs to overhaul its documentation."
"It would be good if they had fewer updates."
"I don't think I can get a full-blown DNS client from it. I've been trying to have DNS services. It has forwarding, but I don't get the services of a full DNS client. My main difficulty with it is that I can't run a complete service. I need NTP. I need DNS. I need DHCP for my domain, but I only get forwarding. As far as I can tell, I don't get caching and the kinds of reporting and registration needed to host a DNS for a domain. I have to have a separate solution for that."
"The next release should have better software and configuration systems that can also be used on Linux."
"Some of the configuration options are somewhat confusing."
"There should be better integration and a way to configure multiple vendors into the same data center in order to offer more flexibility."
"Sometimes, the writing rules are a little confusing in how am I doing them."
"The way Secure Sign-On authentication is happening needs to be improved. When the Secure Sign-On portal is turned on, anybody who comes into the campus, whether he or she is a staff member or a guest, has to go past the initial portal. One of the shortcomings is the username. It shouldn't allow permutations or combinations with upper or lower cases. For example, when there is a username abc, it shouldn't allow ABC or Abc. It should not allow the same username, but currently, two separate people can go in. Therefore, its authentication or validation should be improved, and the case sensitiveness should be picked up. If I have restricted someone to two devices, they shouldn't be able to use different combinations of the same username and get into the third or fourth device. It shouldn't allow different combinations of alphabets to be used to log in."
"If they could make the traffic monitoring easier that would be great. I don't use it that frequently, but I would like to see some improvements in the ease of use of that component, so it makes more sense. I know it's a technical component so there's going to be some difficulty trying to make that easier."
"The data loss protection works well, but it could be easier to configure. The complexity of data loss protection makes it a more difficult feature to fully leverage. Better integration with third-party, two-factor authentication would be advantageous."
Fortinet FortiGate is ranked 2nd in Firewalls with 306 reviews while WatchGuard Firebox is ranked 13th in Firewalls with 78 reviews. Fortinet FortiGate is rated 8.4, while WatchGuard Firebox is rated 8.6. The top reviewer of Fortinet FortiGate writes "It's a reliable solution that's easy to install and cheaper than competitors ". On the other hand, the top reviewer of WatchGuard Firebox writes "Offers a streamlined deployment, intuitive interface and robust security features". Fortinet FortiGate is most compared with Sophos XG, Cisco Secure Firewall, Netgate pfSense, Meraki MX and SonicWall TZ, whereas WatchGuard Firebox is most compared with Netgate pfSense, Sophos XG, OPNsense, SonicWall TZ and Meraki MX. See our Fortinet FortiGate vs. WatchGuard Firebox report.
See our list of best Firewalls vendors and best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Even though my experience with FortiGate products has been mostly positive, I am partial to the WatchGuard appliances. I find the FortiGate interface a bit odd. For example, some of the wizards within the interface make me feel like it is more of a consumer device, even though I know it is a very capable appliance. The WatchGuard interface is more complicated, but it is also more capable. I also find that the UTM features within the FortiGate products lack some of the granular control available with WatchGuard.
I believe WatchGuard is the better choice regarding the quality of support, available documentation, and training resources.
I see that another reviewer indicated that WatchGuard lacked application control features. That is incorrect. Although I do not use this feature in any of my environments, I assure you that the features are available, and my testing has shown it to be capable.
WatchGuard appliances also can integrate their endpoint Threat Detection and Response client to an environment for a correlated view of the environment.
WatchGuard also offers multiple methods for managing an appliance. Although the GUI is very capable, I am not a fan of live changes to an appliance. There are instances when multiple changes must be made to achieve the desired outcome. When these circumstances arise, the WatchGuard Policy Manager software allows you to deploy multiple changes at once while maintaining an OH SH!T copy that you can quickly redeploy if you happen to make a mistake.
When it hits the fan, and you must troubleshoot an appliance issue, WatchGuard is far superior to any firewall I have worked with, including Fortigate. The ability to quickly and easily adjust the policies' order of precedence is a huge advantage and can often save a great deal of time troubleshooting.
Please do not take this as a negative review of FortiGate products. I am only speaking about firewalls. I have not used any of the other FortiGate products. I am strictly speaking of my experience deploying and managing FortiGate and WatchGuard firewalls. From my experience, I find the WatchGuard a superior product.
As a Managed Service Provider, our preferred product is WatchGuard, with our second offering being the Fortigate. We managed other firewall brands, but we only sell WatchGuard and FortiGate products under normal circumstances. There are exceptions based on the client's needs. For example, CradlePoint devices are often the best solutions for a client that only has cellular connectivity as an option. I only point out this situation because FortiGate is now offering LTE/5G solutions. We have many rural clients and moving forward, this may impact what we recommend. Unfortunately, at this time, I don't have enough knowledge to offer any intelligent input on these product offerings, only that they are on our radar.
In my organization, we use Fortinet’s Fortigate. We find it to be very powerful, cost-efficient, and reliable. The user interface is friendly, and it is easy to create policies and set rules. As an NGFW, you can upgrade the firewall cluster firmware without disturbing the user. The graphic interface is very intuitive. The endpoint and email protection are on point, and you don’t have to worry about downtime.
FortiGate offers malware and spyware protection, with advanced capabilities like proxy-based antivirus. It has advanced network protection features and a powerful intrusion prevention system with anti-spam and web filtering capabilities. For all the capabilities it offers, the price is reasonable.
FortiGate has downsides though: the technical support is not great, and there is not a lot of documentation available. It is also kind of hard to configure.
We reviewed WatchGuard before choosing FortiGate. WatchGuard offers a comprehensive advanced network security platform with enterprise-grade security. The router is rich in security features like antivirus, APT blocker, and spam blocker. It is simple to use and applicable for various use cases. It offers web filtering, application control, and monitoring.
We liked that the GUI interface seemed intuitive and easy to use. It integrates with Active Directory, so it is a good fit for MS enterprise users. You can also schedule backups with ease.
WatchGuard is, however, lacking in features for application control and we found the DNS server functionality to be poor. The firewall policies don’t point to a domain, only to IP addresses. While it is excellent that it integrates with Active Directory, the single-sign-on sometimes doesn’t refresh users’ permissions when they log on and off.
Conclusion
Fortinet Fortigate is undoubtedly a powerful and established next-generation firewall, and with all the features and capabilities, it is a better and more cost-effective solution than WatchGuard. WatchGuard would be better for organizations that use MS products.