We performed a comparison between Fortinet Fortigate vs. WatchGuard Firebox based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, Fortinet FortiGate came out ahead of WatchGuard because of its stronger support and better pricing.
"The Inline Mode configuration works really well, and ASA works very impressively."
"I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection."
"It's got the capabilities of amassing a lot of throughput with remote access and VPNs."
"It has a good security level. It is a next-generation firewall. It can protect from different types of attacks. We have enabled IPS and IDS."
"The configuration capabilities and the integration with other tools are the most valuable features. I really like this product. Cisco is one of my favorite brands, and I always think Cisco solutions are very reliable, easy to configure, and very secure."
"The solution offers very easy configurations."
"Firepower NGFW has improved my organization in several ways. Before, we were trying to stamp out security threats and issues, it was a one-off type of way to attack it. I spent a lot of manpower trying to track down the individual issues or flare-ups that we would see. With Cisco's Firepower Management, we're able to have that push up to basically one monitor and one UI and be able to track that and stop threats immediately. It also gives us a little more granularity on what those threats might be."
"The most valuable features of this solution are the integrations and IPS throughput."
"It's very easy to configure."
"The most valuable features of Fortinet FortiGate are the APIs. They are the most widely known."
"The interface is very user-friendly and I like it very much."
"All of the features of Fortinet FortiGate are useful and the security protection is good."
"Their interface is very easy to use, it is without bugs."
"The solution is very user friendly. The user interface in particular is quite nice."
"I like several features that this product has, such as antivirus and internet navigation inspection. It is also simple to use."
"It is easy to manage, and it doesn't need much knowledge from the team. It is a stable device, and there are many features that are included out of the box."
"Firebox's best feature is the access portal."
"The ports that I have assigned appear to be unattainable to outside 'mal-actors,' unless they have an address registered on the internet that this thing is expecting. That's a layer of security."
"There are no problems with the technical support. If a problem occurs it gets resolved immediately with our technical support partners."
"The main features of the solution are the control of the site-to-site network access and the overall features."
"Two of the functionalities we use most are the traffic monitoring and the full panel dashboard. Those are two things that are very useful for us... In addition, it provides us with layered security. It allows us to determine what types of access, to which networks, we want to allow or deny."
"This product offers great protection using the default settings."
"The set up was quite straightforward and we handled it in-house. It took a few hours to deploy the product."
"The most valuable features of the WatchGuard Firebox are all the security and updated features. You are able to configure the solution from the cloud platform and the application and web interface are very nice."
"We have more than one Cisco firewall and it is difficult for me to integrate both on the single UI."
"The visibility for VPN is one big part. The policy administration could be improved in terms of customizations and flexibility for changing it to our needs."
"The solution is overcomplicated in some senses. Simplifying it would be an improvement."
"The maturity needs to be better."
"When comparing the graphical interface of this solution to other vendors it is more difficult to configure. There is a higher learning curve for administrators in this solution."
"It is my understanding that they are in the process of discontinuing this device."
"It would be good if Cisco made sure that the solution supports all routing protocols. Sometimes it doesn't."
"It is hard to collaborate with our filtered environment."
"Fortinet FortiGate could improve by having more capabilities for troubleshooting VPN connections. For example, I do get some feedback about the current status, but I could use some history and logging of important events. The information is logged in our Syslog server, but I could use that information from the device. If they could provide a GUI to have some more insight on what's going with my VPN would be useful."
"The feedback that I have received is that the performance could be better, and the user experience is not as good compared to a previous solution we used. It could be more user-friendly. Of course, it still works fine for our operations."
"The user interface could be improved."
"FortiGate should have a better way of detecting and managing the system memory because otherwise if the memory is too low, a system restart is required."
"There is a lot of improvement needed with SSL-VPN."
"Lacks training for new features."
"It should provide better visibility over the network and more information in the form of reports for the end users. Its installation should also be easier."
"The support costs and licensing are sometimes so expensive."
"In terms of what could be improved, I would say their web blocker feature. It is still quite a confusing setup, especially when you want to filter out a particular category for granularity. For example, you do not want to filter Facebook but you do want to filter Facebook games only. It can be done, but the process to do it is very confusing."
"There is room for improvement in the threat protection, data packet inspection, and performance of the solution. Generally, it's just a lower-end product. It does the job but doesn't do it very well."
"An area for improvement is that when we use a web administration link, there is no security."
"The only downside is that it is missing an API, that you can use to easily collect information from it."
"Its documentation could be improved. Sometimes, you need to search a bit longer to find what you are looking for."
"It's sometimes not easy to understand and can require specialist assistance."
"I would like to see more training become available for us."
"There could also be better reporting. For example, there should be more out-of-the-box management reports."
Fortinet FortiGate is ranked 1st in Firewalls with 149 reviews while WatchGuard Firebox is ranked 3rd in Unified Threat Management (UTM) with 22 reviews. Fortinet FortiGate is rated 8.4, while WatchGuard Firebox is rated 8.2. The top reviewer of Fortinet FortiGate writes "Stable, easy to set up, and offers good ROI". On the other hand, the top reviewer of WatchGuard Firebox writes "Competent, basic front-end; the ports that I have assigned appear to be unattainable to outsiders". Fortinet FortiGate is most compared with pfSense, Sophos XG, Check Point NGFW, Meraki MX and SonicWall TZ, whereas WatchGuard Firebox is most compared with pfSense, Sophos XG, Meraki MX, Sophos UTM and OPNsense. See our Fortinet FortiGate vs. WatchGuard Firebox report.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Even though my experience with FortiGate products has been mostly positive, I am partial to the WatchGuard appliances. I find the FortiGate interface a bit odd. For example, some of the wizards within the interface make me feel like it is more of a consumer device, even though I know it is a very capable appliance. The WatchGuard interface is more complicated, but it is also more capable. I also find that the UTM features within the FortiGate products lack some of the granular control available with WatchGuard.
I believe WatchGuard is the better choice regarding the quality of support, available documentation, and training resources.
I see that another reviewer indicated that WatchGuard lacked application control features. That is incorrect. Although I do not use this feature in any of my environments, I assure you that the features are available, and my testing has shown it to be capable.
WatchGuard appliances also can integrate their endpoint Threat Detection and Response client to an environment for a correlated view of the environment.
WatchGuard also offers multiple methods for managing an appliance. Although the GUI is very capable, I am not a fan of live changes to an appliance. There are instances when multiple changes must be made to achieve the desired outcome. When these circumstances arise, the WatchGuard Policy Manager software allows you to deploy multiple changes at once while maintaining an OH SH!T copy that you can quickly redeploy if you happen to make a mistake.
When it hits the fan, and you must troubleshoot an appliance issue, WatchGuard is far superior to any firewall I have worked with, including Fortigate. The ability to quickly and easily adjust the policies' order of precedence is a huge advantage and can often save a great deal of time troubleshooting.
Please do not take this as a negative review of FortiGate products. I am only speaking about firewalls. I have not used any of the other FortiGate products. I am strictly speaking of my experience deploying and managing FortiGate and WatchGuard firewalls. From my experience, I find the WatchGuard a superior product.
As a Managed Service Provider, our preferred product is WatchGuard, with our second offering being the Fortigate. We managed other firewall brands, but we only sell WatchGuard and FortiGate products under normal circumstances. There are exceptions based on the client's needs. For example, CradlePoint devices are often the best solutions for a client that only has cellular connectivity as an option. I only point out this situation because FortiGate is now offering LTE/5G solutions. We have many rural clients and moving forward, this may impact what we recommend. Unfortunately, at this time, I don't have enough knowledge to offer any intelligent input on these product offerings, only that they are on our radar.
In my organization, we use Fortinet’s Fortigate. We find it to be very powerful, cost-efficient, and reliable. The user interface is friendly, and it is easy to create policies and set rules. As an NGFW, you can upgrade the firewall cluster firmware without disturbing the user. The graphic interface is very intuitive. The endpoint and email protection are on point, and you don’t have to worry about downtime.
FortiGate offers malware and spyware protection, with advanced capabilities like proxy-based antivirus. It has advanced network protection features and a powerful intrusion prevention system with anti-spam and web filtering capabilities. For all the capabilities it offers, the price is reasonable.
FortiGate has downsides though: the technical support is not great, and there is not a lot of documentation available. It is also kind of hard to configure.
We reviewed WatchGuard before choosing FortiGate. WatchGuard offers a comprehensive advanced network security platform with enterprise-grade security. The router is rich in security features like antivirus, APT blocker, and spam blocker. It is simple to use and applicable for various use cases. It offers web filtering, application control, and monitoring.
We liked that the GUI interface seemed intuitive and easy to use. It integrates with Active Directory, so it is a good fit for MS enterprise users. You can also schedule backups with ease.
WatchGuard is, however, lacking in features for application control and we found the DNS server functionality to be poor. The firewall policies don’t point to a domain, only to IP addresses. While it is excellent that it integrates with Active Directory, the single-sign-on sometimes doesn’t refresh users’ permissions when they log on and off.
Conclusion
Fortinet Fortigate is undoubtedly a powerful and established next-generation firewall, and with all the features and capabilities, it is a better and more cost-effective solution than WatchGuard. WatchGuard would be better for organizations that use MS products.