We performed a comparison between Fortinet Fortigate vs. WatchGuard Firebox based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, Fortinet FortiGate came out ahead of WatchGuard because of its stronger support and better pricing.
"If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly."
"The most valuable features of this solution are advanced malware protection, IPS, and IDS."
"It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective."
"The solution offers very easy configurations."
"The most valuable feature is stability."
"I like that Cisco Firepower NGFW Firewall is reliable. Support is also good."
"I like the firewall features, Snort, and the Intrusion Prevention System (IPS)."
"I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection."
"Fortinet FortiGate is a stable solution."
"The most valuable features of Fortinet FortiGate are the ability to work in proxy mode, which other solutions, such as Palo Alto cannot. There are some features that are better that come at no extra license or subscriptions cost, such as basic SD-WAN. The DLT is useful, other solutions have the same feature too, such as Palo Alto."
"User-friendly and affordable security solution that's recommended for SMB customers. This solution has good technical support."
"The features that I have found most valuable are the SD-WAN and their IP4 policy."
"It is useful for protecting and segregating the internal networks from the internet. Most of our customers also use the FortiGate client to connect to their offices by using the VPN client, and of course, they usually activate the antivirus, deep inspection, and intrusion prevention services. They are also using it for web filtering and implementing various policies dealing with forwardings, NAT, etc."
"I like that they have given me a solution at a fair price."
"FortiGate has a very strong unified threat management system."
"I think that the UTM features are the most value, as it truly protects my infrastructure."
"Their support is excellent, and the stability is very good."
"There are many fantastic features."
"The most valuable features of the WatchGuard Firebox are all the security and updated features. You are able to configure the solution from the cloud platform and the application and web interface are very nice."
"Policy VPN, site-to-site VPN, traffic monitoring, anti-spam filters, and all other advanced features are valuable."
"This product offers great protection using the default settings."
"The ports that I have assigned appear to be unattainable to outside 'mal-actors,' unless they have an address registered on the internet that this thing is expecting. That's a layer of security."
"Two of the functionalities we use most are the traffic monitoring and the full panel dashboard. Those are two things that are very useful for us... In addition, it provides us with layered security. It allows us to determine what types of access, to which networks, we want to allow or deny."
"The solution simplifies my business. Normally, for administration, we are using NetApp System Manager on Window since it's easy to create new policies. In a short amount of time, you can create new policies based on new requirements. For example, in the last few months, many requirements changed due to the coronavirus, adding the use of new services, like Office 365, and eLearning tools, like Zoom."
"We only have an issue with time sync with Cisco ASA and NTP. If the time is out of sync, it will be a disaster for the failover."
"The intelligence has room for improvement. There are some hackers that we haven't seen before and its ability to detect those types of attacks needs to be improved."
"The maturity needs to be better."
"One issue with Firepower Management Center is deployment time. It takes seven to 10 minutes and that's a long time for deployment. In that amount of time, management or someone else can ask me to change something or to provide permissions, but during that time, doing so is not possible. It's a drawback with Cisco. Other vendors, like Palo Alto or Fortinet do not have this deployment time issue."
"We're getting support but there's a big delay until we get a response from their technical team. They're in the USA and we're in Africa, so that's the difficulty. When they're in the office, they respond."
"There is limited data storage on the appliance itself. So, you need to ship it out elsewhere in order for you to store it. The only point of consideration is around that area, basically limited storage on the machine and appliance. Consider logging it elsewhere or pushing it out to a SIEM to get better controls and manipulation over the data to generate additional metrics and visibility."
"An area of improvement for this solution is the console visualization."
"One of my colleagues is using the firewall as an IPS, but he is worried about Firepower's performance... With the 10 Gb devices, when it gets to 5 Gbps, the CPU usage goes up a lot and he cannot manage the IPS."
"Price, of course, can always be more competitive or better."
"Fortinet FortiGate can improve by integrating the web application firewall and the DDoS protection part of the solution. Having a WAF feature, web application firewall, and proxy together would be a good benefit."
"It is quite new for us, and we need to go more in-depth into the monitoring tools. It provides different features that we need to do what we want. So far, it is okay for us. In terms of improvement, in the future, they can provide a faster implementation of features. Some of the features are first available in other solutions. Fortinet sometimes takes a little bit longer than other solutions, such as Check Point, to implement new features."
"The integration with third-party tools may be something that they should work on."
"I'm not sure if it's something that they already have or are developing something, however, we need some dedicated features for container security."
"Its filtering is sometimes too precise or strict. We sometimes have to bypass and authorize some of the sites, but they get blocked. We know that they are trusted sites, but they are blocked, and we don't know why."
"The solution's framework needs to be frequently updated in order to have a stable solution."
"We had some issues in the beginning while setting it up, but after doing the firmware update, it is working fine."
"I don't think I can get a full-blown DNS client from it. I've been trying to have DNS services. It has forwarding, but I don't get the services of a full DNS client. My main difficulty with it is that I can't run a complete service. I need NTP. I need DNS. I need DHCP for my domain, but I only get forwarding. As far as I can tell, I don't get caching and the kinds of reporting and registration needed to host a DNS for a domain. I have to have a separate solution for that."
"The solution can improve by adding a feature to tag a MAC address of a computer system in the policy and more IP configuration settings."
"There should be better integration and a way to configure multiple vendors into the same data center in order to offer more flexibility."
"Sometimes I would like to copy a rule set from one box to another box in a direct way. This is a feature that is not present at the moment in WatchGuard."
"I would like to have a little more control over access points and the ability to see the bandwidth that is passing through a specific access point. We are not able to see that. We can see what traffic is passing through the Firebox itself, but we can't identify if it is coming from a particular access point or not."
"An area for improvement is that when we use a web administration link, there is no security."
"There's always room for improvement, especially if the threats are getting more sophisticated and the IT department cannot sufficiently meet this kind of sophistication with their own knowledge and experience. Knowing that this solution can get up to the level of addressing a lot of these threats is something that everybody wishes for. If we look at the dark web and the lawful web, they are two opposites, and if these two good and bad collide in the world of the internet, you want the best possible product—especially if you cannot get to that point of knowledge. I am just an individual and end user, with limited knowledge of usage. That's why I say there's always room for improvement, from their side and also from mine, because by knowing exactly what they can achieve and the knowledge that they can get on an everyday basis, and the portion that is understandable to me, it's an improvement for them as well."
"In terms of what could be improved, I would say their web blocker feature. It is still quite a confusing setup, especially when you want to filter out a particular category for granularity. For example, you do not want to filter Facebook but you do want to filter Facebook games only. It can be done, but the process to do it is very confusing."
More Cisco Firepower NGFW Firewall Pricing and Cost Advice →
Fortinet FortiGate is ranked 1st in Firewalls with 166 reviews while WatchGuard Firebox is ranked 3rd in Unified Threat Management (UTM) with 21 reviews. Fortinet FortiGate is rated 8.4, while WatchGuard Firebox is rated 8.4. The top reviewer of Fortinet FortiGate writes "Stable, easy to set up, and offers good ROI". On the other hand, the top reviewer of WatchGuard Firebox writes "Competent, basic front-end; the ports that I have assigned appear to be unattainable to outsiders". Fortinet FortiGate is most compared with pfSense, Cisco ASA Firewall, Sophos XG, Check Point NGFW and Juniper SRX, whereas WatchGuard Firebox is most compared with Sophos XG, pfSense, Meraki MX, Cisco ASA Firewall and Untangle NG Firewall. See our Fortinet FortiGate vs. WatchGuard Firebox report.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Even though my experience with FortiGate products has been mostly positive, I am partial to the WatchGuard appliances. I find the FortiGate interface a bit odd. For example, some of the wizards within the interface make me feel like it is more of a consumer device, even though I know it is a very capable appliance. The WatchGuard interface is more complicated, but it is also more capable. I also find that the UTM features within the FortiGate products lack some of the granular control available with WatchGuard.
I believe WatchGuard is the better choice regarding the quality of support, available documentation, and training resources.
I see that another reviewer indicated that WatchGuard lacked application control features. That is incorrect. Although I do not use this feature in any of my environments, I assure you that the features are available, and my testing has shown it to be capable.
WatchGuard appliances also can integrate their endpoint Threat Detection and Response client to an environment for a correlated view of the environment.
WatchGuard also offers multiple methods for managing an appliance. Although the GUI is very capable, I am not a fan of live changes to an appliance. There are instances when multiple changes must be made to achieve the desired outcome. When these circumstances arise, the WatchGuard Policy Manager software allows you to deploy multiple changes at once while maintaining an OH SH!T copy that you can quickly redeploy if you happen to make a mistake.
When it hits the fan, and you must troubleshoot an appliance issue, WatchGuard is far superior to any firewall I have worked with, including Fortigate. The ability to quickly and easily adjust the policies' order of precedence is a huge advantage and can often save a great deal of time troubleshooting.
Please do not take this as a negative review of FortiGate products. I am only speaking about firewalls. I have not used any of the other FortiGate products. I am strictly speaking of my experience deploying and managing FortiGate and WatchGuard firewalls. From my experience, I find the WatchGuard a superior product.
As a Managed Service Provider, our preferred product is WatchGuard, with our second offering being the Fortigate. We managed other firewall brands, but we only sell WatchGuard and FortiGate products under normal circumstances. There are exceptions based on the client's needs. For example, CradlePoint devices are often the best solutions for a client that only has cellular connectivity as an option. I only point out this situation because FortiGate is now offering LTE/5G solutions. We have many rural clients and moving forward, this may impact what we recommend. Unfortunately, at this time, I don't have enough knowledge to offer any intelligent input on these product offerings, only that they are on our radar.
In my organization, we use Fortinet’s Fortigate. We find it to be very powerful, cost-efficient, and reliable. The user interface is friendly, and it is easy to create policies and set rules. As an NGFW, you can upgrade the firewall cluster firmware without disturbing the user. The graphic interface is very intuitive. The endpoint and email protection are on point, and you don’t have to worry about downtime.
FortiGate offers malware and spyware protection, with advanced capabilities like proxy-based antivirus. It has advanced network protection features and a powerful intrusion prevention system with anti-spam and web filtering capabilities. For all the capabilities it offers, the price is reasonable.
FortiGate has downsides though: the technical support is not great, and there is not a lot of documentation available. It is also kind of hard to configure.
We reviewed WatchGuard before choosing FortiGate. WatchGuard offers a comprehensive advanced network security platform with enterprise-grade security. The router is rich in security features like antivirus, APT blocker, and spam blocker. It is simple to use and applicable for various use cases. It offers web filtering, application control, and monitoring.
We liked that the GUI interface seemed intuitive and easy to use. It integrates with Active Directory, so it is a good fit for MS enterprise users. You can also schedule backups with ease.
WatchGuard is, however, lacking in features for application control and we found the DNS server functionality to be poor. The firewall policies don’t point to a domain, only to IP addresses. While it is excellent that it integrates with Active Directory, the single-sign-on sometimes doesn’t refresh users’ permissions when they log on and off.
Conclusion
Fortinet Fortigate is undoubtedly a powerful and established next-generation firewall, and with all the features and capabilities, it is a better and more cost-effective solution than WatchGuard. WatchGuard would be better for organizations that use MS products.