FortiGate Next Generation Firewall (NGFW) Reviews

In a scenario where FortiGate Next Generation Firewall (NGFW) notably enhanced my customer's network performance, we discussed many points. The graphical user interface is very good, both feature-wise and technology-wise.

The effective feature in FortiGate Next Generation Firewall (NGFW) is DLP.The FortiGate Next Generation Firewall (NGFW) has the feature image of 7100 D.

In FortiGate Next Generation Firewall (NGFW), my concern regarding improvements is the licensing model. In the latest versions, everything moves to licensing only, and to work from SSL VPNs and integrate those features, it is similar across all vendors, but my main concern is the DLP part, which has not advanced significantly.Regarding the AI capabilities of FortiGate Next Generation Firewall (NGFW), these AI features are not present in the latest versions, which is why we are working on those versions. They aren't suitable in a live environment, and while AI features exist, I don't have details about their availability in versions after 7.0, as I believe only versions 6.0 and below have those features.For future improvements in FortiGate Next Generation Firewall (NGFW), features-wise, SD-WAN enhancements are expected, especially in configuration or viewing SD-WAN monitoring, as some minor enhancements would be beneficial.The complexity in configuring the policies needs improvement, and the SD-WAN template should be available in the tunnel. When we create the tunnel, we need to add in SD-WAN, allowing the creation of VPN tunnels from SD-WAN, which requires technical expertise to configure. Automating that would strongly enhance it, as SD-WAN is number one now with FortiGate, and going forward, more customers will move to FortiGate.

FortiGate Next Generation Firewall (NGFW) is recommended for various industries, and its GUI has many enhancements in the latest version, making everything good.In FortiGate Next Generation Firewall (NGFW), we are expecting the effective DLP feature with threat detection capabilities, which works with deep inspection. Some customers are not accepting to install the applications, and sometimes in the guest tunnel, content filtering should be blocked, such as domain blocking for Gmail, as users access only their particular consumer account. If they try to access personal accounts, it should be blocked, requiring configuration settings with deep inspection that needs certificates installed in all systems, which is a time-consuming process that some customers do not accept, questioning the need for installing certificates without deep inspection.The licensing model for FortiGate Next Generation Firewall (NGFW) depends on various types such as the earlier UTM license, FortiCare, and Enterprise license. The Enterprise license includes all features such as FortiManager, FortiAnalyzer, and converter. The UTM licenses include only UTM features such as AV, web filtering, application control, and IPS, while FortiCare is only for hardware.

The company uses FortiGate to offer protection for clients transitioning from MPLS to Internet, ensuring security for this new type of connection. In Brazil, clients typically seek protection, and FortiGate is used to offer such solutions. We start with this new kind of connection, explaining and training clients about the product.

With the FortiGate solutions, I see a benefit in controlling the bandwidth and managing users' access. It's important for leading the market and helping IT managers use the solution.

The common valuable feature for FortiGate is its UTM functionality, which includes various features under a license that is commonly implemented. FortiGate is widely used across fifty percent of the solutions in Brazil, making it a prevalent choice for many clients. It's beneficial because it allows the orchestration of networks with multiple vendors like Huawei, Cisco, and Juniper.

Improvements could be made when companies expand and need better equipment and more licenses. Additionally, a way to upgrade equipment when increasing Internet bandwidth is necessary. Companies often have to quickly close negotiations due to exchange rate changes affecting budgets.

I have had about five years of experience with FortiGate.

FortiGate offers good support, especially for telcos that have engineers inside the SOC to provide solutions to problems.

Positive

Previously, I worked with FortiGate. Now, I am studying to use Huawei. My current company has various solutions, though their firewall is not as developed. FortiGate is known for its firewall solutions, however, with Huawei, it’s a hard work to establish the offering.

The initial setup for FortiGate is straightforward and easy. The company frequently conducts meetings to present their solutions in Brazil, helping to streamline the process.

Using FortiGate has enabled us to increase security, control user access, manage bandwidth, and enhance the ability to provide a variety of operations solutions to clients.

We work with a price list that changes every three or six months, however, we purchase in dollars. The exchange rate between the local currency and dollars affects the budget of our clients, so we need to quickly close negotiations.

The clients in Brazil often use Fortinet, given its familiarity and integration with existing networks comprising vendors such as Huawei, Cisco, and sometimes Juniper.

It’s crucial to understand the client’s necessity first and implement only the solutions needed initially, expanding later with more solutions as required.

I'd rate the solution nine out of ten.

The solution is used as a perimeter firewall, and all traffic is routed through the appliances before accessing the Internet. FortiGate Next Generation Firewall is also used in policy-based routing. The solution has features such as IPS  and web filtering. 

Presently I am carrying out a POC to evaluate where the SD-WAN functionality of the solution can be utilized by our company. 

It's an out-of-the-box solution with impressive ratings. FortiGate Next Generation Firewall has a stateless balance proposition. The updates from the vendor ensure that the product remains up to date in terms of threat intelligence capabilities. 

I personally go through reports on utilizing FortiGate Next Generation Firewall resources, bandwidth and applications that are present in the company's environment. The product has been capable of providing the aforementioned reports for the last 280 days, and such features are highly valuable for reporting purposes. The reports provided by FortiGate Next Generation Firewall also help in analyzing the traffic condition in a network. 

When the SD-WAN is integrated with solutions like Citrix, it can appear complicated, which only tech professionals can implement. The solution should allow more user-friendly integrations or deployment. 

I have been working with FortiGate Next Generation Firewall for five years. 

I would rate the stability an eight out of ten. But recently, we needed to undergo regular patching of the network in our company, but that's probably due to increased hacking activities or attacks. At our company, we are still confident with the solution in spite of the recent breaches. 

The solution is highly scalable. I would rate the scalability a nine out of ten. At our company, we can scale the solution effortlessly for enterprise networks. There are two professional users of FortiGate Next Generation Firewall in our company. The other solutions which are being evaluated in our company are FortiNAC and Fortinet SD-WAN. 

I have received satisfying support for every issue I raised with the team. The support team is responsive and helpful in resolving issues. I would rate the customer support an eight out of ten. 

Positive

Previously, Cyberoam was used in our organization. Our company has also used Check Point to deploy a multi-layered firewall solution. Check Point has numerous partners and offers satisfying support, which makes it a formidable competitor of FortiGate Next Generation Firewall. 

There are various local partners of FortiGate Next Generation Firewall who offer effective support for the solution. 

While integrating FortiGate Next Generation Firewall in our company's infrastructure I faced an error while implementing a secure LDAP server. I had to roll back for the aforementioned issue and review the authentication certificates. 

The learning curve of the solution varies depending on the use cases and the different features the user starts interacting with within a specific environment. The initial setup of the FortiGate Next Generation Firewall can be claimed to be straightforward. I would rate the setup a six out of ten. The deployer's CLI understanding will also be a major factor in the deployment process of the solution. 

The solution's initial setup can be completed in a few days, but much more time is required to learn about the environment, evaluate the policies' interference with the services, and implement optimizations based on the insights. In total, the complete deployment takes a few weeks. 

It's an expensive solution. FortiGate Next Generation Firewall costs our company around $12000 per year. There are no additional costs involved with the product. 

I have confidence in the threat detection capabilities of FortiGate Next Generation Firewall. I haven't witnessed any downtime in the solution, even after using it for multiple years. 

An automation API integration is available with FortiGate Next Generation Firewall. For instance, the solution allows integration with CrowdStrike and Darktrace to enhance the threat intelligence capabilities. I would recommend others to use FortiGate Next Generation Firewall.

It's a reliable solution for real-time threat intelligence. In the security industry, FortiGate Next Generation Firewall is a highly praised product and I am able to embed policies for effective operation. I would rate FortiGate Next Generation Firewall an eight out of ten. 

On-premises

Conventionally, the solution is used for perimeter security. Whenever we find our organization's customer without an existing firewall, we use FortiGate Next Generation Firewall both for perimeter security as a firewall and as a VPN appliance to allow work-from-home employees at the VPN end. In the aforementioned instance, our company also uses the solution to connect different branches.

If our organization is establishing the network for a company with different branches spread geographically, we will use the VPN in IP set and FortiGate. The solution is highly flexible and is available at a cost-effective price. 

When using FortiGate Next Generation Firewall, availing the FortiGuard subscription is very important due to the vast threat intelligence with an international network.

Using the aforementioned network, FortiGate has been able to procure intelligence about the threats and incorporate the mitigation and protection against those threats in FortiGuard. So when you have FortiGuard integrated with the firewall, you have a robust perimeter solution to protect against malware. 

The pricing of the solution should be more affordable. 

I have been working with FortiGate Next Generation Firewall for seven years. 

FortiGate Next Generation Firewall has excellent stability. Fortinet is a top-tier IT security infrastructure company. 

I would rate the scalability a nine out of ten. The solution exhibits impressive stability. Once the solution is installed, it's used 24/7. 

We never had to rely on or communicate much with the tech support. The free resources, documentation, training, and community feedback have been enough to resolve 99% of our company's issues with the product. In our organization, we directly interacted with the support team once or twice and had a positive experience. I would rate the tech support eight out of ten. 

Positive

We used Cisco previously, but it was too expensive for our company. FortiGate Next-Generation Firewall was available at a better price and performance; it was a better fit for our company as a networking vendor. 

I would rate the initial setup an eight out of ten. Our company deals with only the on-premise version of FortiGate Next Generation Firewall. It took about half a day in our organization to deploy the solution. 

Our company has several firewall projects. When our organization identifies a company that needs a firewall but doesn't have one, we contact them. Our company strongly advises potential customers to adopt a firewall, and we provide reasons why the company shouldn't operate without a firewall today, we try to sell them the FortiGate Next Generation Firewall and FortiGuard solutions.

If the potential customer doesn't have access points or the latest switches, our company tries to sell that as well in the form of an integrated solution. 

Our company prefers to program solutions as much as possible in-house before approaching the customers. 

FortiGate Next Generation Firewall has a very high ROI. A customer can realize nearly 100% ROI when it is used along with FortiGuard to establish a robust perimeter firewall based on an international vendor with a global-level threat intelligence network. 

I would rate the pricing a seven out of ten. There are penalties if you don't renew the FortiGuard subscription, and I think the vendor should've refrained from imposing such penalties. If a customer fails to renew for a year, there shouldn't be any penalties on Fortinet solutions, the vendor should eradicate such policies. 

We evaluated Palo Alto, but we still chose Fortinet because, as per our company's evaluation, Palo Alto doesn't offer switches or access points. Before adopting FortiGate Next Generation Firewall, we also concluded that Fortinet offered everything for networking infrastructure, including switches, access points, antivirus, and firewalls. 

FortiGate has end-to-end solutions, they have switches, access points, and a native antivirus and threat management solution. When you onboard FortiGate Next Generation Firewall, you choose a vendor that covers every aspect of the IT infrastructure.

So, if you avail yourself of other products from the same vendor later on, it makes the management processes easier, as the command interface is similar across all the products from Fortinet, including switches, access points, and firewalls. The aforementioned benefit removes the need for training your team when a new solution is onboarded in the organization. 

I would advise others to do a proper assessment in terms of the sizing before onboarding FortiGate Next Generation Firewall. Before adopting the solution, one should know how many users need access to the Internet so that the firewall can be sized or scaled ideally.

A sizing chart is available online to assist users in procuring the correct firewall size. FortiGate Next Generation Firewall offers comprehensive reports on user activity; potential customers should also analyze the reporting aspect before choosing the solution.  

FortiGate Next Generation Firewall handles new and latest security threats satisfyingly. FortiGuard has some AI influence in its threat intelligence features in its international network. I would overall rate FortiGate Next Generation Firewall an eight out of ten. 

On-premises

The solution is primarily used as a border firewall as well as for internal LAN segregation, internal IPv4 policy management, a VPN for end users, and IPSec tunnels.

Before we implemented this solution, we had only one firewall and old Linux IP tables with no graphical user interface. 

There is no one feature that stands out as most valuable compared to another. All features are correct and no extra items are needed.

The price of licensing could be better. The security of the FortiOS needs improvement, and features are available only in CLI. They could be available also in GUI.

Features like forward traffic capture or NAC in the VPN should take into consideration both Linux devices and Apple devices.

I've used the solution for more than ten years. 

The scalability is okay.

Technical support is not helpful. 

Neutral

We previously worked with Check Point, Palo Alto, Cisco, Watchguard, and PFsense. 

The setup is easy. Support is not helpful.

We handled the initial setup in-house.

The solution is very expensive. 

The price of licensing is too high.

We did not previously evaluate other options before choosing this solution. 

Other Fortinet products are not the best, and Fortinet should take care as this will influence brand reputation.

Hybrid Cloud

We are using the FortiGate Next Generation Firewall, and we are also providing this solution to our customers.

Customer is investing in this solution. We have observed a reduction in order value costs, approximately one lakh rupees per order, which contributes to reducing overall security costs.

In our territory, the most usable features include WAP content filtering, which is more utilized than IDS, sandbox license, and multiple internet connectivity. These are the primary features we are offering as a solution. 

FortiGate's threat detection capability is excellent. Compared to other solutions, FortiGuard Lab has a very high capacity to detect malware and malicious content.

I would like to see improvements in some of the hard drive features on FortiGate so that we can generate reporting within a single box.

We have been working with FortiGate Next Generation Firewall for the last ten years.

It's reliable and works well within our needs.

FortiGate is scalable. That said, you must change the hardware to scale in capacity.

Technical support has improved over the last two or three years, as Fortinet now operates 24/7 support.

Positive

We have also worked with SonicWall. Compared to SonicWall, FortiGate allows us to make a DNS server, which SonicWall cannot do. SonicWall offers the advantage of providing a free reporting solution.

The price is very aggressive in India as India is a rapidly growing market, the original equipment manufacturer offers competitive pricing.

We have evaluated other solutions like SonicWall and Sophos.

For very small companies, with five to ten users and where cost is a concern, I would not recommend going with FortiGate. 

If only cost is a concern, then it would not be recommended. It is a little bit expensive - the entry-level model is the FZ FortiGate. At the same time, Sophos XZ 86 is an entry-level model, which is more suitable for very small networks.

I'd rate the solution eight out of ten.

The solution is used to monitor daily network activities. FortiGate Next Generation Firewall acts as a security layer between public and private networks in our organization.

The solution successfully mitigates all types of advanced attacks by putting our company's production servers behind the firewall using a DDoS attack prevention system and WAF. FortiGate Next Generation Firewall handles our organization's internal network security. The solution is used mainly in IT companies, just like our organization. 

The WAF and DDoS attack prevention system are the solution's most valuable features. FortiGate Next Generation Firewall has IBS/IPS systems, which are vital for handling cyberattacks. 

More SD-WAN features can be integrated into the FortiGate Next Generation Firewall. The vendor can make efforts to make the solution more budget-friendly. 

I have been using FortiGate Next Generation Firewall for seven years. 

I would rate the stability a ten out of ten. 

I would rate the scalability an eight out of ten. For each purpose, there are different products used in our company from the same vendor. For instance, our company has a dedicated subscription plan for log analytics. Fortinet should host bundle pack subscriptions for its products and add-ons. 

There are more than 150 users of the product in our company. Our company is functional on a hybrid model for employees, and thus, there are not more than a hundred users of the solution in the office at any given time.

Due to the aforementioned work setup, our company is exploring more scalable solutions with end-to-end security features, as many employees are working from remote locations. At our company, for end point protection we use Microsoft Defender. 

At our company, we have Fortinet certified experts in-house, so most of the issues are solved without tech support from vendor. But whenever, an issue was escalated to the support team of FortiGate Next Generation Firewall, our company has received a response on time. 

FortiGate Next-Generation Firewall integrates perfectly with our organization's infrastructure. Our organization is using the solution for more than six years without any integration obstacles, even while integrating to Fortinet Access Points. 

The initial setup process is easy for the solution. There are some configurations and policies that will facilitate routing among the varying traffic, dictating what to allow or block. I would rate the initial setup a nine out of ten. The setup duration depends upon the expertise of the deployment engineer, but on average it can be finished within a day. 

Our investment in security through FortiGate Next Generation Firewall is worth it as there are zero complains regarding the effectiveness of it.

It's an expensive solution. At our company, we updated the license every three years. I would rate the pricing a nine out of ten. Presently we are upgrading the hardware in our organization before the next license renewal date. 

In our company, we have used Sophos about six years ago. Compared to other solutions like Sophos, we found FortiGate Next Generation Firewall to be much more expensive for our organization.

But FortiGate Next Generation Firewall has a more robust hardware and stable configuration, so our company prefers the solution over others. But as the license of the the solution is expiring soon in our company, we might explore some other firewall products from Fortinet as well. 

Our company found that in comparison to Microsoft Defender for Endpoint, FortiGate Next Generation Firewall has a limited number of features and requires an ideal Fortinet environment or infrastructure to function. FortiGate Next Generation Firewall should enhance its endpoint capabilities and be less dependent on Fortinet infrastructure. The product should have cloud solution integration capabilities. 

Since implementing FortiGate Next Generation Firewall, we have not experienced any attack or cyber threat on our company's network. With the solution, we have been able to proactively monitor the network and take preventive measures on time. Our company finds the product reliable in mitigating all kinds of threats. 

Our company expects some AI capabilities from Fortinet solutions. I would advise FortiGate Next Generation Firewall to others as a reliable solution. I would also advise other professionals to run tests with the product as per their requirements before adopting it. The solution has excellent security policies. I would overall rate the product a nine out of ten. 

On-premises

We use FortiGate NGFW to secure our network gateways. These devices, functioning as UTM solutions, were impressive in fending off various threats. FortiGate excelled with its anti-spam, antivirus, and firewall features at the network level. Beyond security, it is seamlessly integrated with networking tools like Zendesk.

The most valuable aspects of FortiGate NGFW are its top-notch reputation in peer reviews, user-friendly interface, and excellent support. It stood out during external penetration tests, proving its effectiveness compared to our previous firewall. The seamless integration with other tools and thorough testing set FortiGate apart. Replacing our old firewall with Fortinet was a game-changer, especially as it helped us improve our performance in subsequent penetration tests.

FortiGate has been solid for us, but I see room to explore its integration with Secure Service Automation for a more comprehensive security view. The initial migration had some challenges, but they were manageable. Now, my focus is on automating responses to alerts, especially during nighttime attacks. I want to investigate how FortiGate can connect with other solutions, like SIEM, to enhance our security measures while offline.

I have been using FortiGate NGFW for a year.

It is quite stable.

FortiGate is scalable, and we currently use it for approximately 300 internal users, with additional offshore teams connecting via VPN. The total user count, including the offshore teams from different countries and continents, is around 400 to 500 people.

We contacted Fortinet's technical support during a firmware upgrade issue. They guided the upgrade process, and their support was capable and helpful. I would rate them as a ten out of ten.

Positive

In comparing FortiGate with other solutions like Cyberoam, I have found Fortinet to excel in various aspects. For instance, its intrusion detection capabilities stand out, providing instant alerts compared to some firewalls that take up to 24 hours. While I can't quantify percentages, Fortinet's performance, especially in areas like responsiveness, has been notably better in my experience.

Setting up FortiGate NGFW was straightforward, with some considerations during the migration process. Migrating from an old firewall required meticulous rule review and manual configuration. Ensuring adherence to best practices and testing in a beta environment were crucial steps. We also coordinated with our ISP to clear the ARP cache for a smooth transition. Despite a minor misconfiguration leading to an issue, we swiftly addressed it over a weekend with minimal impact. Regular backups and failover tests added an extra layer of assurance. A team of three people deployed it. The deployment and migration from the old firewall to FortiGate took approximately one month. To ensure a smooth transition for our 24/7 operations, we invested extra time for thorough testing and rule validation.

The pricing and licensing costs for FortiGate are quite reasonable, especially for an SMB like ours. While solutions like Check Point and Palo Alto are excellent, Fortinet's affordability played a significant role in our decision-making process.

FortiGate for SMBs impressively covers most features, and in my experience with Cisco, Symantec, SonicWall, and others, FortiGate stands out. It has exceeded my expectations. While I haven't explored Check Point due to budget constraints, FortiGate's pricing makes it a top choice. Palo Alto and Check Point are excellent but would likely have been my preference if pricing aligned. Overall, FortiGate has been a standout performer in terms of features and value.

For those starting with FortiGate NGFW, my advice is to thoroughly explore its features. I recently recommended it to a healthcare entity due to its effectiveness and user-friendly interface. The fact that they already had Fortinet in another enterprise speaks volumes about its reliability and performance. Overall, I would rate it as an eight out of ten.