FortiGate Next Generation Firewall (NGFW) Reviews

Conventionally, the solution is used for perimeter security. Whenever we find our organization's customer without an existing firewall, we use FortiGate Next Generation Firewall both for perimeter security as a firewall and as a VPN appliance to allow work-from-home employees at the VPN end. In the aforementioned instance, our company also uses the solution to connect different branches.

If our organization is establishing the network for a company with different branches spread geographically, we will use the VPN in IP set and FortiGate. The solution is highly flexible and is available at a cost-effective price. 

When using FortiGate Next Generation Firewall, availing the FortiGuard subscription is very important due to the vast threat intelligence with an international network.

Using the aforementioned network, FortiGate has been able to procure intelligence about the threats and incorporate the mitigation and protection against those threats in FortiGuard. So when you have FortiGuard integrated with the firewall, you have a robust perimeter solution to protect against malware. 

The pricing of the solution should be more affordable. 

I have been working with FortiGate Next Generation Firewall for seven years. 

FortiGate Next Generation Firewall has excellent stability. Fortinet is a top-tier IT security infrastructure company. 

I would rate the scalability a nine out of ten. The solution exhibits impressive stability. Once the solution is installed, it's used 24/7. 

We never had to rely on or communicate much with the tech support. The free resources, documentation, training, and community feedback have been enough to resolve 99% of our company's issues with the product. In our organization, we directly interacted with the support team once or twice and had a positive experience. I would rate the tech support eight out of ten. 

Positive

We used Cisco previously, but it was too expensive for our company. FortiGate Next-Generation Firewall was available at a better price and performance; it was a better fit for our company as a networking vendor. 

I would rate the initial setup an eight out of ten. Our company deals with only the on-premise version of FortiGate Next Generation Firewall. It took about half a day in our organization to deploy the solution. 

Our company has several firewall projects. When our organization identifies a company that needs a firewall but doesn't have one, we contact them. Our company strongly advises potential customers to adopt a firewall, and we provide reasons why the company shouldn't operate without a firewall today, we try to sell them the FortiGate Next Generation Firewall and FortiGuard solutions.

If the potential customer doesn't have access points or the latest switches, our company tries to sell that as well in the form of an integrated solution. 

Our company prefers to program solutions as much as possible in-house before approaching the customers. 

FortiGate Next Generation Firewall has a very high ROI. A customer can realize nearly 100% ROI when it is used along with FortiGuard to establish a robust perimeter firewall based on an international vendor with a global-level threat intelligence network. 

I would rate the pricing a seven out of ten. There are penalties if you don't renew the FortiGuard subscription, and I think the vendor should've refrained from imposing such penalties. If a customer fails to renew for a year, there shouldn't be any penalties on Fortinet solutions, the vendor should eradicate such policies. 

We evaluated Palo Alto, but we still chose Fortinet because, as per our company's evaluation, Palo Alto doesn't offer switches or access points. Before adopting FortiGate Next Generation Firewall, we also concluded that Fortinet offered everything for networking infrastructure, including switches, access points, antivirus, and firewalls. 

FortiGate has end-to-end solutions, they have switches, access points, and a native antivirus and threat management solution. When you onboard FortiGate Next Generation Firewall, you choose a vendor that covers every aspect of the IT infrastructure.

So, if you avail yourself of other products from the same vendor later on, it makes the management processes easier, as the command interface is similar across all the products from Fortinet, including switches, access points, and firewalls. The aforementioned benefit removes the need for training your team when a new solution is onboarded in the organization. 

I would advise others to do a proper assessment in terms of the sizing before onboarding FortiGate Next Generation Firewall. Before adopting the solution, one should know how many users need access to the Internet so that the firewall can be sized or scaled ideally.

A sizing chart is available online to assist users in procuring the correct firewall size. FortiGate Next Generation Firewall offers comprehensive reports on user activity; potential customers should also analyze the reporting aspect before choosing the solution.  

FortiGate Next Generation Firewall handles new and latest security threats satisfyingly. FortiGuard has some AI influence in its threat intelligence features in its international network. I would overall rate FortiGate Next Generation Firewall an eight out of ten. 

On-premises

In a scenario where FortiGate Next Generation Firewall (NGFW) notably enhanced my customer's network performance, we discussed many points. The graphical user interface is very good, both feature-wise and technology-wise.

The effective feature in FortiGate Next Generation Firewall (NGFW) is DLP.The FortiGate Next Generation Firewall (NGFW) has the feature image of 7100 D.

In FortiGate Next Generation Firewall (NGFW), my concern regarding improvements is the licensing model. In the latest versions, everything moves to licensing only, and to work from SSL VPNs and integrate those features, it is similar across all vendors, but my main concern is the DLP part, which has not advanced significantly.Regarding the AI capabilities of FortiGate Next Generation Firewall (NGFW), these AI features are not present in the latest versions, which is why we are working on those versions. They aren't suitable in a live environment, and while AI features exist, I don't have details about their availability in versions after 7.0, as I believe only versions 6.0 and below have those features.For future improvements in FortiGate Next Generation Firewall (NGFW), features-wise, SD-WAN enhancements are expected, especially in configuration or viewing SD-WAN monitoring, as some minor enhancements would be beneficial.The complexity in configuring the policies needs improvement, and the SD-WAN template should be available in the tunnel. When we create the tunnel, we need to add in SD-WAN, allowing the creation of VPN tunnels from SD-WAN, which requires technical expertise to configure. Automating that would strongly enhance it, as SD-WAN is number one now with FortiGate, and going forward, more customers will move to FortiGate.

FortiGate Next Generation Firewall (NGFW) is recommended for various industries, and its GUI has many enhancements in the latest version, making everything good.In FortiGate Next Generation Firewall (NGFW), we are expecting the effective DLP feature with threat detection capabilities, which works with deep inspection. Some customers are not accepting to install the applications, and sometimes in the guest tunnel, content filtering should be blocked, such as domain blocking for Gmail, as users access only their particular consumer account. If they try to access personal accounts, it should be blocked, requiring configuration settings with deep inspection that needs certificates installed in all systems, which is a time-consuming process that some customers do not accept, questioning the need for installing certificates without deep inspection.The licensing model for FortiGate Next Generation Firewall (NGFW) depends on various types such as the earlier UTM license, FortiCare, and Enterprise license. The Enterprise license includes all features such as FortiManager, FortiAnalyzer, and converter. The UTM licenses include only UTM features such as AV, web filtering, application control, and IPS, while FortiCare is only for hardware.

The solution is used to monitor daily network activities. FortiGate Next Generation Firewall acts as a security layer between public and private networks in our organization.

The solution successfully mitigates all types of advanced attacks by putting our company's production servers behind the firewall using a DDoS attack prevention system and WAF. FortiGate Next Generation Firewall handles our organization's internal network security. The solution is used mainly in IT companies, just like our organization. 

The WAF and DDoS attack prevention system are the solution's most valuable features. FortiGate Next Generation Firewall has IBS/IPS systems, which are vital for handling cyberattacks. 

More SD-WAN features can be integrated into the FortiGate Next Generation Firewall. The vendor can make efforts to make the solution more budget-friendly. 

I have been using FortiGate Next Generation Firewall for seven years. 

I would rate the stability a ten out of ten. 

I would rate the scalability an eight out of ten. For each purpose, there are different products used in our company from the same vendor. For instance, our company has a dedicated subscription plan for log analytics. Fortinet should host bundle pack subscriptions for its products and add-ons. 

There are more than 150 users of the product in our company. Our company is functional on a hybrid model for employees, and thus, there are not more than a hundred users of the solution in the office at any given time.

Due to the aforementioned work setup, our company is exploring more scalable solutions with end-to-end security features, as many employees are working from remote locations. At our company, for end point protection we use Microsoft Defender. 

At our company, we have Fortinet certified experts in-house, so most of the issues are solved without tech support from vendor. But whenever, an issue was escalated to the support team of FortiGate Next Generation Firewall, our company has received a response on time. 

FortiGate Next-Generation Firewall integrates perfectly with our organization's infrastructure. Our organization is using the solution for more than six years without any integration obstacles, even while integrating to Fortinet Access Points. 

The initial setup process is easy for the solution. There are some configurations and policies that will facilitate routing among the varying traffic, dictating what to allow or block. I would rate the initial setup a nine out of ten. The setup duration depends upon the expertise of the deployment engineer, but on average it can be finished within a day. 

Our investment in security through FortiGate Next Generation Firewall is worth it as there are zero complains regarding the effectiveness of it.

It's an expensive solution. At our company, we updated the license every three years. I would rate the pricing a nine out of ten. Presently we are upgrading the hardware in our organization before the next license renewal date. 

In our company, we have used Sophos about six years ago. Compared to other solutions like Sophos, we found FortiGate Next Generation Firewall to be much more expensive for our organization.

But FortiGate Next Generation Firewall has a more robust hardware and stable configuration, so our company prefers the solution over others. But as the license of the the solution is expiring soon in our company, we might explore some other firewall products from Fortinet as well. 

Our company found that in comparison to Microsoft Defender for Endpoint, FortiGate Next Generation Firewall has a limited number of features and requires an ideal Fortinet environment or infrastructure to function. FortiGate Next Generation Firewall should enhance its endpoint capabilities and be less dependent on Fortinet infrastructure. The product should have cloud solution integration capabilities. 

Since implementing FortiGate Next Generation Firewall, we have not experienced any attack or cyber threat on our company's network. With the solution, we have been able to proactively monitor the network and take preventive measures on time. Our company finds the product reliable in mitigating all kinds of threats. 

Our company expects some AI capabilities from Fortinet solutions. I would advise FortiGate Next Generation Firewall to others as a reliable solution. I would also advise other professionals to run tests with the product as per their requirements before adopting it. The solution has excellent security policies. I would overall rate the product a nine out of ten. 

On-premises

The firewall system we have implemented in my company serves as the gateway to access the internet. We have different VLANs set up on the firewall for various networks. 

We enforce security measures based on policies. When it comes to security, we have web monitoring, application filtering, and MAC address filtering implemented on the firewall. We also utilize VPN and SD-WAN architecture. Everything is functioning well. 

Additionally, we have two ISPs connected for load balancing. We send the logs, and audit logs to FortiCloud for analytics and statistics. 

Moreover, we have an alerting system for FortiGate, which is also functioning properly. The firewall operates in question mode, using round-robin connections, and handles routing as well.

FortiGate is a very good product. It offers a wide range of features, and its availability is almost everywhere. The support, both local and international, is good. Also, they provide certification programs for the next-generation firewalls, which is beneficial. 

The product speaks for itself and holds a strong position in the market. In our company, we highly recommend FortiGate to our colleagues and other IT professionals. Furthermore, it offers cost advantages compared to other products.

The improvement that I would like to see is in the licensing. The licensing process is a bit high. 

Additionally, there have been several vulnerabilities in the firewall. It is hackable, some of the images are hackable. So, upgrading to the latest patch, but these improvements would be more profitable for companies like ours.

I would like to see improvements in license costs and the handling of vulnerabilities.

I have been working with FortiGate NGFW for ten years. I currently use the FortiGate 101E model at a customer site.

I would rate the stability a nine out of ten. It provides a stable network, and I can connect to remote sites as well. I find it reliable because we use SD-WAN. There are no major issues, except when there is an Internet outage. But overall, no significant problems.

The scalability is very good. I would rate the scalability of the solution a nine out of ten because I have encountered no issues so far with the product. The scalability is excellent, very good.

We have 150 users using this solution. Moreover, we have plans to increase the usage. Maybe next year, I plan to upgrade to a newer version of FortiGate, and we have a plan to increase our user count by ten percent by next year. So I'm considering a more powerful firewall for better performance. That's the plan.

In terms of support, they are very responsive. If you reach out to them, they will contact you within 15 minutes. Managing FortiGate is easy and simple compared to other products. It's not too complex. 

Even if we miss renewing our licenses, FortiGate provides a grace period of 90 days, which is exceptional. Most products only offer 30 days. That's the best part, in my opinion.

The support is excellent. I've had very positive experiences with FortiGate's support team. They are friendly and always available. Their support is available 24/7 via phone, email, or chat. 

They even offer remote access if we need help with configuration or auditing logs. Their support is reliable both locally and internationally.

Positive

The availability of product support and its manageability were important factors for me. I found it easy to manage, not too complex. 

Additionally, the product is readily available in my country. Based on the information I found on the Internet, FortiGate seemed to meet my requirements.

The initial setup is straightforward. The setup is pretty simple. However, it acts as an authentic gateway between my routers and the internal network. All the traffic goes through the firewall in cluster mode. If one firewall goes down, the other one takes over until we have time to replace the faulty one. We typically use the firewall for a period of five years before considering a replacement. 

The device is connected to the server room on-premises. We configure it locally, but we utilize FortiCloud for logging and analytics. We manage the number of assets (FortiGate assets) we have, which is manageable through the cloud. That's all.

I have used Barracuda, Sophos, Palo Alto, and more.

My advice would be to start by conducting a Proof of Concept (POC) and test FortiGate NGFW in your own environment. Go through all the necessary configurations and spend around one or two weeks to become familiar with the solution.

After that, you can proceed with the purchase. But if I were to advise someone instantly, I would simply say, go ahead and give it a try.

Overall, I would rate the solution a nine out of ten. 

On-premises

The most valuable features we found are the SD-WAN, FortiGate SD-WAN, and the standard UTM protection, among others.

If someone doesn't have a certified or skilled technician/engineer, certain configurations, like setting up VLANs and SD-WANs, might not be difficult but can be simplified within FortiGate. The areas that might require more expertise are related to setting up VLANs and configuring SD-WANs, among others.

Therefore, the setup process could be made simpler. 

I've been working with FortiGate Next-Generation Firewall for three years. We are currently working with its latest version.

I would rate it as a nine. It is a stable solution.

I would rate the scalability a five out of ten. It is not very scalable because scalability depends on the model. For instance, the FortiEdge, which is the entry-level model (the smallest model), supports up to about 15 users. Then the next model supports up to around 30 to 40 users, and the following one supports a hundred users. The price increases significantly with more users, which can be a concern.

If I make a guesstimate, I'd say about 20 to 30 of our clients, but they all have multiple branches. So, in total, we have about 200 FortiGate firewalls deployed for our customers, spread across 20 to 30 clients.

Most of our clients fall under the medium to enterprise category. We have clients from financial institutions and big corporate organizations. It's not an entry-level solution, as it might be challenging for small businesses to afford.

Based on the support we receive from our supplier, who is a reseller or vendor of FortiGate, I would rate it at about six. Because it takes time to get support from the vendor. So it is not very fast.

Neutral

I rate my experience with the initial setup six on a scale of ten, where one is difficult and ten is easy. The initial setup of the solution is not difficult; if you have an engineer with certification and experience on other firewalls. For them, it's relatively easy. However, someone without certification and experience with other firewalls might find it a bit more challenging to grasp the FortiGate format and its platform layout.

FortiGate is primarily deployed on-premises. We also have a cloud option for certain referrals with tier-three engineers. We have it in our own data center in our cloud, and we also provide it to some of our customers. However, most of the ones I sell are for end customers, and they typically choose the hardware for on-site deployment.

The duration of the deployment can vary depending on different factors. The timeline can involve various stages, such as ordering from overseas, ensuring stock availability, and finally, setting it up for a specific project. As such, the duration can differ based on these factors. 

Eventually, once we have the stock, we can set up the firewall within about an hour.

I would rate the pricing in the middle, around five out of ten. It also depends on how you sell it. If you want to sell it as a one-time purchase, then I'd put it at a seven. But if you amortize it, it can go down to a four because some customers prefer to pay it off over thirty-six months, as the licensing is for that duration.

There are additional costs to the standard license. While the standard licensing fees include UTM and a few other features, for additional features like FortiAnalyzer, FortiManager, and other PCs that you might need, there are additional costs. For features like FortiManager and FortiAnalyzer, the additional costs do add up. So, while getting the entry-level firewall with basic UTM protection and web filtering is not too bad if you want to add features like analyzer reporting, cloud managers, and FortiManager, the costs can become significantly higher.

Overall, I rate the solution an eight out of ten.

Organizations with about 50 to 100 employees use the solution for VPN, ZTNA, and remote connectivity between branch offices and site-to-site VPN. The solution acts as a gateway-level firewall that secures the office infrastructure against threats in mid-size enterprise organizations.

FortiGate Next Generation Firewall is a good solution because it has a range of options and a clear ecosystem. It has good availability of solutions that complement the next-generation firewall. For example, it has a good range of switches and access points. The solution also has a good ecosystem where cloud services like FortiMail complement the whole solution. The solution has a better ecosystem for community support.

FortiGate Next Generation Firewall could be made a little less expensive.

I have been working with FortiGate Next Generation Firewall (NGFW) for around three years.

Bugs appear whenever a new firmware or operating system is uploaded into the device for certain modules. These bugs might cause certain services not to work, which has been the case in the past. There have been certain things that were resolved with the new firmware update. FortiGate Next Generation Firewall comes with a six version or a seven version.

The 6.1, 6.2, and 6.3 versions would have bugs, but the 6.4 version would be pretty stable and precise without any issues. Hence, I generally prefer to go ahead with the later version of a particular generation. For example, instead of going with the first version of the sixth generation, I would go in for a third or a fourth version. These things are there in most vendors, but I've noticed these, particularly in FortiGate Next Generation Firewall.

FortiGate Next Generation Firewall is a pretty scalable solution, and mostly, small and medium companies use the solution.

Although FortiGate Next Generation Firewall's customer support is spontaneous in responding, their actual responses are a little slow. They take time. When I say spontaneous, I mean the case ticket gets logged immediately, but the response from Fortinet doesn't come so fast. You have to follow up and then get things done.

Neutral

FortiGate Next Generation Firewall’s initial setup is straightforward.

The solution’s deployment takes one hour. Two to three engineers are required for the deployment of the solution. One or two people maintain the solution by monitoring and fixing breakdowns, which rarely happens.

FortiGate Next Generation Firewall is an expensive solution. I rate FortiGate Next Generation Firewall an eight out of ten for pricing. The solution has a yearly license, and you have to pay additionally for the deployment and partner-led services.

FortiGate Next Generation Firewall charges additionally for migration. Suppose you're upgrading from an older appliance to a newer appliance. In that case, the partner has to buy a FortiConverter Service or a FortiConverter tool on a per-incident basis, which is charged. On the other hand, partners can use the tools available in SonicWall. Compared to FortiGate Next Generation Firewall, SonicWall is better in terms of support and pricing.

We work with the latest version of FortiGate Next Generation Firewall.

Overall, I rate FortiGate Next Generation Firewall a nine and a half or ten out of ten.

Hybrid Cloud

Microsoft Azure

First, we use the solution as a native firewall. After a native firewall, we use IPS. We also use NGFW features like antivirus, IPS, and shaping, which are very important features for companies. We also manage all of my products with FortiManager or FortiAnalyzer and collect online data. For another feature, we try to use SD-WAN products. The SD-WAN feature on FortiGate was implemented for a company with thirty or fifty branches. We had a good experience with the conversion between Cisco and FortiGate for secure access points because Now I'm a consultant for network administration, and we have a challenge with choosing one of these, and so for example, someone, if I actually choose a Fortinet product, SD-WAN based on Fortinet, sometimes someone chooses SD-WAN based on Cisco, but because my special is Cisco, I prefer SD-WAN based on Cisco.

One of the weaknesses of the solution is something we noticed, especially after comparing the tool with SD-WAN features, since, unfortunately, in a massive scale size environment, the solution is not good. It cannot be recommended for massive scaling in terms of size, especially for businesses with more than 1,000 branches.

Cisco is very stable, especially on the larger scale side, and it's very important for SD-WAN features. If you try Next Generation Firewall for a big company, then it is good to purchase a Cisco product. However, Cisco's price is a little high and more than Fortinet's prices. But for small companies, it is better to choose Fortinet and FortiGate products, which is important.

A company needs a tool for accounting. Unfortunately, now we don't have any accounting, especially for the quarter and control side. We don't have any solution in FortiGate. However, Sophos Firewall has it, so it is good for Fortinet's next version.

I have been using FortiGate Next Generation Firewall (NGFW) for more than eight years. I am just a technical person, so I'm a solution designer, a network architect involved in network security.

In FortiGate, after FortiOS Version 5.6, it is stable, and there is no problem. However, we had many problems with FortiOS Version 5.0.5 in FortiGate. Now, when we use FortiGate's FortiOS Version 7, we don't have any problems. The solution has improved, and it is a good product now. For a larger scale, my recommendation is to choose a Cisco product like Firepower Services because, in a massive-scale business, stability is very important.

When I survey FortiGate and FortiGate products, I see that they have a good performance, especially in terms of next generation firewalls. In the future, improving such features and performance is absolutely better. Juniper has a better performance compared to FortiGate.

Speaking about technical support, I have a good experience with design, especially in terms of security design and security architecture.

In level one support, they connect to customers directly, which is a part of our work, and we should solve customer problems. But I prefer staying in level two, where we develop, implement, and solve huge and complex problems, because I have had a good experience with this for more than ten years. Also, I think I have good behavior when under heavy pressure.

I think price-wise, the solution is totally reasonable since it has many products to serve, starting from small homes to massive scale sites. A company can choose from one of the offerings by the solution company. Also, it's very important to choose a contract support level. Some companies may choose RMA with support twenty-four hours and seven days a week. So, it depends on the contract support, I think. The Fortinet appliance is a reasonable purchase for companies.

Regarding the license costs, when you choose the 100 series, it is completely different from the 1000 series. It's very important, and so when you choose one-year support or five-year support, or seven-year support, the pricing depends on which one you choose.

In Iran, we have a massive sanction, so we don't use direct support. We don't talk about this. But, concerning my country and direct support from Fortinet, I can't speak about this event. So, in Iran, I don't have an idea about the use of support since we don't use direct support, but we do get indirect support.

When planning to choose FortiGate Next Generation Firewall (NGFW), the scope of the company is very important. Also, it is important for a company to consider if they want one gig, ten gigs, or another concurrent pair concurrent session. Totally, a company's scale and size are very important. After that, for example, we use a prototype with a five gigabit per second, including the performance. However, if we compare Cisco, Fortinet, and other things, Firepower is very good because Cisco's Firepower is a big and active solution which is very strong compared to Fortinet. However, it's very important for a company to have a native firewall, so such companies can't choose from Fortinet series. So, it very much depends on the situation of the company. So, before that, we review a company's requirements and survey network. After that, usually, I recommend the solution. Also, it is very important to have a budget. For example, a company can first tell me about its budget, like, one billion dollars or whatever. After that, we choose a guide and recommend choosing one of the solutions.

I rate the overall solution an eight out of ten.

The most valuable feature of FortiGate Next Generation Firewall is its SD-WAN. The way it has been structured makes life easier. We have used it for remote access, especially at the height of COVID. It works very well.

There are times when we would want to set an IP address on a physical interface and then attach secondary IPs or sub-interfaces on that. I'd like to have as many as possible. There's a limitation wherein you can only have about 30 virtual or secondary IPs on a particular interface. I would like that to be expanded to 254 or 256 secondary IPs.

I have been using FortiGate Next Generation Firewall (NGFW) for five years.

I rate FortiGate Next Generation Firewall ten out of ten for stability.

The good part of the solution is that you can have Virtual Domains (VDOMs) that allow you to use it for multiple use cases. Around 20,000 users are using FortiGate Next Generation Firewall in our organization.

I rate FortiGate Next Generation Firewall an eight out of ten for scalability.

Whenever I have a problem and have to call their technical support team, I can email them. In the next few minutes, we'll get on a Zoom or Teams call and exchange notes.

Positive

The solution’s initial setup was easy. I rate FortiGate Next Generation Firewall an eight out of ten for the ease of its initial setup.

The solution's deployment does not take long. If everything goes fine, you will complete the initial configuration in an hour and test afterward. The testing phase is where you face issues. If you are migrating from another device to FortiGate, you would want everything that was running previously to run even on the newer one.

Three people were required for the solution's deployment, including an external person, myself, and a colleague.

I rate FortiGate Next Generation Firewall a five out of ten for pricing.

I learned from some reviews that FortiGate ranks quite highly compared to Palo Alto and Check Point. Considering our budget, we thought we could manage with FortiGate Next Generation Firewall.

I would strongly recommend FortiGate Next Generation Firewall to others because it's a brilliant next-generation device.

Overall, I rate FortiGate Next Generation Firewall a nine out of ten.

On-premises