Fortinet FortiAnalyzer Reviews

We're a service provider. Our clients use the solution for log management.

We are using physical and virtual end ware. We have a physical and logical virtual environment for using this platform, which we provide to our customers.

We are utilizing the previous site end dividers and the IPS, IDS DDoS features. 

The log analysis and reporting are both quite good. 

The solution doesn't have online analysis. We can't analyze certain parts of the logs. For example, we can't analyze current logs.

It would be helpful if we could use the system we use to monitor everything to also check the live traffic or live logs.

The solution lacks business intelligence features. It's much too basic.

I've been using the solution for two or three years.

The solution is stable. We've never faced issues.

The solution does not scale easily. It's a hardware solution. We have FortiAnalyzer hardware, and since it has a hardware agent on the storage ware, it requires Forti capacity for analyzing purposes. There's only a finite amount of space in the hardware itself. It isn't infinite.

We've dealt with technical support in the past and we've been very satisfied at the level of support we've received so far.

The initial setup varies from company to company. Some are straightforward, some are complex.

Deployment is a simple task. FortiAnalyzer comes with the hardware version and a virtual agent. We just deploy and integrate it with the other Fortinet products.

There is a lot of competition for Fortinet in this area, including USM and Palo Alto.

We are Fortinet partners.

For those organizations that need to use a product for reporting or some analysis of logs, this is a good solution. 

I'd rate the solution seven out of ten. The features are basic, and there's not too much business intelligence behind them. If it offered more of that, I'd rate it higher.

We use this solution for reporting. We also use it to keep logs for our clients that require logs with a history of more than seven days.

In addition to our own firewalls, we have several clients with firewalls that report into the same FortiAnalyzer.

We have a private cloud deployment, set up on-premises.

The most valuable features are customizing reports, and the ability to drill down to display critical information in real-time. FortiGate itself, for example, doesn't offer all of this information on the entry-level firewalls. You can get more detailed information from FortiAnalyzer based on the log that is retrieved from FortiGate while it is operating.

I would like to be able to do more customization. For example, I would like to be able to develop my own set of reports that I can upload to the analyzer, and then it can report in a fashionable way as to what I really expect, rather than the ones that are preconfigured. Then we can play around with them in terms of where you can position your top bandwidth users, and such.

The reports are good, but they are over-summarized.

The device has been pretty much stable. We haven't really had issues with it in the time that we've been using it.

The licensing limits the storage in terms of how much information it can store. For example, you can collect seven gigs of log files in a day.

We have twenty firewalls connecting to FortiAnalyzer. We are moving some of them to the FortiCloud platform because we get thirty days of reporting on a non-subscription basis with FortiCloud. With FortiAnalyzer, we would have to pay for more licenses.

At this stage, we do not plan to increase usage. The majority of our clients who have entry-level firewalls are now depending on FortiCloud. It is more robust than us having more of the FortiAnalyzer devices. Because FortiCloud is accessible from anywhere, a client can easily manage it, rather than us giving them access to the Fortianalyzer. So, we're finding FortiCloud being a better option than us having an on-site FortiAnalyzer.

When I speak with Fortinet technical support it is usually in regards to FortiGate. I would rate their support team an eight out of ten. Sometimes, what happens is that we open a webchat with them where you don't have to open a ticket. The problem is that you may end up dealing with the level-one support who doesn't really give you the answer, so they then refer you to open a ticket. This delay can be a problem when you have a client that needs an issue resolved right then and there.

We have not used any other solutions for log analysis.

The initial setup of this solution is pretty straightforward. We have a few FortiGate firewalls, and they communicate with FortiAnalyzer over the public networks by sending their logs.

The deployment was not difficult and did not take much time. It is just the initial configuration on FortiAnalyzer, which takes no more than ten minutes. Then, the analyzer will be synchronized with FortiGate. It is just a matter of entering the FortiAnalyzer IP address, then allowing it to register. In total, it takes about twenty minutes.

There are three administrators for this solution, and I handle the maintenance myself.

We handled the deployment ourselves. The documentation from Fortinet is pretty straightforward.

The pricing of this solution is fair, and it is based on what you can manage. There are no costs in addition to the licensing fees.

We tried NetFlow Analyzer, and the product was good but it was highly expensive.

This solution, at every stage, does what I expect it to.

My advice for anybody researching this solution is to consider the size of their organization. If it is very big and they need to retain a log for a specific number of days or a period of time, for example, going back to thirty days and they also need to analyze the traffic in real-time, then FortiAnalyzer would be ideal. However, the same service is now available on FortiCloud, which is something else that I highly recommend.

With other solutions, such as NetFlow Analyzer, you can really customize your report to what you expect. Together you can insert logs, you can customize your reports with the logs that you're receiving, unlike with FortiAnalyzer. This is a major drawback.

I would rate this solution a seven out of ten.

Our primary use case of this solution is to deep-dive and get deep visibility analyzing of logs and proxy of the network. In other words, to get good customized reports.

The solution allows us to see what our users do on their computers. Some way they work all day long, but then we see that they have been surfing on net, using YouTube, streaming or looking at Facebook. It is therefore a very handy program. 

I am very impressed by the new version's security - on-premise or on the cloud. We have integrated the program with FortiView to get a better-customized log and more scalability on the application. The newer version is also much faster than the previous one and we have more visibility on whatever is happening on our system. 

Reporting wasn't very good in the previous version, but I believe it has greatly improved. The newer version has more features and the quality of reporting is better too. 

I would also like to see an improvement in the rebooting.

The stability of the solution is good - better than the previous version. Even the hardware had changed from DCVs to some STVs so now the hardware and software are more powerful compared to the previous version. We are now able to do 14-hour functionality. The program is disabled on the FortiManager by default, but we can enable it via the console in order to get the same visibility on the FortiAnalyzer. 

The scalability of the program is good and we are hoping to increase our usage. I would like to see new features and better functionality, though. For the scalability of the FortiAnalyzer, we need to take into consideration the time it will take to load 30 users instead of only 14. So maybe we would perhaps need an upgrade license for FortiAnalyzer deployment in that case.

The technical support isn't very good, I rate it a 2 out of 5. I don't really rely on their support because in the past I had some issues and the support team could not help me. 

The initial setup was really straightforward. The duration of the deployment depends on the requirements of the customer and the kind of reports they want to get. It can be customized to the client's specifications. Some only use it for visibility while others want to get detailed reports. If the requirements are complex, it will take around two days. Otherwise, it will take a few hours. It is very easy to deploy the FortiAnalyzer. 

This program is quite expensive. We have to renew the hardware every year and the hardware is very expensive. And we need to renew the licensing for application control too. 

I rate this solution a 6 out of 10. It is a good security firmware for automation. From a single dashboard we can get all the logs and traffic information on our firewall. We can get more visibility, so there is no need for the engineer to go in each and every firewall to get information. 

Even if we don't use the FortiAnalyzer, we can use a FortiCloud to send a log. But we are still using a cloud-based solution. We are using our internet bandwidth to send logs. That's in real-time or scheduling. If bandwidth is the key factor, I will not recommend the customer to use a FortiCloud. And even if you are using the FortiCloud, the basic free version, you have a retention log for only seven days. If you want to have a longer retention log, let's say for one year, then you need to create a subscription with FortiGate. In that case, it is better to have a FortiAnalyzer on-premise. Always try to listen to your customer.

We use the analyzer for reporting, to know what exactly is happening on the network. We use it to see which accesses are granted, which accesses are denied, which sites are visited, which botnets are coming in, which viruses, etc.

The solution is on-premise. Most of the time we set it up on the client's premises, depending on their needs. The cloud is there for testing.

It has a simplified and user-friendly interface.

With FortiAnalyzer, most of the time, although the interface is simplified, when you are new to it you have issues of navigating through it.

And when it comes to pushing logs to a SIEM, most of the time we have some issues when it comes to filtering.

Also, reports need to be simplified because its reporting currently includes more detailed and technical things. If we could get a simplified or executive summary, that would be good.

It's very stable, unlike the previous version which, when the logs were huge, would crash and we would have to reset it and start all over again.

The scalability is also fine if you do your prerequisites right. If so, you won't have any issues. But if you don't do your scoping right, and more logs come into the system - more than it can handle - you will face issues. You need to do your scoping right to get it to be stable and scalable.

Technical support is kind of slow. When you have 24/7 support, the response is quick. But when you send something in, it takes a long time to get a response. Fortinet support is a little bit slow when using their portal for support.

In our case, because we are partners, we have a couple of tech guys we can call to get support done. When an end-user requests support through the portal, and even when we do, it takes hours to get a response.

We work with multiple solutions and Fortinet has been the number-one.

For me, the initial setup was straightforward. The deployment takes approximately ten minutes. In some cases we could be waiting for results, waiting for logs to get up to do some analysis.

The price is quite expensive. Fortinet products are very expensive. That is something which they should also look at, because if you compare Fortinet product to, say, Sophos for example, Fortinet is really high and that's the only thing which is a drawback for most users. Although their plan is a value-for-money appliance, the price is expensive.

Anyone who asks me about a Fortinet product, I'll give that person a thumbs-up. So far, Fortinet has been the best for me. It's a value-for-money appliance, it has an easy to use interface, and it gives you exactly what you want. The only drawback would be the price. 

We use the on-prem deployment model of this solution.

My primary use case for this solution is for log collection. I have a lot of FortiGates that I have to collect logs from, so I primarily use it for log collection. We plan to deploy a SIEM and we want to try to see how to integrate all the solutions to our SIEM. We are processing for PCI data specifications. We have to respond to PCI requirements, so that's why we are making some changes and acquiring some new security solutions to deploy. Among them, we have FortiSIEM and other security solutions like antivirus.

It is a simple and solution. I can structuralize all my FortiGate logs but it's not so good from the administrative side. I have FortiGate in four countries and I am responsible for securing Fortinet. I also have to manage FortiGate in other countries, not just my own. If I have to go through each FortiGate it's going to be a little bit complicated. FortiAnalyzer is a good product; but, I keep thinking that FortiAnalyzer isn't really what I'm looking for which is why I am looking to acquire a SIEM solution. It will give me more log collection possibilities. 

I'm looking for something more efficient to analyze different foreign things. That's why FortiSIEM could compete with FortiAnalyzer. 

I haven't had to contact their technical support yet. 

The initial setup is not that complex. I didn't do the initial configuration, it was already set up, I'm only managing it right now. If we're talking about the integration side, like how to integrate FortiGate in FortiAnalyzer, I don't think it's complex. That's why they are known as one of the leaders in security.

I would recommend this solution to somebody considering it. 

The relevance of this solution will depend on the case. If you are considering this solution I would ask what you really intend to accomplish with it and what model you want. It's going to be based on the data you need to protect and analyze.

If I had to choose between FortiSIEM and FortiAnalyzer for log position it's better to go for SIEM. We all know that we can do a lot more with SIEM than just a log collection. Log collection is included in FortiSIEM; so, why acquire FortiAnalyzer is you can have FortiSIEM?

I would rate FortiAnalyzer a 6.5 out of ten. 

We primarily use the solution to protect the network and to control how the users access and use the internet.

The IBS (Intent Based Segmentation) and application web filtering are the most valuable aspects of the solution.

The solution is quite expensive.

The solution could use more graphics and be more specific in the dashboard. This way, I'm able to understand everything and effectively understand what's going on, including what's incoming and outgoing. Right now, I have to look up everything. I need a dashboard so that I can see specific items right there in one place.

We have 600 users and do plan to increase usage in the future.

Technical support is good. We've talked with them a few times. We have third-party support here in Oman.

I didn't previously use another solution.

A third party vendor assisted us with the implementation.

We have around 12 devices and yearly we spend approximately $14,000.

We are using the private cloud deployment model.

I would rate the solution nine out of ten. I don't have much to compare it to, but it's been fairly good.

Our primary use case of this solution is for bandwidth. We are very satisfied with this program.

The feature I find most useful is the handy dashboard.

I would like to see an improvement in the technical support. Stronger authentication will also be a plus.

In the next version, I would like to have authentication for 40 tokens.

We have between 20 and 25 users and we plan to increase this number, so I believe the program is scalable.

We are very satisfied with the customer service.

The initial setup was straightforward and deployment took us about eight months. The reason for this is that we installed other programs during this time too, like Fireworks Data Center, Switch Data Center, Cisco Nexus Data Center, and Forcepoint. We use Stitch as our local manager. 

All Fortinet programs come at a good price.

I will definitely recommend this solution to others. My rating is a ten out of ten.

This solution is mainly used for reporting. We collect data from the FortiGate and analyze it with this appliance.

We have a physical device that is deployed on-premises.

Using this solution has allowed us to identify which applications are consuming the most bandwidth. We can also see the times at which bandwidth is most utilized. This has allowed us to manage our bandwidth and blend better.

The most valuable feature of this solution is reporting. We use this functionality every day, and obtain reports on things like how many people are using the VPN, which websites are being accessed, and whether hackers are trying to penetrate into our network.

Every time there is a firmware upgrade the interface changes, and you'll have to maneuver that interface to see how to use it.

When somebody is new to the system they find it difficult to perform certain operations, like backups, and to see where the reports are. A more user-friendly interface would be an improvement.

I would like to see support for analyzing the wireless site, without going through the controller. For example, I would like to see a report on the full data including the APs that were up or down, and whether something has been upgraded.

FortiAnalyzer is a good product that is stable. It is used on a daily basis.

My understanding from the literature is that you can connect up to two FortiGate devices, or firewalls. Right now I have two 900D firewalls connected in the same network.

We have approximately twenty-five hundred users, including students and staff. There are six people who manage this solution. At this time, the current solution is enough and we do not need to increase its usage.

Technical support for this solution is powerful and good.

We have a support contract and Fortinet handles the maintenance of this solution. If we face any problem we can just contact them and they will help. For example, last month we were not able to get a report from the FortiGate, and they managed to help us by formatting the disk on FortiAnalyzer. Now, we are able to get the report that we want.

We did not have another analyzer solution prior to this one.

I struggled a little bit with the initial setup because it was a new concept to me. I looked at some videos on YouTube, as well as the Fortinet website.

We had another company perform the actual deployment for us, but we had to provide input to guide them on how to set it up for us. They were very professional and very good.

We started with the 800C, then, later on, we moved to the 900D. The same company handled both deployments and they did a great job.

The deployment took less than a week. There was fine-tuning that had to be done on a regular basis until we got the reports that we wanted from it.

Our licensing fees are on a yearly basis. We have several products including Fortinet Wireless, FortiGate Firewalls, and FortiAnalyzer, which are bundled together and cost approximately $50,000 USD annually. We don't pay anything else in addition to the standard licensing fees.

A company implemented a POC for us, and after that, we found that this could be a good product for our purposes.

FortiAnalyzer is a good product, and anybody who implements this solution will get good results from it. The support from Fortinet is awesome.

I would rate this solution an eight out of ten.