Fortinet FortiGate Reviews

We use Fortinet FortiGate for basic network security and people accessing through VPN.

Fortinet FortiGate is a reliable and practical solution that assists us in our day-to-day operations.

Fortinet FortiGate's reliability is valuable.

I would like some automated custom reporting.

I have been using Fortinet FortiGate for one year.

Fortinet FortiGate is stable.

The scalability has met our requirements. We have around 40 users.

We previously used DrayTek before switching to Fortinet FortiGate which has more features.

The implementation was completed in-house.

We evaluated Palo Alto Networks, but the cost of the solution and support were higher than Fortinet FortiGate.

I give Fortinet FortiGate an eight out of ten.

The maintenance requires one person.

The primary use case is for security purposes, mainly at the gateway level and for internal security, such as virtual training. We also use it for cybersecurity and internal communication, like having a portal. The main goal of implementing the product is to resolve security problems.

We have seen benefits. Recently, Sophos Firewalls and Palantir have also entered the market. However, FortiGate provides a higher throughput at a lower cost than these features and licensing. Our company acts as an integrator, and we work based on the customer's needs and requirements.

Fortinet FortiGate is easy to use. Anyone can easily maintain the box in small to large organizations. Even if we configure and hand it over to them, they can easily consider and register policies. And it's easy to monitor the end-to-end network through the firewall.

There are mainly two areas of improvement in Fortinet FortiGate— the licensing cost and the timing of upgrading licenses for boxes. FortiGate's renewal cost is quite high, and our customer care team also receives complaints about it. The renewal part of the firewall is expensive. If a customer pays for the license in advance, they may lose their privileges.

For example, if the license of a box expires in one or two months, and the customer wants to upgrade, there are three to four months between the operation and the end of the current license. If I purchase a new license, it will only take effect from that date. So, it fails in the backward fetch, and I am currently busy setting it up. But if the customer is not processing the card for six months, they will not benefit from the system.

I have been using Fortinet FortiGate for two to three years.

I would rate stability a nine out of ten. It's a stable product. For the most part, it's very reliable.

It is also a scalable solution. However, as integrators, the scalability depends on us. There are many options available, and we can choose the size of the box based on our requirements.

The customer service and support are very good. Once we create a ticket, we can contact them using the ticket number, and they will provide the support we need. As for the contact names, there is no rate, but there are more challenges.

Neutral

We have used Sophos Firewall, Check Point Power EOL, and others. But none of them were like FortiGate. When we upgrade the license, it shows another one, two or three years from that date.

There are no challenges in the initial setup. The people required to deploy the situation are based on the customer's expertise. We handle various types of configurations, and sometimes there are additional requirements with load balancers on top of the firewalls. We need to integrate these firewalls with that ALG.

Generally, we consider security as a separate thing. These firewalls and the LOBs will take care of some further issues based on the customer's requirements. For smaller organizations, one person can provide or ensure a sort of service. We will need three more administrators or developers if there is more traffic or high-cost tech.

Generally, most of the customers maintain their solution on-premises, not on the cloud. I am a technical guy. I am involved in deploying the solution to our customers. I take care of the HCLM upgrade, inflation rate consideration, automation, and other technical aspects of the solution.

We evaluate the area first and then proceed with the implementation by creating a DMZ zone and policies such as CRM and CAP.

FortiGate is a bit pricey, but its unique features and specifications make it an excellent option for certain customers.

As an integrator, we have observed that the licensing cost and the upgrade process are important considerations. When we purchase a new license for one or three years and upgrade it to the existing box, the expiry date does not change from the original. It can create a gap of three, eight, or even twelve months for the customer. Consequently, they buy another box instead of going through the ticket process to get it fixed.

We definitely explore the options. We always understand the customer's requirements first and then offer solutions accordingly. We ask what the customer needs and what their budget is. If their budget is INR 10,00,000, and we find a product that matches their requirements, we will offer it. If FortiGate provides the same features and throughput but costs INR 11,00,000, we might still offer it to the customer. However, if FortiGate doesn't match the customer's requirements, we won't suggest it.

So the main differences between products are the features and specifications. If a product has the same throughput and features as another product but costs more, we may not suggest it to the customer.

The challenge is licensing. Hardware-wise, it's supportive, and the support is good. But the licensing and renewal costs should be lowered, and renewing the license and data for the new license is tough. So, only for licensing, we face challenges. I would rate it a seven.

We have many boxes, and we have changed all the boxes to other products because of this licensing factor only. Even for FortiGate, such a thing happens. If I have a hundred boxes and I want to renew the license, they suggest taking new boxes with three or four at least. So that is why customers are not liking FortiGate. They could provide the same license card along with the box, which is why customers are unhappy.

Overall, the product is a four out of ten because scalability, box performance, and support are all great. However, once it's commercially used, you can only use this box; no other options are available.

We can recommend it, but FortiGate's ability to capture the market, fix the order, and meet the requirements or opportunities is also important. As an integrator, we don't have any issues with it.

We are using Fortinet FortiGate as a central firewall for our ministry, but nowadays we are preparing to join every site we have to our main data center. Fortinet FortiGate firewall will not satisfy our needs.

Fortinet FortiGate needs to improve the protection, it did not prevent us from being attacked. Additionally, Fortinet FortiGate could provide more features for WAF devices. I should not have to purchase two solutions, it would be a benefit to combine these features into one solution.

The main challenge to IT is hacking, and damaging the network software. Anything that can make a threat to our servers,  accounts, VC, from an email or internet connection. We need all companies to make investments to improve the facilities of these devices in order to provide a one-package solution to protect our servers, and systems from any hacking, ransomware, virus, any command, or any other threats. They need to improve all the security features.

I have been using Fortinet FortiGate for approximately two years.

Fortinet FortiGate is a stable solution. The main risk was the devices and systems that the end-users are using, whether inside or outside the network. The VC was not secure enough. This causes some threats to our headquarters servers.

Fortinet FortiGate has limited scalability capabilities. You can't expand these devices. For example, if I was to go from 150 users to approximately 5,000, the CBU capability of the device would not suffice.

The Fortinet FortiGate local partners were good. I did not have direct contact with Fortinet support.

The initial setup of Fortinet FortiGate was very complex because our connection to other sites that were using different network topology and ISP providers. We have faced a very complex situation. The company takes approximately three to four months in order to make our system stable. Nowadays, we are going to make our provider and network with one subnet to make it easier to maintain, manage, and monitor any attack and threats from any device anywhere. This will allow us to access devices, ports, and switches to be able to take the right action.

Our network was very complicated and we are using different operating systems, databases, applications, and video.

We used Fortinet's local partners that helped maintain our financial and management systems.

We have one to two people that do the maintenance of Fortinet FortiGate.

I have not seen a return on investment using Fortinet FortiGate.

We have the full version of Fortinet FortiGate and we are on a three-year contract with a commitment of five years.

We will be replacing two of our Fortinet FortiGate devices and will move to a solution with better specifications.

I rate Fortinet FortiGate a seven out of ten.

We use Fortinet FortiGate for web filtering, IPS reporting, and firewall policy routing.

What we like about Fortinet FortiGate is that it's fast. You can also use it immediately, e.g. you don't have to wait and apply the policy before you can use it. It's robust and offers immediate usage, unlike Check Point, which we noticed was a slow product.

Fortinet FortiGate is also more secure, depending on how you set up the SD-WAN technology.

We also like the zero trust access, arrays, and the EDR features on this product. It's also 100% more user-friendly, e.g. even when I worked with them configuration-wise. The availability of the support hotline and their knowledgebase articles, e.g. the Cookbook, help a lot. Those articles are accessible to everyone, and they're free.

Whenever you implement a solution, you can run through Cookbook, then you can install the Fortinet certificate if you aren't able to, if you're stuck, but most of the time you are likely to get it right. The Cookbook explain everything straight to the point, and this makes it much easier.

Fortinet FortiGate can be integrated with different platforms. They have integrations in place, but I can't say they're 100%.

I've used Fortinet FortiGate for three years, and the last time I used it was last year.

The product is very stable. It's a powerful product.

Fortinet FortiGate is a scalable product.

Installing Fortinet FortiGate is straightforward. The Cookbook tells you where the issue is, then the packs that come with the software, they are quick to advise on what bugs you can expect, and how those bugs can be fixed. I enjoyed installing the product.

The initial setup for Fortinet FortiGate took less than a week. We spent another week migrating the policy, or recreating the policies on the new object, because of the incompatibility with Check Point. We had to recreate the policies, otherwise, the change was quick, and we just had to mount them and connect the HA link and the other internet link. The setup was quick.

The product has different licensing models, depending on what you're going to do. For the IoT service, initially the program was for free, then the IoT service and the mix firmware that we had, we had to pay.

Services are separate in terms of Fortinet FortiGate license models, e.g. you could have IPS, AV scanning on high availability, etc. The license could be on annual renewal.

I evaluated Check Point, but my problem was that it was too slow to install, and you have to wait long while your environment is down. With Fortinet FortiGate, it was instant. Fortinet FortiGate is very easy to install, unlike Check Point. Fortinet FortiGate is a better product.

I have experience with Fortinet FortiGate. I used to manage the product in the past, but in a different company. I transferred to another company into a new position, and Fortinet FortiGate is being used in my current company.

This product can be deployed both on-premises and on cloud. We use version 300E for on-premises, and VM04 on cloud.

They are doing a lot of things to improve Fortinet FortiGate, that I can't think of anything else I'd like added to it. There's zero trust access, the EDR, and the arrays. I can't really say that there's anything that they have not started. They're able to provide what I want.

We started with 100 users of Fortinet FortiGate in the company, then it went up to 270 users, because we also had a child company with end users of this product.

We didn't have to contact technical support for Fortinet FortiGate, because we had a third-party guy who was helping us, and we seldom contact him. If we find an issue, we just email, and he'll write back to us. We also get advise on the old firmware, for example, that there's a higher chance it's static and could be affected by vulnerabilities. Any help was done quickly, and it was nice. Nowadays, we are doing all the work, e.g. not having to contact our third-party guy.

We don't really need a team for deployment and maintenance. There's another engineer we're sharing ideas with, otherwise, deployment and maintenance are both very straightforward. You just need to know what you're doing, e.g. a good path, IPsec channels, etc., and it'll be much easier.

I can recommend Fortinet FortiGate to others, especially because I understand it the most now. We do know everybody won't choose it, because Check Point, Cisco, and other competitors are coming up with robust devices. Everyone wants to win against their competitors, but I'm happy with FortiGate. It's a product I can recommend to others.

I'm rating Fortinet FortiGate a ten out of ten, because it doesn't give me any issues. It's very easy for me to rate it a ten.

In my previous company, which was a silver partner, we installed 300 and 301 for a few use cases. The most selling product at that time was FortiGate 100E.

I'm pretty happy with its reliability. It is also very scalable.

They have to just improve its performance when we enable all UTM features. When you enable all the features, the performance of FortiGate, as well as of Sophos and SonicWall, goes down.

I worked with this solution for four years in my previous company.

It is very stable. When you compare it with Palo Alto, it is stable.

It is very scalable.

They are very knowledgeable and helpful.

Based on what my engineers told me, it is easy to install. It is straightforward.

It is affordable. Palo Alto is much more expensive than Fortinet.

I would rate it a nine out of 10.

We are partners with Fortinet, so we are system integrators. We are the bridge between Fortinet and the customer.

I'm satisfied with the product more or less. If we are presenting Fortinet and proposing Palo Alto also, Fortinet is not able to develop the kinds of features available right now in the market. Even with the sandboxing feature, which is an advanced synchronized security, right now most customers are asking for a complete solution like EDR, XTR, or a kind of firewall. It should get synced, and there should be a type of URL filtering application that filters all kinds of visibility.

The feature which gives us a lot of pain is ASIC architecture. The firewall architecture is a kind of an operating system in the chip. We have our kind of base operating system in raw mode, so nobody is able to hack it out. The problem is that every time your base operating system gets an upgrade, customers need to upgrade the firewall. It means you have to replace the older firewall. That's a pain area. It should not be that kind of ASIC base. It should be based like Check Point and Palo Alto so if there is a major update coming in, they can be updated on the same firewalls.

We have been working with Fortinet for about five years.

The product is stable. Normally we are selling Fortinet for customers who have 100 or 150 users, not more than that. Over time, there is a lot of worry about insecurity. For big accounts, we are not able to satisfy the customer with the Fortinet firewall because they ask for a lot of features. Even in PLC, we have some challenges in that.

Technical support is okay.

Initial setup is easy to configure.

The price is fine. We were expecting that Fortinet would give competition to Palo Alto, but the market that we are covering with Fortinet is kind of SMB. They are compatible with Sophos, so we are not dealing with the big boxes because then there will be a requirement of big boxes. If there are more than 2,000, 5,000, or 15,000 users, we are selling for Palo Alto, but not lower than that.

I would rate this solution 6 out of 10. 

The people who are working right now as system engineers are doing a kind of formal activity with the configuration. That means they are doing the basic activation. They are not doing a lot of experiments on them, so they should go with that because Fortinet is also having sensors, which can be highlighted to the customers. 

Training should be available to the partner. The people who really implement the Fortinet firewall or Check Point or Palo Alto don't have enough knowledge about that because there is no public document or public training available.

The purpose of this solution is to provide intrusion protection and more robust endpoint security for small offices. We are providing an enterprise solution for a small business by adding endpoint protection coupled with Intrusion Detection and Protection.  For small offices needing HIPAA compliance, we need to make sure we are providing robust protection instead of the default modem gateway provided by the ISP.

The Fortinet product provides enterprise capabilities in a small footprint at a price point that is more attainable for a small business. The product meets the IPS/IDS/Endpoint protection that small organizations need for their HIPAA and PCI compliance.  While the end user may not understand the true capabilities, the managed service provider can more easily deploy and maintain this small footprint product.

The main reason why I purchased the particular unit was based on other reviews and leadership in this space. Being able to have a VPN solution as well as integrated access points is a plus. For me, it's all about simplicity. When you look at my particular model for a managed service provider, it's basically to help simplify, protect, and remain compliant. When you're trying to implement something, it's about making sure it is simplified. This seems to fit the bill.

The product has enterprise capabilities, which means there are a ton of configurations possible.  What I'd like to see in the product is more of a branch in the box wizard deployment for those that are not as well versed in firewall and routing.  For a small business, the firewall should be able to self-configure for a Unified Threat Management configuration with 2 SSIDs for protected wireless network for internal gear and a guest wireless network for employee cell phones and guests.  I'd like to open the box, plug in the router behind the cable modem, and check a few boxes, and the rest is done automatically.  I don't want to have to build a configure VLANs, SSIDs, security protocols for each port, and try to figure out and understand all the layers in an effort to deploy a solution.  It's great to have those capabilities in case you need them, but for most of the offices I am trying to deploy these into--it should be a branch in a box.

I've only been using the solution for a few weeks. It's very new for us.

Stability has been fine. I've had no questions about the stability of it. It seems so far it is staying up. I haven't had any issues to speak of.

I haven't really pushed this product from a scalability perspective. Certainly, if you look at the performance metrics, the F series appears to have really expanded the capacity and capabilities beyond past models. If you look at 40E versus 40F, there's a fairly substantial difference. For a small office, it's going to be just fine.

I haven't reached out to technical support and therefore can't speak to their level of responsiveness.

N/A

The initial setup is complex for me due to my lack of experience with the Fortinet FortiGate product. The complexity can be a good thing, however, as there's a lot of really good features associated with it. Where it could be simplified is in having that easy deployment option, and then you can start going down and trying to get into the nitty-gritty and figure out when do you need the extra features.

Right now, I'm just in a test environment getting all the firmware up and tested. Then, once I have it tested, I'll take it to the client location and yank out their WiFi mechanism, their WiFi router, and put this in.

I'm currently handling the implementation for a client.

ROI is somewhat difficult to measure when you are mostly talking about deploying a product for endpoint security.  If your environment stays protected, then it was a good return on investment.

When you look at these endpoint security systems and firewalls, these products a few years were way too expensive for a small business. Now we have enterprise level security in a footprint that is less than $1,000.  For offices that have 10-25 computers needing protection, this is a better solution.

The good news is that Fortinet does have a good support network as well as their education academy to help someone get up to speed on their product.

We used FG-90D as UTM device to protect some users and servers, and also to enable inter-vlan routing with advanced security policies inside our lab zone. Also used FG-500D in transparent mode in front of Cisco ASA for advanced and high performance protection by applying IPS, AV, AntiSpam, App.Control and DoS-protection profiles.

We have better manageability: opening and closing ports/services, adding addresses is done very quickly (can be done in single page of the web GUI).

It offers outstanding reporting tools when coupled with FortiAnalyzer (Fortinet's log collector and reporting tool) help meet compliance (there are PCIDSS, HIPAA and many more report types).

Better security posture: safe web surfing, less spam and viruses in incoming email messages, very granular AppControl, blocking vulnerability exploitation attempts and traffic anomalies by IPS, preventing DoS attacks by DoS policies.

Good VPN, both IPSEC and SSL (web-mode, tunnel-mode). An engineer/network administrator has tools to debug VPN issues that can occur during tunnel setup with other vendors' equipment.

SD-WAN feature at no cost. This is really great feature for remote locations (branch offices) and HQ, application steering between many ISP links becomes a simple task. Steering can be done dynamically by measuring link quality (latency, jitter, packet loss, available bandwidth).

Wi-Fi and Switch controller at no cost. FortiSwitch and FortiAP can become a kind of port extender of the firewall, all its ports can be referenced in firewall policies. When you have such management plane consolidation it gives you a simpler way to operate.

Security Fabric Framework is helping in analyzing sudden and rapid changes in whole infrastructure, and gives the ability to simplify daily operations (e.g. address objects synchronization between all firewalls in Fabric, estimating overall security rating, single-sign-on for admin access and many more)

Single Sign On support with deep LDAP integration (several variants for environments with different scales), RADIUS authentication.

Can work as transparent and explicit web-proxy, the last option supports Kerberos authentication which requires no agents installed on any windows server.

Human readable firewall policies with editable security policies and
addresses in single page. This is very useful and time saving feature.

Firmware upgrade process is very simple, even for cluster configurations it is fully automated by default.

Straightforward SNAT and DNAT; you may work in two ways: with Central NAT rules configuration and by applying translation directly inside firewall policies.

Bulk CLI commands are uploaded via gui in script file (portions of config file).

VDOMs are very useful when you need to grant admin role to clients separately. VDOMs in FortiGate can be represented in FortiAnalyzer's ADOMs (administrative domain), which can have different log storage policies, event handling and alerting configurations. You can create one VDOM working in NAT/Route mode, and another VDOM working in Transparent mode.

If you don't want to create and use second VDOM you can still transparently inspect traffic at layer 2 level while having only one VDOM in NAT/Route mode. This is achived by configuring Virtual Wire Pair ports that work like a separate bridge.

Ability to capture packets going through any interface of device (and VM too). You can set number of packets, filter out packets by IP and port number for particular troubleshooting purposes, then download a .pcap file from web gui and analyze it in your favorite programm.

Advanced routing (RIP, OSPF, BGP, PBR). It gives you a seamless and simple integration into a large network.

IPS, AV, Web Filter, AppControl profiles are working very well.

SSL Inspection and CASI (Cloud Access Security Inspection) profiles.

Rich logging options allow you troubleshoot most problems.

Straightforward HA with different redundancy schemas.

IPv6 support.

I think there could be more QoS features in GUI. FortiGate has Traffic Shaping feature that is enough in most cases when shaping egressing packets, but sometimes I just need 802.1p prioritizing (Class of Service) of incoming packets and manual ingress queue assignment. This is what would be nice to have, but I realize that such a job is more efficiently done by L4 switch standing before firewall. Fortinet has a FortiSwitch that can do it, and it also can be controlled by FortiGate via FortiLink protocol.

[Firmware version FortiOS 6.2 update]: There are a lot of improved and newly added things, so it is very hard to imagine any additional features.

Four years.

Small models (up to FG-90) are build on SoC (System on a Chip), so they need to be mounted in places with enough airflow and right temperature, otherwise they could hang, slow down traffic processing, but more often you just can't log in to the device's web-interface (reboot won't help you until it cools down). Actually, that's not an issue. It is a technical requirement for operating environment to be 5-40 degrees (but at 35 degrees with poor airflow there may be issues mentioned above).

For large scale deployment I would suggest to look at FortiManager, a central management point for large amount of FortiGates. I have tested the solution and found it quite useful. I could download configuration from any device and install edited list of policies to several devices simultaneously through a couple of clicks. Also I liked functionality of clearing out Address objects list from unused entries. It can be configured to be a central repository of firmware and updates, and a local rating server (url and antispam rating services) which can improve rating lookup latency value.

Technical support is good (in average).

We used an old IPS from Cisco. We switched because of End-of-Support on that device.

Initial setup in plain networks is very straightforward. For large environment you should prepare beforehand, because FortiGate is a highly-tunable and feature rich product, so you must have a plan with many considered details.

We did not engage a vendor team. Documentation is good enough to implement with an in-house team.

Setup cost may be not so low, as you expect, because it depends on different factors, but TCO for 5 years may pleasantly surprise you.

Palo Alto, Cisco ASA, CheckPoint

Many interesting things are hidden in CLI, they can help you in different situations. Web-interface (GUI) is primarily intended for day-to-day routine.

Don't underestimate FortiAnalyzer. It can give you a better understanding of what is going on in your network. When FortiGate sends logs to FortiAnalyzer, FortiAnalyzer inserts received log data into database. Predefined and customizable data queries, charts and reports can significantly help you by visualizing problem points, so you can thoroughly investigate security events and traffic behavior anomalies.

FortiGate is a constantly evolving product, so pay attention to FortiOS version it runs.