Fortinet FortiGate Reviews

FortiGate is a hardware firewall that we deploy for our customers. I work on the system integration team and install whichever solution the clients choose. We also provide support, including maintenance and service. The customers contact us if they have any problems. 

The firewalls are deployed on-premise, but you can also implement FortiCloud, which can integrate with public or private cloud platforms. If you have five or six locations in various countries, FortiCloud can provide centralized security support for those offices.

FortiGate is on the cheaper end, and it offers good value. 

Palo Alto has a feature called WildFire Analysis that is unavailable in FortiGate. WildFire is better than a sandbox because it can address zero-day threats and vulnerabilities. It can immediately identify zero-day threats from the cloud. 

Fortinet uses a separate solution called FortiSandbox. It needs to download signatures to identify malware, which takes significantly longer. WildFire is a cloud-based platform that collects threat information from users worldwide. 

I have used FortiGate for eight months, but I have worked with Fortinet products, including FortiManager, for three years. 

I rate FortiGate nine out of 10 for stability. 

I rate FortiGate nine out of 10 for scalability. Fortinet sells models that can accommodate more people. You can choose a cheaper model if you only have 20-30 users, but you will need to spend more money for a FortiGate solution that covers 5,000. 

I rate Fortinet support eight out of 10. Sometimes, the Level 1 support can't fix the issue, so it needs to be escalated, and we can't get help until the next day. Otherwise, it's okay. Their frontline support can fix most basic issues, but we may need to wait a day or two for special problems. 

Positive

I also deploy Check Point and Palo Alto hardware for my clients. Check Point has been in the Indian market longer. Palo Alto came into the picture about three or four years ago. 

In my opinion, Palo Alto is the better solution. It has WildFire Analysis, and you can configure virtual routers within the system, but Fortinet is less expensive. We deploy Check Point for our larger customers. It's more appropriate for multinational companies with 10,000 employees or more. 

Deploying FortiGate is straightforward. You have to check with the customers to see if their offices use other devices. Next, you must do the basic configuration and connect all the networks available at the customer's site individually. 

The SD-WAN setup is the most time-consuming task because you need to configure the address and service objects. After that, you implement basic policies and connect the office network with Fortinet. Deployment only requires one person. 

FortiGate is on the cheaper end. The price varies depending on the model of appliance you're using. It's affordable for a university or a small business. A firewall typically has a license for three years that includes installation and support, but maintenance is separate. 

I rate Fortinet FortiGate eight out of 10. FortiGate is a solid solution, but Palo Alto is the best. I recommend Palo Alto to customers who can afford it. The second best is Check Point. When considering which firewall solution to use, you should look at your budget and the number of users. 

Our organization utilizes Fortinet FortiGate for SD-WAN. All business units within our organization connect to the SD-WAN, which is constructed using Fortinet devices.

The primary reason we implemented Fortinet FortiGate was to enhance connectivity. Our previous reliance on MPLS resulted in low bandwidth and high costs. By transitioning to SD-WAN devices and leveraging common ISP connections, we have achieved two significant goals: substantial cost savings and increased flexibility in configuring device communications across our various plants.

FortiGate offers us the capability to provide visibility into and segmentation of our industrial devices. We are currently implementing this for the LAN, and we are migrating firewalls to Fortinet FortiGate devices. In this process, we are separating the operational network from the IT network.

Knowing that some of Fortinet's devices can be used in harsh environments that's nice to have. But that's something that is not needed right now just because we are only using them in very few places. These devices are specifically used to prevent intrusions in harsh environments. 

These devices help to control network traffic with OT-specific protocols. The LAN firewalls we have implemented are purchased with the functionality of network-specific modules to enable the management of network traffic with OT-specific protocols.

The approved offerings help us achieve our budgetary goals. We are adapting the budget to align with the devices provided by Fortinet. We are doing this because we can utilize Fortinet. Therefore, all of our budgets should take this into account as well.

The decision to utilize Fortinet stems from its ability to integrate with our preferred vendors. We have plans to implement both ClearPass and Nozomi as part of our OT cybersecurity strategy, both of which offer API-based interfaces for connecting to FortiGate devices. This interoperability is crucial for our organization.

The combination of FortiGate and FortiManager provides a comprehensive overview of all the firewalls we manage. It is very convenient to have everything centralized in one place.

FortiGate has helped reduce the risk of cyberattacks that could disrupt our production, which is one of our primary goals.

We were not affected by any cybersecurity attacks that would have impacted our production operations. However, we have a comprehensive plan in place to address such incidents. FortiManager enables us to block essential protocols and implement security measures across all business units if we detect a security breach in one area. This centralized approach ensures that the security measures we implement are consistently applied throughout the organization.

FortiGate has aided in centralizing the management of our network and security operations. The impact of this on the operational efficiency of our industrial network depends on how we organize it. Centralized management has significantly simplified management tasks. However, we require a dedicated team capable of addressing the diverse needs of different plants and business units, implementing necessary changes, and resolving any issues that arise. A single point of contact facilitates this process. In this regard, we have not only improved operational efficiency but also consolidated our management structure, reducing the need for multiple teams scattered across different countries.

FortiGate provides us with actionable data that helps us make informed decisions about the appropriate actions to take. Additionally, we utilize FortiAnalyzer to analyze the type of traffic we are experiencing, potential issues, and other relevant information. Furthermore, we monitor CPU memory, bandwidth, and other metrics associated with various IP connections using Fortinet devices. This monitoring is conducted across multiple firewalls. By employing these tools, we can ensure that any changes we make are the correct ones and are made for the right reasons.

The implementation of Fortinet's Security Fabric has significantly enhanced the security of our industrial control system. Previous solutions were unable to effectively manage the diverse protocols employed in this environment, resulting in operational and technological limitations. However, with the introduction of the new security fabric, we are now able to address these challenges and achieve a more robust security posture.

The Fortinet Security Fabric helps us reduce our mean time to remediation. With all its tools and centralized management, it's much easier to identify and resolve issues, leading to improved overall security posture.

Fortinet helped mature our approach to cybersecurity for protecting our industrial equipment.

The flexibility and ease of configuration are the most valuable features.

Overall, we are satisfied with the product. However, we encounter occasional capacity issues. The FortiAnalyzer, being a hardware appliance, has limited expansion capabilities. As our organization has grown, we've outpaced the FortiAnalyzer's performance. The inability to scale the FortiAnalyzer to match our growth necessitates the purchase of new hardware. This is an area that could be improved. If we anticipate reaching the size of six countries within the next five years, investing in a solution that can accommodate such growth would be more cost-effective than repeatedly purchasing new hardware. The ability to scale the FortiAnalyzer in tandem with our growth would be a significant improvement.

I have been using Fortinet FortiGate for over three years.

FortiGate is now stable. We experienced some difficulties in the beginning, possibly due to some bugs we encountered. However, for approximately the past six months, we have been closely monitoring various ratings for FortiOS versions. As a result, we are currently running only on mature versions. Since then, we have observed that the device is significantly more stable than before.

The scalability for the FortiManger and the devices themselves is a nine out of ten but for the FortiAnalyzer it is a six out of ten.

On the few occasions that we have needed to use technical support, we have found them to be responsive.

Positive

We used different solutions such as Cisco, Watchguard and Sophos in different countries, and one of the reasons we switched to FortiGate was to standardize what we used in all the countries.

The FortiManager is one of the biggest advantages they have. From a single management point, we can manage all the devices connected to the support manager. This is something I haven't seen before. So, in that sense, I would say that the most important difference between FortiGate and other vendors is the FortiManager.

Due to the extensive network, the deployment spanned several months; however, on a site-by-site basis, each deployment was completed within a few hours. We had a minimum of two people per country involved in the deployment with 1-2 people from Central IT.

It was a mixed team vendor - in-house. The vendor expertise was really good and I would rate it on a 9 out of 10.

FortiGate's pricing falls within the mid-range when compared to other leading firewall solutions. While it's more expensive than Sophos, it's more affordable than Palo Alto.

I would rate Fortinet FortiGate eight out of ten.

We have FortiGate deployed across multiple locations with 120 firewalls.

I suggest testing FortiGate. For organizations looking for an affordable solution, with good management and initial management, Fortinet FortiGate is the right choice.

Generally, government and PSU, diamond companies, textile companies, and chemical companies are using Fortinet FortiGate in the Gujarat segment. We are also working with the Fortinet FortiSwitch and Fortinet AP. 

Fortinet FortiGate has SD-WAN, FortiView, antivirus, sandbox, and IPS, which are generally well-known features. Fortinet FortiGate has a threat detection capacity compared to other vendors.

Fortinet technical support is lacking, as OEM support is slightly better. Improvement in their technical support could include response time as well as having more technically sound people in tech support.

I have more than 12 years of experience with Fortinet FortiGate.

This product is very scalable because Fortinet offers models ranging from thirty gigs to six thousand series and also offers solutions as VMs, making it highly scalable.

Their support could be better.

Neutral

We are working with both Fortinet and Check Point. Fortinet FortiGate is better compared to Check Point because I have worked with the Check Point model CP15,500.

Financial and operational ROI from Fortinet FortiGate is very fine compared to other products.

There is no challenge in Fortinet FortiGate pricing. There is a little bit of extra cost for FortiManager and logging and reporting solutions. Fortinet can offer solutions such as FortiAnalyzer and FortiManager for free for SMB customers.

We are not working with AI features in Fortinet FortiGate, but from my knowledge, FortiGuard is using AI tools for threat intelligence and protection. 

We recommend Fortinet FortiGate to other businesses with similar security needs. 

I would rate Fortinet FortiGate an eight out of ten.

I used it as an IT provider, and our main firewall was the Fortinet series FortiGate. Currently, I am just a user on the end user side of the fence.

The Fortinet gear is really easy to use, intuitive, and pretty powerful. It has been great because we haven't had to change it out very much. The operational return on investment has been great as we don't have to keep replacing it.

I really liked the interface because it was extremely user-friendly. Unlike Cisco, where you didn't need to be certified to use the interface effectively. The consistency across all models has also been beneficial as it simplifies learning and usage. They put in a thing called the FortiCookbook, which is very easy to read with real-life scenarios that make networking tasks like joining networks very straightforward.

I just don't like giving products ten out of ten. There's always something new that can be added or fixed.

I have been working with the Fortinet FortiGate overall since 2006, which is quite a few years now.

We haven't had to change it out very much. It has been stable and reliable for us.

I would rate its scalability as a nine out of ten. They scale up really well from smaller models like the FortiGate 40 and 50 to bigger sites with the FortiGate 100 for more throughput - up to enterprise datacenters.

Customer support is quite good. We purchased the 24/7 support, and they usually respond within an hour, even in the middle of the night.

I haven't switched from FortiGate. We still use the Fortinet solution as our firewall.

The initial setup is very straightforward and easy, with wizards helping to configure the device efficiently.

The ROI has been very good because it's operationally efficient, and we haven't needed to replace the equipment frequently.

I would definitely recommend it to other businesses with similar security needs. For smaller businesses with just a couple of computers, the standard ISP-supplied modems are fine.

I'd rate the solution nine out of ten.

Fortinet FortiGate offers a new official solution for SASE. This solution is more cost-effective for my organisation than the hardware. It doesn’t require renewals every year or every three years. With FortiGate, you get a firewall as a cloud service and optimal protection.

Fortinet FortiGate meets all the security demands of my industry. It covers endpoint security, including web interface, DNS security, and ELP. I'm currently using the latest version. The features that have most improved our network security are Web Control, filtering, application control, IDS, IPS policies, and Deep SSL inspection.

The intrusion prevention system (IPS) in FortiGate is highly effective. It detects and prevents intrusions, maintaining security efficiently. It works seamlessly with my environment and Google Analytics, providing robust protection.

The firmware updates are sometimes not stable. The stability issues can vary, sometimes happening once a month or quarterly. New firmware updates can occasionally introduce bugs, causing some policies to fail. We then have to raise a ticket, and Fortinet usually provides a fix within a few days.

I have been using Fortinet FortiGate for the past three to five years.

For overall stability, I'd rate FortiGate an eight. It is stable, but there are sometimes issues with the software, so there's room for improvement.

There are no scalability issues with Fortinet FortiGate. I haven't needed to scale it yet, but I have a relationship with the vendor, and they have a program to scale their hardware if required.

They also offer many solutions free of cost with the hardware, including advanced solutions. We have four branches of our organization, and they use these effectively.

The support team is very effective.

Positive

I previously used Cisco for my environment, specifically Cisco ISE for access control, but I have shifted to Fortinet products due to their cost-effectiveness.

The deployment process of Fortinet FortiGate was very straightforward. The installation took about twenty minutes, and fully configuring it with security features took about an hour. It was pretty fast, so I didn't need to spend days preparing and configuring.

I am involved in the maintenance of FortiGate, and I have five engineers with me. Three are on-site, handling different boxes, and two are remote.

I've noticed benefits in terms of performance and timing with Fortinet FortiGate. Its implementation and deployment are quick, and migration from other vendors to Fortinet is smooth and easy. Typically, we only have about fifteen minutes of downtime during the transition and gradually implement the policies.

For the price, I'd rate it a ten because it's very cost-effective.

I chose Fortinet FortiGate because it is effortless to use compared to other vendors. Their customer support is excellent, with quick responses and qualified attack engineers. They provide relevant documentation and immediate engineer assistance if needed.

Regarding AI capabilities, the product promises threat intelligence based on AI and machine learning, which I plan to explore. FortiGate integrates smoothly with other solutions.

I'd rate FortiGate a nine out of ten.

I used this solution while working with my last organization. I handled plain firewall deployment as well as SD-WAN deployment. 

I was providing consulting services to various Telco customers. It helped customers save on the cost of highly expensive MPLS links. With the help of Secure SD-WAN, they were able to utilize broadband or even LTE connectivity, which saves costs. That's the flexibility that Secure SD-WAN gives to various customers. In addition to saving costs, they are also able to utilize active-active load balancing, where you can have two parallel links: primary and secondary. The secondary one used to sit idle in traditional scenarios, whereas now, the solution gives you the flexibility to configure both links as active-active, so you can prioritize critical traffic from link one and other traffic from link two. At the same time, you also have the option to maintain redundancy.

Secure SD-WAN is a great way to manage your entire organization network, especially the WAN network. Customers don't have to hop to multiple places. Fortinet has a solution called FortiManager. With the help of that, you can monitor, configure, and maintain your entire organization's network. It's a very convenient option. It's a single pane of glass from a customer's point of view. They don't have to log in to individual devices, and they can see the real traffic. They can see what's coming into the network, what sort of alerts or logs are there, and what sort of applications are being consumed.

Secure SD-WAN doesn't help with tool consolidation, but it's a secure way or mechanism they provide so that if branch users are accessing the internet, they can directly break out from the branch location rather than coming back to the data center. In that way, it improves the user experience while also giving security at the highest level.

I have not interacted much with Secure SD-WAN in terms of API integration or third-party integrations. However, they have pretty good integration with the RADIUS, LDAP, and AD servers. In that way, they have everything in-built. You can make the firewall a DNS server or some sort of DHCP server. Such features are included there. From a security standpoint, they have open API integration with their own SIEM or SOAR solutions. Third-party API integration is also possible, but the API details that are exposed are very limited.

The integrated application protection provided by Secure SD-WAN is a cool feature. They have real-time scanning of the application with the help of SSL inspection. You get to see the real-time traffic of applications, and you can protect your network from harmful websites. They have a signature database for that. This data also gets refreshed. It's a direct feed that the device takes from the central intelligence.

When you have Secure SD-WAN in place, you are more secure from the outside internet. They have a flavor of SASE, but I have not worked on it.

When you have a granular view of your entire network including users and security features being enabled, you get more visibility into your network. You get to know what's coming in and going out. If an administrator sees that some traffic is being hit repetitively from a particular location, functionality is available to block a region, country, or even an IP or domain.

In terms of Secure SD-WAN reducing our mean time to resolve, in the case of issues specific to SD-WAN, I've seen instances where customers can look into the dashboard and inform the support team that this is the issue they are facing. This helps them to have some visibility into these firewalls and isolate the entire issue from the technology perspective; for example, when a wireless client is facing some sort of challenge accessing the internet, whereas some of the wired users are able to access the internet. The testing tools given in the FortiGate GUI dashboard come in handy during troubleshooting. With the very user-friendly interface, it becomes very obvious and easy for any IT guy to simply follow the workflow to resolve any day-to-day operational issues.

The security features that they have are quite good. On top of that, their licensing model is quite nice where they don't charge you anything for the SD-WAN functionality for the firewall. The routing and firewall features are also good.

The unified view that they have built into this firewall is good. Within the same dashboard, you get to see the security profiles, the type of traffic that's passing through, the top applications that are being consumed, etc.

It's also very easy to use.

I was not looking after the operations part, but sometimes, I did get engaged in some critical activities related to operations. There are some caveats in every product. Tunnel flapping was one of the major things I had seen wherein your internet link remains but your VPN tunnel is down. However, since I got a fix from the TAC team, I have not noticed it, but the customer complained a few times that they couldn't access the internet because of this problem. There were tunnel issues where there was already established connectivity, but at the kernel level, there were some issues. For example, there's a feature for auto-site connectivity wherein whenever it automatically creates a new tunnel, at the kernel level, it also creates an interface. Sometimes, that interface crashes and a new interface could not be created, which results in connectivity loss. 

Fortinet has established itself in the SMB market segment. It's doing pretty well in that space, but when it comes to the enterprise segment, they are lagging a little bit. It all boils down to the performance of the hardware. If I enable all of the security features available on my device, the throughput degrades quite a lot. If I have put 10 GBPS of throughput on a firewall and I enable all of these features available, such as IPS or UTM functionalities, the throughput comes down to 1 GBPS.

I used Fortinet FortiGate for seven months. I last used it in February of this year.

I'd rate it a seven out of ten in terms of stability.

The solution offers the option of deploying VMs or virtual machines to any public cloud, such as AWS or Azure. It provides such flexibility. If you have any application hosted in the cloud space, you can have a VM spin of the FortiGate over there and have a site-to-site tunnel established, so the scalability is there. Otherwise, at the site level, it's mostly hardware-based work. If you size it properly, then you have the option to expand. You might have chosen a low-end model because of the tight budget. In that case, it's not scalable on a specific site. However, if you have a certain number of sites, for example, if you have 400 of them and you want to expand to 500 or 1,000, there is simply a license that goes at the FortiManager level to support additional devices. FortiManager provides a single pane of management. 

I'd rate it a seven out of ten in terms of scalability.

My experience was not that rewarding. It took me around three hours in total to get a simple issue identified and fixed. I escalated it to their L3 engineer, and after that, I was able to resolve the issue. The entire process took around three hours. First, their initial level person was troubleshooting, then it went to the next level, and then it went to the highest level.

Neutral

From the security perspective, I have not used any other solution, but I did have a glance at Cisco's portfolio. Cisco Meraki is one of the solutions that you can compare it with. Others were more specific to the routing and switching domain. I know the concepts and theory of Cisco SD-WAN, but I have not used it in a real environment for any customer.

For one of the clients, it was deployed on the Azure public cloud. Initially, it was not easy. It was complex. Every product and technology requires a certain type of prerequisite, and when you have anything hosted on a public cloud, it becomes a tedious job to get things done quickly because multiple stakeholders are involved in that.

I have deployed Secure SD-WAN specifically for many customers. I find it easy, but you need one person to be at the site for remote connectivity. That person just needs to do the basic configuration. Once the device has IP reachability, you can easily discover it from FortiManager, which is the central controller. So, once you have the device on FortiManager, it takes a few clicks to onboard the device because you already would have a template in place.

The deployment duration depends on the number of sites. For a customer with ten sites, it would take a week's time because there are a lot of dependencies. It also depends on the customer's readiness and availability, but a week's time would be enough for the deployment of ten sites. If there is proper planning in place, you can also deploy 50 sites in a week, but that's something you cannot control from your side because there are a lot of dependencies on the customer and the service provider. If you have to integrate it into a customer's existing network, it becomes quite challenging to make them understand your prerequisites. There are instances where nobody is available from the customer side from the technical standpoint to help you. Those are the roadblocks, but from the solution perspective, it's quite easy to onboard devices.

The deployment can be done by one person if that person is dedicated to a single project, but if more projects are running in parallel, you would require a few more people.

It does require maintenance, which includes upgrading the operating system and installing patches. Two to three people would be enough for around 500 site maintenance but not in the 24/7 case. If it's 24/7, then nine people would be required for that.

By default, they give SD-WAN along with the firewall. They don't have separate licensing for the SD-WAN functionality. However, they have security licenses that are sold separately on a subscription basis. Customers can consume these security features to protect their users from internet traffic.

To those evaluating this solution, I'd advise doing a PoC of different vendors who are meeting their requirements. They can then decide for themselves after seeing the demo.

Overall, I'd rate it an eight out of ten. It's user-friendly. It's also good features-wise, but their support is weak, and on the architecture front, it's not true SD-WAN. It's not decoupling the control chain functionality from the device to the controller. 

We use Fortinet FortiGate as a border firewall and in the middle network for segmentation. It is used for inspecting security traffic from users.

The best feature of Fortinet FortiGate is value for money. It is very easy to deploy and scale.

It saves us costs and increases bandwidth throughput.

We have never encountered any issues with it. The price and deployment part of Fortinet FortiGate is good, but it can always be better.

I have been working with Fortinet solutions for about five years. We work with Fortinet FortiGate next-generation firewall, FortiAnalyzer, FortiManager, and sometimes FortiSwitch. We work with Fortinet FortiGate's hardware and virtual appliance solution.

Fortinet FortiGate is stable since we use HA availability solutions.

Fortinet FortiGate is scalable.

I would rate technical support from Fortinet a ten out of ten, the best.

Positive

We used Cisco Firepower and Juniper SRX, and a little bit of Check Point too. We switched to Fortinet FortiGate because of the best pricing.

Fortinet FortiGate has an easy setup.

We bought it from Azure Marketplace, not AWS.

We used an integrator for the deployment.

Its price is good.

I would rate Fortinet FortiGate a ten out of ten.

My company's customers use the solution for VPNs, specifically for SSL VPNs, IPSec VPNs, and other areas like web filters and application filters.

The most valuable feature of the solution revolves around SSL VPN. SSL VPN is good since I stay in a family where we use some other servers with port forwarding features, and so there is a lot of risk with it. Last time, my server got hacked with a ransomware attack. After that, we got a firewall and gave an SSL VPN to my client to connect to their servers, after which, such kind of activities involving ransomware attacks stopped.

Though the tool's GUI is user-friendly, it can be considered as an area with certain shortcomings where improvements are required.

I have been using Fortinet FortiGate for five years. I am a reseller of the solution. I work with Fortinet FortiGate 40F and 60F.

Stability-wise, I rate the solution a ten out of ten.

Scalability-wise, I rate the solution an eight out of ten.

The challenges faced by our company related to the product are associated with the activation part. Whenever my company tries to activate the product, there are some challenges. Previously, my company had given a new product to our customer who had used Fortinet FortiGate in the past. When my company tried registering the product on the portal and activating the trial license, we saw that only 30 days of use remained in the tool. We installed the product's license after all the trial licenses were activated.

I have seven to ten customers running medium-sized businesses using Fortinet FortiGate.

After connecting to Fortinet Firewall, I have not faced any complaints related to large-scale traffic or attacks.

The solution's technical support needs to be fast since whenever my company raises a complaint, it takes almost two to three hours to get a callback from the customer support team. I rate the technical support a seven out of ten.

Neutral

I don't have any experience with SonicWall because it is not very user-friendly. Fortinet FortiGate is more user-friendly than SonicWall, so we are currently working with Fortinet FortiGate and Sophos.

The product's initial setup phase is easy. I rate it as an eight, where one is difficult, and ten is easy. Sometimes, when configuring the SD-WAN policies, I have seen issues with the tool not working properly. After updating the firmware, the tool worked properly, but there was some issue with the SD-WAN part.

For the product's deployment phase, I configured LAN and WAN, followed by the web filter policies. If a customer requires it, you can configure the VPNs.

The solution is deployed on an on-premises model.

The solution can be deployed in half an hour.

It is a bit expensive. On a scale of one being cheap and ten being expensive, I rate the tool's price as an eight. The price is justified for the features and capabilities offered by the product.

I can't describe how Fortinet FortiGate has been most effective for security posture since I haven't configured any security settings. It has a setting like in Outlook's configuration involving SMTP and POP. I didn't configure any security settings in the tool.

The tool's VPN functionality supports our company's customers' remote workforce since we have given an SSL VPN connection to support those working from outside the company. After connecting to the VPN, one needs to connect it to the server directly as it is better for security.

Whenever you upgrade firewall firmware, the user interface doesn't really change. If I upgrade to a new firmware with other tools, the user interface has slightly changed.

On the portal of Fortinet, there are VMs that are available for FortiGate. Our company can give the solution to the customer on a trial basis to check how it is working, so that there are no issues.

I rate the tool a nine out of ten.