Fortinet FortiGate Reviews

We utilize the Fortinet FortiGate firewall to safeguard our network and provide secure VPN access from external locations.

We implemented FortiGate because we needed a firewall to protect our data.

FortiGate helped us meet our ISO requirements.

In the time we have been using FortiGate, we have not had any security breaches. 

FortiGate has reduced the risk of cyberattacks that can disrupt our production. Since implementing FortiGate we have not dealt with any such attacks.

I'm unsure whether centralized FortiGate management enhances efficiency, but our experience with it has been exceptional. We haven't encountered any issues, and the operational aspects have been seamless. Additionally, there was no downtime, which is crucial for our operations.

Our Fortinet security fabric has enhanced security across our industrial control system. By safeguarding our production environment and ensuring the security of VPN access granted to individuals, we have achieved comprehensive data protection. We have not experienced any incidents that would have occurred if our firewall was inadequate.

FortiGate does a lot of research, and the product is regularly updated, especially in the ransomware area. I know of a couple of other companies around us that had some ransomware incidents, but we never have. From that perspective, FortiGate has helped mature our approach to cybersecurity a lot.

The email protection and VPN features are the most valuable.

The process of configuring firewall rules appears excessively complex. While FortiGate offers greater functionality than other firewall solutions, its user interface could benefit from simplification.

I would like the log viewing process to be improved to provide a clearer understanding of the logs.

I have been using Fortinet FortiGate for five years.

I would rate the stability of FortiGate ten out of ten. We have never had any issues.

We used the limit of our FotiGate firewall which was around 150 users and we never noticed any performance issues. 

I would rate the scalability of FortiGate eight out of ten.

The technical support is good.

Positive

Our decision to switch from FortiGate to Sophos was solely driven by the seamless integration with our existing Sophos antivirus system. Had this integration not been an advantage, we would have maintained our FortiGate system.

The initial deployment was straightforward due to our understanding of the product and its operation. It was completed in one day by a team of two.

The price of FortiGate is comparable to that of most other firewall solutions and is more affordable than Cisco.

I would rate Fortinet FortiGate eight out of ten.

Except for the firmware updates we have to do now and then, there is no other maintenance required for FortiGate.

We had FortiGate deployed in one location in a big server room. We have 150 users.

I would recommend FortiGate to anyone. FortiGate is an out-of-the-box firewall with good pricing and excellent features.      

I used this solution while working with my last organization. I handled plain firewall deployment as well as SD-WAN deployment. 

I was providing consulting services to various Telco customers. It helped customers save on the cost of highly expensive MPLS links. With the help of Secure SD-WAN, they were able to utilize broadband or even LTE connectivity, which saves costs. That's the flexibility that Secure SD-WAN gives to various customers. In addition to saving costs, they are also able to utilize active-active load balancing, where you can have two parallel links: primary and secondary. The secondary one used to sit idle in traditional scenarios, whereas now, the solution gives you the flexibility to configure both links as active-active, so you can prioritize critical traffic from link one and other traffic from link two. At the same time, you also have the option to maintain redundancy.

Secure SD-WAN is a great way to manage your entire organization network, especially the WAN network. Customers don't have to hop to multiple places. Fortinet has a solution called FortiManager. With the help of that, you can monitor, configure, and maintain your entire organization's network. It's a very convenient option. It's a single pane of glass from a customer's point of view. They don't have to log in to individual devices, and they can see the real traffic. They can see what's coming into the network, what sort of alerts or logs are there, and what sort of applications are being consumed.

Secure SD-WAN doesn't help with tool consolidation, but it's a secure way or mechanism they provide so that if branch users are accessing the internet, they can directly break out from the branch location rather than coming back to the data center. In that way, it improves the user experience while also giving security at the highest level.

I have not interacted much with Secure SD-WAN in terms of API integration or third-party integrations. However, they have pretty good integration with the RADIUS, LDAP, and AD servers. In that way, they have everything in-built. You can make the firewall a DNS server or some sort of DHCP server. Such features are included there. From a security standpoint, they have open API integration with their own SIEM or SOAR solutions. Third-party API integration is also possible, but the API details that are exposed are very limited.

The integrated application protection provided by Secure SD-WAN is a cool feature. They have real-time scanning of the application with the help of SSL inspection. You get to see the real-time traffic of applications, and you can protect your network from harmful websites. They have a signature database for that. This data also gets refreshed. It's a direct feed that the device takes from the central intelligence.

When you have Secure SD-WAN in place, you are more secure from the outside internet. They have a flavor of SASE, but I have not worked on it.

When you have a granular view of your entire network including users and security features being enabled, you get more visibility into your network. You get to know what's coming in and going out. If an administrator sees that some traffic is being hit repetitively from a particular location, functionality is available to block a region, country, or even an IP or domain.

In terms of Secure SD-WAN reducing our mean time to resolve, in the case of issues specific to SD-WAN, I've seen instances where customers can look into the dashboard and inform the support team that this is the issue they are facing. This helps them to have some visibility into these firewalls and isolate the entire issue from the technology perspective; for example, when a wireless client is facing some sort of challenge accessing the internet, whereas some of the wired users are able to access the internet. The testing tools given in the FortiGate GUI dashboard come in handy during troubleshooting. With the very user-friendly interface, it becomes very obvious and easy for any IT guy to simply follow the workflow to resolve any day-to-day operational issues.

The security features that they have are quite good. On top of that, their licensing model is quite nice where they don't charge you anything for the SD-WAN functionality for the firewall. The routing and firewall features are also good.

The unified view that they have built into this firewall is good. Within the same dashboard, you get to see the security profiles, the type of traffic that's passing through, the top applications that are being consumed, etc.

It's also very easy to use.

I was not looking after the operations part, but sometimes, I did get engaged in some critical activities related to operations. There are some caveats in every product. Tunnel flapping was one of the major things I had seen wherein your internet link remains but your VPN tunnel is down. However, since I got a fix from the TAC team, I have not noticed it, but the customer complained a few times that they couldn't access the internet because of this problem. There were tunnel issues where there was already established connectivity, but at the kernel level, there were some issues. For example, there's a feature for auto-site connectivity wherein whenever it automatically creates a new tunnel, at the kernel level, it also creates an interface. Sometimes, that interface crashes and a new interface could not be created, which results in connectivity loss. 

Fortinet has established itself in the SMB market segment. It's doing pretty well in that space, but when it comes to the enterprise segment, they are lagging a little bit. It all boils down to the performance of the hardware. If I enable all of the security features available on my device, the throughput degrades quite a lot. If I have put 10 GBPS of throughput on a firewall and I enable all of these features available, such as IPS or UTM functionalities, the throughput comes down to 1 GBPS.

I used Fortinet FortiGate for seven months. I last used it in February of this year.

I'd rate it a seven out of ten in terms of stability.

The solution offers the option of deploying VMs or virtual machines to any public cloud, such as AWS or Azure. It provides such flexibility. If you have any application hosted in the cloud space, you can have a VM spin of the FortiGate over there and have a site-to-site tunnel established, so the scalability is there. Otherwise, at the site level, it's mostly hardware-based work. If you size it properly, then you have the option to expand. You might have chosen a low-end model because of the tight budget. In that case, it's not scalable on a specific site. However, if you have a certain number of sites, for example, if you have 400 of them and you want to expand to 500 or 1,000, there is simply a license that goes at the FortiManager level to support additional devices. FortiManager provides a single pane of management. 

I'd rate it a seven out of ten in terms of scalability.

My experience was not that rewarding. It took me around three hours in total to get a simple issue identified and fixed. I escalated it to their L3 engineer, and after that, I was able to resolve the issue. The entire process took around three hours. First, their initial level person was troubleshooting, then it went to the next level, and then it went to the highest level.

Neutral

From the security perspective, I have not used any other solution, but I did have a glance at Cisco's portfolio. Cisco Meraki is one of the solutions that you can compare it with. Others were more specific to the routing and switching domain. I know the concepts and theory of Cisco SD-WAN, but I have not used it in a real environment for any customer.

For one of the clients, it was deployed on the Azure public cloud. Initially, it was not easy. It was complex. Every product and technology requires a certain type of prerequisite, and when you have anything hosted on a public cloud, it becomes a tedious job to get things done quickly because multiple stakeholders are involved in that.

I have deployed Secure SD-WAN specifically for many customers. I find it easy, but you need one person to be at the site for remote connectivity. That person just needs to do the basic configuration. Once the device has IP reachability, you can easily discover it from FortiManager, which is the central controller. So, once you have the device on FortiManager, it takes a few clicks to onboard the device because you already would have a template in place.

The deployment duration depends on the number of sites. For a customer with ten sites, it would take a week's time because there are a lot of dependencies. It also depends on the customer's readiness and availability, but a week's time would be enough for the deployment of ten sites. If there is proper planning in place, you can also deploy 50 sites in a week, but that's something you cannot control from your side because there are a lot of dependencies on the customer and the service provider. If you have to integrate it into a customer's existing network, it becomes quite challenging to make them understand your prerequisites. There are instances where nobody is available from the customer side from the technical standpoint to help you. Those are the roadblocks, but from the solution perspective, it's quite easy to onboard devices.

The deployment can be done by one person if that person is dedicated to a single project, but if more projects are running in parallel, you would require a few more people.

It does require maintenance, which includes upgrading the operating system and installing patches. Two to three people would be enough for around 500 site maintenance but not in the 24/7 case. If it's 24/7, then nine people would be required for that.

By default, they give SD-WAN along with the firewall. They don't have separate licensing for the SD-WAN functionality. However, they have security licenses that are sold separately on a subscription basis. Customers can consume these security features to protect their users from internet traffic.

To those evaluating this solution, I'd advise doing a PoC of different vendors who are meeting their requirements. They can then decide for themselves after seeing the demo.

Overall, I'd rate it an eight out of ten. It's user-friendly. It's also good features-wise, but their support is weak, and on the architecture front, it's not true SD-WAN. It's not decoupling the control chain functionality from the device to the controller. 

My company's customers use the solution for VPNs, specifically for SSL VPNs, IPSec VPNs, and other areas like web filters and application filters.

The most valuable feature of the solution revolves around SSL VPN. SSL VPN is good since I stay in a family where we use some other servers with port forwarding features, and so there is a lot of risk with it. Last time, my server got hacked with a ransomware attack. After that, we got a firewall and gave an SSL VPN to my client to connect to their servers, after which, such kind of activities involving ransomware attacks stopped.

Though the tool's GUI is user-friendly, it can be considered as an area with certain shortcomings where improvements are required.

I have been using Fortinet FortiGate for five years. I am a reseller of the solution. I work with Fortinet FortiGate 40F and 60F.

Stability-wise, I rate the solution a ten out of ten.

Scalability-wise, I rate the solution an eight out of ten.

The challenges faced by our company related to the product are associated with the activation part. Whenever my company tries to activate the product, there are some challenges. Previously, my company had given a new product to our customer who had used Fortinet FortiGate in the past. When my company tried registering the product on the portal and activating the trial license, we saw that only 30 days of use remained in the tool. We installed the product's license after all the trial licenses were activated.

I have seven to ten customers running medium-sized businesses using Fortinet FortiGate.

After connecting to Fortinet Firewall, I have not faced any complaints related to large-scale traffic or attacks.

The solution's technical support needs to be fast since whenever my company raises a complaint, it takes almost two to three hours to get a callback from the customer support team. I rate the technical support a seven out of ten.

Neutral

I don't have any experience with SonicWall because it is not very user-friendly. Fortinet FortiGate is more user-friendly than SonicWall, so we are currently working with Fortinet FortiGate and Sophos.

The product's initial setup phase is easy. I rate it as an eight, where one is difficult, and ten is easy. Sometimes, when configuring the SD-WAN policies, I have seen issues with the tool not working properly. After updating the firmware, the tool worked properly, but there was some issue with the SD-WAN part.

For the product's deployment phase, I configured LAN and WAN, followed by the web filter policies. If a customer requires it, you can configure the VPNs.

The solution is deployed on an on-premises model.

The solution can be deployed in half an hour.

It is a bit expensive. On a scale of one being cheap and ten being expensive, I rate the tool's price as an eight. The price is justified for the features and capabilities offered by the product.

I can't describe how Fortinet FortiGate has been most effective for security posture since I haven't configured any security settings. It has a setting like in Outlook's configuration involving SMTP and POP. I didn't configure any security settings in the tool.

The tool's VPN functionality supports our company's customers' remote workforce since we have given an SSL VPN connection to support those working from outside the company. After connecting to the VPN, one needs to connect it to the server directly as it is better for security.

Whenever you upgrade firewall firmware, the user interface doesn't really change. If I upgrade to a new firmware with other tools, the user interface has slightly changed.

On the portal of Fortinet, there are VMs that are available for FortiGate. Our company can give the solution to the customer on a trial basis to check how it is working, so that there are no issues.

I rate the tool a nine out of ten.

We use it for managing access to our data center, regulating the communication tools employed among servers, and ensuring overall security.

Its performance in fulfilling our requirements has been satisfactory. The graphical user interface is straightforward to navigate.

There is room for improvement related to the logging and reporting aspect. It was somewhat challenging as I delved into the logs during an incident. Navigating through the logs to trace the specific information we needed, as well as generating the corresponding report, proved to be less intuitive. In comparison, when considering Sophos XG, which we also use, the logging and reporting functionality is notably more efficient.

I have been working with it for two years.

It offers good stability capabilities.

We have approximately two hundred users within our company.

I would rate its customer service and support ten out of ten.

Positive

Its performance justifies the cost, there is a prominent ROI.

The pricing is very reasonable.

I would highly recommend it. Overall, I would rate it eight out of ten due to the reporting and logging issues.

I use Fortinet FortiGate SWG in my company for security purposes and the SD-WAN in our networks.

The network load balancing is one of the best features of Fortinet FortiGate SWG. Fortinet FortiGate SWG's SD-WAN compatibility with any of the providers is also one of its good features. The security devices work well with the solution, and it works well for anything pertaining to security, including the HTML files and VPN, which is beneficial for our company.

The graphical user interface of Fortinet FortiGate SWG is an area of concern where improvements are required.

I have been using Fortinet FortiGate SWG for three years. I use the solution's latest version, which is Fortinet FortiGate 100F Series. I am an end user of the solution.

Stability-wise, I rate the solution an eight out of ten.

Scalability-wise, I rate the solution an eight and a half out of ten.

My company uses Fortinet FortiGate SWG in around 350 locations spread across India, and we have a user base of over 5,000 users.

The response from the technical support team has always been excellent. I rate the technical support a nine out of ten.

Positive

There were no issues with the product's installation phase. In our company, there were some initial things like checking the networks and managing the area of whitelisting in the firewall.

The solution's installation process doesn't take longer than an hour.

The solution is deployed on an on-premises model since my company has security gateway appliances across the company for 350 locations.

There was a team of six engineers in my company to take care of the implementation part of the product.

I was a part of the design and implementation team of the solution in my company.

Earlier, in my company, we had constraints in regard to the link load balancer and the site getting isolated because of the internet. Now, the good part is that the failovers and integration have become entirely seamless, and the site remains connected, meaning, in our company, we don't see the site getting isolated.

I rate the price of Fortinet FortiGate SWG a seven and a half out of ten since it is not a cheap solution, though I feel it is a good product for the money one pays.

There were no additional costs apart from the licensing charges of the product, and the extra payments were related to the shipping charges so that it could be shipped to multiple cities.

My company plans to use FortiAnalyzer and FortiManager.

I rate the overall tool an eight out of ten.

I primarily administrate the solution as a firewall. It's a perimeter solution. We filter content in order to ensure protection. We use it to publish services on-premises.

The GUI is good.

It's a basic firewall and it's a simple configuration. It can be ported very easily to our unit.

All of the licenses are included. We don't need to buy more licenses per pack of users. It is cost-effective. 

We'd like to see what they will do when AI attacks are generated. They will need to ensure their prevention continues to be exceptional. 

The solution isn't missing any features. Maybe they could make some features more accessible, such as a way to translate directions between two networks that share the same subnets.

I've been using the solution for ten years. 

The solution is very stable. It is a robust unit.

It's scalable. You can grow as you need. If you need more, you can use a model to upgrade to the next model. 

We don't have users per se; I provide the service to clients. 

I very rarely contact technical support. If I need to scale, they have very knowledgeable sources and solid workbooks. The resources they offer ensure I always have a solution. 

I've worked with SonicWall and Cisco. Fortinet offers a good license model. It's also very clean in terms of configuration. It offers high performance. It is a bit more expensive compared to SonicWall, however, if you take everything into consideration, the pricing is quite reasonable. 

We have a FortiGate appliance. We are using the 2000F version of FortiGate and running the license for FortiOS. 

First, we design our network, then we update policies. 

Fortinet makes the process very easy. I try to make it more efficient by replicating policies using the GUI. 

How long it takes to deploy depends on the complexity. I have 20 or so subnets and some services and I can manage the deployment in two to three hours. 

It is not difficult to maintain the solution. 

I'm able to handle the deployment myself. 

The licensing model is very good. It's less expensive than Check Point. 

I'm an independent consultant. 

Users have to understand the size of the network. That would dictate the model you need. You also need a qualified technician to configure the unit. 

I'd rate the solution nine out of ten. It's very easy to use.

It's mainly used to secure our clients' network access because they do not have any servers. The only things we have connected to the FortiGate firewall are access points, CCTVs, and a printer. It's just used for web browsing and internet access.

It definitely helps with intrusion prevention. When managing a firewall, you need to create policies to dictate the traffic flow within your environment. And once you enforce a policy, it has an intrusion prevention assistant that you can activate, so it's not just acting as a firewall.

Like most next-generation firewalls today, it helps control network traffic. I don't have any problem managing the network traffic within our network. It's very easy to access and manage.

FortiGate has also helped reduce the risk of cyberattacks. If such an attack happened, the main consequences for us would be data breaches, where some of our company's most important information might be leaked and used by other people. That would endanger our production and security.

And with the System Events page, I can easily access and see the events that are happening within the device and the network. It's easy to track if something has happened and, based on that, make a decision about the next step that I should take. I can see if it is severe or if it is just something that is not critical but more than a nuisance. Even in that case, I have to think about the steps that I will take to prevent it from happening again.

Mostly, it's about protecting the internet access of our end users in the production area of our company. It protects us during our web browsing and from internet-related activities.

The feature I like most is the SD-WAN. It allows you to manage more than one ISP at the same time. And there is a high-availability mode, so if one of your ISPs is down, you still have a backup.

It also provides us with visibility because we are able to track the IP addresses, as well as the type of device, OS, vendor name, and the name of the devices.

In addition, Fortinet Security Fabric helps us meet regulations and compliance requirements.

The built-in APIs enable us to integrate with different vendors, such as TP-Link and Luigi. We did not have any problems with the integration. It's very easy to configure and connect. This helps reduce deployment time, but that has more to do with network knowledge than with the product. If you're familiar with basic networking, it would be easy for you to understand the application of a certain device and integrate it with the API of your choice.

I've been working with Fortinet FortiGate for about 10 months.

I would like to see improvements in the support from Fortinet. Here in the Philippines, whenever we have problems with a Fortinet product, we mostly ask for support from distributors and resellers and not directly from Fortinet.

Neutral

I don't know why our company acquired FortiGate because I'm not the account manager. I'm just the technical person who installed the product. But I can assume they just looked at other companies that are securing their networks and decided to secure their internet access like those companies do.

Including the reconfiguration of the network setup, the deployment took at least five days. But the actual deployment of the device only took one day. There were four people involved.

I have no idea what the difference in pricing is if you buy it from a reseller or distributor compared to Fortinet, or even if Fortinet gives that option. The pricing is justified. It's a little pricey, but what you pay for is what you get.

I can't say how much it has reduced MTTR because I have not experienced any issues with FortiGate.

When I first built the FortiGate firewall, it enabled me to learn more about the network security field.

The majority of use cases have been around UTM. Initially, they were famous for their UTM solution because nobody was offering what Fortinet was offering. 

We most probably use the latest version.

Fortinet has a very strong OS. They have a single OS through which they integrate all the networks and security operations. Our experience has been very good. Fortinet gives us a single fabric for the security and network teams. This unification has helped us a lot in providing Secure SD-WAN and other solutions, such as network switches, wireless controllers, FortiNAC, FortiAuthenticator, etc. They have a single pane of glass for all these from the monitoring and visibility aspect.

The integrated application protection provided by Secure SD-WAN is very good. Fortinet is a security-focused company. The features related to application recognition and how to enhance the performance and security of applications are pretty good.

The customers for whom we deployed FortiGate have become long-term customers of Fortinet. Even when they compare the solution with some of the other vendors, they're more comfortable with going with Fortinet and upgrading and refreshing the hardware and the software. It's a very good product, and the customer satisfaction is pretty good.

It impacts operational efficiency because we can quickly make the changes. For example, Cisco has some limitations in terms of the time it takes for any change to take effect, which impacts the operational efficiency, whereas in the case of Fortinet, they've got a very quick way of doing the changes and reverting them, which eliminates any downtimes because of the configurations. Their method for configuring and applying policies is very simple and easy. Because of that, it's very easy to do complex changes, and in the case of misconfiguration, revert those changes without much of an impact. Overall, Fortinet FortiGate brings a lot of operational improvements because of the strength of FortiOS.

Secure SD-WAN has helped us remediate threats more quickly. Normally, with the WAN solutions or the simple SD-WAN solutions, security is done on the hub side. With the Secure SD-WAN solution, we can apply security at the branch level, so unnecessary or malicious traffic doesn't reach the data centers or the hub site, which helps in improving the overall security posture. Also, we can tighten and apply a single security policy across all the branches or different segments of the WAN, which improves overall security. Fortinet offers different security measures for blocking malicious traffic and having a uniform policy across the entire organization. 

Secure SD-WAN has helped reduce our mean time to detect (MTTD) and mean time to resolve (MTTR). Applying a central security policy at the branch level immediately helps us to detect any malicious traffic and block it there, so the chances of anything reaching the hub or the data center side are less. It improves MTTD and MTTR because it has a very good interface where we can easily respond to all the attacks and manipulate things. Applying security with the help of Secure SD-WAN helps to mitigate attacks from where they are originating, which improves MTTD and MTTR.

Secure SD-WAN has helped reduce help desk tickets. Because of the operational efficiency and security, there are not many issues that impact the number of tickets.

With the help of Secure SD-WAN, we can provide operational efficiency because we can apply policies on an application-level basis. With Secure SD-WAN, we can apply a security policy per application. The central security application structure helps to apply all the measures from one central place and from the cloud. Because it's connected to many intelligence centers, it future-proofs a business and improves it overall. 

Fortinet has a very good solution for Secure SD-WAN. One very good feature is that they have robust and simple FortiOS through which they provide all solutions. That's their strength. There's not much complexity involved with the Secure SD-WAN solution of Fortinet as compared to Cisco's solution, which has a lot of flexibility but complexity also comes with that flexibility.

From a reporting perspective, there's room for improvement. They provide FortiAnalyzer through which one can get some enhancements, but the visibility and reporting still need slight improvement. Recently, a customer had a requirement of getting some reports on their internet usage. Palo Alto has a bit better reporting than the Cisco and Fortinet firewalls, but we cannot get granular details about the user-level security, usage, etc.

Their support also needs improvement.

I've been working with this solution for around ten years.

It's very stable.

For small and mid-level enterprises, it has been a very good solution, and that's why they captured that market. Our experience with it has been very good. It's easy to configure and deploy. In our country, their main market is small and big enterprises, but they are gradually focusing on the performance aspect. It's being used in large enterprises as well as a firewall solution.

It's scalable. There were some performance issues a few years ago, but they've fixed them for better performance, optimization, and high throughput. Performance-wise, it's very good.

Support is one of the areas that they need to look into because as compared to some of the other companies, Fortinet's support is not that responsive. The product is very stable, but their support needs to be improved. I'd rate their support a six out of ten.

Neutral

We used Cisco and Juniper. We switched to FortiGate because it offers a lot of features at a very good price point. Unlike some of the other vendors, you don't have many license restrictions. For large and medium enterprises, they provide a wireless controller, authenticator, and mail features. There are so many features integrated within FortiOS, whereas, with many vendors, you have to work with different products. It's very helpful for small organizations with tighter budgets. There's also the ease of configuration that helps to bring things online as quickly as possible as compared to some of the other solutions that have a learning curve and that take some time.

I mostly work on the pre-sales side. I discuss all the features, and then I work with the deployment team. They do the installation.

Its installation is easy. Normally, we get the scope and have the high-level design. After that, we go to the low-level design where we manage all the configuration templates. We have discussions with the customer and finalize all the policies that need to be applied at the site. We segment sites by size, traffic, application usage, etc. We apply the policies on a group basis, and then we apply the configurations on the controllers or the sites.

In our area, people are mostly interested in on-prem setup instead of cloud because not many controllers are located within the country, so the traffic has to be traversed outside the country. For banks and financial sectors, on-prem is more suitable, but small organizations can have it on the cloud.

We implement it ourselves. For small projects, one or two people are good enough because we majorly find all the things at the LLD stage. We have a team that works on the LLD and configurations, and then we've got an on-field team that takes those configurations and applies the changes. Normally, if the implementation isn't distributed across the country, not many resources are required. Two or three resources are good enough, but if it's distributed across different regions, then a larger team is required. Once we have the templates, things are posted automatically, so not much to be done at the sites. We just have to do connectivity and configure the policies. As compared to other deployments, we require much less staff for the deployment tasks.

It requires maintenance, but generally, the product is very stable and doesn't require much maintenance. Normally, there aren't many changes. If there are any issues, we definitely need to monitor and check. Most of the issues aren't related to the solution itself if you have implemented it in the right manner, so planning needs to be done in the right manner.

There's definitely an ROI. Having a centralized way of managing and applying policies across the entire organization always helps. The time to manage, operate, and resolve issues is much lower. When you have a central place to manage and do the changes, you get efficiency and time savings.

A year or two years back, its price was competitive and reasonable. That was one of the reasons that people easily switched to Fortinet. Over the last two years, the prices have increased drastically. However, the prices of others have also increased. An advantage is there from the price point but not as much as it was previously.

It's a very good product. It has all the features required for operations. We strongly recommend using Fortinet for your edge or data center security or for your SD-WAN. FortiGate is doing very well. Fortinet has been capturing the security market, and now they're capturing the market for SD-WAN as well. They're a leader in Gartner's Quadrant. Their FortiMail and FortiWeb solutions are also very good. They provide all these solutions, and we have deployed all these solutions in the market. They're working perfectly, and customers have minor complaints about them.

Currently, no SD-WAN solution is interoperable with other vendors. Every SD-WAN vendor has its own solution. There's no standardization, so there isn't much interoperability. For example, we need a controller and branch-level software or hardware. Hardware is agnostic for some vendors, but normally, vendors also have their hardware. There are a few vendors that provide hardware-agnostic SD-WAN solutions, but Fortinet has its own hardware on which the complete SD-WAN solution runs.

Overall, I'd rate Fortinet FortiGate an eight out of ten.