Fortinet FortiGate Reviews

We are a managed services company, and we are also a partner with Fortinet and Cisco Meraki. The firmware that I just started using is 6.4.4. Most of the FortiGates that I sell are 60E and 60F. For some of our larger customers, I have got a handful of FortiGate 80, 100, and 200.

Fundamentally, its primary purpose is security at the edge of the network. I have got some clients who are starting to use the SD-WAN feature for a multi-location setup. I have got other clients who are using a lot of IPSec tunnels. I also have some clients who, with the increase in remote workers, are taking advantage of the FortiClient product that ties in. They are using that for remote VPN connections. 

We are a managed services provider, and I would say that it has improved the way our client's organization functions. I would also hope that it is seamless for them. They don't even know it. The biggest improvement for us is that it allows us to do more with a smaller staff.

One of the nice things about FortiGate is that it can be deployed on the cloud or on-premises. You can actually do both. That's the biggest reason why I stick with this solution as opposed to something like Cisco Meraki. Another nice thing is that I can log directly into a FortiGate or get to it through their FortiCloud access products. They're pretty reliable and consistent.

One of the reasons why I started using the product was their single pane of management. I can deploy their line of firewalls in conjunction with their switching and access points, and I can manage the entire network from one interface. I don't have to log into one interface for the firewall, another one for the access points, and another one for the switches. These firewalls have access point controller functionality built right into the system, so I don't even have to purchase additional devices to manage them.

FortiLink is the interface on the firewall that allows you to extend switch management across all of your switches in the network. The problem with it is that you can't use multiple interfaces unless you set them up in a lag. Only then you can run them. So, it forces you to use a core type of switch to propagate that management out to the rest of the switches, and then it is running the case at 200. It leaves you with 18 ports on the firewall because it is also a layer-three router that could also be used as a switch, but as soon as you do that, you can't really use them. They could do a little bit more clean up in the way the stacking interface works.

Some use cases and the documentation on the FortiLink checking interface are a little outdated. I can find stuff on version 5 or more, but it is hard to find information on some of the newer firmware.

The biggest thing I would like to see is some improvement in the switch management feature. I would like to be able to relegate some of the ports, which are on the firewall itself, to act as a switch to take advantage of those ports. Some of these firewalls have clarity ports on them. If I can use those, it would mean that I need to buy two less switches, which saves time. I get why they don't, but I would still like to see it because it would save a little bit of space in the server rack.

I have been using this solution since 2007.

If you have the firmware version 6.4.3 and are using FortiLink in VLAN, it has trouble with tunneling networks for a wireless network. It won't give it a route to the internet. I found it just last week. There was a version back in 6.2 where it required 12 characters for the password of a wireless network on Web 2.0 as opposed to the traditional eight characters. The problem came when you wanted to edit it. If you upgraded to that firmware from a previous version, it wouldn't let you save any changes without changing the password, making it a requirement. That was kind of problematic for a while, but for the most part, it has been pretty stable and responsive.

It is easy to scale as long as you start with the right firewall. Our clients are of different sizes. We have clients with the home office with two or three employees. One of the clients has about 26 locations in all four time zones and about 400 employees.

I haven't used their official tech support, which is actually a good thing. The reason I haven't used their official tech support is that they have a support mechanism in place. I have direct access to a local sales engineer, and when I have problems, I call him up on the cell phone. Based on that, they definitely support their partners 100%. They are definitely channel driven, and it shows.

I have deployed SonicWall, WatchGuard, Cisco ASA, Rockies, and Palo Alto. The biggest reason I went with Fortinet is that it felt like it has got Palo Alto type of functionality at a much more reasonable price point.

I spent seven years working at the state level education, and budgets were tough. We had SonicWall subscription services. I could replace them with the brand new FortiGate with a three-year subscription for the same cost. That really changed things. The single pane of management that they have was just the frosting on the cake.

It is pretty simple. For example, I just set up a new network with a 100E, and I have got four stackable switches. It will run a network with 23 access points. I set up all the VLANs, routing, rules, and other things. It won't take more than four hours of work. I am getting ready to box up and ship it out. It will be plug and play once it gets to the site.

Take the training. They've got free training that is available online, and there are different levels for technical training. It is crucial. If you sign up as a partner, which doesn't cost you anything, the training is free. If you want to go for the test and get certified, you got to pay for the test, but the actual training materials are available to every partner for free. I would say that definitely take advantage of those. When you have new employees as network engineers, make this training a part of the routine.

I would rate Fortinet FortiGate an eight out of ten. I have been using it for years, and I do try to evaluate it on a regular basis and continue to stick with them. I just don't have a lot of bad things to say about them. Aside from their product, I'm a also fan of their company and how they do business, which makes it easier to do business with them. I don't necessarily appreciate the business practices of some of their competitors. It is nice not to have to worry about that.

We primarily use the solution as a firewall.

We use the firewall to enforce our company ideologies and principles and policies. The solution has built-in features for web filtering that are great. It categorizes it nicely for you. 

The interface itself is nice to work with. It's a lot better than the initial interface that they used to have around version four. I used to work for FortiGate some time back, and the earlier interfaces were not as good as these latest ones. 

I like that once you open it up, you have a dashboard that can give you a holistic overview of what is happening. You can see, for example, how your resources are doing on your firewall or if you still have disc space for logs and so forth.

The solution gives you an immediate view of what's happening on the hardware itself. What we have done with FortiGate is we have put up a FortiAnalyzer, a FortiGate reporting hardware. We are using it in conjunction with FortiGate. 

The solution offers good reporting. We get our reports from there. We have the opportunity to get real-time reports. 

There are great templates, so you don't have to customize them if you don't want to. You do have the option to custom create some folders and some reports, however, with what is there, you don't really need to go through extra effort, as they already give you a lot of predefined views of reports and so forth.

We have access to quite a few features. The web filter and application control are primarily what we are using. Then we also have a VPN feature, which allows for our remote users to connect and get through the firewall. 

The commercial side of things can be improved a bit. They have such a good product, and when you disable some features, it has to be commercialized for you to enjoy those features. Therefore, you are actually buying half a product. You have hardware there, and yet, your features are not enabled. The primary things, such as the antivirus, web filter, DNS filter, application intrusion, file filter, and email filter come with the general license. There are other things that you want to also enjoy in this system and you can't. 

There are SD-WAN network monitoring, SD-WAN features, Industrial Databases, Internet of Things, Detection, etc., however, we do have not licenses for those features. We thought that if you bought a product, you should have all of the features it offers. Why should you need to make so many extra purchases to enable features? They should have one price for the entire offering. That's one of the drawbacks they could look at. 

Sometimes the firmware automatically updates itself. Then it corrupts the configuration and you have to roll back or you have to do amendments to the configurations. That, however, has happened only once with us. We have put in controls for automatic updates to stop them and now we do manual allowance or we allow the manual update.

Most of the features are good. They give you pricing and you get a VPN for about 10 users where you can test it. For us, we feel that we need to buy extra licenses due to COVID, as people are working from home. Under the current conditions, we are not getting the best out of the firewall. 

They could just maybe put better graphics or better reporting into the solution. I want to know who is the user and what is the exact website they're visiting. Something like that would help. They should do more like what the GFI is doing.

We've been using the solution for a bit over a year now.

6.4.2 is our current version. The latest is 6.4.3. It's available like I say, however, we have not installed it. We'll wait until around December, then we will then install that one. We like to wait to witness its stability. Once we know it is bug-free, then we allow it to run as the latest platform.

We have a cluster and we have configured it with high availability. What we have done is we have put one primary and one secondary in case it breaks or it gets damaged. We have a third one at our DR site as well, which works in conjunction with Plateau. We have employed the same rules and some stricter rules on the DR site, just to allow traffic between these machines.

We allow certain times for updates on the infrastructure we have at the DR. We are planning some more, however, we don't enjoy all the features yet. We want to bring in an SD-WAN. Maybe that can also help us with scaling our network at different angles and from the cloud or being from an LD device or so forth. We're still working on that.

We have a partner that we work with. We have support at another level and I'm the primary person that looks after the firewall. If I have an issue that is urgent and I don't have the time to do the knowledge base to actually turn it around, we usually engage our partner, which has engineers that have the knowledge necessary to deal with it and who are certified in FortiGate. 

We have what is called FortiCare. We have FortiCare support as well for firmware and general updates and all those other things. I normally do updates and so forth myself. It's very little intervention from outside technical support.

Having background knowledge, the initial implementation was not really complex for me. You just need to know your environment and what is needed as well as what is allowed. 

The business input was the only item outstanding as there were issues such as who needs to have social media access at what time and who needs to have full access. Those were business decisions, however, but from the technical side, it was fairly easy.

They have almost all the features embedded in the solution. It's just that some features are not available because you have to pay for it. There are lots of add-ons available, and you need to pay extra for them, so pricing can add up.

We are strictly a government entity. We are a customer.

The model that we are using is the 500E, which is for small and medium enterprises. We are not a big institution. We do not have the latest version. We like to wait about three months before we apply anything new to make sure the early releases aren't flawed. After three months, after we've got a good review, then we will say, "Okay, let's upgrade to that version."

Even though we feel that sometimes they create a new version to take care of a vulnerability or threat, we like to be safe and avoid bugs. The version that we are fitting currently is 6.4.2, which is fairly stable.

Apart from the fact that they should just include everything in their offering, everything else works fine for me. There's a whole lot of Fortinet products that work together, FortiSwitches, FortiAP's, etc. Overall, I would give it eight of ten. 

I'm primarily using the solution for security purposes, and also for managing the network for various companies. I am deploying it for uniting management statuses, in order to be able to manage everything inside and to control security policies. It can fight against attacks to the system or for email searches. It is basically a central management security appliance.

We find it's good for managing the network and offers good defense against attacks.

Technical support is great. It's really fast.

Overall the solution is pretty user-friendly. It has a good dashboard and is pretty easy to navigate.

The pricing is excellent. It's much less expensive than Cisco.

The only thing is sometimes you have to learn with CLI. For those not familiar with CLI it can be an issue. It would be ideal if we could avoid using CLI. If you make a mistake in the command line, it's harder to detect. It would be much better if they had a user-friendly GUI.

The initial setup is complex.

I've been using the solution for five years.

The solution is very stable. You don't have to worry about bugs or glitches. I tend to wait and not upgrade to the latest version right away to ensure this is the case.

The solution is scalable. If you need to expand it, you can. We have it at a variety of networks and sites with no problem.

We have 120 users that are connected to a minimum of 80 computers and a minimum of 15 servers, which is great. The solution is working and it is still stable even across all of these devices and servers. We have multiple networks inside as well, so we are not only on one network. We set them separately, which is why the initial setup for us was quite complex. We're through with that though.

The technical support is pretty good. they're pretty knowledgeable and responsive, especially when you get to the Level 3 techs.

We previously used CheckPoint. Unfortunately, they didn't have a very good service, especially in technical support, and therefore we decided to switch.

For our organization, the initial setup was not straightforward. It was pretty complex. That's due to the fact that we had many networks to set up and many sites to take into account.

We set up the solution ourselves, although we did work closely with Fortinet as part of their bundle package.

The licensing is paid on a yearly basis.

I evaluated Palo Alto. They didn't have the complete solution we wanted. Neither did Juniper, which we also looked at. We looked into possible having Cisco, however, Cisco is too expensive. 

When we looked at Cisco, we also evaluated Meraki, which is a part of Cisco. It did not have what we needed either. 

We are using the 200E in our environment. We had 200D before.

We're not using the latest version of the solution, which is 6.4. I like to wait on new versions to see if it is stable before deploying it. I like to take my time and avoid headaches where possible.

I would recommend the product to other organizations. It's got great bundle options which make it a very good choice - and it's much cheaper than Cisco.

We use it for the network security operations of our customers. We've many different use cases, such as client security, server security, or DMZ sites. 

The secure web gateway module and the application control module are valuable. HA operations are very easy.

It's a very easy and simple solution for implementation and integration. I don't have any problems with this solution.

Web security solutions can be improved.

I've been using this solution for 10 years.

It's stable.

Its scalability is good. It's generally used in only one place as a standalone, but sometimes, it's used at multiple locations. 

Their support is good. I'd rate it an eight out of ten.

Positive

I've used Palo Alto, which is a good solution for a firewall, and their application signatures are very good. 

I was sometimes involved in its deployment. Its deployment was simple for me. It was very simple and easy. It took five to six hours.

It does require maintenance. There are probably one to two people required for its maintenance. 

Its price is normal. If I compare it with other vendors, such as Palo Alto, it's normal. Palo Alto is expensive. 

I'd recommend it to other people. It's good, and in our country, this product is very popular in our sector. It's easy and cheapest.

Overall, I'd rate Fortinet FortiGate an eight out of ten.

We are using Fortinet FortiGate as a central firewall for our ministry, but nowadays we are preparing to join every site we have to our main data center. Fortinet FortiGate firewall will not satisfy our needs.

Fortinet FortiGate needs to improve the protection, it did not prevent us from being attacked. Additionally, Fortinet FortiGate could provide more features for WAF devices. I should not have to purchase two solutions, it would be a benefit to combine these features into one solution.

The main challenge to IT is hacking, and damaging the network software. Anything that can make a threat to our servers,  accounts, VC, from an email or internet connection. We need all companies to make investments to improve the facilities of these devices in order to provide a one-package solution to protect our servers, and systems from any hacking, ransomware, virus, any command, or any other threats. They need to improve all the security features.

I have been using Fortinet FortiGate for approximately two years.

Fortinet FortiGate is a stable solution. The main risk was the devices and systems that the end-users are using, whether inside or outside the network. The VC was not secure enough. This causes some threats to our headquarters servers.

Fortinet FortiGate has limited scalability capabilities. You can't expand these devices. For example, if I was to go from 150 users to approximately 5,000, the CBU capability of the device would not suffice.

The Fortinet FortiGate local partners were good. I did not have direct contact with Fortinet support.

The initial setup of Fortinet FortiGate was very complex because our connection to other sites that were using different network topology and ISP providers. We have faced a very complex situation. The company takes approximately three to four months in order to make our system stable. Nowadays, we are going to make our provider and network with one subnet to make it easier to maintain, manage, and monitor any attack and threats from any device anywhere. This will allow us to access devices, ports, and switches to be able to take the right action.

Our network was very complicated and we are using different operating systems, databases, applications, and video.

We used Fortinet's local partners that helped maintain our financial and management systems.

We have one to two people that do the maintenance of Fortinet FortiGate.

I have not seen a return on investment using Fortinet FortiGate.

We have the full version of Fortinet FortiGate and we are on a three-year contract with a commitment of five years.

We will be replacing two of our Fortinet FortiGate devices and will move to a solution with better specifications.

I rate Fortinet FortiGate a seven out of ten.

It controls the inflow and outflow of all the communication between different sites and so on. 

We are using its latest version.

We were looking for the VPN feature and controlling the inflow and outflow of all the traffic within the site and across the sites. We are also using it for the VPN and VLANs.

It can be a little bit more user-friendly in terms of policy definition and implementation. It seems a little bit complicated, and it could be simplified.

When there is a change in the IP address from the ISP, there is some disruption in the service. So, we try to do it when we have the least number of people working, which means very late at night. So, for the time being, it is working fine.

We have been using this solution for nearly a year.

Apart from the disruption in the service because of the IP address change, it has been quite stable.

We are implementing it phase by phase. Initially, we had one VLAN, and then we added more. So, it is quite scalable, and we haven't had issues with it so far. It has been recommended by the vendor that the model that we have would meet our requirements for the time being. In two or three years, depending on how we expand and how many more resources are required, we might have to look at another version of the device.

It was the vendor who did the initial setup. It was done within the time range that was allocated for the setup. My guess is that it was straightforward.

We are still in the process of implementing the solution. The commissioning has not yet been done. What we had previously is now changed to a new solution and a new way of doing things, and this is still in the implementation phase. Our implementation is being done phase-wise. We do things and tune it until we are happy with it, and then we go to the next phase. So far, it's working fine. 

We have a relationship with the vendor. We discussed what we wanted to do and finally, we selected the product, and after that, it was installed and configured on our premises. 

We have a small team of three or four people for deployment and maintenance.

Its pricing is fine. It is on a yearly basis. Other than the licensing fee, there is no extra fee.

I would rate it an eight out of ten.

The use case for this product has to do with security and visibility. When you are inside the business and when there are different departments and branches, it is used for the visibility of some packets. It can also be used for SSL inspections, to check if the SSL is right and that it is not phishing.

The license management is very valuable. You can get a new license each year, or you can enroll every two to four years. You can get the logs, and you will get the information on the risk in your network and the entire organization. With this information, you can take action on your actives, computers, or devices. You can bring your own device as an SSE.

The simplicity of the deployment and the digitization of risk are other valuable features that Fortinet provides.

The cost is low.

The firmware needs improvement because there are bugs when a new release comes through. Sometimes, the configuration changes, and it's a bit harder to see where the fail is. The first time that you have the firmware, it tends to have some issues, and it's better to wait a bit to update the equipment.

All the development of the firmware should be fixed before the update at the page level.

API tokens need to be improved, particularly with regard to integration with other cloud solutions. In other words, proxy flow and API integration need improvement.

.

I haven't had any problem with the stability of the product.

The scalability is good. You can merge other Fortinet products well with this solution.

Technical support has been good.

The initial setup is easy.

The deployment and maintenance can be done by one person.

I did it myself. To create all the policies and configurations needed by the customers, it usually takes me two days or a week at the most if the project is harder.

The price is really low. It's cheap in comparison to the cost of Cisco or CheckPoint, for example.

If you want to get this product, first you must evaluate the number of people who will use it, and then choose the product that will best fit your needs.

I would rate this solution at eight on a scale from one to ten.

The solution is mostly used for the connection with VPN clients. We use the solution for network security and network segmentation.

It's a flexible solution. The security that it's providing is a valuable aspect of the product.

FortiGate integrates well with other equipment such as FortiSwitch, FortiIB, and more, and delivers one pane of glass for the management of those devices. 

It's an easy solution to set up.

Technical support has been good.

The configuration option availability is not 100% from the website of the FortiGate web management site. When we log on to the web interface on FortiGate, we do not have everything under this web solution. If we need some specific configuration or need to do some specific configuration, we need to do additional things on the CLI. 

The stability could be a bit better.

I've used the solution for at least the last 12 months.

In terms of stability, there are some areas in which they need to improve. There are different versions and we understand from past implementations which will work best according to our client's needs. The wrong one may not be as stable as they would like. 

Some clients may increase usage in the future. FortiGate is fast becoming a very popular solution and its use will likely grow in general. 

In general, technical support is helpful. We are quite happy with the level of support on offer.

The solution's initial setup is pretty simple and straightforward. It's not overly complex or difficult. 

The length of time it takes to deploy really depends on the size of the project. 

While we do assist the client with the implementation, they tend to handle the maintenance on their end. 

Typically we, as integrators, will assist the client with the initial setup. 

The overall costs are pretty typical. It's not overly cheap or overly expensive. 

I work as an integrator and maybe 60% of my work is around FortiGate. My company is a Fortinet partner and integrator.

If companies are thinking about the security of their network, they should consider FortiGate as a gate to the internet. I would highly recommend it to others. 

For small or mid-size businesses, I'd rate the solution an eight out of ten.