Fortinet FortiGate Reviews

The unlimited VPN licensing. All of our remote locations (1000+) used IPSec VPN and SSL to connect to the cluster.

We went from being terrified about our firewalls screwing up to completely forgetting we had firewalls. I slept better and so did my manager.

A real-time log viewer in the GUI with the capability to filter traffic displayed. Cisco ASA's have this and it's fantastic.

I used it for four years. We had two devices that were clustered together in a high availability pair as the front end of an country wide, high visibility solution.

No issues encountered.

No issues encountered.

No issues encountered.

Customer service was decent with Fortinet - they were helpful and got the product to our doorstep quickly.

This is where Fortinet stumbles. The support is farmed out overseas to techs that are not very knowledgeable about the Fortinet products. The response time for a critical priority one issue was over four hours and they only responded because we threatened legal action for them violating our support contract.

They used to have Juniper products, which are terrible. The enterprise class firewalls do not support any sort of packetflow gathering such as netflow, and the devices didn't even support Juniper's proprietary jflow. Their SRX series routers, meant for home office use, had more features and capabilities.

It was very straightforward and we encountered very little problems. Fail-over occurred within a second with zero outages or anyone actually taking notice. Firmware updates were easy to apply in a live environment if required, and the GUI was very easy to understand.

I deployed it - I'm FCNSA certified.

If we used a similar solution that required a "per seat" license per VPN, we would have literally spent over 100x what the solution cost us.

We implemented the clustered firewalls for around $30,000, and each office had another Fortigate device at a cost of around $1,000.

Cisco was evaluated but we didn't want to pay for the VPN licensing.

It's an absolutely fantastic product. Just get your support contract clarified, and confirm the response times.

The solution is mostly used for the connection with VPN clients. We use the solution for network security and network segmentation.

It's a flexible solution. The security that it's providing is a valuable aspect of the product.

FortiGate integrates well with other equipment such as FortiSwitch, FortiIB, and more, and delivers one pane of glass for the management of those devices. 

It's an easy solution to set up.

Technical support has been good.

The configuration option availability is not 100% from the website of the FortiGate web management site. When we log on to the web interface on FortiGate, we do not have everything under this web solution. If we need some specific configuration or need to do some specific configuration, we need to do additional things on the CLI. 

The stability could be a bit better.

I've used the solution for at least the last 12 months.

In terms of stability, there are some areas in which they need to improve. There are different versions and we understand from past implementations which will work best according to our client's needs. The wrong one may not be as stable as they would like. 

Some clients may increase usage in the future. FortiGate is fast becoming a very popular solution and its use will likely grow in general. 

In general, technical support is helpful. We are quite happy with the level of support on offer.

The solution's initial setup is pretty simple and straightforward. It's not overly complex or difficult. 

The length of time it takes to deploy really depends on the size of the project. 

While we do assist the client with the implementation, they tend to handle the maintenance on their end. 

Typically we, as integrators, will assist the client with the initial setup. 

The overall costs are pretty typical. It's not overly cheap or overly expensive. 

I work as an integrator and maybe 60% of my work is around FortiGate. My company is a Fortinet partner and integrator.

If companies are thinking about the security of their network, they should consider FortiGate as a gate to the internet. I would highly recommend it to others. 

For small or mid-size businesses, I'd rate the solution an eight out of ten.

It is quite easy to handle.

Its reporting can be improved. Sometimes, I don't get proper reports.

I have been using this solution for the last two years.

Its stability is quite good.

It is quite scalable.

Their support is great. I would rate them a five out of five.

Previously, we were using a different solution, and as compared to that solution, it is very easy to handle.

I would rate it a nine out of 10.

We use this solution for different reasons.

We use it for the firewall with SDWAN functionality

We use it in some use cases as a VPN Server.

 We use it as a Wi-Fi controller on some sites.

We use if for internal network segregation and routing

Fortinet FortiGate has improved the way our organization functions.

Versatile with a lot of controls and expert level customizations for advanced users

NGFW features seems to be effective are relatively easy to implement. 

Fortigate DC Agent is a useful free feature to automatically detect logged on users and implement user based access policy

Basic VPN is included without extra charges

The Wi-Fi controller feature needs a lot of improvement. The function itself is not as stable as it should be in our use case which might be a problem in either the APs or the controller.

Would like to see more wizards and automation for more features such as virtual servers, SSL VPN, and others where policies, rules entries are created automatically form wizard input.

Some of the features related to load-balancing and traffic shaping are not as straightforward as they need to be. 

The VPN functionality needs low-level debugging get what really going on. Log level is too detailed and requires someone who is quite experienced to analyze and solve those issues. 

Zero-trust base features are lagging behind the other competition, based on what I have read. Would like to see those features in a clearly in the UI.

I have been using Fortinet FortiGate for four years.

We are not using the latest version, but close to it.

There are some stability issues when move to a newer version. It's always good to be a couple of steps behind when you upgrade as usually the latest major releases are a not stable. We are quite cautious to update.

The stability of VPN connection phase is can be enhanced

Wifi AP/Controller stability is an issue for us

It's quite scalable. The scalability and the migration are okay as well. Licensing model is also stright forword and certain features such as basic SSL VPN requires no to min additional cost per user.

Their technical service is quite good. The application notes and the help on the web are quite good.

I would rate technical support an eight out of ten.

By the time I joined a Fortigate was selected against pfsense.

The initial setup is intermediate in complexity but support and online documentation covers for it.

If you're a small-medium size business:

- Size your use case carefully as licensing price jumps significantly with HW changes. 

- Customizable Forticilent SW can be downloaded for free with FNDN membership

- If you have multi sites and require Fortigate based 2FA then consider getting a dedicated fortiauthenticator (VM) with fortiokens acting a central RADIUS server which can be cheaper than cloud tokens an with additional authentication flexibilities.

pfsense; was decided against based required features (mainly VPN which is based in OpenVPN)

Paloalto; is a more expensive with comparable security features based on a recent NSS LABs report

Follow the instructions on the application manual carefully. Otherwise, certain features would not be running quite as they need them to without clear errors reported. 

Contact technical support, they're responsive and have solutions for most of the problems.

Chose/size the HW carefully based on your use case as certain features are HW accelerated  in higher variants but takes a huge toll on CPU/ memory when running on lower variants.

Consider using Fortigate DC Agent which is  useful free feature to automatically detect logged on users and implement user based access policy

Consider segregating functions on different units instead of having all features on a Fortigate (i.e avoid having wifi controller + firewall + VPN on a single unit specially for lower variants)

Because of the flexibility, the advanced user features, the high level of security controls, and the tweaks that are available for the user, I would rate this solution an eight out of ten.

We primarily use the solution as a hardware firewall. In China, there's a lot of content that would be available in the West that isn't allowed here. We're able to block certain content from getting through filters.

The solution offers a very good package for all kinds of virtual appliances, subscriptions, and so on. It's a reasonable price. It's not too much.

The services on offer are just superb. 

The way it can block certain content is very useful for us. It gives you a good heads up as to what streams are being blocked from the network, which helps with visibility.

The simplicity of the product is great. It's very easy to use, which is a compliment we get all the time in terms of feedback.

There seems to be good reporting features. 

The scalability is there. If you need to expand the product, you can.

The menu structure is more logical than, for example, Cisco or SonicWall. I find that the Fortinet is easier to understand in terms of the installation process and setup. 

The only problem that we have here in China is that the whole subscription process on Fortinet is a little bit difficult if you are doing it from China. China has kind of a firewall around the country, and we sometimes have complications due to that aspect.

As a whole, I don't think that the product is actually missing any features.

You do need some IT knowledge in order to effectively work with the solution.

I've been working with the solution since about 2016. It's been a few years at this point.

The solution is very stable. There aren't issues with bugs or glitches. It doesn't crash or freeze. It's very reliable.

The scalability is good. You can expand it as needed and add on extra apps to add in extra functionality if you want to.

We mostly deal with mid-range companies. 

I only talk with people here in China that are the Chinese sellers or distributors from Fortinet. They are Chinese and I don't speak or understand one single character Chinese. So for me, it's very difficult to communicate with technical support. Most of the time, I let them talk with one of the people who I know who is fluent in English and Chinese. That's what I do. 

Most of the time, I can do all the research on the internet to see what kind of device I need and then I get a translator and we figure it out.

We only use Fortinet's FortiGate for our hardware firewall protection.

However, if our clients need extra security, we may add other brands and security layers. We also work with SonicWall, Checkpoint, and Barracuda, for example.

I've also worked with pfSense, which is free, however, it has much more of a do-it-yourself approach. It's also quite different from other solutions. If you have Cisco experience, you'll be able to navigate Fortinet, whereas pfSense requires much more in-depth study. It has its own language, basically. That's one of the reasons you won't find too many of its configurations in China.

The initial setup, for me, at least, is very straightforward. It's just a few clicks and you're set up. It may be a bit more complex for someone else who may not be as familiar with the product.

I have partners that assist with the initial setup and I have network engineers who are doing the job for me. They are working for me as they are my employees. As their boss, of course, I have to know a little bit about how to handle it as well. We handle the implementation process for our clients. We implement it according to ISO and Chinese security standards.

The solution is pretty affordable. It's not overly expensive. It's not like Cisco where you pay an awful lot of money mostly for the name.

There are extra apps you can add to the product, however, those come with an extra price tag as well. That said, it allows you to do more things and expands its capabilities.

I like to use Fortinet due to the fact that with the device you can do so much more, it's not only web filtering. If you decide to use it for something else, you just pay some money to Fortinet for another package and you are good to go. It makes it a little bit easier for small or large companies as it's so flexible in its offering. 

In China, due to business constraints, licensing is quite complicated here.

I'm a service provider in China. Basically, I'm connecting companies, foreign companies or Chinese companies, or even foreign public services to business VPNs or business cross border interconnections.

Whether we use the latest version of the solution or not depends on the client, their needs, and the environment. If a client needs more security, we may even layer in other brands to help with that.

We tend to keep deployments on-premises as you can run into issues with using the cloud in China. We prefer to have it on-premises and then bring lines in to hook everything up. It's simpler and there are fewer issues.

In general, I would rate the solution at a ten out of ten. We've just been pleased with the product and the ease of use.

We primarily use the solution just for internal segmentation and connection of some ranges using IPSec.

Currently, the solution is saving costs for us and blocks applications effectively using layer seven.

The solution's most valuable aspect is the IPS for potential mitigation from the cloud inside our network. 

The VPN SSL is important for us. 

The web filter is very good. 

The GUI is okay.

The initial setup is straightforward.

The documentation provided is okay, I find that sometimes, with other startups, it's hard to find a good amount of documentation in order to assist you with the product. In this case, the solution offers a good amount of detail.

The solution offers good analyzing capabilities.

I'm not sure if the solution is really lacking anything major. For us, it works okay.

They seem to have made a lot of improvements since the last release.

Technical support could be better. You don't always get the level of help you need right away.

We've been using the solution for about ten years at this point. As it's been about a decade, I'd say we have quite a bit of experience with it.

For the most part, the memory and the CPU are good. It's generally stable. We don't face any issues with this aspect of the solution.

The scalability is fine. If a company needs to expand it, they should be able to do so without any issues.

We only have about 40 users on the product currently. It's not a big company.

For now, the product is good as it is and we don't have plans to increase usage in the future.

By and large, technical support is good. It's okay. It's not bad. It could be better, however, they do answer our questions when we have them. We're mostly satisfied with the level of service they provide. Of course, it could always be a bit better.

Sometimes the first contact is useful, and sometimes you don't get the kind of help you need right away. It would be nice if it was more consistent.

We also use Sophos. We use both solutions at the same time.

We didn't face any complexity when handling the initial implementation. The process is quite straightforward.

The implementation itself can sometimes take less than a week. On average, you should expect it to be about a week in total.

I didn't need the assistance of a reseller or integrator. I handled the implementation myself.

We're charged a licensing fee on a yearly basis. I'm unsure of the exact cost to the company, however. I'm not sure if there are other costs over and above the standard licensing fee.

We also looked at Juniper when we evaluated FortiGate. FortiGate is much easier to use in comparison which is why we chose it. The documentation was also better. That, and there was no integration for SSL in Juniper.

We're just a customer. We don't have a business relationship with the company.

Overall, I would recommend the product. It comes with a very good set of features.

I would rate the solution ten out of ten. We've been quite happy with it.

We have some that are doing IPS, and we have some that are for AV. That's basically their main role. We are using one version below the current release.

I only deal with it from a security analyst's point of view. I don't really get into the features of the actual FortiGate. From the security point of view, it works, and it does its job. 

If I had any criticism that I would give FortiGate, it would be that they need to stop changing their logging format. Every time we do a firmware upgrade, it is a massive issue on the SIM. Parsers have to be rebuilt. Even the FortiGate guys came in and said that they don't play well in the sandbox.

I have been using this solution for probably 20 years.

They are pretty stable. We never had any real issues with them.

Their scalability is pretty good. We have upgraded and changed them, and we have been running them for 20 years. They run for a long time. We are not replacing them every couple of years, and we have scaled up a lot. We have over 10,000 users behind it. We have three people for maintenance and deployment. 

I never had to deal with technical support directly, but I've never heard the guys complain about it.

I never set them up.

We are using FortiGate, but we are switching to Palo Alto. We are just moving over to the new next-gen and do an extra layer or higher layer filtering. Being a government organization, it was RFP, and basically, Palo Alto won the RFP. I wasn't part of the RFP review, so I can't tell which features pushed Palo Alto over the edge or not. For all I know, it could just be price.

I would rate Fortinet FortiGate an eight out of ten. I would also rate Palo Alto the same.

We primarily use the solution as a firewall.

We use the firewall to enforce our company ideologies and principles and policies. The solution has built-in features for web filtering that are great. It categorizes it nicely for you. 

The interface itself is nice to work with. It's a lot better than the initial interface that they used to have around version four. I used to work for FortiGate some time back, and the earlier interfaces were not as good as these latest ones. 

I like that once you open it up, you have a dashboard that can give you a holistic overview of what is happening. You can see, for example, how your resources are doing on your firewall or if you still have disc space for logs and so forth.

The solution gives you an immediate view of what's happening on the hardware itself. What we have done with FortiGate is we have put up a FortiAnalyzer, a FortiGate reporting hardware. We are using it in conjunction with FortiGate. 

The solution offers good reporting. We get our reports from there. We have the opportunity to get real-time reports. 

There are great templates, so you don't have to customize them if you don't want to. You do have the option to custom create some folders and some reports, however, with what is there, you don't really need to go through extra effort, as they already give you a lot of predefined views of reports and so forth.

We have access to quite a few features. The web filter and application control are primarily what we are using. Then we also have a VPN feature, which allows for our remote users to connect and get through the firewall. 

The commercial side of things can be improved a bit. They have such a good product, and when you disable some features, it has to be commercialized for you to enjoy those features. Therefore, you are actually buying half a product. You have hardware there, and yet, your features are not enabled. The primary things, such as the antivirus, web filter, DNS filter, application intrusion, file filter, and email filter come with the general license. There are other things that you want to also enjoy in this system and you can't. 

There are SD-WAN network monitoring, SD-WAN features, Industrial Databases, Internet of Things, Detection, etc., however, we do have not licenses for those features. We thought that if you bought a product, you should have all of the features it offers. Why should you need to make so many extra purchases to enable features? They should have one price for the entire offering. That's one of the drawbacks they could look at. 

Sometimes the firmware automatically updates itself. Then it corrupts the configuration and you have to roll back or you have to do amendments to the configurations. That, however, has happened only once with us. We have put in controls for automatic updates to stop them and now we do manual allowance or we allow the manual update.

Most of the features are good. They give you pricing and you get a VPN for about 10 users where you can test it. For us, we feel that we need to buy extra licenses due to COVID, as people are working from home. Under the current conditions, we are not getting the best out of the firewall. 

They could just maybe put better graphics or better reporting into the solution. I want to know who is the user and what is the exact website they're visiting. Something like that would help. They should do more like what the GFI is doing.

We've been using the solution for a bit over a year now.

6.4.2 is our current version. The latest is 6.4.3. It's available like I say, however, we have not installed it. We'll wait until around December, then we will then install that one. We like to wait to witness its stability. Once we know it is bug-free, then we allow it to run as the latest platform.

We have a cluster and we have configured it with high availability. What we have done is we have put one primary and one secondary in case it breaks or it gets damaged. We have a third one at our DR site as well, which works in conjunction with Plateau. We have employed the same rules and some stricter rules on the DR site, just to allow traffic between these machines.

We allow certain times for updates on the infrastructure we have at the DR. We are planning some more, however, we don't enjoy all the features yet. We want to bring in an SD-WAN. Maybe that can also help us with scaling our network at different angles and from the cloud or being from an LD device or so forth. We're still working on that.

We have a partner that we work with. We have support at another level and I'm the primary person that looks after the firewall. If I have an issue that is urgent and I don't have the time to do the knowledge base to actually turn it around, we usually engage our partner, which has engineers that have the knowledge necessary to deal with it and who are certified in FortiGate. 

We have what is called FortiCare. We have FortiCare support as well for firmware and general updates and all those other things. I normally do updates and so forth myself. It's very little intervention from outside technical support.

Having background knowledge, the initial implementation was not really complex for me. You just need to know your environment and what is needed as well as what is allowed. 

The business input was the only item outstanding as there were issues such as who needs to have social media access at what time and who needs to have full access. Those were business decisions, however, but from the technical side, it was fairly easy.

They have almost all the features embedded in the solution. It's just that some features are not available because you have to pay for it. There are lots of add-ons available, and you need to pay extra for them, so pricing can add up.

We are strictly a government entity. We are a customer.

The model that we are using is the 500E, which is for small and medium enterprises. We are not a big institution. We do not have the latest version. We like to wait about three months before we apply anything new to make sure the early releases aren't flawed. After three months, after we've got a good review, then we will say, "Okay, let's upgrade to that version."

Even though we feel that sometimes they create a new version to take care of a vulnerability or threat, we like to be safe and avoid bugs. The version that we are fitting currently is 6.4.2, which is fairly stable.

Apart from the fact that they should just include everything in their offering, everything else works fine for me. There's a whole lot of Fortinet products that work together, FortiSwitches, FortiAP's, etc. Overall, I would give it eight of ten.