Fortinet FortiGate Reviews

We use Fortinet FortiGate for web filtering, IPS reporting, and firewall policy routing.

What we like about Fortinet FortiGate is that it's fast. You can also use it immediately, e.g. you don't have to wait and apply the policy before you can use it. It's robust and offers immediate usage, unlike Check Point, which we noticed was a slow product.

Fortinet FortiGate is also more secure, depending on how you set up the SD-WAN technology.

We also like the zero trust access, arrays, and the EDR features on this product. It's also 100% more user-friendly, e.g. even when I worked with them configuration-wise. The availability of the support hotline and their knowledgebase articles, e.g. the Cookbook, help a lot. Those articles are accessible to everyone, and they're free.

Whenever you implement a solution, you can run through Cookbook, then you can install the Fortinet certificate if you aren't able to, if you're stuck, but most of the time you are likely to get it right. The Cookbook explain everything straight to the point, and this makes it much easier.

Fortinet FortiGate can be integrated with different platforms. They have integrations in place, but I can't say they're 100%.

I've used Fortinet FortiGate for three years, and the last time I used it was last year.

The product is very stable. It's a powerful product.

Fortinet FortiGate is a scalable product.

Installing Fortinet FortiGate is straightforward. The Cookbook tells you where the issue is, then the packs that come with the software, they are quick to advise on what bugs you can expect, and how those bugs can be fixed. I enjoyed installing the product.

The initial setup for Fortinet FortiGate took less than a week. We spent another week migrating the policy, or recreating the policies on the new object, because of the incompatibility with Check Point. We had to recreate the policies, otherwise, the change was quick, and we just had to mount them and connect the HA link and the other internet link. The setup was quick.

The product has different licensing models, depending on what you're going to do. For the IoT service, initially the program was for free, then the IoT service and the mix firmware that we had, we had to pay.

Services are separate in terms of Fortinet FortiGate license models, e.g. you could have IPS, AV scanning on high availability, etc. The license could be on annual renewal.

I evaluated Check Point, but my problem was that it was too slow to install, and you have to wait long while your environment is down. With Fortinet FortiGate, it was instant. Fortinet FortiGate is very easy to install, unlike Check Point. Fortinet FortiGate is a better product.

I have experience with Fortinet FortiGate. I used to manage the product in the past, but in a different company. I transferred to another company into a new position, and Fortinet FortiGate is being used in my current company.

This product can be deployed both on-premises and on cloud. We use version 300E for on-premises, and VM04 on cloud.

They are doing a lot of things to improve Fortinet FortiGate, that I can't think of anything else I'd like added to it. There's zero trust access, the EDR, and the arrays. I can't really say that there's anything that they have not started. They're able to provide what I want.

We started with 100 users of Fortinet FortiGate in the company, then it went up to 270 users, because we also had a child company with end users of this product.

We didn't have to contact technical support for Fortinet FortiGate, because we had a third-party guy who was helping us, and we seldom contact him. If we find an issue, we just email, and he'll write back to us. We also get advise on the old firmware, for example, that there's a higher chance it's static and could be affected by vulnerabilities. Any help was done quickly, and it was nice. Nowadays, we are doing all the work, e.g. not having to contact our third-party guy.

We don't really need a team for deployment and maintenance. There's another engineer we're sharing ideas with, otherwise, deployment and maintenance are both very straightforward. You just need to know what you're doing, e.g. a good path, IPsec channels, etc., and it'll be much easier.

I can recommend Fortinet FortiGate to others, especially because I understand it the most now. We do know everybody won't choose it, because Check Point, Cisco, and other competitors are coming up with robust devices. Everyone wants to win against their competitors, but I'm happy with FortiGate. It's a product I can recommend to others.

I'm rating Fortinet FortiGate a ten out of ten, because it doesn't give me any issues. It's very easy for me to rate it a ten.

Most organizations use the Fortinet firewall as perimeter security at the gateway level.

FortiGate has threat protection, antivirus, and even SSL encryption and decryption. So FortiGate is primarily used for security purposes. And a few customers also use this firewall for web filtering and application control. So these are the two features for which people use FortiGate.

FortiGate is primarily a gateway,  but customers also use web filter threat protection and application control. And some people use it as a special VPN for remote access. I recently deployed one virtual firewall where they're only using the FortiGate firewall for VPN. I can't say one feature is the most valuable because it's a bundle solution. So no one uses FortiGate for just one single feature. 

Currently, FortiGate is providing SSL VPN. But they're missing some features that are available in Palo Alto's SSL VPN. Palo Alto provides a compliance check along with the VPN, and they have a very broad checklist. So Palo Alto's global protection can scan and check multiple things, and we can choose what access users can have based on compliance with policies. So I think this is one area where FortiGate can improve. Also, multi-factor authentication isn't native to FortiGate. If you want to incorporate multi-factor authentication, you have to add a secondary or third-party solution. 

I've been using FortiGate for around five years.

Before version 6.0, FortiGate's firewall performed well enough, but lately, they've introduced so many features. After that, its stability has been somewhat lacking. This is because they're constantly updating their firmware. So it was pretty stable, but nowadays, it's not that stable.

I haven't worked on the scalability side because most of the time, the pre-sales tools are relatively bigger devices. So right now, I haven't faced any issues with scalability. They have some larger devices for the data center. So if we talk about their hardware, I think they're capable of handling around 10,000 to 15,000 people on a single device. But if you go with the virtual environment, I don't think there is a problem. Fortinet has a single OS that we can deploy on whatever hardware capacity we want to configure over there or through virtualization.

Fortinet support is good. They resolve tickets relatively fast. So we've had no issues with that. And I don't know about other regions, but in my region, the salespeople working with Fortinet are strong. They're aggressively working on the sales part. So in the Pune region and the rest of Maharashtra, they're winning more contracts, and people are using FortiGate Firewall.

The management console is pretty simple, so anyone who understands networking can initially deploy the solution. But you need some good hands-on experience for advanced configuration. The amount of time required to deploy depends upon the project and also the organization. So it takes around four to five days to deploy a smaller device. And for the largest device, it takes around a maximum of two months. We do the deployment on our own. So we have a sales team, a pre-sales team, and a deployment team. Our sales team gets this and handles the sales end. After that, we come into the picture. So we do the whole migration, as well as the new implementation and everything. It should take no more than two people to deploy. If we want to migrate from one Fortinet device to another, then we use the command line. They have some script in their firmware, and we can migrate the script directly from the older firewall to the new one. So it isn't too complex.

I'm somewhat aware of the pricing, but most of the time, the pre-sales staff only defines their requirements. And we get the licenses at the time of implementation, then register and activate them. But I think Fortinet has multiple packages. They sell licenses for a period of one, three, or five years. They also have special add-on licenses for various things. So, for example, if you want to get a security rating for the firmware configuration and everything, you need to purchase an additional security license. And if you want to do some IoT-related security, you also need to purchase separate licenses. 

I rate FortiGate eight out of 10 based on the performance, stability, performance, management, rights, and features. So most people lack SSL encryption and the certificate part. Those servers are running behind the FortiGate firewall. And most of the people I've seen are not using SSL encryption over there. And even for internet purposes, they're not using deep scanning.  So my suggestion to people thinking about using FortiGate is to prepare a plan before implementation and implement those things in inbound inspection and outbound inspection. This is recommended. And also, if you have multiple band links, then you must use SD-WAN. They have SD-WAN options in the FortiGate firewall. It's a pretty good feature. So you can use that to improve your stability and performance.

We are basically system integrators. We design and implement firewall solutions for our customers. We also provide after-sales services. 

We have deployed this firewall for different types of clients. We are providing solutions starting with FG-30E, which is the lowest model in the FortiGate series, and up to 1000 series.

We understand a customer's requirement of current internet users. After that, we design a perfect solution through which they can not only protect their network but also have load balancing between multiple internet service providers. They can also have secure connectivity from a remote office by using a single box device.

The web filtering facility and application control are the most valuable features from the point of view of our clients. The VPN feature is also quite popular amongst our clients. Two-factor authentication is one of the good features in Fortinet. These features are important for the current scenario of security. Security has become a necessity nowadays. With cyber-attacks becoming more common, protecting an organization's data is one of the major tasks. 

It is also very stable and scalable, and it is very straightforward to configure. Their technical support is also good.

Security is a continuous process. In every product, there is a requirement for improvement. Its pricing should also be improved according to Indian market requirements.

They must also improve on the reporting part. Its reporting can be more precise. If we can get a real-time report in a specific format, it will be helpful for customers to know about the current status of their security.

I have been working with this solution for the last 12 to 13 years.

It is very stable. We have been working with this solution for a long time, and we found it to be stable.

It is a scalable solution, and you can also upgrade. They come up with a new feature every time. Whenever you're updating your firewall firmware, it is ready to mitigate threats available in the fiber scenario.

Our clients are small, medium, and large businesses. We have deployed it for small offices or retail stores as well as for big manufacturing units. We also have clients from Education and Healthcare. Some of the large companies have between 800 to 1,000-plus devices protected through this firewall.

Their technical support is good.

I have a little bit of experience with other firewalls such as Sophos and Check Point. There are some basic differences in the features and their functionality, but I cannot say that this one is the best, or this one is not good. I have more confidence in Fortinet FortiGate, so we are focusing only on this.

In terms of support, we had purchased a Check Point product for a customer, and we were trying to get support from the team, but it was very difficult. Sophos is okay in terms of support.

Its initial setup is very straightforward. It is very easy if one knows the basic concepts. It has a graphical user interface, which makes it straightforward to configure. You can configure it step by step. The basic implementation of this firewall can be done in a very simple way. There could be some complexity at the Enterprise level, but at a basic level, it is very straightforward.

The deployment duration depends on the complexity level. A simple deployment can be completed in a few hours. A complex deployment can take one to two days depending upon the requirements. This is because, in addition to implementation, we also have to test the solution as per a customer's requirements to see whether it is fulfilling the given task or not.

We are a very small company with seven to eight people. We have a total of three people working with firewalls. They're network and support engineers.

Our clients definitely get a return on investment. It is a really good product, and the stability of the product is a very important factor for our clients.

Pricing and licensing is a little bit complicated in FortiGate. They are always on the higher side. This is one issue that we always raise with the company that they should reduce the price according to Indian market requirements. There are no costs in addition to the standard licensing fees.

It is a good product, but I would always recommend selecting an implementer partner carefully. The implementor should be able to implement all the features so that you get the best benefits of the firewall. An implementation partner is very important. If you don't have a proper partner, you will probably end up with a mashup, and you won't be able to use all the features. Your performance might also not get optimized.

I would rate Fortinet FortiGate an eight out of ten.

The purpose of this solution is to provide intrusion protection and more robust endpoint security for small offices. We are providing an enterprise solution for a small business by adding endpoint protection coupled with Intrusion Detection and Protection.  For small offices needing HIPAA compliance, we need to make sure we are providing robust protection instead of the default modem gateway provided by the ISP.

The Fortinet product provides enterprise capabilities in a small footprint at a price point that is more attainable for a small business. The product meets the IPS/IDS/Endpoint protection that small organizations need for their HIPAA and PCI compliance.  While the end user may not understand the true capabilities, the managed service provider can more easily deploy and maintain this small footprint product.

The main reason why I purchased the particular unit was based on other reviews and leadership in this space. Being able to have a VPN solution as well as integrated access points is a plus. For me, it's all about simplicity. When you look at my particular model for a managed service provider, it's basically to help simplify, protect, and remain compliant. When you're trying to implement something, it's about making sure it is simplified. This seems to fit the bill.

The product has enterprise capabilities, which means there are a ton of configurations possible.  What I'd like to see in the product is more of a branch in the box wizard deployment for those that are not as well versed in firewall and routing.  For a small business, the firewall should be able to self-configure for a Unified Threat Management configuration with 2 SSIDs for protected wireless network for internal gear and a guest wireless network for employee cell phones and guests.  I'd like to open the box, plug in the router behind the cable modem, and check a few boxes, and the rest is done automatically.  I don't want to have to build a configure VLANs, SSIDs, security protocols for each port, and try to figure out and understand all the layers in an effort to deploy a solution.  It's great to have those capabilities in case you need them, but for most of the offices I am trying to deploy these into--it should be a branch in a box.

I've only been using the solution for a few weeks. It's very new for us.

Stability has been fine. I've had no questions about the stability of it. It seems so far it is staying up. I haven't had any issues to speak of.

I haven't really pushed this product from a scalability perspective. Certainly, if you look at the performance metrics, the F series appears to have really expanded the capacity and capabilities beyond past models. If you look at 40E versus 40F, there's a fairly substantial difference. For a small office, it's going to be just fine.

I haven't reached out to technical support and therefore can't speak to their level of responsiveness.

N/A

The initial setup is complex for me due to my lack of experience with the Fortinet FortiGate product. The complexity can be a good thing, however, as there's a lot of really good features associated with it. Where it could be simplified is in having that easy deployment option, and then you can start going down and trying to get into the nitty-gritty and figure out when do you need the extra features.

Right now, I'm just in a test environment getting all the firmware up and tested. Then, once I have it tested, I'll take it to the client location and yank out their WiFi mechanism, their WiFi router, and put this in.

I'm currently handling the implementation for a client.

ROI is somewhat difficult to measure when you are mostly talking about deploying a product for endpoint security.  If your environment stays protected, then it was a good return on investment.

When you look at these endpoint security systems and firewalls, these products a few years were way too expensive for a small business. Now we have enterprise level security in a footprint that is less than $1,000.  For offices that have 10-25 computers needing protection, this is a better solution.

The good news is that Fortinet does have a good support network as well as their education academy to help someone get up to speed on their product.

It is our primary router here in the office with all the firewall policies.

The solution has many valuable features. I like all of them.

Its stability is great. On a previous job, we set probably up to 100 FortiGates, and during the three years they were set up none of them failed.

It's a very scalable solution.

The pricing is great and very reasonable. 

The initial setup is simple. 

We use a yearly subscription for a unified protection model. I like the features that it gives me. It is actually a built-in proxy server and it allows me to use great protection and so on. In terms of application control, the built-in anti-virus is okay. One of the things that I like the most is it has a built-in SD-WAN solution - its price is included in the hardware. I don't need to buy anything else to use SD-WAN. This is the feature that I like, in Fortinet, probably the most. All other vendors sell SD-WAN as a separate solution and you must buy a separate controller which has to be installed somewhere, on-premise or on the cloud, and it costs money. Fortigate does not.

I can't think of an area of the product that needs improvement. Even the cost is okay. I have no real complaints. 

It would be good if they had fewer updates. Almost every update has bots that are either critical or something small yet valuable. Whenever I try to do an update, I always fear that something will break.

I've used the solution for a few years. I used it on a previous project and I use it now as well.

The stability has been excellent. It's very reliable and the performance is great. They have not failed in three years. There are no bugs or glitches. It doesn't crash or freeze. 

The scalability of the product is great. If a company needs to expand it, it can do so.

Up to 100 people use it right now, and likely we will increase usage so that it covers 150 to 200 users. 

If our other branch offices open in other cities or other countries, I will buy another firewall for them as well.

I've contacted technical support in the past.

For example, I tried to update my firewall to 7.0.4 and there was a block with the DHCP server. Some devices did not acquire an IP address. Really, it was something about FortiGate. I asked Fortinet for technical support and I created a ticket, and the next day they replied to me they agree that this was a bug that they would work on. As far as I can see now, there is already an option of 7.0.5. While I didn't test it myself, in the changelog I can see that this bug is fixed.

So far, we have been satisfied as they have answered us by the next day typically.

I did not previously use a different solution.

It's an easy setup. Everything is very straightforward and simple to understand. It's not complex, not difficult. A company won't have any issues with the process.

The deployment might take up to one week. I don't remember exactly. I continued to add some features, however, in the instant deployment, when it came here I had another router here, it wasn't too long of a process. Later, I asked my bosses to buy a firewall and when it arrived, on a Friday in the evening, I installed it and everything was fine. It was very fast.

I handle the deployment and maintenance myself. We do not need a big team to manage everything. It's pretty low-maintenance. 

I handled the implementation myself. I did not need a consultant or an integrator.

The pricing is very fair for a firewall. There's nothing to complain about in terms of licensing.

The price model is fair. I have to pay only for the features that only Fortinet gives me. Things like routing are free. Other vendors like Cisco, make me pay for things that should be free.

I would recommend the solution to others.

Fortinet has an education platform that is named trainingfortinet.com and many courses are on there. All the video lessons are free. Users can view them to learn about the features that Fortinet has. It's an excellent resource.

I would rate the solution at a nine out of ten.

We use this solution for different reasons.

We use it for the firewall with SDWAN functionality

We use it in some use cases as a VPN Server.

 We use it as a Wi-Fi controller on some sites.

We use if for internal network segregation and routing

Fortinet FortiGate has improved the way our organization functions.

Versatile with a lot of controls and expert level customizations for advanced users

NGFW features seems to be effective are relatively easy to implement. 

Fortigate DC Agent is a useful free feature to automatically detect logged on users and implement user based access policy

Basic VPN is included without extra charges

The Wi-Fi controller feature needs a lot of improvement. The function itself is not as stable as it should be in our use case which might be a problem in either the APs or the controller.

Would like to see more wizards and automation for more features such as virtual servers, SSL VPN, and others where policies, rules entries are created automatically form wizard input.

Some of the features related to load-balancing and traffic shaping are not as straightforward as they need to be. 

The VPN functionality needs low-level debugging get what really going on. Log level is too detailed and requires someone who is quite experienced to analyze and solve those issues. 

Zero-trust base features are lagging behind the other competition, based on what I have read. Would like to see those features in a clearly in the UI.

I have been using Fortinet FortiGate for four years.

We are not using the latest version, but close to it.

There are some stability issues when move to a newer version. It's always good to be a couple of steps behind when you upgrade as usually the latest major releases are a not stable. We are quite cautious to update.

The stability of VPN connection phase is can be enhanced

Wifi AP/Controller stability is an issue for us

It's quite scalable. The scalability and the migration are okay as well. Licensing model is also stright forword and certain features such as basic SSL VPN requires no to min additional cost per user.

Their technical service is quite good. The application notes and the help on the web are quite good.

I would rate technical support an eight out of ten.

By the time I joined a Fortigate was selected against pfsense.

The initial setup is intermediate in complexity but support and online documentation covers for it.

If you're a small-medium size business:

- Size your use case carefully as licensing price jumps significantly with HW changes. 

- Customizable Forticilent SW can be downloaded for free with FNDN membership

- If you have multi sites and require Fortigate based 2FA then consider getting a dedicated fortiauthenticator (VM) with fortiokens acting a central RADIUS server which can be cheaper than cloud tokens an with additional authentication flexibilities.

pfsense; was decided against based required features (mainly VPN which is based in OpenVPN)

Paloalto; is a more expensive with comparable security features based on a recent NSS LABs report

Follow the instructions on the application manual carefully. Otherwise, certain features would not be running quite as they need them to without clear errors reported. 

Contact technical support, they're responsive and have solutions for most of the problems.

Chose/size the HW carefully based on your use case as certain features are HW accelerated  in higher variants but takes a huge toll on CPU/ memory when running on lower variants.

Consider using Fortigate DC Agent which is  useful free feature to automatically detect logged on users and implement user based access policy

Consider segregating functions on different units instead of having all features on a Fortigate (i.e avoid having wifi controller + firewall + VPN on a single unit specially for lower variants)

Because of the flexibility, the advanced user features, the high level of security controls, and the tweaks that are available for the user, I would rate this solution an eight out of ten.

We utilize the services to ensure the stability of our network and clients protection from external treats. With the recent pandemic mobile working have increased in demand and Fortinet have easily bridge that gap to continue to support employee needs.

It has provided us the ability to work remotely during the pandemic. It opens a secure connection to the office for an employee working remotely from home.

The web filtering feature and the intrusion protection system are the most valuable.

It is a resilient appliance.

Its reporting capabilities can be improved. Some out-of-the-box reports needs to be able to provide usable data for example for web monitoring and reporting or browsing patterns and details.  Some customers does not require any forensic type reporting and may not want to invest in all the features offered by the FortiAnalyzer.

I have been using this solution for the past seven years.

It is stable. 

It is scalable. There are no issues. In terms of the number of users who use FortiGate, we have only about ten users for remote working. Only selected users utilize this remote capability.

Technical support is good. If I have an inquiry or request, it is usually addressed within the same business day or within the 24 hours period as per the vendor's support agreement.

I was on a Check Point platform, and then I migrated to FortiGate. Migrating from the Check Point environment to the FortiGate environment was new for me. We rely on a vendor for support. The vendor was kind of phasing out the support of the Check Point product. That's why we switched. 

We are currently on 80D, and it was a direct upgrade. The deployment didn't take that long because it was a direct replacement or upgrade from an older appliance 60D to 80D. It was easy for the vendor to deploy because they saved the policies and other things that were in use for the older appliance and had to be migrated over to the new appliance. It was done within maybe a day or two.

We outsourced it to a local vendor, and it was deployed by the vendor. We do our own internal monitoring, and the vendor does the actual set up. So far, our experience with the vendor has been excellent in terms of response. Their technical staff is also very knowledgeable.

We just pay an affordable flat monthly fee to the vendor for the monitoring and support.

I learned about different options and their benefits and listened to vendors' proposals for migration. We evaluated pfSense, which is open source. We were trying to determine whether to go for open source as opposed to an industry-standard and proprietary product. I also engaged other vendors who offered Sophos technology and SonicWall. I trusted the vendor-supported product and considered the cost associated with the migration. The current vendor could upgrade it with no implementation cost, and we just had to pay a monthly service fee or rental. 

Based on the research, FortiGate seemed like a reasonable firewall, and it is also more or less recognized and trusted all over, so I trusted FortiGate. Overall, I was happy with the performance of the FortiGate, so I kind of stuck with that one.

I would definitely recommend this product, but there are other products in the market, such as Sophos and SonicWall, that are just as effective. 

We will be using this solution for at least the next three years. We renewed the license for three years in August of this year. We are thinking of upgrading to a newer appliance before that.

I would rate Fortinet FortiGate an eight out of ten. I am pleased with this solution and the features it offers right now. It just needs minor adjustments in terms of reporting and staying up to date with industry standards.

Our clients' main use case for Fortinet FortiGate is for the firewall on the outside perimeter to the internet. Some of them have started using it for SD-WAN.

We are software integrators. 

Our clients like the packaging because it's an appliance. It has specific chip sets to accelerate different features in the product.

Additionally, it's inexpensive compared to some of the other technology out there.

In terms of what can be improved, they do have certain features that you can only configure through a CLI and there's no GUI interface for it. That's a pain. But it's nice that the user can do everything one way or the other.

They sometimes hide some features and if you want to enable them, you have to go in the CLI, enable the feature and configure it through the CLI. Customers, typically, like everything to be done by the GUI.

I have been using Fortinet FortiGate for at least the last 12 months.

Fortinet FortiGate is pretty stable.

It is hard to judge this year because of everybody working from home. Everybody is using up a lot of bandwidth so I'm not sure if that is a cause for some of the instability with the Forti client. The only place we've seen instability would be updating Forti client with their software called EMS.

So pushing out the client with EMS, like a client update to remote users, has proven a pain in the butt. But that could be because the end users' VPNs are maybe a little bit unstable just because of the high bandwidth demands. It is hard to determine. Maybe it is because some of these users are in remote areas, or non-urban or smaller towns, as opposed to being in an urban area where bandwidth is a little better.

We never jump ahead and say, "Oh, yes. 6.5 just came up. Let's jump on that." We'll probably just wait six months and see what goes on first. And I guess that's probably what a lot of people do because it's protecting your intellectual property and everything which that company owns.

I'm not saying that there's no instability. People will generally just wait and not jump out unless they're testing in the lab. They're not going to jump out and put the first revision that comes out on their firewalls.

In terms of scalability, it scales very well.

They have different models for different sizes. Obviously, if you buy too small and you have to upgrade, then it's a box swap. Some other vendors can just add another unit and you cluster them together. In their case it's more of just switching the box out for more performance boxes if you go too low.

Their technical support is very good.

Every time we've had to open up a case or get their help, if we surpass that person's ability, it gets escalated right away. So it's very good. It usually gets resolved within a day or two.

The initial setup is fairly straightforward.

In terms of ROI, they're inexpensive. Because they're inexpensive, they're just everywhere, in the Federal Government, schools, everywhere where budgets are fairly tight. And it is a very good product. It's a product that's built that if you need to you can add a different box and remove that feature from your main FortiGate and just run it on a different box.

So if you need to expand, you can always do it that way too.

They have good integration if you have multiple firewalls and it allows you to be able to push out policies to all of them at the same time.

Fortinet FortiGate's pricing is pretty hard to beat.

On a scale of one to ten, I would give Fortinet FortiGate a 10 out of 10.