IT Central Station is now PeerSpot: Here's why
Thendo Ndzimeni - PeerSpot reviewer
Network Administrator at Automated Outsourcing services
Real User
Top 20
Secure, multifeatured, and user-friendly solution for protecting networks
Pros and Cons
  • "Secure, user-friendly, stable, and scalable network security solution. Installation is straightforward."
  • "Fortinet FortiGate can be integrated with different platforms. They have integrations in place, but I can't say they're 100%."

What is our primary use case?

We use Fortinet FortiGate for web filtering, IPS reporting, and firewall policy routing.

What is most valuable?

What we like about Fortinet FortiGate is that it's fast. You can also use it immediately, e.g. you don't have to wait and apply the policy before you can use it. It's robust and offers immediate usage, unlike Check Point, which we noticed was a slow product.

Fortinet FortiGate is also more secure, depending on how you set up the SD-WAN technology.

We also like the zero trust access, arrays, and the EDR features on this product. It's also 100% more user-friendly, e.g. even when I worked with them configuration-wise. The availability of the support hotline and their knowledgebase articles, e.g. the Cookbook, help a lot. Those articles are accessible to everyone, and they're free.

Whenever you implement a solution, you can run through Cookbook, then you can install the Fortinet certificate if you aren't able to, if you're stuck, but most of the time you are likely to get it right. The Cookbook explain everything straight to the point, and this makes it much easier.

What needs improvement?

Fortinet FortiGate can be integrated with different platforms. They have integrations in place, but I can't say they're 100%.

For how long have I used the solution?

I've used Fortinet FortiGate for three years, and the last time I used it was last year.

Buyer's Guide
Fortinet FortiGate
August 2022
Learn what your peers think about Fortinet FortiGate. Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
622,063 professionals have used our research since 2012.

What do I think about the stability of the solution?

The product is very stable. It's a powerful product.

What do I think about the scalability of the solution?

Fortinet FortiGate is a scalable product.

How was the initial setup?

Installing Fortinet FortiGate is straightforward. The Cookbook tells you where the issue is, then the packs that come with the software, they are quick to advise on what bugs you can expect, and how those bugs can be fixed. I enjoyed installing the product.

The initial setup for Fortinet FortiGate took less than a week. We spent another week migrating the policy, or recreating the policies on the new object, because of the incompatibility with Check Point. We had to recreate the policies, otherwise, the change was quick, and we just had to mount them and connect the HA link and the other internet link. The setup was quick.

What's my experience with pricing, setup cost, and licensing?

The product has different licensing models, depending on what you're going to do. For the IoT service, initially the program was for free, then the IoT service and the mix firmware that we had, we had to pay.

Services are separate in terms of Fortinet FortiGate license models, e.g. you could have IPS, AV scanning on high availability, etc. The license could be on annual renewal.

Which other solutions did I evaluate?

I evaluated Check Point, but my problem was that it was too slow to install, and you have to wait long while your environment is down. With Fortinet FortiGate, it was instant. Fortinet FortiGate is very easy to install, unlike Check Point. Fortinet FortiGate is a better product.

What other advice do I have?

I have experience with Fortinet FortiGate. I used to manage the product in the past, but in a different company. I transferred to another company into a new position, and Fortinet FortiGate is being used in my current company.

This product can be deployed both on-premises and on cloud. We use version 300E for on-premises, and VM04 on cloud.

They are doing a lot of things to improve Fortinet FortiGate, that I can't think of anything else I'd like added to it. There's zero trust access, the EDR, and the arrays. I can't really say that there's anything that they have not started. They're able to provide what I want.

We started with 100 users of Fortinet FortiGate in the company, then it went up to 270 users, because we also had a child company with end users of this product.

We didn't have to contact technical support for Fortinet FortiGate, because we had a third-party guy who was helping us, and we seldom contact him. If we find an issue, we just email, and he'll write back to us. We also get advise on the old firmware, for example, that there's a higher chance it's static and could be affected by vulnerabilities. Any help was done quickly, and it was nice. Nowadays, we are doing all the work, e.g. not having to contact our third-party guy.

We don't really need a team for deployment and maintenance. There's another engineer we're sharing ideas with, otherwise, deployment and maintenance are both very straightforward. You just need to know what you're doing, e.g. a good path, IPsec channels, etc., and it'll be much easier.

I can recommend Fortinet FortiGate to others, especially because I understand it the most now. We do know everybody won't choose it, because Check Point, Cisco, and other competitors are coming up with robust devices. Everyone wants to win against their competitors, but I'm happy with FortiGate. It's a product I can recommend to others.

I'm rating Fortinet FortiGate a ten out of ten, because it doesn't give me any issues. It's very easy for me to rate it a ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Amar Patil - PeerSpot reviewer
Security Engineer at Hitachi Systems, Ltd.
Real User
Top 20
Secure, performs well and easy to manage
Pros and Cons
  • "The management console is pretty simple, so anyone who understands networking can initially deploy the solution."
  • "Currently, FortiGate is providing SSL VPN. But they're missing some features that are available in Palo Alto's SSL VPN."

What is our primary use case?

Most organizations use the Fortinet firewall as perimeter security at the gateway level.

How has it helped my organization?

FortiGate has threat protection, antivirus, and even SSL encryption and decryption. So FortiGate is primarily used for security purposes. And a few customers also use this firewall for web filtering and application control. So these are the two features for which people use FortiGate.

What is most valuable?

FortiGate is primarily a gateway,  but customers also use web filter threat protection and application control. And some people use it as a special VPN for remote access. I recently deployed one virtual firewall where they're only using the FortiGate firewall for VPN. I can't say one feature is the most valuable because it's a bundle solution. So no one uses FortiGate for just one single feature. 

What needs improvement?

Currently, FortiGate is providing SSL VPN. But they're missing some features that are available in Palo Alto's SSL VPN. Palo Alto provides a compliance check along with the VPN, and they have a very broad checklist. So Palo Alto's global protection can scan and check multiple things, and we can choose what access users can have based on compliance with policies. So I think this is one area where FortiGate can improve. Also, multi-factor authentication isn't native to FortiGate. If you want to incorporate multi-factor authentication, you have to add a secondary or third-party solution. 

For how long have I used the solution?

I've been using FortiGate for around five years.

What do I think about the stability of the solution?

Before version 6.0, FortiGate's firewall performed well enough, but lately, they've introduced so many features. After that, its stability has been somewhat lacking. This is because they're constantly updating their firmware. So it was pretty stable, but nowadays, it's not that stable.

What do I think about the scalability of the solution?

I haven't worked on the scalability side because most of the time, the pre-sales tools are relatively bigger devices. So right now, I haven't faced any issues with scalability. They have some larger devices for the data center. So if we talk about their hardware, I think they're capable of handling around 10,000 to 15,000 people on a single device. But if you go with the virtual environment, I don't think there is a problem. Fortinet has a single OS that we can deploy on whatever hardware capacity we want to configure over there or through virtualization.

How are customer service and support?

Fortinet support is good. They resolve tickets relatively fast. So we've had no issues with that. And I don't know about other regions, but in my region, the salespeople working with Fortinet are strong. They're aggressively working on the sales part. So in the Pune region and the rest of Maharashtra, they're winning more contracts, and people are using FortiGate Firewall.

How was the initial setup?

The management console is pretty simple, so anyone who understands networking can initially deploy the solution. But you need some good hands-on experience for advanced configuration. The amount of time required to deploy depends upon the project and also the organization. So it takes around four to five days to deploy a smaller device. And for the largest device, it takes around a maximum of two months. We do the deployment on our own. So we have a sales team, a pre-sales team, and a deployment team. Our sales team gets this and handles the sales end. After that, we come into the picture. So we do the whole migration, as well as the new implementation and everything. It should take no more than two people to deploy. If we want to migrate from one Fortinet device to another, then we use the command line. They have some script in their firmware, and we can migrate the script directly from the older firewall to the new one. So it isn't too complex.

What's my experience with pricing, setup cost, and licensing?

I'm somewhat aware of the pricing, but most of the time, the pre-sales staff only defines their requirements. And we get the licenses at the time of implementation, then register and activate them. But I think Fortinet has multiple packages. They sell licenses for a period of one, three, or five years. They also have special add-on licenses for various things. So, for example, if you want to get a security rating for the firmware configuration and everything, you need to purchase an additional security license. And if you want to do some IoT-related security, you also need to purchase separate licenses. 

What other advice do I have?

I rate FortiGate eight out of 10 based on the performance, stability, performance, management, rights, and features. So most people lack SSL encryption and the certificate part. Those servers are running behind the FortiGate firewall. And most of the people I've seen are not using SSL encryption over there. And even for internet purposes, they're not using deep scanning.  So my suggestion to people thinking about using FortiGate is to prepare a plan before implementation and implement those things in inbound inspection and outbound inspection. This is recommended. And also, if you have multiple band links, then you must use SD-WAN. They have SD-WAN options in the FortiGate firewall. It's a pretty good feature. So you can use that to improve your stability and performance.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Fortinet FortiGate
August 2022
Learn what your peers think about Fortinet FortiGate. Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
622,063 professionals have used our research since 2012.
Kshitij Singhai - PeerSpot reviewer
Owner at Computech Associates
Real User
Top 5
Good web filtering facility and application control, very stable and scalable, and easy to deploy
Pros and Cons
  • "The web filtering facility and application control are the most valuable features from the point of view of our clients. The VPN feature is also quite popular amongst our clients. Two-factor authentication is one of the good features in Fortinet. These features are important for the current scenario of security. Security has become a necessity nowadays. With cyber-attacks becoming more common, protecting an organization's data is one of the major tasks. It is also very stable and scalable, and it is very straightforward to configure. Their technical support is also good."
  • "Security is a continuous process. In every product, there is a requirement for improvement. Its pricing should also be improved according to Indian market requirements. They must also improve on the reporting part. Its reporting can be more precise. If we can get a real-time report in a specific format, it will be helpful for customers to know about the current status of their security."

What is our primary use case?

We are basically system integrators. We design and implement firewall solutions for our customers. We also provide after-sales services. 

We have deployed this firewall for different types of clients. We are providing solutions starting with FG-30E, which is the lowest model in the FortiGate series, and up to 1000 series.

How has it helped my organization?

We understand a customer's requirement of current internet users. After that, we design a perfect solution through which they can not only protect their network but also have load balancing between multiple internet service providers. They can also have secure connectivity from a remote office by using a single box device.

What is most valuable?

The web filtering facility and application control are the most valuable features from the point of view of our clients. The VPN feature is also quite popular amongst our clients. Two-factor authentication is one of the good features in Fortinet. These features are important for the current scenario of security. Security has become a necessity nowadays. With cyber-attacks becoming more common, protecting an organization's data is one of the major tasks. 

It is also very stable and scalable, and it is very straightforward to configure. Their technical support is also good.

What needs improvement?

Security is a continuous process. In every product, there is a requirement for improvement. Its pricing should also be improved according to Indian market requirements.

They must also improve on the reporting part. Its reporting can be more precise. If we can get a real-time report in a specific format, it will be helpful for customers to know about the current status of their security.

For how long have I used the solution?

I have been working with this solution for the last 12 to 13 years.

What do I think about the stability of the solution?

It is very stable. We have been working with this solution for a long time, and we found it to be stable.

What do I think about the scalability of the solution?

It is a scalable solution, and you can also upgrade. They come up with a new feature every time. Whenever you're updating your firewall firmware, it is ready to mitigate threats available in the fiber scenario.

Our clients are small, medium, and large businesses. We have deployed it for small offices or retail stores as well as for big manufacturing units. We also have clients from Education and Healthcare. Some of the large companies have between 800 to 1,000-plus devices protected through this firewall.

How are customer service and technical support?

Their technical support is good.

Which solution did I use previously and why did I switch?

I have a little bit of experience with other firewalls such as Sophos and Check Point. There are some basic differences in the features and their functionality, but I cannot say that this one is the best, or this one is not good. I have more confidence in Fortinet FortiGate, so we are focusing only on this.

In terms of support, we had purchased a Check Point product for a customer, and we were trying to get support from the team, but it was very difficult. Sophos is okay in terms of support.

How was the initial setup?

Its initial setup is very straightforward. It is very easy if one knows the basic concepts. It has a graphical user interface, which makes it straightforward to configure. You can configure it step by step. The basic implementation of this firewall can be done in a very simple way. There could be some complexity at the Enterprise level, but at a basic level, it is very straightforward.

The deployment duration depends on the complexity level. A simple deployment can be completed in a few hours. A complex deployment can take one to two days depending upon the requirements. This is because, in addition to implementation, we also have to test the solution as per a customer's requirements to see whether it is fulfilling the given task or not.

What about the implementation team?

We are a very small company with seven to eight people. We have a total of three people working with firewalls. They're network and support engineers.

What was our ROI?

Our clients definitely get a return on investment. It is a really good product, and the stability of the product is a very important factor for our clients.

What's my experience with pricing, setup cost, and licensing?

Pricing and licensing is a little bit complicated in FortiGate. They are always on the higher side. This is one issue that we always raise with the company that they should reduce the price according to Indian market requirements. There are no costs in addition to the standard licensing fees.

What other advice do I have?

It is a good product, but I would always recommend selecting an implementer partner carefully. The implementor should be able to implement all the features so that you get the best benefits of the firewall. An implementation partner is very important. If you don't have a proper partner, you will probably end up with a mashup, and you won't be able to use all the features. Your performance might also not get optimized.

I would rate Fortinet FortiGate an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Channel Partner
PeerSpot user
Michael-Sugg - PeerSpot reviewer
CEO at Sovereign Managed Services
Real User
Top 5
Very complete with good capabilities and very good stability
Pros and Cons
  • "The main reason why I purchased the particular unit was that it had good reviews and what other people were saying as far as its completeness and its leading capabilities in terms of endpoint security was very good."
  • "To some degree, it's almost a question as to why some of this stuff isn't simpler. For example, for an AP deployment, while it's integrated, the number of steps that you have to go through in order to get the AP up, seems like a lot."

What is our primary use case?

The purpose of this solution is to provide intrusion protection and more robust endpoint security for small offices. We are providing an enterprise solution for a small business by adding endpoint protection coupled with Intrusion Detection and Protection.  For small offices needing HIPAA compliance, we need to make sure we are providing robust protection instead of the default modem gateway provided by the ISP.

How has it helped my organization?

The Fortinet product provides enterprise capabilities in a small footprint at a price point that is more attainable for a small business. The product meets the IPS/IDS/Endpoint protection that small organizations need for their HIPAA and PCI compliance.  While the end user may not understand the true capabilities, the managed service provider can more easily deploy and maintain this small footprint product.

What is most valuable?

The main reason why I purchased the particular unit was based on other reviews and leadership in this space. Being able to have a VPN solution as well as integrated access points is a plus. For me, it's all about simplicity. When you look at my particular model for a managed service provider, it's basically to help simplify, protect, and remain compliant. When you're trying to implement something, it's about making sure it is simplified. This seems to fit the bill.

What needs improvement?

The product has enterprise capabilities, which means there are a ton of configurations possible.  What I'd like to see in the product is more of a branch in the box wizard deployment for those that are not as well versed in firewall and routing.  For a small business, the firewall should be able to self-configure for a Unified Threat Management configuration with 2 SSIDs for protected wireless network for internal gear and a guest wireless network for employee cell phones and guests.  I'd like to open the box, plug in the router behind the cable modem, and check a few boxes, and the rest is done automatically.  I don't want to have to build a configure VLANs, SSIDs, security protocols for each port, and try to figure out and understand all the layers in an effort to deploy a solution.  It's great to have those capabilities in case you need them, but for most of the offices I am trying to deploy these into--it should be a branch in a box.

For how long have I used the solution?

I've only been using the solution for a few weeks. It's very new for us.

What do I think about the stability of the solution?

Stability has been fine. I've had no questions about the stability of it. It seems so far it is staying up. I haven't had any issues to speak of.

What do I think about the scalability of the solution?

I haven't really pushed this product from a scalability perspective. Certainly, if you look at the performance metrics, the F series appears to have really expanded the capacity and capabilities beyond past models. If you look at 40E versus 40F, there's a fairly substantial difference. For a small office, it's going to be just fine.

How are customer service and technical support?

I haven't reached out to technical support and therefore can't speak to their level of responsiveness.

Which solution did I use previously and why did I switch?

N/A

How was the initial setup?

The initial setup is complex for me due to my lack of experience with the Fortinet FortiGate product. The complexity can be a good thing, however, as there's a lot of really good features associated with it. Where it could be simplified is in having that easy deployment option, and then you can start going down and trying to get into the nitty-gritty and figure out when do you need the extra features.

Right now, I'm just in a test environment getting all the firmware up and tested. Then, once I have it tested, I'll take it to the client location and yank out their WiFi mechanism, their WiFi router, and put this in.

What about the implementation team?

I'm currently handling the implementation for a client.

What was our ROI?

ROI is somewhat difficult to measure when you are mostly talking about deploying a product for endpoint security.  If your environment stays protected, then it was a good return on investment.

What's my experience with pricing, setup cost, and licensing?

When you look at these endpoint security systems and firewalls, these products a few years were way too expensive for a small business. Now we have enterprise level security in a footprint that is less than $1,000.  For offices that have 10-25 computers needing protection, this is a better solution.

What other advice do I have?

The good news is that Fortinet does have a good support network as well as their education academy to help someone get up to speed on their product.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Network Engineer at a tech services company with 5,001-10,000 employees
Real User
Top 10
Reasonably priced with many great features and excellent reliability
Pros and Cons
  • "The pricing is great and very reasonable."
  • "It would be good if they had fewer updates."

What is our primary use case?

It is our primary router here in the office with all the firewall policies.

What is most valuable?

The solution has many valuable features. I like all of them.

Its stability is great. On a previous job, we set probably up to 100 FortiGates, and during the three years they were set up none of them failed.

It's a very scalable solution.

The pricing is great and very reasonable. 

The initial setup is simple. 

We use a yearly subscription for a unified protection model. I like the features that it gives me. It is actually a built-in proxy server and it allows me to use great protection and so on. In terms of application control, the built-in anti-virus is okay. One of the things that I like the most is it has a built-in SD-WAN solution - its price is included in the hardware. I don't need to buy anything else to use SD-WAN. This is the feature that I like, in Fortinet, probably the most. All other vendors sell SD-WAN as a separate solution and you must buy a separate controller which has to be installed somewhere, on-premise or on the cloud, and it costs money. Fortigate does not.

What needs improvement?

I can't think of an area of the product that needs improvement. Even the cost is okay. I have no real complaints. 

It would be good if they had fewer updates. Almost every update has bots that are either critical or something small yet valuable. Whenever I try to do an update, I always fear that something will break.

For how long have I used the solution?

I've used the solution for a few years. I used it on a previous project and I use it now as well.

What do I think about the stability of the solution?

The stability has been excellent. It's very reliable and the performance is great. They have not failed in three years. There are no bugs or glitches. It doesn't crash or freeze. 

What do I think about the scalability of the solution?

The scalability of the product is great. If a company needs to expand it, it can do so.

Up to 100 people use it right now, and likely we will increase usage so that it covers 150 to 200 users. 

If our other branch offices open in other cities or other countries, I will buy another firewall for them as well.

How are customer service and support?

I've contacted technical support in the past.

For example, I tried to update my firewall to 7.0.4 and there was a block with the DHCP server. Some devices did not acquire an IP address. Really, it was something about FortiGate. I asked Fortinet for technical support and I created a ticket, and the next day they replied to me they agree that this was a bug that they would work on. As far as I can see now, there is already an option of 7.0.5. While I didn't test it myself, in the changelog I can see that this bug is fixed.

So far, we have been satisfied as they have answered us by the next day typically.

Which solution did I use previously and why did I switch?

I did not previously use a different solution.

How was the initial setup?

It's an easy setup. Everything is very straightforward and simple to understand. It's not complex, not difficult. A company won't have any issues with the process.

The deployment might take up to one week. I don't remember exactly. I continued to add some features, however, in the instant deployment, when it came here I had another router here, it wasn't too long of a process. Later, I asked my bosses to buy a firewall and when it arrived, on a Friday in the evening, I installed it and everything was fine. It was very fast.

I handle the deployment and maintenance myself. We do not need a big team to manage everything. It's pretty low-maintenance. 

What about the implementation team?

I handled the implementation myself. I did not need a consultant or an integrator.

What's my experience with pricing, setup cost, and licensing?

The pricing is very fair for a firewall. There's nothing to complain about in terms of licensing.

The price model is fair. I have to pay only for the features that only Fortinet gives me. Things like routing are free. Other vendors like Cisco, make me pay for things that should be free.

What other advice do I have?

I would recommend the solution to others.

Fortinet has an education platform that is named trainingfortinet.com and many courses are on there. All the video lessons are free. Users can view them to learn about the features that Fortinet has. It's an excellent resource.

I would rate the solution at a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Lead Architect at a computer software company with 51-200 employees
Real User
Top 5
Scalable with good core functionality and good support
Pros and Cons
  • "The base firewall features are quite valuable to us."
  • "The Wi-Fi controller needs a lot of improvement."

What is our primary use case?

We use this solution for different reasons.

We use it for the firewall with SDWAN functionality

We use it in some use cases as a VPN Server.

 We use it as a Wi-Fi controller on some sites.

We use if for internal network segregation and routing

How has it helped my organization?

Fortinet FortiGate has improved the way our organization functions.

What is most valuable?

Versatile with a lot of controls and expert level customizations for advanced users

NGFW features seems to be effective are relatively easy to implement. 

Fortigate DC Agent is a useful free feature to automatically detect logged on users and implement user based access policy

Basic VPN is included without extra charges

What needs improvement?

The Wi-Fi controller feature needs a lot of improvement. The function itself is not as stable as it should be in our use case which might be a problem in either the APs or the controller.

Would like to see more wizards and automation for more features such as virtual servers, SSL VPN, and others where policies, rules entries are created automatically form wizard input.

Some of the features related to load-balancing and traffic shaping are not as straightforward as they need to be. 

The VPN functionality needs low-level debugging get what really going on. Log level is too detailed and requires someone who is quite experienced to analyze and solve those issues. 

Zero-trust base features are lagging behind the other competition, based on what I have read. Would like to see those features in a clearly in the UI.

For how long have I used the solution?

I have been using Fortinet FortiGate for four years.

We are not using the latest version, but close to it.

What do I think about the stability of the solution?

There are some stability issues when move to a newer version. It's always good to be a couple of steps behind when you upgrade as usually the latest major releases are a not stable. We are quite cautious to update.

The stability of VPN connection phase is can be enhanced

Wifi AP/Controller stability is an issue for us

What do I think about the scalability of the solution?

It's quite scalable. The scalability and the migration are okay as well. Licensing model is also stright forword and certain features such as basic SSL VPN requires no to min additional cost per user.

How are customer service and technical support?

Their technical service is quite good. The application notes and the help on the web are quite good.

I would rate technical support an eight out of ten.

Which solution did I use previously and why did I switch?

By the time I joined a Fortigate was selected against pfsense.

How was the initial setup?

The initial setup is intermediate in complexity but support and online documentation covers for it.

What's my experience with pricing, setup cost, and licensing?

If you're a small-medium size business:

- Size your use case carefully as licensing price jumps significantly with HW changes. 

- Customizable Forticilent SW can be downloaded for free with FNDN membership

- If you have multi sites and require Fortigate based 2FA then consider getting a dedicated fortiauthenticator (VM) with fortiokens acting a central RADIUS server which can be cheaper than cloud tokens an with additional authentication flexibilities.

Which other solutions did I evaluate?

pfsense; was decided against based required features (mainly VPN which is based in OpenVPN)

Paloalto; is a more expensive with comparable security features based on a recent NSS LABs report

What other advice do I have?

Follow the instructions on the application manual carefully. Otherwise, certain features would not be running quite as they need them to without clear errors reported. 

Contact technical support, they're responsive and have solutions for most of the problems.

Chose/size the HW carefully based on your use case as certain features are HW accelerated  in higher variants but takes a huge toll on CPU/ memory when running on lower variants.

Consider using Fortigate DC Agent which is  useful free feature to automatically detect logged on users and implement user based access policy

Consider segregating functions on different units instead of having all features on a Fortigate (i.e avoid having wifi controller + firewall + VPN on a single unit specially for lower variants)

Because of the flexibility, the advanced user features, the high level of security controls, and the tweaks that are available for the user, I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
IT Infrastructure Specialist at a government with 1,001-5,000 employees
Real User
Top 20
A resilient, secure, and scalable solution that provides a secure connection for remote work.
Pros and Cons
  • "The web filtering feature and the intrusion protection system are the most valuable. It is a resilient appliance. I never had an issue with it in terms of any security breaches."
  • "Its reporting capabilities can be improved. It should have some out-of-the-box reporting capabilities and some degree of customization. The basic reporting that it currently has is not sufficient to create more usable reports. It needs some sort of out-of-the-box reporting. They try to make customers purchase FortiAnalyzer for this kind of reporting, which is an additional cost. Other firewall vendors, such as SonicWall and Sophos, provide this sort of reporting without any additional cost."

What is our primary use case?

We utilize the services to ensure the stability of our network and clients protection from external treats. With the recent pandemic mobile working have increased in demand and Fortinet have easily bridge that gap to continue to support employee needs.

How has it helped my organization?

It has provided us the ability to work remotely during the pandemic. It opens a secure connection to the office for an employee working remotely from home.

What is most valuable?

The web filtering feature and the intrusion protection system are the most valuable.

It is a resilient appliance.

What needs improvement?

Its reporting capabilities can be improved. Some out-of-the-box reports needs to be able to provide usable data for example for web monitoring and reporting or browsing patterns and details.  Some customers does not require any forensic type reporting and may not want to invest in all the features offered by the FortiAnalyzer.

For how long have I used the solution?

I have been using this solution for the past seven years.

What do I think about the stability of the solution?

It is stable. 

What do I think about the scalability of the solution?

It is scalable. There are no issues. In terms of the number of users who use FortiGate, we have only about ten users for remote working. Only selected users utilize this remote capability.

How are customer service and technical support?

Technical support is good. If I have an inquiry or request, it is usually addressed within the same business day or within the 24 hours period as per the vendor's support agreement.

Which solution did I use previously and why did I switch?

I was on a Check Point platform, and then I migrated to FortiGate. Migrating from the Check Point environment to the FortiGate environment was new for me. We rely on a vendor for support. The vendor was kind of phasing out the support of the Check Point product. That's why we switched. 

How was the initial setup?

We are currently on 80D, and it was a direct upgrade. The deployment didn't take that long because it was a direct replacement or upgrade from an older appliance 60D to 80D. It was easy for the vendor to deploy because they saved the policies and other things that were in use for the older appliance and had to be migrated over to the new appliance. It was done within maybe a day or two.

What about the implementation team?

We outsourced it to a local vendor, and it was deployed by the vendor. We do our own internal monitoring, and the vendor does the actual set up. So far, our experience with the vendor has been excellent in terms of response. Their technical staff is also very knowledgeable.

What's my experience with pricing, setup cost, and licensing?

We just pay an affordable flat monthly fee to the vendor for the monitoring and support.

Which other solutions did I evaluate?

I learned about different options and their benefits and listened to vendors' proposals for migration. We evaluated pfSense, which is open source. We were trying to determine whether to go for open source as opposed to an industry-standard and proprietary product. I also engaged other vendors who offered Sophos technology and SonicWall. I trusted the vendor-supported product and considered the cost associated with the migration. The current vendor could upgrade it with no implementation cost, and we just had to pay a monthly service fee or rental. 

Based on the research, FortiGate seemed like a reasonable firewall, and it is also more or less recognized and trusted all over, so I trusted FortiGate. Overall, I was happy with the performance of the FortiGate, so I kind of stuck with that one.

What other advice do I have?

I would definitely recommend this product, but there are other products in the market, such as Sophos and SonicWall, that are just as effective. 

We will be using this solution for at least the next three years. We renewed the license for three years in August of this year. We are thinking of upgrading to a newer appliance before that.

I would rate Fortinet FortiGate an eight out of ten. I am pleased with this solution and the features it offers right now. It just needs minor adjustments in terms of reporting and staying up to date with industry standards.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Daniel Gorham - PeerSpot reviewer
Senior Network Architect at Combat Networks
Real User
Top 20
Highly affordable and comprehensive
Pros and Cons
  • "It's inexpensive compared to some of the other technology out there."
  • "They sometimes hide some features and if you want to enable them, you have to go in the CLI, enable the feature and configure it through the CLI. Customers, typically, like everything to be done by the GUI."

What is our primary use case?

Our clients' main use case for Fortinet FortiGate is for the firewall on the outside perimeter to the internet. Some of them have started using it for SD-WAN.

What is most valuable?

We are software integrators. 

Our clients like the packaging because it's an appliance. It has specific chip sets to accelerate different features in the product.

Additionally, it's inexpensive compared to some of the other technology out there.

What needs improvement?

In terms of what can be improved, they do have certain features that you can only configure through a CLI and there's no GUI interface for it. That's a pain. But it's nice that the user can do everything one way or the other.

They sometimes hide some features and if you want to enable them, you have to go in the CLI, enable the feature and configure it through the CLI. Customers, typically, like everything to be done by the GUI.

For how long have I used the solution?

I have been using Fortinet FortiGate for at least the last 12 months.

What do I think about the stability of the solution?

Fortinet FortiGate is pretty stable.

It is hard to judge this year because of everybody working from home. Everybody is using up a lot of bandwidth so I'm not sure if that is a cause for some of the instability with the Forti client. The only place we've seen instability would be updating Forti client with their software called EMS.

So pushing out the client with EMS, like a client update to remote users, has proven a pain in the butt. But that could be because the end users' VPNs are maybe a little bit unstable just because of the high bandwidth demands. It is hard to determine. Maybe it is because some of these users are in remote areas, or non-urban or smaller towns, as opposed to being in an urban area where bandwidth is a little better.

We never jump ahead and say, "Oh, yes. 6.5 just came up. Let's jump on that." We'll probably just wait six months and see what goes on first. And I guess that's probably what a lot of people do because it's protecting your intellectual property and everything which that company owns.

I'm not saying that there's no instability. People will generally just wait and not jump out unless they're testing in the lab. They're not going to jump out and put the first revision that comes out on their firewalls.

What do I think about the scalability of the solution?

In terms of scalability, it scales very well.

They have different models for different sizes. Obviously, if you buy too small and you have to upgrade, then it's a box swap. Some other vendors can just add another unit and you cluster them together. In their case it's more of just switching the box out for more performance boxes if you go too low.

How are customer service and technical support?

Their technical support is very good.

Every time we've had to open up a case or get their help, if we surpass that person's ability, it gets escalated right away. So it's very good. It usually gets resolved within a day or two.

How was the initial setup?

The initial setup is fairly straightforward.

What was our ROI?

In terms of ROI, they're inexpensive. Because they're inexpensive, they're just everywhere, in the Federal Government, schools, everywhere where budgets are fairly tight. And it is a very good product. It's a product that's built that if you need to you can add a different box and remove that feature from your main FortiGate and just run it on a different box.

So if you need to expand, you can always do it that way too.

They have good integration if you have multiple firewalls and it allows you to be able to push out policies to all of them at the same time.

What's my experience with pricing, setup cost, and licensing?

Fortinet FortiGate's pricing is pretty hard to beat.

What other advice do I have?

On a scale of one to ten, I would give Fortinet FortiGate a 10 out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
PeerSpot user
Buyer's Guide
Download our free Fortinet FortiGate Report and get advice and tips from experienced pros sharing their opinions.
Updated: August 2022
Buyer's Guide
Download our free Fortinet FortiGate Report and get advice and tips from experienced pros sharing their opinions.