PeerSpot user
ICT Manager at a aerospace/defense firm
Real User
Download
Virtual domains are treated as separate firewall instances
Pros and Cons
  • "You can create multiple Virtual Domains (VDOMs), which are treated as separate firewall instances."
  • "The reporting you receive out of this appliance is excellent. You will not need an external management system."
  • "The user interface is relatively easy. The devices are easy to deploy and figure out when you have experience with other security appliances."
  • "I could not configure sFlow from the FortiGate graphical user interface. I realized that the sFlow configuration is available only from the CLI, and discovered that sFlow is not supported on virtual interfaces, such as VDOM links, IPsec, or GRE."
  • "There is one big configuration file with no separations for the unique VDOMs. Maybe they could separate individual VDOM configuration files with the root VDOM configuration file referencing the individual VDOM config files.​"

How has it helped my organization?

There is no need to buy physical firewall hardware when you host multiple customers requiring individual secure access to their FW. You just create virtual domains (VDOMs).

What is most valuable?

You can create multiple Virtual Domains (VDOMs), which are treated as separate firewall instances. The reporting you receive out of this appliance is excellent. You will not need an external management system.

What needs improvement?

1. sFlow and NetFlow

I could not configure sFlow from the FortiGate graphical user interface. I realized that the sFlow configuration is available only from the CLI, and discovered that sFlow is not supported on virtual interfaces, such as VDOM links, IPsec, or GRE.

NetFlow is a network protocol developed by Cisco for collecting IP traffic information and monitoring network traffic. It is not supported on FortiGate for those who have a NetFlow analyzer/collector already setup in their network.

2. Policies

To control traffic in a firewall, you need to create and apply policies to the FW interfaces. By default, policies are sorted by FW interfaces and this makes FW interfaces an integral part of the policies. Zones provide the option to logically group multiple virtual and physical FortiGate firewall interfaces. Then, you apply security policies to those zones (logical groups of interfaces) to control traffic flow on those interfaces.

In a FortiGate unit with a lot of interfaces (including virtual interfaces), there is a high probability of having duplication of policies.

For how long have I used the solution?

Three to five years.
Buyer's Guide
Fortinet FortiGate
April 2024
Free Report: Fortinet FortiGate Reviews and More
Learn what your peers think about Fortinet FortiGate. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
DOWNLOAD NOW
768,578 professionals have used our research since 2012.

What do I think about the stability of the solution?

These devices are very stable.

What do I think about the scalability of the solution?

They are easily scalable with multiple built-in interfaces. It supports a minimum of 10 VDOMs. VDOM supports all dynamic routing protocols like RIP, OSPF, BGP, and IS-IS. You do not need to reboot after enabling the VDOMs.

Area for improvement - there is one big configuration file with no separations for the unique VDOMs. Maybe they could separate individual VDOM configuration files with the root VDOM configuration file referencing the individual VDOM config files.

How are customer service and support?

Customer Service:

Customer service is great, an eight out 10.

Technical Support:

I will give technical support an eight out 10.

Which solution did I use previously and why did I switch?

We previously used different solutions as well. We did not switch, we have different requirements for different customers.

How was the initial setup?

The user interface is relatively easy. The devices are easy to deploy and figure out if you have experience with other security appliances.

What about the implementation team?

It was an in-house installation.

What was our ROI?

The ROI is great. These boxes are not that expensive compared to what they can do, their functionality, and the reporting you receive.

What's my experience with pricing, setup cost, and licensing?

Fortinet licensing is straightforward and less confusing compared to Cisco. Fortinet has one or two license types, and the VPN numbers are only limited by the hardware chassis make.

Which other solutions did I evaluate?

I already have experience with Cisco ASA, so it was simply a customer preference and well within the budget.

What other advice do I have?

Great appliances, and it is affordable.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Simon Chaba - PeerSpot reviewer
Simon ChabaICT Manager at a aerospace/defense firm
Real User
Report as inappropriate

Hi Becky. I chose Fortigate mainly because it provides the capabilities to provide logical separate firewall instances to multiple customers. These logical firewall are know as VDOMs. I have the partitions the physical fw devices to multiple logical units thus saving costs.

Like(0)Reply
See all 4 comments
PeerSpot user
Security Consultant at Webernetz.net - Network Security Consulting
Consultant
Cisco ASA vs. Fortinet FortiGate vs. Palo Alto vs. Juniper SSG

Since IPv6 gets more and more important, I am using it by default on all my test firewalls, which of course support IPv6. However, when comparing the different functions and administration capabilities, they vary significantly.

Here comes my short evaluation of the IPv6 functions on the following four firewalls: Cisco ASA, Fortinet FortiGate, Juniper SSG, and Palo Alto.

Criteria

I was merely interested in the basic IPv6 usage and not in the typical firewall categories:

  • Interface: IPv6 address and link-local address configurable?
  • Router Advertisement and DHCPv6: Whether the firewalls support nothing (–), only RA (-), DHCPv6 relay (ο), stateless DHCPv6 (+), or stateful DHCPv6 (++). The existence of stateless DHCPv6 is vital for delivering the DNS server IPv6 addresses to the clients. (The “IPv6 Router Advertisement Options for DNS Configuration”, RFC 6106, is not supported by any of these devices.)
  • Security Policy: Whether IPv4 and IPv6 addresses can be used in the same policy and whether address groups can have objects from both protocols.
  • Administration: How easy are the IPv6 functions to manage? Only via the CLI (–), fifty-fifty (ο), GUI but complicated (+) , or fully via the GUI (++).

Results

These are the results. They range from — via ο to ++.


 Cisco ASA
Fortinet FortiGate
 Juniper ScreenOS
Palo Alto
Version
9.2(3)
5.2.2
6.3.0r18.0
6.1.3
Interface
++
+
++
++
RA, DHCPv6
-
++
+
0
Security Policy
++
-
-
++
Administration + - + ++

Details

Cisco ASA

The Cisco ASA has no DHCPv6 instance running. That is: there is no way to run an IPv6-only network because clients won’t get the DNS server. The security policy is capable of both protocols. Everything is configurable via the GUI, which is not the best at all.

Fortinet FortiGate

The FortiGate is the only firewall with a stateful DHCPv6 server. Great. However, two distinct security policies must be used and nothing of the IPv6 settings are configurable via the GUI. WHAT???

Juniper SSG (ScreenOS)

ScreenOS is dead. However, most of the IPv6 functions are working quite good, except the protocol dependent security policies. Everything is accessible via the GUI, but sometimes on confusing positions.

Palo Alto

Palo Alto did a good job on the IPv6 interfaces and security policies. The GUI is quite intuitive and the policy accepts both protocols at the same time. Unluckily, there is no DHCPv6 server which makes it impossible to operate an IPv6-only client network behind a Palo Alto (without further servers).

Conclusion

It’s interesting to see the differences between those firewalls. While the Fortinet und Juniper firewalls support the whole SLAAC process incl. DNS servers, they have no single security policy for both protocols and are horrable to configure.

The Palo Alto is quite good to configure but lacks the DHCPv6 server. Same for the Cisco.

In summary, all firewalls position in the middle of my scale. From an IPv6-only view, I cannot say which one is the best. It depends….

Originally published on blog.webernetz.net

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Fortinet FortiGate
April 2024
Free Report: Fortinet FortiGate Reviews and More
Learn what your peers think about Fortinet FortiGate. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
DOWNLOAD NOW
768,578 professionals have used our research since 2012.
PeerSpot user
Network Manager at a educational organization with 1,001-5,000 employees
Vendor
Fortigate is Hard to Beat for the Money

Fortinet has been a darling of the stock market ever since its IPO in 2009 as its stock price has accelerated over recent years. Its stock performance has mirrored the adoration that its line of security devices consistently receive. Fortinet is the current UTM market leader, boasting a 20% market share. Fortinet is now expanding out of its core SMB strength and into the large enterprise market where the increasing performance of its solutions are making it attractively priced.

In Gartner’s latest Unified Threat Management Magic Quadrant (UTM) Fortinet is listed at the top of the leader quadrant. Says Gartner, “We believe attributes that contributed to the leadership position include Fortinet’s high awareness in the industry, in Gartner client’s short-lists and in competitive situations; Fortinet’s aggressive price/performance.”

A UTM or Unified Threat Management device is a firewall that includes other features as well. The Fortinet UTM package includes gateway firewall, anti-virus, web filter, intrusion protection, application control, VPN, email filtering and WAN optimization. Think of it as the “Everything Box.”

There line of UTM security appliances is called the Fortigate series. It offers an appliance to meet every type of network, from the home office to large enterprise networks, as well as Managed Security Service providers. Its smallest unit, the Fortigate-20C, also serves as a wireless router and offers four internal switch port in addition to a WAN port. At the top of the food chain is its new 5000 Series chassis based network appliance. It supports two, six, or fourteen FortiGate-5000 series network security blades, and allow you to scale security and customize your unique environment. These large units are ideal for virtual infrastructures as they can control up to 3,000 virtual domains.

The admin console for the Fortigate is browser based. Sometimes, browser based can have a cheesy rudimentary look but not with the Fortigate. Navigating the Fortigate is simple with its expandable menu. The admin console opens up to a Dashboard which displays a series of widgets that the administrator can populate according to their needs. It also comes with a command line interface which can be accessed through the admin console itself or through Putty.

Like all UTM appliances, the Fortigate units do some things better than others. Its web filtering is certainly more than suitable for most environments but if you are looking for super high granularity with a complicated array of user based filtering and exceptions, you probably would be better suited with a dedicated filtering appliance. The same probably holds true for its email filtering as well.

With this in mind though, what IT professionals are looking for first and foremost in a UTM device is security, and this is what Fortinet does best. Configuring the firewall of the Fortigate is a breeze. Simply create your firewall objects, consolidate them into groups if possible, and then create your policy rules. You can right click on any of your policies to view a separate context menu that will allow you to do things such as delete, move or edit the policies.

Integrating the other core components with your firewall policies is a snap. Simply apply the various UTM services you desire to the designated policies. For example, you would enable email filtering only to the rule configured for email traffic. You would then configure web filtering for the rule regarding your HTTP and HTTPS traffic while you would apply anti-virus to both rules.

Backing up and restoring your Fortigate configurations is as simple as clicking a single link and can be completed in less than a minute. Fortinet is continually releasing new builds and updates for all of its models. Simply download these firmware upgrades to any local device and click the update link and browse to the downloaded updates. You can revert back to an older firmware release at any time. Some of the more robust Fortigate models can be clustered into active-active or active-passive configuration.

Fortinet recently released version 5 which among other things includes Mobility Management. This feature does not include an additional license and is ideal for those organizations who allow BYOD devices.

If you browse some of the UTM discussion boards out there, you will find the phrase, “can’t beat it for the price” when discussing the Fortigate. The combination of its strong UTM features with a very affordable price point should certainly put Fortinet on the short list for any organization shopping for a new UTM appliance.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
it_user3483 - PeerSpot reviewer
it_user3483Senior Consultant at Unify Square
Real User
Report as inappropriate

Great review Brad.
Only for the part related to upgrades from one version to another, I think you are a bit too optimistic :-)

Sometimes the update (and rollback) are not devoid of hassles (including parts of the configuration that not always work "as they are" in the new firmware).

Like(0)Reply
IK
Sales project manager at Saraha
Real User
Download
Simple implementation, reliable, but security could improve
Pros and Cons
  • "All of the features of Fortinet FortiGate are useful and the security protection is good."
  • "The security of Fortinet FortiGate could improve."

What is our primary use case?

Fortinet FortiGate is used for the overall protection of companies.

What is most valuable?

All of the features of Fortinet FortiGate are useful and the security protection is good.

What needs improvement?

The security of Fortinet FortiGate could improve.

For how long have I used the solution?

I have been using Fortinet FortiGate for approximately one year.

What do I think about the stability of the solution?

Fortinet FortiGate is a stable solution.

What do I think about the scalability of the solution?

The solution is scalable. We have 11 clients using this solution.

How was the initial setup?

The initial setup of Fortinet FortiGate is straightforward.

What's my experience with pricing, setup cost, and licensing?

Fortinet FortiGate allows you to purchase licenses for hardware and software.

Which other solutions did I evaluate?

I have evaluated Cisco solutions.

What other advice do I have?

I would recommend this solution to others, it is a good solution.

I rate Fortinet FortiGate a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Flag as inappropriate
PeerSpot user
KM
ICT Systems Administrator at a philanthropy with 11-50 employees
Real User
Download
Stable security solution with easy integration, ease of use, and good product support
Pros and Cons
  • "Security management tool that's easy to integrate and easy to work with. No issues found with its stability and scalability."
  • "Bandwidth usage in reporting could be improved for Fortinet FortiGate."

What is our primary use case?

Our use case for Fortinet FortiGate is that it's a firewall for managing our security.

What is most valuable?

What I found most valuable in Fortinet FortiGate is its easy integration.

It's also able to individually manage users.

I also like the VPN aspect of this solution.

It's a product that's easy to work with, especially when you work from home, e.g. you're able to integrate it easily with the users.

What needs improvement?

Bandwidth usage in reporting could be improved. There's an aspect in reporting that I'm trying, but what I noticed is if you logged into the VPN, there's an effect on the reporting in terms of bandwidth, that needs improvement.

For how long have I used the solution?

We've dealt with Fortinet FortiGate for the last four years.

What do I think about the stability of the solution?

We didn't have any issues with the stability of Fortinet FortiGate.

What do I think about the scalability of the solution?

We find Fortinet FortiGate scalable, because currently, we have 150 users of it, and it could handle up to 1,000 users. It's good for growth.

How are customer service and support?

Technical support for this solution is really good.

The first time we were using it, we called support and reported an issue, and saw that support was really good. There's nothing I can complain about regarding technical support for Fortinet FortiGate.

How was the initial setup?

The setup for Fortinet FortiGate was easy, because we had it done by another company. It was a construction company that we had this set up for, but I can't remember their name.

What about the implementation team?

Another company implemented this solution for us, and they also took us through the training and it was okay.

What's my experience with pricing, setup cost, and licensing?

If you compare Fortinet FortiGate with Sophos and other firewall products available in the market, this solution is affordable. If you really want to use Fortinet FortiGate, you'll find that it's affordable.

What other advice do I have?

Fortinet FortiGate works well for me. I have not encountered any issues that required me to recommend an action or request if this solution could be improved. It suited the needs of the organization I'm using it in, so I didn't really find an area that needs to be improved, because this solution works very well for us.

My advice to others looking into implementing Fortinet FortiGate is that they need to do their research. They need to find out exactly why they need to use this product and for what purposes, because there are so many options for users. They really need to know what they want for their organization before they implement Fortinet FortiGate. They also need to think about the type of files they require, how many users will use this product, and what they intend to do with it.

If I could give Fortinet FortiGate a score of 11 out of 10, I would. It's very good. It's a ten out of ten for me. It's a really good solution.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Flag as inappropriate
PeerSpot user
Silvia Ihensekhien - PeerSpot reviewer
Chief Information Security Officer at ShipServ Limited
Real User
Download
Useful dashboards and reasonably priced
Pros and Cons
  • "The dashboard I have found the most valuable in Fortinet FortiGate."
  • "Fortinet FortiGate is not very easy to use. The navigation could be improved to make it easier to use."

How has it helped my organization?

It gives a good overview of the security posture

What is most valuable?

The dashboard I have found the most valuable in Fortinet FortiGate.

What needs improvement?

Fortinet FortiGate is not very easy to use. The navigation could be improved to make it easier to use. Instead of double clicking the items FortiGate needs to click the "details" button to get the configurations or record details

For how long have I used the solution?

I have been using Fortinet FortiGate for approximately four years.

What do I think about the stability of the solution?

So far the solution is quite stable 

What do I think about the scalability of the solution?

They provide different products and features and can be added if you needed 

Which solution did I use previously and why did I switch?

This is the first solution we used since we moved to Cloud 

What about the implementation team?

We used a partner to do the implementation of the solution.

What's my experience with pricing, setup cost, and licensing?

The price of Fortinet FortiGate is reasonable for an SME.

Which other solutions did I evaluate?

No

What other advice do I have?

I rate Fortinet FortiGate an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
IR
Group IT Infrastructure Manager at a manufacturing company with 1,001-5,000 employees
Real User
Download
A scalable and stable solution
Pros and Cons
  • "Fortinet FortiGate is a stable solution."
  • "I would like to see improvements with the antivirus and IPS as they are not working properly all the time."

What is our primary use case?

We are a sister company of Fortinet FortiGate. Our organization has more than 3,000 users.

What needs improvement?

I would like to see improvements with the antivirus and IPS as they are not working properly all the time.

For how long have I used the solution?

I have been using Fortinet FortiGate for twelve years.

What do I think about the stability of the solution?

Fortinet FortiGate is a stable solution.

What do I think about the scalability of the solution?

This solution is very scalable.

What other advice do I have?

Prior to choosing Fortinet FortiGate you should make sure you select the right box. Be sure of the capacity and have a capacity plan before installation. I suggest you do a failover and redundant together, compact boxes together.

I would rate this solution an 8 out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
QV
IT Infrastructure managerInformation an Communication Services Manager at a agriculture with 5,001-10,000 employees
Real User
Download
Great load balancing feature, secure and stable
Pros and Cons
  • "Good load balancing feature."
  • "We have an issue with hotel guest vouchers."

What is our primary use case?

We've used this solution for the guest portal for our client and we also use it to secure the network of our firm. I am the IT infrastructure manager and we are customers of Fortinet. 

What is most valuable?

I like the fact that we don't have to use our IP address and that it roams. I also like the load balancing feature which allows you to attach several internet connections and load balance.

What needs improvement?

We have an issue with the license when it expires because we're unable to use the computers. We are in the hotel industry and there's an issue with vouchers when guests come in wanting to use them. 

For how long have I used the solution?

I've been using this solution for five years. 

What do I think about the stability of the solution?

It's a stable solution. We had some issues after we upgraded but on the whole it's stable. 

What do I think about the scalability of the solution?

We don't have scalability requirements so I can't comment. 

How are customer service and technical support?

We had some issues with the local support, particularly with regard to purchasing the subscription. It took a very long time and at one point the license had expired and it took a while to sort out. 

How was the initial setup?

The initial setup is simple and doesn't take much time.  

What's my experience with pricing, setup cost, and licensing?

This is an affordable solution. 

Which other solutions did I evaluate?

FortiGate is the most effective solution for us and it's a cheaper option to Check Point or Palo Alto which we looked at. They are both very expensive. 

What other advice do I have?

I would rate this solution an eight out of 10. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free Fortinet FortiGate Report and get advice and tips from experienced pros sharing their opinions.
Updated: April 2024
DOWNLOAD NOW
Buyer's Guide
Download our free Fortinet FortiGate Report and get advice and tips from experienced pros sharing their opinions.
Buyer's Guide
Fortinet FortiGate
April 2024
DOWNLOAD NOW
Quick Links
Learn More: Questions: