Fortinet FortiGate Reviews

I specify, configure and deploy firewalls  in organizations with 500 or fewer employees and 15 or fewer sites.  Primarily I choose between Cisco, Sonicwall and Fortigate small and medium sized appliances.  Occasionally I deploy virtual appliances in AWS.   I prefer to use Fortigate firewalls for several reasons- remote access is simple and the included client works with MacOS Windows and IOS devices.  The level of security works well for most clients and the authentication with AD/LDAP makes the solution easier to deploy.  I also find that the clients  appreciate the lower price point than other vendors.

We have a standard build. We give the client the laptop, and, especially with the pandemic, we send them home with the laptop or FedEx the laptop already configured, and the user is ready to go. 

I don't even need to know the client's password. I can just install the software and create a profile. The client fills the profile in with simple instructions, types in their password instructions, and connects it and they're good. It's really simple. 

That's why we have standardized recommending Fortinet. That doesn't mean that I don't support other solutions as well, however, the device that I like the best is the one that's easy to use for me and it's easy to use for the clients. The price point is not bad as well.

The ease of setting the solution up is a valuable aspect for us.

The most valuable aspect that differentiates it from other solutions is that the client (the SSL VPN client or the IP sec VPN client, the same clients) is included in the solution. We don't have to pay extra for the software and the clients. 

I have had some issues, but no more than others and I don't have to buy an expensive add-on license to do it and it's managed and it's updated automatically. That's the key thing, that the client is included and it updates itself so I don't have to do too much to manage it and it's very transparent to the end-user.

The biggest "gotcha" is that if the client purchases what they call the UTM shared bundle, which has unified threat management on both, it's not as easy to manage if you have more than one firewall. 

If I wanted a unified console, I have to pay extra. And that's the downfall. That's the only needed improvement that I would say for the Fortinet solution, is that they should have it web-based from the get-go. You should not have to buy an extra bundle or an extra device.

If I have to make an update to a web filter, and I have 12 devices, I've got to do it in 12 places. If I don't want to do that the client can pay for a pretty expensive device or virtual appliance that does that for them. It's like an expensive centralized management tool. That's the big downfall of Fortinet. It doesn't come included, you have to pay for it. Their web-based one, that's sort of just like an inventory manager. It's not really good for distributing roles. With Cisco, you don't have to do anything. The one from Aruba HD has one too. Fortinet should try to be similar to those options.

In the next release, it would be amazing if they could give a better tool for upgrading, so that if I upgrade from an older version to the other, it can read the configuration and processes it for me so that I don't have to rewrite it from scratch. In FortiConverter, they have a tool like this, however, it doesn't work well. It's really more for bringing items in from other vendors, not from one version to the other.

That was my last experience where they operated from version five to six. However, that's really the only big thing. The main thing is to include the FortiManager cloud software like Cisco does. To have one solution. If you paid $150 a year for the support, you might as well get that too so I could manage all the devices at one spot. They do have FortiCloud, however, it's not the same as the way Cisco does it. They are selling another product called FortiManager. FortiManager should be included with the support, and that would make it more of a business solution, rather than a feature request.

I would say that I have been using the solution for over 10 years. It's likely been between 10 and 15 years at this point.

Fortigate firewalls are very reliable- in the past 15 years I believe only 2 devices in a 100 have failed.  The failures were due to harsh environments (dust and water will ruin any electronic device).  The input I can give to any technology person or client looking to choose a firewall / threat management device I would highly recommend the stability / reliability of fortigate.  Once installed it will do it's job efficiently and effectively for several years.

I will tell a client not to go with Fortinet if they have no firewall or they have a very, very old firewall. If this is from scratch, I'd say let's not go with Fortinet, let's go with Meraki if you have the money. I always say create the budget for it if you have a lot of sites, as Cisco does a better job if you have a lot of sites. If you have two sites, then it's fine to go with Fortinet. It'll scale to that scale. However, if you want to go over a couple of sites, it's not the best option.

The solution's initial setup is straightforward. It's actually gotten better. I got good at doing it from scratch from the command line, or even from the GUI with all the 50 steps to set up stuff. However, now they're wizards and it's much better. It was the thing that probably a lot of people commented on initially, and they just worked hard to fix it. They updated the software from version four to five to six. They did a good job at making it easier.

If the client had a lot of downtime or a lot of issues with older equipment, or they did not like the fact that they had to pay every year just to be able to use the device, then the return on investment of spending $900 for a Fortinet 60E per site for a three-year contract will hands-down beat pretty much anybody. 

It is definitely set it and forget it. There's very little input. You'll save money on consulting. If you were to call me and you're doing Juniper or you're doing Palo Alto, there's a lot more configuring and it's a lot harder to add stuff and therefore, as a consultant, I make more money, and I'm being serious. Once I set up a Fortinet I really don't have to touch it for years.

Maybe I have to log in to check that I need to do an update, however, in that case, they usually send me an email saying hey, your license key is up and maybe you want to buy a new one. I take the old one out and put a new one in, that's when I get paid again. It's boiled down to that. 

I'm not only an authorized reseller. I am a consultant that uses their equipment and recommends them on a routine basis. I am not a Fortinet partner, however.

I use a series of FortiGate products, including the 60, the 90, and the 100. Some of them are E's, some of them are S's; it all depends. However, they have pretty much the same user interface.

If a company is considering the solution, I'd advise that they consider purchasing the FortiManager if they really like the feature set and the way that Fortinet works. For example, a company we work with has these large scale solutions, and they use FortiManager. If you're a very large implementation, definitely look into Fortinet. If you're small, for example, under 20 devices, consider joining Cisco Meraki as it's so much easier. That's what I would tell any client. 

FortiManager and FortiGate are really good. If you like the way the GUI works it's more flexible than Cisco. There are more bells and whistles, however, Cisco is going to be the way to do it if you're going to do 50 sites. If you were to do a lot of sites, consider Cisco. If not, you can do Fortinet.

At the end of the day, the solution is very flexible, and if the client has special business partners that want a special type of nailed up VPN or special configuration for the clients, it offers that. The lesson I learned using the solution was to go with the solution that's most flexible for the client and at the same time is as low touch as possible. That's why I've standardized on FortiGate, as it's low touch for me and I'd rather spend time fixing other stuff or troubleshooting the other problems for clients than this particular solution.

You want to spend less time fighting with your remote access solution or your firewall solution and work on other problems. It should not be a difficult thing, and yet, a lot of people struggle with that. Especially today with the pandemic, they have to be able to have access to their stuff and that's crucial. That's the biggest takeaway. Is it easy to manage it, is it easy to connect? If so, it's worth the investment.

I would rate the solution nine out of ten. If they included FortiManager in their offering, I'd give the product a perfect ten.

We deployed Fortinet FortiGate SD-WAN into one of our customers, and they are satisfied. We utilized Fortinet FortiGate's data center solution; we took in three units: FortiGate ADC 1101 and 2600, and we deployed them into a customer, with no issues so far. The impact of these services on data center protection at scale is still on the launch side; the production will be up maybe this month, but so far, there are no issues.

The best features I have already seen in Fortinet FortiGate are the automatic updates, the easiness of deployment, and the capacity. These three features are the best.

A shorter response time when we have questions could improve Fortinet's first-level support quality. The knowledge base is comprehensive, so that is okay. For additional features that could make Fortinet FortiGate even better in the future, they have the SD-WAN, but I do not know if they have quantum VPN. 

I saw one brand that has a quantum random number generator, so maybe that could enhance security, along with a smaller version of their product to fit into the budgets of smaller departments.

I have been dealing with Fortinet FortiGate since April.

I think Fortinet FortiGate is overall stable.

There are a lot of people using it, maybe more than a thousand.

The technical support by Fortinet is okay; they are very responsive, and they know what they are doing. If you ask them questions, they can easily answer.

I have no experience working with any other firewalls before using Fortinet FortiGate.

I was not a part of the technical team that deployed Fortinet FortiGate for integrating SD-WAN capabilities. I am actually with the research team, and I relate the feedback I get from their experience with Fortinet FortiGate.

The pricing of Fortinet FortiGate is a little pricey from my perspective. It is expensive comparatively to its competitors. The brand has its own price concerning the licensing model of Fortinet FortiGate.

We are dealing with other vendors besides Fortinet; we are constantly searching for brands and comparing their features side by side. Besides Fortinet, we are currently dealing with Palo Alto, Sophos, and my friends also did Check Point and another Korean brand. For Sophos, we are mostly dealing with firewalls. The Sophos products we are dealing with are firewalls. For Palo Alto, we are in the same category with firewalls.

I would recommend Fortinet FortiGate to others, specifically for larger companies but not for smaller companies because of the price-sensitive Philippine market, where you would not find a lot of companies buying premium products. I do not know if I can see room for improvement in Fortinet FortiGate because I am not so techie myself. I would rate Fortinet FortiGate as a product an eight out of 10.

We use the solution for security.

It is a good solution. The product is stable and strong. We never had any issues with it. All the features work perfectly.

The product’s price is high. It is charging more compared to other solutions.

I have been working with the product for six to seven years. We are working with the latest version of the product.

The product is stable, so we have no complaints. I rate the tool’s stability a ten out of ten.

I rate the tool’s scalability a ten out of ten. We are an SME. We have around 300 users.

I have 20 years of experience in the industry. The initial setup is simple for me. We can deploy the solution within hours.

I rate the product’s pricing a six out of ten. We pay a yearly license fee.

We implement the solution for our clients. We never had to contact technical support. I recommend the solution to others. It is a good product. Overall, I rate the tool a ten out of ten.

My clients use it as a proxy. The second use case is to try a kind of web filtering. So that's the reason why they're buying. We have customers to whom we have sold an appliance, and we also have a customer to whom we have sold on a virtual machine. So, it's placed on their private cloud.

We've been able to try and secure our perimeter better because of the proxy and the gateway. Moreover, traffic from all our compliance actually passes through this. 

We have compliances also, so we get log reports from that, which goes into our log management software. And it actually helps us to try and analyze any security threats to our environment.

DNS security is something that is actually a good service that comes along with the FortiProXY or a Forti secure web gateway.

Fortinet FortiGate SWG is already a good solution, especially with its IP reputation and anti-botnet security features.

The UI/UX experience can be a little better.

My company has the skill set assets. 

We've been in the business for more than eight years. We have implemented FortiGate SWG in the last twelve months.

I would rate the stability a nine out of ten. It's very highly stable. Even if the appliance on-premise solutions have been working fine, Fortinet has a good RMA policy in case of failure as well.  

I would rate the scalability of this product a nine out of ten because it is highly scalable. We have not had problems with customers in terms of scalability.

For medium and enterprise businesses, we would be looking at a web gateway. Small businesses normally don't get into buying a web gateway as such.

We expect a little skillset from the partner as well. However, if we raise the ticket, it becomes much easier, and we get the necessary technical support.

Positive

I would rate my experience with the initial setup an eight out of ten, where one is difficult, and ten is easy.

Usually, the deployment model is in a private cloud.  It can be deployed as an on-prem solution also. The customers have proxy gateways, and so it comes as an appliance as well or as hardware. 

The deployment takes days. It doesn't take weeks. But it depends on the customer environment, like the number of users and what policies need to be configured for that. 

So, it depends on the complexity as far as configurations are concerned. But it definitely can be done in days, and it doesn't take more than ten odd days or so, depending upon the scope.

From a price standpoint, Fortinet is willing to work with partners to get good deals, and Forti will not lose on a price. 

So, we'll be able to try and have a good price versus performance metrics that Fortinet provides.

I would rate the pricing a six out of ten, where one is cheap and ten is expensive.

Overall, I would rate the solution an eight out of ten. I would definitely recommend using the solution. 

The product has the most valuable configuration, offloading, and security features.

Fortinet FortiGate SWG's SSL offloading features need improvement.

We have been using Fortinet FortiGate SWG for five years.

I recommend Fortinet FortiGate SWG to larger companies as the lease line is expensive. It is suitable for companies who are running web applications. It is not a necessity for small businesses.

The product's tier-one support process is time-consuming. It takes time to reach the right person to sort out the issues.

Neutral

I have previously worked with a product related to SSL offloading and caching through a reverse proxy. Currently, we are serving the small and medium-sized business (SMB) segment, where the requirements and infrastructure may not necessitate SSL offloading and related features due to the absence of web servers within their networks. Simpler and more streamlined solutions suffice for their requirements in such cases.

The initial setup process is easy. It takes two or three hours for basic implementation. At the same time, it takes around two days to perform a clone test. It includes fine-tuning, optimizing, and transforming it to the environment once stabilized.

The product is expensive.

I rate Fortinet FortiGate SWG an eight out of ten. It has a lower failure rate in terms of configuration. Once it is configured, it keeps running for years. However, they have increased the process by almost 60% to 70%.

We use the FortiGate IPS solution to analyze malware. When we receive attacks, we analyze the IPs.

The product has an inbuilt IPS software. We can configure it to block specific anonymous attacks that are happening.

They should provide us with a CSV number for patch updates. It will help us block specific signatures as well.

I have been using Fortinet FortiGate IPS for four years. We are using the latest version.

The product is stable, but we need to monitor IPs as new patches are released daily. Attackers will use these new patches to develop new attack methods and signatures. We need to ensure that our FortiGate IPS is up-to-date with the latest patches. We can get the logs and see if anything we have detected is suspicious. It includes programs, applications, files, or anything else. We investigate suspicious activity and act appropriately, such as blocking IP addresses or updating policy analytics.

The product is scalable. I sometimes have enterprise clients, but my client base is mostly small businesses. We have to implement the entire setup for them. In addition to the endpoint solution and firewall, we need to create IP addresses for users and define their services. Then, we can protect these resources from FortiGate by enabling the IPS upgrade.

There is a customer support portal number. We can create a case there and upload our details. They provide support services instantly.

Neutral

The initial setup is easy. The default CSV is already updated so that we can block those threats. We have to update the block list from the policy settings.

The product is expensive. I rate its pricing a six out of ten.

Enterprises use Fortinet FortiGate IPS because it protects government or critical infrastructure networks. For small businesses, IPS may be sufficient. Overall, I rate it a six out of ten.

I’m using Fortinet FortiGate SWG to study it as a proposal for our clients in Brazil.

The solution reduced a few tickets from our operations center, and we're able to work better with flash incidents.

The solution is easy to implement and easy to configure. The most valuable feature is FortiGate’s content filtering.

The price could be improved.

I’ve used the solution for four years and I’m currently using the latest version.

I rate FortiGate SWG’s stability a ten out of ten.

I rate FortiGate SWG’s scalability an eight out of ten.

The solution is easy to use, and it’s a great solution. I rate Fortinet FortiGate SWG a ten out of ten.

The initial setup was straightforward.

I have seen an ROI using FortiGate SWG.

We use the product for security and filtering purposes.

The product helps block multiple ports during ransomware attacks.

FortiGate Next Generation Firewall (NGFW) 's most valuable features are reporting and filtering.

The product's data guard feature should support a USB port when the internet connection is unavailable.

We have been using FortiGate Next Generation Firewall (NGFW) for three years.

I rate the platform's stability a ten out of ten.

Our organization has 500 FortiGate Next Generation Firewall (NGFW) users. We utilize the platform 24/7. I rate its scalability a ten out of ten.

The platform's initial setup process is easy. I rate the process a ten out of ten. It takes a couple of days. The deployment involves integrating it with SSO in FortiGate. It helps with filtering access to user accounts through Active Directory. One executive is required for deployment. Additionally, one executive is needed to take care of packet updates for maintenance.

We implemented the product with the help of our in-house team.

I rate FortiGate Next Generation Firewall (NGFW) an eight out of ten.