Fortinet FortiGate Reviews

My main use case for Fortinet FortiGate is controlling our incoming and outgoing traffic as it's installed in our data center. We're managing all the VPNs, IPsec VPNs, over 48 VPNs with our Fortinet FortiGate. We are also controlling network attacks and threats using IPS/IDS, using web filter, and URL filtering. We are bounding users to access the relevant sites only by using the URL.

Fortinet FortiGate has positively impacted our organization by providing stronger network security as it's a next-generation firewall. The IPS we have blocks known threats and vulnerabilities in real-time. Application control detects and controls thousands of applications, blocks P2P, and limits social media.

SSL inspection scans encrypted traffic, even TLS 1.3 for hidden threats, advanced web filtering, antivirus, and anti-malware. The result is fewer breaches, blocked attacks, better compliance, and simplified and secure WAN connectivity, intelligent link selection based on latency, load balancing across multiple ISPs, and automated failover.

We can run routing protocols very easily, such as BGP. We are using BGP over IPsec VPN for our multiple branches and different stations. We are using BGP over Fortinet FortiGate so it's automated. If one ISP goes down, it will shift automatically without requiring human or network administration involvement. It improves VPN and remote access, including SSL VPN and IPsec VPN as well.

The best features Fortinet FortiGate offers include the SD-WAN, which really stands out, and the comfortable GUI. The IPsec VPN configuration is very user-friendly. Compared to Huawei firewall, Fortinet FortiGate offers more features and is more user-friendly.

In terms of security features, Fortinet FortiGate has Deep SSL/TLS inspection, which is very limited in Huawei NGFW firewall. The AI-powered features in Fortinet FortiGate are more advanced compared to Huawei's basic filtering. The SD-WAN is built-in and mature, while Huawei's support is less feature-rich.

Application control is very granular with signatures, while Huawei is less extensive. The management and usability of Fortinet FortiGate is clean and user-friendly, compared to Huawei's more complex user interface. FortiOS CLI is popular and well-documented, while Huawei, Cisco, and Juniper differ from standards. Fortinet FortiGate offers centralized management through FortiManager and FortiAnalyzer. The reporting, logs, and firmware updates are excellent and stable in Fortinet FortiGate.

Fortinet FortiGate can be improved, specifically in the user interface and UX enhancement. The GUI, especially in older FortiOS versions, can be cluttered or slow. Improvements could make the UI more modern and responsive with a quick dashboard, real-time visibility, health checks, and improved policy editing with bulk changes and better search filters.

Policy management in a large environment becomes complex when managing dozens or hundreds of policies. This could be improved by introducing better policy grouping and tagging for more intelligent policy optimization suggestions, such as unused rules or shadow rules.

The built-in logging and reporting is limited without FortiAnalyzer. Internal reporting tools should be enhanced with graphs, trends, PDF exports, alert-based thresholds, and real-time traffic summaries without requiring FortiAnalyzer, which requires additional payment.

User identity integration with LDAP, AD, and user-based rules can be tricky or limited. Additionally, SSL users cannot change their passwords themselves, which should be included in the OS functionality.

I have been using Fortinet FortiGate for six years.

Fortinet FortiGate's scalability is good, and it can handle our organization's growth and needs as it's expanding.

When choosing Fortinet FortiGate, you must know your network size and use case. Choose a FortiGate model that fits your current network and allows for future growth. For small offices and branches, you can use 40, 48, 40F, and 60F series. For medium offices, 80F and 100F are suitable. For large enterprises, you need 200F, 400F, 600F. For data centers, 1000F is recommended.

It's advisable not to buy a model that barely fits; choose one with headroom for future expansion. Always check key specs based on your needs, such as firewall throughput, threat protection throughput, VPN throughput, maximum concurrent sessions, and ports. Check if you need SFP, PoE, or 10G ports.

Consider the features you actually need, such as SD-WAN, SSL VPN, application IPS, AV scanning, Wi-Fi AP support, or central management. If you need central management, you can use FortiManager. Look for FortiOS version compatibility as the F-series offers clear advantages. Make sure your team can operate and manage it with experienced Fortinet engineers.

My review rating for Fortinet FortiGate is three out of ten.

We don't have any issues regarding security, and our web server is running fine with protection from all threats.

The best features of Fortinet FortiGate are that it does the job effectively and protects our environment. It has a VPN and can create a virtual IP for a web server and functions as a standard firewall.

We faced difficulties with the configuration because there are many features we could optimize using Fortinet FortiGate, but our reseller didn't have a good understanding of it. So, we just use it on a basic level, not with the best practice for using FortiGate.

We have been using Fortinet FortiGate for around five years.

Overall, I find Fortinet FortiGate to be very stable. Fortinet FortiGate demonstrates consistent stability.

In my case, the 101F is not scalable. I faced problems with scalability related to memory. When we hit 100% memory usage, it stops the internet connection, so we need to control the traffic. We cannot increase the memory.

We have about 350 users and only one admin.

My experience with Fortinet's technical support is good and helpful. The response time and overall competence meet our expectations. I would rate their support a seven out of ten.

Neutral

We used Juniper before Fortinet FortiGate. We switched because it was an old one and reached the end of support. We had to change.

We were supported by a third party and the reseller. During deployment, it was not a good experience because of the reseller. We had challenges with the optimized configuration. 

The deployment took around three months.

The reseller helped us with the implementation. It has been a long time since the implementation, so I don't remember the name of the company that helped us.

Our IT has six people for deployment, and we used two staff members.

We have seen a return on investment with Fortinet FortiGate. The ROI calculation is based on potential loss prevention rather than traditional ROI metrics.

Its pricing is good. The advantages of Fortinet FortiGate over its competitors include good pricing and meeting our requirements at a lower cost. Palo Alto's features are superior, but too expensive.

I compared other brands, such as Palo Alto and Sophos, and chose Fortinet FortiGate. Palo Alto is the best, but it is significantly more expensive. Palo Alto has better capabilities than Fortinet FortiGate. Their protection is much more secure, and they excel in detecting intrusion and reading information. 

I would rate Fortinet FortiGate an eight out of ten.

There is a tool called FSSO, which is a single sign-on user ID agent that works perfectly. You can configure anything on it, and it is better than Palo Alto's version.

The GUI is written in JavaScript, so when you move any object or policy to another one, it becomes easy to use. It is user-friendly and not complex for network configuration.

Run Script is the best tool to use in Fortinet FortiGate with multiple environments. You can perform multiple tasks at once with the script functionality. It is available through the GUI, whereas in Palo Alto, you need to run it in a separate tool, such as Python.

I prefer Palo Alto over Fortinet FortiGate. Its IPS engine is not better than the Palo Alto version. The monitoring tool needs improvement, and the syslog configuration needs enhancement.

The management plane and control plane are not separated as they are in the same hardware devices, whereas in Palo Alto, everything is separated. So, if the CPU and GPU usage gets higher in the data plane, the admin also becomes unreachable.

The web filter in Fortinet FortiGate is not very useful. While you can add web filters in security policies, it is difficult to understand and not flexible to use.

Fortinet FortiGate frequently experiences IPS engine problems. 

I have been working with it for four to five years.

In most cases, the IPS engine uses too many resources, which makes Fortinet FortiGate devices unstable. When clients encounter different issues, the IPS engine is usually the problem because it consumes excessive resources.

I have not worked directly with technical support, but I am familiar with the distributor, partner, and vendor. People who work with Fortinet provide adequate service.

Positive

I mostly migrate from Fortinet FortiGate, Check Point, and other solutions to Palo Alto. For migrations from various solutions to Fortinet FortiGate, it takes a few days, depending on the environment.

Fortinet FortiGate is cheaper than Palo Alto. It is about 20% cheaper. 

I prefer Palo Alto over Fortinet FortiGate. Fortinet FortiGate is not the best firewall, but it is acceptable. If you have a budget to buy a firewall and Palo Alto is too expensive, then Fortinet FortiGate can be usable. As an instructor in Palo Alto Networks who knows all the techniques, I naturally prefer Palo Alto.

For a small company or branch, I would choose Fortinet FortiGate because it is cheaper and the features are sufficient. However, for more critical environments, such as government institutions or banks, where privacy and security are paramount, I would opt for Palo Alto.

In a hamburger topology setup with the internet side and internal side, I prefer using Palo Alto Networks on the internet side and Fortinet FortiGate on the internal side. This creates a multi-vendor environment, avoiding dependency on a single vendor. The internet side requires more security, hence I would go for Palo Alto, whereas the internal side would benefit from Fortinet FortiGate's flexibility and ease of use.

I would rate Fortinet FortiGate an eight out of ten.

We use Fortinet FortiGate 100F, which is one of two firewalls that we have, one at the entrance of the DMZ and one just outside. One is facing the internet, and the other is at the entrance of the DMZ. We use the one outside to essentially work as a VPN.

As compared to our previous firewall, WatchGuard, which is a good firewall, the successful hacking attempts were far fewer and further with the Fortinet FortiGate, but at the same time, I don't know if the credit goes to only FortiGate, as we have two firewalls versus one in the second implementation. Overall, it is more secure. The VPN is also more stable than the offering from WatchGuard at that time.

Fortinet FortiGate is one of the most solid and secure firewalls as long as you keep it up to date. The price is right; it's not very expensive. 

It's quite feature-rich. While we've mostly used the VPN, we've also utilized it to create high availability. 

We are pretty happy with it. If anything, I believe the web interface could be simpler, especially for someone who has limited networking experience. I mostly do administration, and I found Cisco to be the hardest major firewall manufacturer to deal with, with Fortinet FortiGate being the second hardest for me. In comparison, there's a bit of an easier and more user-friendly interface with WatchGuard.

I have about three years of experience with the Fortinet FortiGate firewall. We also use FortiClient VPN.

The VPN was more stable than the offering from WatchGuard at that time.

I would evaluate the service and technical support of Fortinet FortiGate as pretty good. Whenever we needed them, they would be there for us. I would rate them a nine out of ten. We had no complaints, although they were sometimes extremely busy.

Positive

Before using Fortinet FortiGate, we were using WatchGuard, which is another good firewall.

The initial setup process was efficient, as it took us less than an hour to set up both firewalls.

I was involved in the deployment of the Fortinet FortiGate, handling the physical deployment myself while our vendor managed the initial setup.

We got the Fortinet FortiGate from Telus, which is a Canadian phone company. Our experience was excellent. They're a major phone company, so the services are never less than stellar.

The maintenance for Fortinet FortiGate involves just the occasional patch update. We have software that informs us whenever there's a new patch, and if it's critical, we run the patch update immediately; if not, we usually run it at the end of the month after it's released.

We had uninterrupted service. If one firewall failed, we still had a secure infrastructure. I believe we essentially had a great VPN compared to the alternative offerings, so that's a good return on investment.

It's good. I would rate the price of the Fortinet FortiGate as an eight out of ten. It's not the cheapest, but it's value for money. Given everything we've got out of it: the DMZ port, the VPN, and the high availability, it's a pretty reasonable price.

I would advise others considering or evaluating the Fortinet FortiGate to buy it. It's one of the best products for the price. 

I would rate Fortinet FortiGate a nine out of ten.

Our main use cases for Fortinet FortiGate include using it as a perimeter firewall. Fortinet FortiGate manages all our policies and other things.

Fortinet FortiGate has impacted our cost savings and security efficiency positively.

Fortinet FortiGate's VPN capabilities are very effective for us. We utilize the VPN facilities of Fortinet FortiGate all the time, so anybody who accesses our SAP systems utilizes the VPN of Fortinet FortiGate.

It has been quite seamless in terms of integration. We find it very useful for us.

The features I find most useful in Fortinet FortiGate are its simplicity of utilization, which is very important, and its provision of interfaces to see the alerts and other things. It is very useful. We use it to understand who our top users of the internet are, what they are using, and when they are using it. It gives us many glimpses into the inner workings of the organization.

At this moment, we believe that Fortinet FortiGate should be improved by injecting more AI because the kind of threats we are seeing are more ransomware threats. Fortinet FortiGate is able to ensure these threats do not enter, but we would prefer to see more proactive alerting mechanisms come out.

I have been working with Fortinet FortiGate in this company for about a year or over a year now, and in my previous company, I used it for almost four years, totaling five years of experience.

For stability, I have no complaints; we are satisfied customers.

Fortinet FortiGate is scalable enough for our environment. We are using Fortinet FortiGate in the consumer durables industry for electrical products. We currently have a little over 2,000 users working with Fortinet FortiGate in our environment.

We plan to increase the usage of Fortinet FortiGate in the future, shortly upgrading and increasing the number of users.

For technical support of Fortinet FortiGate, we utilize a channel partner and we are very happy with them. They support us almost instantly. They have backend support from Fortinet FortiGate, which they utilize. I would rate the support an eight out of ten.

Positive

The setup of Fortinet FortiGate is very simple, worthy of a nine out of ten rating.

The deployment part of Fortinet FortiGate takes a couple of hours. We decided to go for Fortinet FortiGate because it was simple to implement, it was simple to get the policies implemented, and the interfaces were quite simple. Simplicity was the main reason. The product is very good.

I find it quite reasonable.

Before working with Fortinet FortiGate, we evaluated Check Point, Palo Alto, and Blue Coat solutions. The reason we chose Fortinet FortiGate was basically because of security and simplicity of use.

I would recommend Fortinet FortiGate to those who are looking into using it because if they look at the manner in which it protects their enterprise, it does a wonderful job of that. 

I would rate Fortinet FortiGate an eight out of ten.

The typical use case for Fortinet FortiGate is perimeter security, which is why our clients use this solution.

We are an implementer of Fortinet solutions.

It works well to protect the edge. For protecting the edge, Fortinet FortiGate secures any data traversing the network back to the cloud or data center through encryption. I have found it easy to configure, which results in no problems.

The security services provided by Fortinet FortiGate firewall are among the best. They have been in Gartner's quadrant for a very long time, which always helps.

Fortinet FortiGate has been able to secure mission-critical data effectively. It secures our customer's network properly, so that's always beneficial.

The ability of Fortinet FortiGate to provide network and security convergence is impressive, as they have stable features including application control. They also have advanced routing policies that set themselves apart in network security. Their solutions gel effectively with a single console for management, which is a significant advantage.

FortiOS is quite good in my experience with Fortinet FortiGate, and it works very effectively and is stable for companies. The customers have given feedback that FortiOS has been very stable for a long time. 

From a feature standpoint, it's easy to set up if people want to try and set up VPNs and other configurations. Policy control is quite nice, and we have a lot of experience with this solution, which helps us a lot.

Their support can be better, and there should be better policies for immediate replacement in critical situations. Their replacement policy varies depending on the type of support subscription. With the standard support subscription, if the device goes down, the customer has to first ship the box, and then Fortinet sends the replacement. With the higher support, the customer has to ship the device after they have the replacement. It would be better for customers to get immediate replacements even with a standard subscription.

I have more than 10 years of experience working with Fortinet FortiGate.

It is very stable. I would rate it a ten out of ten for stability.

If you size the solution correctly based on the customer's network, number of users, and throughput required, there is no problem regarding scalability, so I would rate it a nine out of ten for scalability.

We have small, medium, and large customers who have opted for Fortinet FortiGate.

I would rate technical support from Fortinet an eight out of ten. Their technical support can be improved slightly as we sometimes experience delays in support for urgent customer needs.

Positive

The typical deployment model for Fortinet FortiGate is mostly on-premises. However, there is a virtual appliance available for cloud setups, but in India, most of the sales are for on-premises appliances.

Fortinet FortiGate definitely reduces the total cost of ownership because it offers better management capabilities through a single platform. Its widespread use makes skill sets more available, making it much more cost-effective for customers than other products which may require higher resource costs.

It is more affordable than Check Point and Palo Alto. Another thing is that all the features and the OS remain the same irrespective of the size of the device.

Pricing-wise, Fortinet typically provides one-year support with the firewall appliance. There is also an option for three years which is how their licensing works. They also offer add-ons for features to keep more logs or data, which is standard across their competitors as well.

The price-to-performance ratio for using Fortinet FortiGate is always better compared to any other competitor, so they are rated better than the likes of Check Point or Palo Alto.

The network availability improves when implementing a Fortinet solution; it's definitely much better for a customer compared to having no solutions in place. They are affordable overall.

I would rate Fortinet FortiGate a nine out of ten.

We use Fortinet FortiGate to help protect and secure mission-critical data. There are policies and rules that we apply, and there is an intrusion prevention system that notifies if there are critical vulnerabilities on some clients.

I assess the security services provided by Fortinet FortiGate, such as URL filtering and DNS filtering, as quite good; they are quite effective. Fortinet FortiGate is rather sustainable; it's a good, stable product that gets faster and uses less power with new versions. 

It helps us remediate threats more quickly because we have specialists who can work with it rather effectively. When there is an alert on the Fortinet FortiGate, they work together with our FortiAnalyzer and can quickly remediate the incidents.

They should do a better job in testing when they put out a new release because when a new software version is released, it is not always stable or does not always have all the previous features working correctly. They should do more testing or launch a new version later when they have tested it more thoroughly. 

They already did a good job in their GUI, but they can make more features available in the GUI that are still only accessible through the command line.

My proper experience is only two or three years, but in the company, they have been using it for over 10 years.

In terms of network and security convergence, they are there, but we are not currently using them because in the office itself, we have other brands of switches and access points. It's now not quite stable in the demo lab environment; we are now on the latest version, but in the production environment, we are not. Production is always on a lower version.

It is scalable.

I would give Fortinet's technical support an eight out of 10; they are responsive and helpful.

Positive

I previously used Sophos before Fortinet FortiGate.

If you first implement Fortinet FortiGate to get it up and running, it takes just a couple of minutes, but to get all the policies configured correctly, it takes a couple of days.

For my company, Exclusive Networks, the whole company had three or four engineers involved.

We have seen a return on investment from using Fortinet FortiGate for integration with the SOC team. The automation part is giving us a cost benefit and speed; we can react faster.

The price-to-performance ratio from using Fortinet FortiGate is very good; I would give it a nine out of 10. It has helped save on costs due to reduced power consumption.

Performance is the reason I switched from Sophos to Fortinet FortiGate. It has good value for money, ease of use, and a higher security level, with better security solutions. It's more expensive, but it offers a really good total cost of ownership and is still considerably cheaper than Palo Alto.

I would suggest to anyone considering purchasing Fortinet FortiGate's data center firewall to get training to understand very thoroughly how FortiOS works, and if you have several Fortinet FortiGates, to go for a FortiManager with the necessary training. 

The users who work with Fortinet FortiGate are only the IT people, around three or four. Locally, we have around 60 end-users for Fortinet FortiGate. The biggest lesson would be that Fortinet FortiGate provides a high level of security at a good total cost of ownership. 

I would give Fortinet FortiGate an overall rating of nine.

I'm using it for web filter and then using it for VPN connection user to site, and I'm using it to make a virtual ID to link a real ID from the server to provider to my servers to publish servers.

I work with Fortinet FortiGate SD WAN. I configure the SD WAN to use two Internet service providers from two different service provider links. When one of them is down, the SD WAN goes down. I have to go to the SD WAN and remove this link from the SD WAN member. I confirmed that with the local provider and it's working. Sometimes, when a member of the SD WAN link is down, the SD WAN is down, and this is not the solution. I made the SD WAN for redundancy, however, when a member of the SD WAN link is down or I finish the quote of the Internet, all the SD WAN stops working and users experience problems.

With the web filter, when I go to post some websites under certain categories and open these categories, I experience some problems. 

Additionally, I face difficulties integrating Fortinet FortiGate with Active Directory. When I set preferences to use Active Directory users, it sometimes works and sometimes does not work. When I integrate Fortinet FortiGate with Active Directory and use this integration to make a web filter policy, the functionality is inconsistent. I have tried restarting the Active Directory domain controller and the firewall, but the problem persists. As a workaround, I use the MAC address of the user to define the settings.

I have been using the solution for about five years.

I haven't configured or experienced any stability issues.

It's safe and secures my network and applications in some sites. However, I have significant problems when implementing web filters, which is a very problematic issue for me.

I often ask for help from the local provider. I haven't found the required efficient help. Currently, I have problems connecting to some banking systems and departmental Texas portals. I have asked for help but haven't found assistance through the site or through the local provider. When trying to open a ticket, they reply with solutions that are not applicable to my situation.

Positive

I didn't have a firewall previously. That said, I did have a VPN gateway.

I haven't configured or used the initial setup.

I didn't choose or have knowledge about the implementation team.

The return on investment was good.

The setup cost was good. The Egyptian pound is declining, and upgrading Fortinet FortiGate yearly costs about $2000 USD, which equals one hundred Egyptian pounds. I maintain a business relationship with the vendor and receive support from them.

I considered switching to Sophos. Due to my previous experience with Fortinet FortiGate, I preferred to stay with Fortinet FortiGate.

The solution requires careful attention, and when problems occur, they typically don't repeat once resolved. 

I miss having local provider support here in Egypt. International support is difficult to obtain. Local support is preferable yet has become very expensive due to currency devaluation in Egypt.