Fortinet FortiGate Reviews

• Policy control
• Web filtering
• Application filter works smoothly.
• Controlling and tracing with web console works nicely for windows systems.
• Better QoS than Checkpoint, I believe.

Previously, my organization had the Checkpoint firewall solution, which has been replaced by the Fortinet Fortigate solution, which is cost effective and more manageable from a beginner's perspective.

Fine QoS and Web based filtering solution is a plus.

• Maybe Linux system monitoring can be improved by the developers of the product.
• Although it has policy control and web filtering, these could be better.
• Application filter needs more control options.
• IP tracing works only so-so.
• Controlling and tracing with web console for Linux only obtains IP addresses.

• Performances
• VDOM
• UTM
• Consolidated Management
• FortiGuard

• Endpoint control of mobile devices with Security Profiles compliancy checking, captive portal redirection, Antivirus, IPS and Web Filtering enabled on outgoing traffic (coupled to FortiClient solution)
• Identity-based policies used to authenticated and profile users and guests whatever the media used to access the network (ie. Wired and WiFi)
• Dynamic BGP routes injections to divert traffic requiring UTM inspection or DDOS mitigation
• Two-Factor Authentication VPN SSL for itinerant users (coupled to FortiToken solution)
• Active/Active cluster load-balancing http/https traffic
• GTP tunnels inspections over GPRS backbones for pure-player telco operators
• Distributed WiFi infrastructure with UTM enabled and managed from the central console like signatures and firmware updates
• Classical IP/IPv6 Firewall with consolidated-management

• Fix all pending bugs present in 5.0.x branch
• Improve the testing process of newly published firmware like using real and representative configurations submitted to consequent traffic load during a while
• Support SNMPv3 INFORM requests
• Uniform the scheduled backup between FortiGate, FortiManager and FortiAnalyzer
• Integrate graphical troubleshoot tools for policies based on devices or user identities

4.5 years

Some few non-blocking bugs present in the latest release and which are now solved. In the past I encountered serious bug regarding SCTP and GTP supports. Fortinet helped me to qualify the bug, implement a temporary workaround and then published appropriate patches rapidly.

No. I always used the latest qualified-stable firmware recommended by Fortinet and check by own testing methods the stability of HW and SW before deploying anything into customer premises.

With design and dimensioning parts well achieved I never encountered scalability issue. However it happened I had to troubleshoot some slowness and latency issues on existing projects already running live. Most of the time they were due to some design issues and non-optimized configurations like for instance “in” and “out” ports not handled by the same NP, policy rules non-optimized and non-used features enabled.

Very good.

Very good.

• CISCO ASA: Too expensive, performances issues, non-consolidated management between traditional ASA and inspection ASA CX, not the best security engines
• Checkpoint: Very expensive but good solutions, not the leader in UTM segment
• Juniper: Expensive but good solutions, not the leader in UTM segment
• Cyrberoam: Attractive prices but not yet tested, looks like promising
• Arkoon/Netasq: Obsoletes (Stormshield not yet tested)

It was quite simple if you have at least a minimum of experiment with Firewalls integration. It is now even simpler thanks to the FortiExplorer application.

In-house.

Taking into account the price criteria, nowadays Fortinet always wins offers in front of competitors like CISCO and Checkpoint. Mixing this key-point with other success keys like UTM features and performances.

Contact Fortinet or Fortinet’s partner and ask for a POC.

• Load Sharing
• VDOM
• Security Profiles
• Vulnerability Assessment

6 Years

Yes, bugs.

No.

Poor.

It offers a proxy and a firewall.

It has a better processor than CheckPoint.

It's not intuitive, as the rules will be in the last place you look. You can look for a report for an hour, eventually getting a blank page. User experience for the administrator is basically not good as it needs to be more proficient.

I've used it for two years.

I have five ISPs, and it was hard to connect the LAN to the WAN. It did not go well and I had do to a roll-back.

The product is so stable I don't need to have a cluster.

I use a service given by the integrator and it's better than Fortigate’s. The integrator gives me a guarantee that they will immediately replace my machine if a problem occurs.

I use a service given by the integrator and it's better than Fortigate’s. The integrator gives me a guarantee that they will immediately replace my machine if a problem occurs.

I used an open-source product name Squid.

It's straightforward, and was transparent for the users.

We did it in-house.

It costs $200,000 and is only a bit better than the open source solution, which was free.

You don’t have to buy the Fortigate analyzer, as you can also get the reports using Fortinet.

It's fine as a firewall and as a proxy. You need to configure the rules right or else it will be hard to keep up with the logs.

The key features of this product are:

• Network security
• UTM Features
• Configuration and ease of deployment.
• IP/User/Device Mac ID/Device Type based policy configuration
• Traffic shaping
• Load balancing
• Ease of VPN configurations
• Explicit proxy
• Link segregation
• Application signatures
• Network object based HTTPS/SSL inspection etc.

In many organizations it helps to come up with the requirements of proxy servers, defining network traffic and the amount of bandwidth for any network object or specified user(s). It has also provided us with security compatibility with other network devices such as IP cameras, the video conferencing system, VOIP phones. It also logs & reports on individual users network activities.

The FortiGate series does not have that much troubleshooting & network testing features in its GUI, hence we’ll definitely be looking for some add-on features in near future.

I have been using this solution for the past year.

No issues yet.

No issues yet.

For massive logs & reports (over a month) we have to go for a separate logging & reporting device i.e. FortiAnalyzer/FortiCloud, as this is not available in Fortigate itself.

7/10.

8/10.

We started with FortiGate itself.

This product has a setup wizard (FortiExplorer) for the initial configuration, while the physical connectivity is done via a USB cable which is very easy to use.

We implemented the solution ourselves.

It is value for money product as we’ve purchased it with Fortinet's three-year warranty package.

We have evaluated Dell’s Sonicwall & Cyberoam.

Analyze your needs first before implementing this product.

• Anti-virus
• NAT
• VPN

It's the only security product in place that is responsible for guarding the network infrastructure deployed within the premises. The product has lived up to its expectation with no issues whatsoever.

The web interface could be made better.

I've used it for eight years.

No issues encountered.

No issues encountered.

We have managed to maintain the device without getting in touch with technical support. Credit can be given to the documentation provided.

This was the first security device that was deployed.

Setup was straightforward and the documentation was very clear which meant that there were no issues during the initial setup.

We had a vendor assist us who had decent knowledge about the product.

We also looked at pfSense.

The product has reached its end of life.

The unlimited VPN licensing. All of our remote locations (1000+) used IPSec VPN and SSL to connect to the cluster.

We went from being terrified about our firewalls screwing up to completely forgetting we had firewalls. I slept better and so did my manager.

A real-time log viewer in the GUI with the capability to filter traffic displayed. Cisco ASA's have this and it's fantastic.

I used it for four years. We had two devices that were clustered together in a high availability pair as the front end of an country wide, high visibility solution.

No issues encountered.

No issues encountered.

No issues encountered.

Customer service was decent with Fortinet - they were helpful and got the product to our doorstep quickly.

This is where Fortinet stumbles. The support is farmed out overseas to techs that are not very knowledgeable about the Fortinet products. The response time for a critical priority one issue was over four hours and they only responded because we threatened legal action for them violating our support contract.

They used to have Juniper products, which are terrible. The enterprise class firewalls do not support any sort of packetflow gathering such as netflow, and the devices didn't even support Juniper's proprietary jflow. Their SRX series routers, meant for home office use, had more features and capabilities.

It was very straightforward and we encountered very little problems. Fail-over occurred within a second with zero outages or anyone actually taking notice. Firmware updates were easy to apply in a live environment if required, and the GUI was very easy to understand.

I deployed it - I'm FCNSA certified.

If we used a similar solution that required a "per seat" license per VPN, we would have literally spent over 100x what the solution cost us.

We implemented the clustered firewalls for around $30,000, and each office had another Fortigate device at a cost of around $1,000.

Cisco was evaluated but we didn't want to pay for the VPN licensing.

It's an absolutely fantastic product. Just get your support contract clarified, and confirm the response times.