Fortinet FortiGate Reviews

This firewall is an antivirus, protects against spam, and is an IPS.

The most valuable feature is the web filter.

The performance is fine.

Some of the features in the graphical user interface do not work, which requires that we used the command-line-interface. We have problems with that.

Log retention should be greater than 24 hours.

I have been using FortiGate for about eight years.

The complexity of the initial setup depends on the implementation. There are some that are very simple, whereas others are complex.

I would rate this solution a ten out of ten.

We primarily use the solution for network security and security next-generation firewalls.

The solution is quite user-friendly. 

We find that the system interface is simple to navigate.

The initial installation is very straightforward.

There are some cloud-based features that could be much more flexible than they currently are.

It's my understanding that they are currently working on improving the cloud solution quite substantially.

I've been using the solution for five years.

The solution is very stable. It doesn't have bugs or glitches. It doesn't crash or freeze. It's reliable.

We find the solution to be quite scalable. If your organization needs to expand this solution out, you shouldn't have any problems doing so.

We have two or three different locations and have between 50 to 200 users amongst those locations.

The technical support is very good.

Most of the time, whenever a ticket is opened and we reach out to support on behalf of our customers, they offer good advice and are very responsive. We're satisfied with the level of service we're provided. 

The implementation is not complex. It's very straightforward to set up and does not take a lot of time to deploy everything.

That said, I did not handle the implementation myself, so I can't speak to more technical aspects of the job.

We had four or five resources that assist in network security and they all helped with the deployment.

I don't handle the pricing side of the product and therefore can't speak to anything in regards to the licensing or costs.

Although we largely handle on-premises deployment models, we have suggested cloud versions to our clients recently.

We are a solution-providing company, and we are offering products to our customers.

Although we really enjoy the solution, there's a lot of very interesting competition in the market. The competition is huge. As a partner of the product, we get a lot of questions we have to answer, and, to be honest, this solution isn't as strong in some areas as others.

That said, we would recommend the solution to others. 

Overall, I'd rate the solution an eight out of ten.

We used FG-90D as UTM device to protect some users and servers, and also to enable inter-vlan routing with advanced security policies inside our lab zone. Also used FG-500D in transparent mode in front of Cisco ASA for advanced and high performance protection by applying IPS, AV, AntiSpam, App.Control and DoS-protection profiles.

We have better manageability: opening and closing ports/services, adding addresses is done very quickly (can be done in single page of the web GUI).

It offers outstanding reporting tools when coupled with FortiAnalyzer (Fortinet's log collector and reporting tool) help meet compliance (there are PCIDSS, HIPAA and many more report types).

Better security posture: safe web surfing, less spam and viruses in incoming email messages, very granular AppControl, blocking vulnerability exploitation attempts and traffic anomalies by IPS, preventing DoS attacks by DoS policies.

Good VPN, both IPSEC and SSL (web-mode, tunnel-mode). An engineer/network administrator has tools to debug VPN issues that can occur during tunnel setup with other vendors' equipment.

SD-WAN feature at no cost. This is really great feature for remote locations (branch offices) and HQ, application steering between many ISP links becomes a simple task. Steering can be done dynamically by measuring link quality (latency, jitter, packet loss, available bandwidth).

Wi-Fi and Switch controller at no cost. FortiSwitch and FortiAP can become a kind of port extender of the firewall, all its ports can be referenced in firewall policies. When you have such management plane consolidation it gives you a simpler way to operate.

Security Fabric Framework is helping in analyzing sudden and rapid changes in whole infrastructure, and gives the ability to simplify daily operations (e.g. address objects synchronization between all firewalls in Fabric, estimating overall security rating, single-sign-on for admin access and many more)

Single Sign On support with deep LDAP integration (several variants for environments with different scales), RADIUS authentication.

Can work as transparent and explicit web-proxy, the last option supports Kerberos authentication which requires no agents installed on any windows server.

Human readable firewall policies with editable security policies and
addresses in single page. This is very useful and time saving feature.

Firmware upgrade process is very simple, even for cluster configurations it is fully automated by default.

Straightforward SNAT and DNAT; you may work in two ways: with Central NAT rules configuration and by applying translation directly inside firewall policies.

Bulk CLI commands are uploaded via gui in script file (portions of config file).

VDOMs are very useful when you need to grant admin role to clients separately. VDOMs in FortiGate can be represented in FortiAnalyzer's ADOMs (administrative domain), which can have different log storage policies, event handling and alerting configurations. You can create one VDOM working in NAT/Route mode, and another VDOM working in Transparent mode.

If you don't want to create and use second VDOM you can still transparently inspect traffic at layer 2 level while having only one VDOM in NAT/Route mode. This is achived by configuring Virtual Wire Pair ports that work like a separate bridge.

Ability to capture packets going through any interface of device (and VM too). You can set number of packets, filter out packets by IP and port number for particular troubleshooting purposes, then download a .pcap file from web gui and analyze it in your favorite programm.

Advanced routing (RIP, OSPF, BGP, PBR). It gives you a seamless and simple integration into a large network.

IPS, AV, Web Filter, AppControl profiles are working very well.

SSL Inspection and CASI (Cloud Access Security Inspection) profiles.

Rich logging options allow you troubleshoot most problems.

Straightforward HA with different redundancy schemas.

IPv6 support.

I think there could be more QoS features in GUI. FortiGate has Traffic Shaping feature that is enough in most cases when shaping egressing packets, but sometimes I just need 802.1p prioritizing (Class of Service) of incoming packets and manual ingress queue assignment. This is what would be nice to have, but I realize that such a job is more efficiently done by L4 switch standing before firewall. Fortinet has a FortiSwitch that can do it, and it also can be controlled by FortiGate via FortiLink protocol.

[Firmware version FortiOS 6.2 update]: There are a lot of improved and newly added things, so it is very hard to imagine any additional features.

Four years.

Small models (up to FG-90) are build on SoC (System on a Chip), so they need to be mounted in places with enough airflow and right temperature, otherwise they could hang, slow down traffic processing, but more often you just can't log in to the device's web-interface (reboot won't help you until it cools down). Actually, that's not an issue. It is a technical requirement for operating environment to be 5-40 degrees (but at 35 degrees with poor airflow there may be issues mentioned above).

For large scale deployment I would suggest to look at FortiManager, a central management point for large amount of FortiGates. I have tested the solution and found it quite useful. I could download configuration from any device and install edited list of policies to several devices simultaneously through a couple of clicks. Also I liked functionality of clearing out Address objects list from unused entries. It can be configured to be a central repository of firmware and updates, and a local rating server (url and antispam rating services) which can improve rating lookup latency value.

Technical support is good (in average).

We used an old IPS from Cisco. We switched because of End-of-Support on that device.

Initial setup in plain networks is very straightforward. For large environment you should prepare beforehand, because FortiGate is a highly-tunable and feature rich product, so you must have a plan with many considered details.

We did not engage a vendor team. Documentation is good enough to implement with an in-house team.

Setup cost may be not so low, as you expect, because it depends on different factors, but TCO for 5 years may pleasantly surprise you.

Palo Alto, Cisco ASA, CheckPoint

Many interesting things are hidden in CLI, they can help you in different situations. Web-interface (GUI) is primarily intended for day-to-day routine.

Don't underestimate FortiAnalyzer. It can give you a better understanding of what is going on in your network. When FortiGate sends logs to FortiAnalyzer, FortiAnalyzer inserts received log data into database. Predefined and customizable data queries, charts and reports can significantly help you by visualizing problem points, so you can thoroughly investigate security events and traffic behavior anomalies.

FortiGate is a constantly evolving product, so pay attention to FortiOS version it runs.

The primary use case of this solution is as a firewall.

The way the rules are created and set up on our firewall is very quick, very simple, and does not take a lot of time. It allows us to spend more time in other areas.

The most valuable features are that it is very simple to configure and to manage.

For me, this solution has nothing to improve and it meets the needs that I have. I don't see any way to improve, at least from my point of view on regular use.

In the next release, maybe the documentation on how to use this solution could be improved.

What I have noticed is that when we have done some configurations directly from the command line, there is not a lot of information regarding splitting.

I have been using this solution for six years.

We are using the latest version.

This is a stable product.

Fortinet FortiGate is very scalable.

We are satisfied with technical support. We have not had any issues.

The initial setup is very straightforward.

We used a reseller to help us with the implementation.

Pricing is very competitive. It's cheap for what it offers and for what it does.

It's very affordable.

I would recommend this solution to others who are interested in using it.

Fortinet FortiGate is simple and effective.

I would rate Fortinet Fortigate a nine out of ten.

We manage all the IT for airports and airlines. We have some data centers for providing different services, such as tickets, to customers. We use Fortinet FortiGate IPS to secure the environment.

It is a good product. It does what we want it to do so. I didn't find many false-positives or things like that. We mainly use the IPS and URL filtering features, and they are pretty good.

They can probably improve the reporting feature. Reporting and report alerting are the main key features of this solution. They can always find ways to improve these.

I have been using Fortinet FortiGate IPS for four years.

It is doing good in terms of stability. It is a good product and a good feature within the firewall. 

We haven't tried to scale it. 

I have contacted them. Their technical support is good. They are pretty responsive and knowledgeable.

The initial setup was straightforward. Basically, it is quite easy to set up. You just need to follow the guidelines because they are well-made for Fortinet FortiGate IPS. 

We are currently evaluating a Palo Alto solution, and the pricing could be a reason for going for Palo Alto. 

I'm a part of the team that is testing the Palo Alto solution. We are only responsible for testing to ensure that it matches what we want, but we are not responsible for making the actual decision. Another team will decide which solution to go for based on the contract in terms of money and other things. Technically, either FortiGate or Palo Alto will be able to provide what we want.

I would rate Fortinet FortiGate IPS an eight out of ten. It is a good product. 

We are integrators and I'm a senior consultant. 

The best part of this product is that you have the same functionalities throughout the range of products, whether you deploy a small firewall or a big one, it's the same and you have the same functionality almost, so that's one of the benefits. You can also configure all your firewalls, and set them up in one box and use every interface for LAN1 or any kind of usage.

From my point of view, I think Fortinet has to extend the solution into the cloud and provide all the security features from the cloud and not be dependent on the firewall appliances. It would be much easier for them and for the customers. I'd like to see all the security features on the cloud in the next release. 

I've been using this solution for a few years. 

This is a stable solution. 

The initial setup is straightforward.

I would rate this solution an eight out of 10. 

We are dealing in the payment business where we provide services to end-users, and FortiGate is part of our security solution.

The customers swipe their cards into our product, which transmits the data through another server to the acquirer or bank. The server is hosted behind the FortiGate firewall, so all of the traffic that comes in and out goes through the firewall policies, intrusion detection, and instruction prevention systems.

We use the FortiGate Sandbox to detect zero-day vulnerabilities, such as anomalies or malware, that are unknown and have not yet been discovered.

We would like to see a better training platform implemented.

We have been using Fortinet FortiGate for the past five years.

This is a scalable solution. We are able to integrate new products and different payment options. As new projects come in, we are looking for a hybrid setup that will incorporate the cloud.

We have been in contact with technical support and I find them to be good. We've had no issues with them.

We are continuing to use FortiGate but we are in the process of upgrading to the 200E and 300E enterprise firewall.

The initial setup was complex. We had to connect it and set up the PCI DSS compliance. To maintain this, there are a lot of things that have to be done on a regular basis. This includes scanning and hardening the servers, then rescanning. Initially, it is very complex.

We have the FortiGate firewall in our environment, and we are using network segmentation. Based on the segmentation, there are policies. Based on the policies, the traffic to the critical components is monitored and goes through the IDS/IPS antivirus profile. We also have hosted applications, so a basic DDoS and WAP are configured.

I would rate this solution a nine out of ten.

I primarily use this solution for external security of our network.

We are a visual effects company, and there have been a number of high profile security issues in our industry. This has brought us to a higher standard of security, which our clients are very keen on these days. 

We had a minor problem where there was a major system upgrade on the hardware platform and the Apple Mac client was not available as soon as it might have been. The PC client was available immediately, but we had to wait a month or so, before there was a Apple Mac client. I was slightly irritated that it was not ready on time, but it was eventually resolved.

Almost two years.

Fortigate has more than adequate capability to cope with everything we require for the foreseeable future. 

The support is very good, and we have had no issues. 

Previously had a SonicWall. Even allowing for an upgrade discount on the SonicWall, the FortiGate was a more compelling purchase.

It was fairly straightforward.