Fortinet FortiGate Reviews

I use Fortinet FortiGate to secure our infrastructure, user data, data encryption, and to prevent DDoS attacks. 

I also have experience with FortiManager and FortiCloud. I have experience in integrating SD-WAN capabilities with Fortinet FortiGate because I am using SD-WAN with multiple ISP lines, using it as a load balancer and for specific route traffic.

Fortinet FortiGate has positively impacted our organization by preventing hackers from accessing our network.

The performance of hardware-assisted DDoS protection in Fortinet FortiGate when managing data center traffic is very good.

One of the best features of Fortinet FortiGate is VLAN. Dynamic Segmentation and SD-WAN are also very good. 

It is stable and easy to use. There are a lot of good resources available on the web.

Fortinet FortiGate could be improved in terms of user friendliness at the policy level and assigning URL based and keyword based features.

I have been working with Fortinet FortiGate for around three years.

Fortinet FortiGate is a stable solution and the best solution.

The scalability of Fortinet FortiGate is good.

I would rate technical support from Fortinet a ten out of ten.

Positive

Before choosing Fortinet FortiGate, I was using Sophos Cyberoam, which is outdated. I switched from Sophos to Fortinet FortiGate because the Sophos device was outdated, not providing the same SD-WAN features at the same cost and central level.

We got our ROI in the second year due to its stability.

The licensing cost is at the intermediate level.

I would rate Fortinet FortiGate a ten out of ten. 

I was involved in deciding on Fortinet FortiGate, but I am not the one who's using it on a day-to-day basis.

We want to make sure that our on-prem servers are protected. We basically use VPN to configure that on Fortinet FortiGate, so that is the major purpose, and that part is working well.

We have not had any incidents where our servers got compromised. It's all good.

For security, it has all the required features, such as the web filter and DNS filter. Also, for accessing the network, we have various rules.

Our IT staff says that some of the security features are better than Sophos's.

Its usability is good. We can easily navigate the system, and we have a very good user experience. It's easier to understand the software compared to Sophos, which I feel is a little more technical and could be difficult for a first-time user.

I want some additional features. For example, I want something to ensure that when we are using Google email or Microsoft email, or Google Workspace, emails can only be accessed on designated machines given to our employees. I would like them to access data from designated machines, not from any machine. It should work for designated mobiles and laptops. I don't know if Fortinet provides something like that out of the box.

We have just installed Fortinet FortiGate, and it has been two months since our installation.

Fortinet FortiGate is stable.

Fortinet FortiGate is scalable.

We are going through the vendor for technical support. If we have any issues, we raise a ticket, and they respond immediately.

Positive

Previously, we were using another firewall device, Sophos. Compared to that, Fortinet FortiGate provides more features and better security. Fortinet FortiGate supports WAN migration. Fortinet FortiGate is also better in terms of speed. In the dashboard, we can get all the stats reports and logs.

Deployment is not very difficult because they have their migration tool.

We are facing some challenges. We are working with a third-party vendor, not FortiGate directly, for the installation and other things. The problem is that their knowledge is very limited. We are facing some challenges. With Sophos, we could enable multi-factor authentication for VPN users. FortiGate also allows that, as per our initial analysis. The people we are working with are not able to configure MFA. They are having some technical issues. Fortinet needs to ensure that its partners are well-trained.

Only two people were involved in the deployment process. The vendor side had their own technician, and we had one person here.

Cost-wise, there is not much difference from Sophos, but feature-wise, we get more features.

We did some comparisons between Fortinet FortiGate and Sophos. We went with Fortinet FortiGate because of the security features and easy-to-understand console.

I would rate Fortinet FortiGate an eight out of ten.

We are using Fortinet FortiGate for branch-to-branch connectivity. It handles internet outages, internet breaks to the cloud, and internet connectivity to the internal systems in the branches.

The SD-WAN and VPN tunnels are the best features of Fortinet FortiGate in my opinion. My major workload runs on Fortinet FortiGate, as it serves as the main backbone of the network.

The firmware in Fortinet FortiGate needs improvement. Some firmwares have many bugs, such as filter issues and VPN connectivity problems. Last month, with version 7.4.6, we experienced web filter issues. They need to fix the bugs before releasing firmware.

We have been using Fortinet FortiGate for up to 15 years, and it performs well.

In my opinion, Fortinet FortiGate is a stable solution.

Fortinet FortiGate's scalability is flexible and scalable.

The customer service and technical support of Fortinet FortiGate rates seven out of ten. The technical support and RMA process are acceptable. We don't raise many tickets, but when we do, we receive late responses for technical tickets, which is why I rate it seven out of ten.

We used Palo Alto and Cisco Meraki before choosing Fortinet FortiGate.

The initial setup of Fortinet FortiGate is very easy.

We used in-house resources for our setup instead of an integrator, reseller, or consultant.

We currently have approximately 110 Fortinet FortiGates and 40 managers. Each year we increase by almost 10 to 20 FortiGates. We are also considering FortiSASE and have discussed this with Fortinet FortiGate. We are planning changes in return on investment from this solution this quarter.

The pricing depends on market competition, which is high because Cisco Meraki and Palo Alto offer similar costs for pricing, setup, and licensing of Fortinet FortiGate. They need to compete with lower margins as prices are getting high for Fortinet FortiGate.

We are currently using Palo Alto and Cisco due to some issues with the Fortinet FortiGate sales people. We have installed equipment in almost four locations, and we are using these three solutions simultaneously.

We are planning to implement SASE and have already discussed this with Fortinet FortiGate. We are currently only discussing the possibility of using SASE.

The integration of SD-WAN capabilities with Fortinet FortiGate has positively impacted application performance. The implementation is straightforward for new users. My experience in integrating SD-WAN capabilities with Fortinet FortiGate has been excellent, rating it 10 out of 10.

Overall, I rate Fortinet FortiGate 9 out of 10.

My use cases for Fortinet FortiGate mostly involve perimeter-based security and fire-walling.

I find that Fortinet FortiGate is pretty easy to use and integrated, offering many features in one box at a decent price compared to other enterprise vendors. When I first used it as a one-for-one replacement, the functionality was basically the same, but the ease of use compared to the old solution increased, so I definitely saw benefits immediately.

Fortinet FortiGate could improve by enhancing FortiManager, which is the centralized management system. It has many inconsistencies and errors with respect to pushing policies, especially when we have a large network team that needs to push different rules. Improving the consistency and allowing proper stability with many users managing hundreds of firewalls would be beneficial. Regarding cloud deployment in public cloud, it is less flexible and scalable, and customers need to provide and take care of resiliency, scalability, and redundancy. This could be a future improvement for Fortinet FortiGate to better adhere to cloud philosophies.

I have been using Fortinet FortiGate for approximately 10 years.

The stability and performance of Fortinet FortiGate have been good, as it has been running at the company for quite a few years since we first implemented it.

Regarding scalability, we have hundreds of physical appliances deployed, which are running adequately. However, in cloud deployment such as public cloud, it is less flexible and scalable. Customers need to provide and take care of resiliency, scalability, and redundancy, which could be a future improvement for Fortinet FortiGate to better adhere to cloud philosophies.

I have contacted technical support regarding FortiSwitch integration issues with Fortinet FortiGate. They are good at responding, though I don't need to call support often. For myself, the experience has been good. On a scale from 1 to 10, I would give Fortinet FortiGate's support an eight. I did have some minor issues with the person I talked to, but overall, they were able to resolve the issue.

I have used alternatives to Fortinet FortiGate.

For someone with a network background deploying Fortinet FortiGate for the first time, the switch is very easy and the UI is easy to navigate. However, their CLI is very difficult to learn, though changes and configurations in the UI are very understandable.

For the deployment of Fortinet FortiGate, it depends on the project, but for smaller or even bigger deployments, one person can easily handle it, excluding data center rack installation.

Fortinet FortiGate requires maintenance, including updates and firmware updates to fix bugs and security vulnerabilities. Overall, it runs fine, but it has security vulnerabilities with respect to some features that may have affected its reputation. Keeping up to date is a normal part of having any product vendor, and their upgrade process has been smooth.

I don't necessarily know directly about their pricing, but Fortinet tends to be lower than Cisco based on the separate projects I've been involved with. In general, Fortinet FortiGate has very competitive pricing.

Cisco Firepower is one alternative to Fortinet FortiGate. Comparing both, ease of use is a major difference. Cisco Firepower's ease of use is very poor, with many bugs and issues that made it non-functional - some things break and pushing policies is very slow.

Previously, I was a customer of Fortinet, but now I am also a reseller partner. I rate Fortinet FortiGate 8 out of 10.

We have a Fortinet FortiGate 900 series that is a big UTM. We also have 10 Gig switches, all fiber, for distribution of the service provider's connections.

The key features include SD-WAN, firewall use, intrusion prevention, intrusion detection, and application control. 

I have tested 90% of the features that Fortinet FortiGate offers. This type of solution helps us integrate all communications of our company. They guarantee operational continuity of our company and reduce risks by eliminating and detecting threats. This solution gives us agility.

The area that Fortinet may improve is customer support. When you have an incident, situation, or open a case, the support is not as good as Cisco or other platforms I have tested. There are many opportunities for improvement.

I've been using the solution for eight years.

Currently, we are experiencing a general outage of one of the main internet service providers of the Dominican Republic, and we have not been impacted in our operations because with SD-WAN, we have another internet service provider and we are working with the second WAN connection without any disruption.

The area that Fortinet may improve is customer support. When you have an incident, situation, or open a case, the support is not as good as Cisco or other platforms I have tested.

Before Fortinet FortiGate, we had Cisco.

It was not easy. While it might be easier now than eight years ago, you have to be careful and ensure you use a great partner that helps you implement this solution as easily as possible.

The experience is good when you use a quality partner or integrator. We use an integrator, located in the Dominican Republic. They have great support here and extensive knowledge.

The return on investment is great. Previously, we were using a dedicated point-to-point connection from the service provider that cost approximately $3,000 a month. When we implemented Fortinet FortiGate, we changed to two internet high-speed dedicated connections, costing approximately $2,000 in total, resulting in significant cost savings.

The cost efficiency is notable because it is an overall product with a mid-range price point, and you receive more value for the price.

Before Fortinet FortiGate, we had Cisco.

The only product that I have not integrated yet is the Unified SASE. This gives my team agility because as the Chief Information Security Officer, I do not have frequent contact with the platform, but my team has this interaction. 

On a scale of one to ten, I rate this solution a nine.

The SD-WAN feature of Fortinet FortiGate has been most impactful in maintaining our network's integrity.

Fortinet FortiGate's threat detection capabilities are good for our use because it's an internal firewall; however, we haven't enabled some of the features that are there. We've enabled IPS and antivirus generally.

They could improve the response time and quality of support.

I'm not sure what additional features they need to have in the future to make it better. For the purpose that we use it, it is doing the job, but I haven't explored some of the features.

I have been using Fortinet FortiGate for seven years.

I haven't had any issues with the stability or performance of the actual firewall. It has been fine with no bugs.

We didn't have to think about upgrading or anything; it does what we bought it for. If it wasn't for the end of support and the end of sale, we would not think about changing it. We are considering similar products for upgrading, maybe newer or bigger hardware.

The product is scalable. Currently, 120 people are using Fortinet FortiGate in my company.

I would rate their technical support about six out of ten; I'm not fully satisfied. They could improve the response time and quality of support.

Neutral

Fortinet FortiGate has delivered financial and operational ROI to my organization. It took about two to three years to realize ROI with Fortinet FortiGate.

At the time we bought them, I was satisfied with their pricing; I don't know how the new pricing will be.

We have to pay additionally for maintenance or support; it is not all included.

I would rate Fortinet FortiGate a seven out of ten.

We utilize Fortinet FortiGate appliances at six branch offices, one data center, and one DLP site. Our network is driven by SD-WAN, and we employ FortiGate as our firewall, FortiEDR for endpoint protection, and FortiSwitch for alerting on all layers of the network.

For me, the best practice is to deploy on-premises for data centers. However, for small branch offices with over ten to twenty staff members, I can deploy the devices remotely. We can provision our cloud and push the configuration to those devices from the cloud.

The visibility that FortiGate provides into our devices is crucial for network segmentation. I want to see the output in a specific way. The traditional approach has shifted slightly, as I'm accustomed to Cisco networking equipment. Typically, we have a call feature, but I'm currently using all the call features for internal routing. However, with FortiGate, most security subnets are segmented and protected behind the firewall. This allows me to lock down or secure sensitive subnets, such as HR or departmental information. I can log in from there, and all other subnets for client users require centralized access. This means that all traffic must go through the firewall, enhancing security.

FortiGate enabled us to achieve compliance with governance requirements. The FortiGate, along with fabric security and checkpoints, essentially act as regulatory checkers, reviewing our security practices against industry best practices and guidelines. If they identify any discrepancies, they alert us, allowing us to develop and implement mitigation plans to address the issues. For instance, if our SSH configurations don't meet security standards, such as algorithm or cipher requirements, FortiGate will notify us, enabling us to take corrective action and regain compliance.

We utilize API calls for FortiGate, including those related to our PRTG monitoring system. Additionally, we employ HVAC calls and leverage another MDR solution from Arctic Wolf to trigger specific events on the FortGate. This API functionality enables us to generate API keys and seamlessly integrate with API features across various platforms.

Integrating FortiGate into our environment is straightforward. Our transition from Palo Alto to FortiGate was seamless, utilizing our existing policies and migration tools. FortiGate also provides provisioning capabilities for defining branch office configurations. As long as branch office devices can access the internet to communicate with Fortinet Cloud, we can remotely implement provisioning for these devices, offering greater convenience for small branch offices.

The built-in APIs streamline integrations with other vendors, reducing deployment time. They effortlessly generate API keys upon logging into the Fortinet network, facilitating the deployment of our PRTT monitor tools. These tools seamlessly integrate with each other, fostering rapid deployment. Most platforms, including Cisco Meraki, Palo Alto, and Check Point, now adhere to industry standards and support API calls.

FortiGate has been instrumental in mitigating the risk of cyberattacks that could potentially disrupt our production operations. I am particularly impressed with Fortinet's cloud-based FortiGuard service, which continuously updates our systems with the latest zero-day attack protection, significantly reducing the threat landscape within our industry. Given the energy industry's heightened vulnerability to cyberattacks, we have implemented measures to restrict access to our network based on geolocation IP addresses. This includes restricting access from countries such as Russia and China, further safeguarding our environment from potential threats. Additionally, FortiGuard's regularly updated list of malicious websites provides an invaluable layer of protection for our industry.

In the event of a production-disrupting attack, we can utilize FortiManager to remotely isolate and mitigate the threat by shutting down specific subnets or networks. We can easily navigate through the unpacked data, and upon detecting a suspicious event, we can initiate automation or SOAR processes to notify the Cloud Service Provider team with whom we have been collaborating. Additionally, we can establish traffic alerts. For instance, since not all users access the AD server simultaneously each month, if we observe such suspicious behavior, we can remotely shut down that network, thereby minimizing our risk exposure.

FortiGate provides us with actionable insights to guide our decision-making regarding the appropriate actions to take. We generate 20 gigabytes of log data daily, which we utilize to establish a baseline for network traffic on our servers and compare it to our generated report. This approach allows us to set a threshold for the read volume of 20 gigabytes of FortiGate data attempting to reach a server from an external source. If this threshold is exceeded, an alert is triggered, prompting us to take corrective action. The centralized monitoring of our environment provides significant value.

Security is not a single, isolated element. It encompasses the entire network infrastructure, including firewalls, routers, switches, endpoints, and even mobile devices. The Fortinet Security Fabric seamlessly integrates these components to provide comprehensive protection. It generates detailed logs, including those from access points linked to FortiSwitch. The FortiSwitch, fully integrated with the FortiGate Fabric, relays security alerts to the FortiViewer in the SOC. This centralized view provides complete visibility into the network, including SSIDs, wireless networks, subnets, and devices protected by FortiClient. The Fortinet Security Fabric tracks individual devices connected to the network, including compromised laptops. FortiClient triggers alerts and sends them to FortiCloud, which also receives logs from the EMS server and the firewall. These logs are consolidated in the FortiAnalyzer and forwarded to the cloud-based log server for analysis. This comprehensive approach to security ensures that all potential threats are identified and addressed promptly.

FortiGate has contributed to a reduction in our operational expenses. Prior to adopting Fortinet, we utilized Palo Alto for firewalls and Cisco for call switches. However, as we began using Fortinet, we gradually transitioned to their products. Currently, we employ FortiGate for our firewall, FortiSuite, and FortiAP Access Points, phasing them in one at a time. This approach has effectively minimized downtime and lightened our workload by enabling centralized management through a single pane of glass.

FortiGate has significantly reduced our time to remediation. We can now check logs from servers, firewalls, switches, access points, clouds, and even devices from different brands, all from a single centralized location. This has greatly reduced the time required for threat hunting and security event investigation.

Fortinet has been instrumental in enhancing our cybersecurity approach to safeguard our industrial machinery. We rely on some heavy equipment that is critical to our industry's operations. To protect this equipment, we have isolated it on a single subnet and implemented strict access controls, allowing only authorized users and MAC addresses to access the network. This ensures that only internal staff can operate the equipment unless authorized maintenance personnel are present. The high level of security we have implemented is essential because our industry's operations are closely tied to the core applications of our industry. We are committed to safeguarding our equipment and preventing any potential risks.

I appreciate FortiGate's flexibility, which allows for centralized management through FortiManager. Additionally, its integration with FortiAnalyzer, which can be deployed in the cloud, enables centralized monitoring of all firewall logs.

Fortinet needs to overhaul its documentation. Our current reliance on outdated documentation has resulted in significant time wastage. While we can locate the necessary documentation, the constant daily revisions necessitate meticulous identification of the relevant documents to prevent the use of outdated information that could jeopardize our environment. At the very least, Fortinet should classify its documentation to clearly indicate the applicable version, as our attempts to do so manually are becoming increasingly tedious.

I have been using Fortinet FortiGate for over three years.

Fortinet FortiGate is stable. I have not encountered any performance issues.

Fortinet FortiGate is scalable. 

The speed of Fortinet's technical support is significantly faster compared to Palo Alto. I recall an instance where I experienced an issue with Palo Alto, and it took an hour to connect with a real technician from Palo Alto. However, when I call Fortinet, it takes a maximum of two minutes to get a knowledgeable individual to address my concerns. Considering the stark contrast in service levels, imagine having a network issue with Palo Alto and having to wait an hour for support. Conversely, with Fortinet, we can receive proper assistance within two minutes. The difference is immense. This is the one aspect I find lacking in Palo Alto.

The reason I don't give Fortinet's support a perfect score is that I've worked in this field for many years and have come to expect a certain level of expertise. Even when we call Palo Alto, Cisco, Check Point, or any other support service, our experience can vary depending on who we get on the phone. If we're lucky, we'll get a highly experienced expert who can quickly resolve our issue. However, we may also get someone who is new to the team or to their role, and they may take a long time to understand our problem. While Fortinet's support is generally excellent, I have had a couple of experiences where I felt like the person on the other end was inexperienced and asked me irrelevant questions. Despite these occasional issues, I am still very satisfied with Fortinet's support overall, but I wouldn't give it a perfect score.

Positive

We previously used Palo Alto for five years and switched to Fortinet FortiGate. Palo Alto is expensive.

The initial deployment is simple. We need to determine which interface is the WAN interface and which is the internal interface.

With Fortinet, we should prioritize a centralized approach to ensure synchronization and consistency across the network. This centralized management strategy will streamline the implementation of SD-WAN, as it allows for the deployment of standardized templates and traffic configurations. Centralized management also simplifies future modifications, as minor changes can be pushed down without requiring complete redesigns. Conversely, deploying SD-WAN without prior centralized management can lead to complexities and potential disruptions. For instance, if WAN interfaces are configured independently of SD-WAN, integrating SD-WAN later will necessitate removing and reconfiguring existing data, policies, firewall policies, and rules. This process can be time-consuming and error-prone.

For medium and enterprise organizations, FortiGate is more affordable. We can choose from a variety of bundles to find the right license for our needs. The software is reliable and easy to install, and it will run smoothly on our systems. FortiGate is priced lower than Palo Alto.

I would rate Fortinet FortiGate nine out of ten.

I compared SD-WAN solutions offered by companies like Cisco Meraki, and Palo Alto. I'm impressed with SD-WAN solutions in general, but I recommend considering purchasing Fortinet's SD-WAN solution, as it could lead to significant cost savings. However, proper planning and design are crucial before deployment to avoid incurring additional expenses due to rework. That's my suggestion.

Fortinet FortiGate is our primary security solution for network communication. It enforces segregation between the IT and OT networks. All communication, integrations, and other traffic between IT and OT must pass through the FortiGate, which inspects and controls it.

FortiGate also serves as our VPN concentrator. Both internal users and partners connect their VPNs to FortiGate. We manage the entire VPN process, including access control and security policies.

All web traffic within the organization flows through the FortiGate for inspection and security controls. We leverage FortiGate's UTM capabilities, including web filtering, intrusion prevention, and application control.

While we have several websites running behind FortiGate, they are primarily static content sites with limited business activity. Therefore, we utilize the basic WAF functionality within FortiGate instead of a dedicated WAF device. This approach has proven effective for our needs due to the low volume of transactions and sensitive data on these websites.

FortiGate also manages communication between our internal IT units. With five units in operation, efficient inter-unit communication is critical. FortiGate ensures secure and controlled data exchange between these units.

FortiGate provides us with both visibility and segmentation for our industrial devices. This allows us to achieve good segmentation and also gain a clear view of the assets that reside behind them. Now, if I need to find a specific asset within our industrial environment, I can simply access Fortinet and check the assets listed there. Additionally, FortiGate utilizes sensing technology that identifies the type of each device, further enhancing our overall visibility.

FortiGate helps a lot to reduce the risk of cyberattacks that could disrupt our production.

FortiGate enables centralized management of our organization's network and security operations, providing comprehensive visibility into our environment for proactive threat detection and mitigation.

The effectiveness of our response to a production disruption depends on the affected environment. Some environments have sufficient redundancy to continue operating without the system, while others require immediate intervention. To address this variability, we utilize a strategically deployed FortiGate across all environments. This firewall enforces pre-defined rules to manage traffic and data flow effectively, ensuring that disruptions are minimized and operations continue smoothly.

FortiGate provides us with actionable data, enabling us to make informed decisions. The visibility it grants into the devices operating within our environment empowers us to take timely action and safeguard them.

All our OT traffic traversing to and from our IT environment passes through our Fortinet FortiGate firewall, which helps to reduce our operational expenses.

The security fabric helps reduce our mean time to remediation.

Fortinet has helped us take a more serious approach to cybersecurity. 

The Intrusion Prevention System and the web filtering are both working well. The Deep Packet Inspection is also functioning properly, allowing us to see all network traffic, including encrypted data. I find the DPI to be a valuable and user-friendly feature. Additionally, the logs are clear and easy to understand. Having worked with Cisco and Check Point in the past, I can confidently say that these logs are on par with those of other leading security solutions. They greatly aid in troubleshooting, investigations, and general network monitoring. Overall, I am impressed with this solution's web filtering capabilities and robust IPS functionality. It is both easy to manage and deploy, making it a valuable tool for our network security.

While FortiGate offers a wide range of security features, I sometimes feel that the platform could benefit from more extensive improvements. Given the multitude of functions it provides, I wonder if the developers have enough time to adequately refine each aspect. However, for our specific needs, FortiGate currently performs adequately.

The debugging and troubleshooting has room for improvement.

I would like to see greater integration with third-party solutions. For instance, one example would be integrating Endpoint Protection with FortiGate, such that if an issue arises with Endpoint Protection, an action could be automatically triggered on FortiGate.

I am concerned about Fortinet's ability to help us meet regulatory compliance because its optimal functionality requires deploying all solutions within the mesh as Fortinet products. This raises questions about the compatibility and integration of non-Fortinet technologies within the Fortinet Security Fabric. 

I have been using Fortinet FortiGate for two years.

I would rate the stability of Fortinet FortiGate an eight out of ten. 

I would rate the scalability of Fortinet FortiGate an eight out of ten.

The technical support responds quickly.

Positive

I have worked with Cisco, Check Point, and Palo Alto. I worked with Cisco for ten years and I find Fortinet FortiGate to be a better solution.

The price is fair for what we get with FortiGate.

I would rate Fortinet FortiGate a nine out of ten.

Although we currently don't use any Fortinet devices designed for extreme environments, we are planning to test a few Fortinet switches in such conditions. This initial experiment aims to assess their performance and suitability for our harsh environment. If the switches perform well, we may consider switching our current supplier. While we don't frequently change our OT networks, prioritizing long-term stability has been our main objective, and we've achieved that so far. However, since Fortinet is our network supplier, testing their switches and confirming their reliability is a prudent step for when we need to update our switches.

Potential users should understand their needs before purchasing the solution.