Fortinet FortiGate Reviews

For IPS, IDS, traffic management, SDWAN, high availability, we leverage Fortinet FortiGate as a virtual appliance to secure our data center, internal office infrastructure, and site-to-site VPNS Site to client VPNS for our internal lab controls, rather than using physical Fortinet FortiGate hardware.

We implemented Fortinet FortiGate as part of our compliance requirements to address the high volume of intrusion attempts we were experiencing. This solution provides us with a insight on Intrusion to block these attacks and gain insights into who is trying to access our network. Essentially, we aim to understand the nature of incoming and outgoing network traffic.

FortiGate offers visibility into the types, brands, versions, and users of connected devices. This visibility is crucial for our industrial devices, as their reliable operation is essential to our business.

Fortinet Security Fabric empowers us to comply with regulations, governance, and compliance requirements across regions like the US and Europe, ensuring smooth operations for our global business.

FortiGate's built-in APIs enable us to integrate with the vendors of our choice.

Fortinet's FortiGate is easy to deploy in our environment thanks to its well-written and easy-to-follow documentation.

FortiGate is a highly benchmarked product that improves efficiency and adds value to our organization.

Although we don't see a benefit overnight, we gradually see the benefits of FortiGate over the years. It has provided a lot of insight into our organization's activities.

FortiGate significantly helped reduce the risk of cyberattacks that could disrupt our production. This has protected us against financial losses.

Fortinet has its management suite so it helps to centralize the management of network and security operations in our company. This helps us easily manage the issues and solutions that are required.

Fortinet FortiGate provides us with actionable data to inform our decisions about the most appropriate course of action. It delivers insights into resource consumption and compromised hosts, helping us identify the source of unauthorized login attempts. This comprehensive view allows us to understand what's entering our network.

Fortinet Security Fabric improved security across our industrial control systems.

Fortinet FortiGate helped reduce our mean time to remediate.

Fortinet FortiGate helped to mature our approach to cybersecurity for protecting our industrial equipment. The level of detail we can see regarding incoming traffic and ongoing activities is quite high. This detailed visibility extends to host configuration and other such aspects, providing us with valuable insights. As a result, Fortinet can provide a clear understanding of how to manage our network and quickly mitigate any issues that may arise.

The most valuable feature of FortiGate is FortiView which provides proactive monitoring. 

Ideally, I'd like to see most CLI configuration options exposed in the GUI to avoid manual command typing. However, there should be a more user-friendly approach than simply replicating everything in the GUI. Alternatively, some users might prefer scheduling tasks through commands for automation.

I have been using Fortinet FortiGate for over 12 years.

I would rate the stability of Fortinet FortiGate ten out of ten. As long as we configure FortiGate properly.

The technical support has improved over the years.

Positive

We previously used an open-source firewall, but we were looking for a solution that was more proactive, easier to manage, and continuously improved. FortiGate was a major competitor at the time and has since become one of the market leaders.

Initially, there was a learning curve during the deployment. We did have the help of local vendors.

If our policies are already in place, we can have the solution up and running in less than a day using a script. However, if we need to determine our policies while implementing the solution, it can take over a month to complete.

Fortinet FortiGate mitigates an excessive amount of manpower requirements because it is easy to manage and this helps contribute to a return on investment.

The price varies yearly and there could be additional costs to help manage the infrastructure. 

In certain markets, if an organization subscribes to their internet service they get a Fortinet firewall included in the cost.

We evaluated some of the leading brands. At the time we found FortiGate easier to administrate and handle. The interface was intuitive and the solution was affordable.

I would rate Fortinet FortiGate nine out of ten.

Fortinet FortiGate is one of the most user-friendly security appliances I've encountered. It has a gentle learning curve, and even beginners can configure it effectively. However, for a successful deployment, it's crucial to have a well-defined network layout, documented initial requirements, and a clear configuration strategy. While physical documentation isn't mandatory, a well-organized approach is essential. This includes using clear and consistent naming conventions for commands and rules, along with detailed descriptions within the configuration itself. This makes it easy for anyone to understand the overall logic and navigate the configuration from start to finish. It's important to note that my approach to policy management might involve unique syntax. This includes how I structure policy sets and identify which ones consume the most resources. Understanding how policies interact with other aspects, like implementation and rule execution, is also crucial. Ultimately, a well-defined naming standard is the foundation for a clear and maintainable configuration.

We use Fortinet FortiGate to safeguard our online users, who are primarily students, around the clock.

Over the past seven years, we've utilized Fortinet FortiGate to address a wide range of security challenges. Initially, we implemented a firewall to secure our network perimeter. Subsequently, we sought to protect internal network segments. Next, we implemented application-level security measures. And most recently, we've implemented selective service controls to manage access to applications like Google services, WhatsApp, and video conferencing platforms. These measures have addressed evolving security needs over time. Currently, we're focused on enhancing authentication and remote access security. To achieve this, we're implementing security tokens to verify user identities and ensure authorized access.

Fortinet FortiGate enables us to comply with regulatory governance and compliance requirements.

FortiGate is one of the security solutions we have implemented to enhance and protect our network infrastructure, including devices, across the campus for all users. Specifically, FortiGate has shielded us from Internet security threats, application threats, and unwanted websites or access to unauthorized web services. For instance, access to classified websites is restricted based on user permissions. This has resulted in a cleaner network environment, not just from a security standpoint but also in terms of overall network performance. Secondly, FortiGate has significantly alleviated the burden on network administrators and server managers. The product has proven to be highly reliable.

It has effectively reduced our risk of cyberattacks. We have experienced a very small number of incidents, primarily due to configuration loopholes. However, FortiGate has been successful in preventing intrusions from the Internet. It has effectively thwarted hacking attempts, making it a valuable tool for our computer and network security.

We operate in an educational setting and do not rely solely on online connectivity. Therefore, an internet outage would only impact academic activities. While some internet services are utilized within our campus primarily for business purposes, they are not entirely internet-dependent. Consequently, the impact of equipment failure is minimal. In the event of equipment malfunction, we have established contingency plans and alternative facilitating services in place. Additionally, our devices are designed for high availability, with two devices functioning as a backup in case one fails. We have not experienced any device failures to date.

It has streamlined the management of our network and security operations. While the machine itself doesn't provide an out-of-the-box solution, its effectiveness hinges on the expertise and security knowledge of its users. Therefore, engineering and security proficiency are paramount to maximizing the benefits of FortiGate.

FortiGate offers a lot of reporting logs and reports. By continuously monitoring these resources, we can gather sufficient information to take immediate action and implement necessary changes. However, the effectiveness of this approach hinges on having dedicated personnel to review and respond to the provided insights. The device itself cannot act autonomously without human intervention and analysis.

FortiGate has helped us reduce our mean time to remediation by 60 percent. Its user-friendly interface facilitates rapid issue resolution.

Fortinet FortiGate is an extremely user-friendly product. In terms of security, we have not experienced any security flaws or loopholes, and it has proven to be quite stable. Additionally, we have not experienced any downtime, which is of utmost importance.

The log analyzer, for instance, is a product being developed as a common solution for multiple FortiGate devices. Consequently, the log analyzer's functionalities are not fully integrated into the individual FortiGate products. I would prefer to have more detailed logs within the FortiGate products themselves rather than relying on a separate tool.

While Fortinet claims to offer a comprehensive network solution, it falls short in addressing computer application issues, particularly server security. Fortinet's capabilities are primarily focused on network security.

I have been using Fortinet FortiGate for over seven years.

I rate the stability of Fortinet FortiGate ten out of ten.

Fortinet FortiGate is a fixed configuration that depends on the number of nodes and devices.

The support from Fortinet and its vendors is good.

Positive

The initial deployment can be completed in a few days. Two to three people are involved in the deployment.

In the Asian economy in which we operate, FortiGate is expensive.

I would rate Fortinet FortiGate eight out of ten.

I'm not involved in the operation of industrial devices. We do, however, have devices that are part of laboratories, and they may be flagged during searches because we belong to the education sector. In any case, FortiGate provides protection, and I wouldn't know the extent of visibility there because it's primarily concerned with providing security for those devices. If they are connected to the network, alright.

We have around 1,500 users and over 3,000 devices that utilize FortiGate.

We are using Cisco for the core switch, and for the firewall and WAN security, we are using Fortinet FortiGate. For distribution switches, we are using Ubiquiti. 

We are using the 200F series of Fortinet FortiGate for our main branch and model 60 for our branch offices at five locations. We have connected a site-to-site VPN with Fortinet FortiGate. 

We have used multiple WAN ASPs and set up SD-WAN. It's quite interesting and user-friendly; essentially, anyone can configure it. All you need to do is go through the documentation, and you'll be able to set it up directly. We experimented with Cisco and other devices, but found them to be somewhat challenging. Additionally, there are commercial aspects to consider. However, with FortiGate, everything is bundled together, eliminating the need to pay extra for SD-WAN management.

Performance-wise, we have great output with SD-WAN in our network. Earlier, when we were using it without SD-WAN, it was very difficult, and our IT team's effort was greater. After this SD-WAN configuration, we have no need to worry about whether the link is going down or not. We just get the notification, and at that time, we work on it. There is no need to run behind that.

The only issue is their renewal pricing. For more than 10 years, we have been customers of multiple Fortinet FortiGate security devices, and every time, it's at a high price. It is very difficult for small companies, especially in India. If Fortinet can reduce the renewal price a little bit, it can expand and target small businesses as well. Currently, only medium and large-scale organizations can afford it. Startups and small companies cannot afford it. The renewal cost is very high. When we get the equipment along with the license, it's acceptable, but the next renewal after one or three years is very expensive compared to other firewalls.

We have been using Fortinet FortiGate for more than 10 years. It's the fifth device we are using. Earlier devices reached the end of life. After that, we moved to the next product.

Fortinet FortiGate is absolutely scalable enough for our needs.

We have more than 400 employees, and there are six branch offices connected. The branch offices are connected with site-to-site VPN, and multiple roaming employees or working from home employees are connected with SSL VPN. More than 100 people are connecting at a time. We only need two IT people to maintain the security devices.

We very rarely raised tickets with Fortinet. Only on one occasion, when the FortiCloud account was locked, we raised a ticket. Apart from the configuration part, we never contacted them. They were very supportive. With that particular ticket, we got help immediately.

Positive

We are also customers of Cisco and Ubiquiti. We have a core switch, 9000 series switches, and Ubiquiti equipment.

I have earlier worked with Cyberoam and Sophos as a partner. They have a range of devices, and the renewal price is also lower in Sophos compared to Fortinet FortiGate.

I was involved in the deployment of Fortinet FortiGate. The deployment process of Fortinet FortiGate is very straightforward, and since we have experience, it's very easy for us. Even for freshers, if they have basic theoretical knowledge of the setup, they can easily implement it. 

It's deployed on-premises. We are not planning for the cloud. Our clients are not comfortable with the cloud solutions.

We deployed it ourselves with one or two people for the deployment.

The renewal cost is much higher than other firewalls. It is not reasonable.

I would definitely recommend Fortinet FortiGate to others. 

My experience with Fortinet FortiGate has been good overall. I would rate Fortinet FortiGate an eight out of ten.

The main use cases for Fortinet FortiGate are in the data centers, mainly for web filtering, IPS, and IDS.

The best features of Fortinet FortiGate are UTM, web filtering, and IPS. We have Palo Alto firewalls in place. The ease of integrating SD-WAN capabilities depends on the requirements of the customer.

Fortinet FortiGate is a very light product. It's easy to understand.

Fortinet should improve its software, as we are seeing lots of firmware versions generated for each vulnerability issue. It becomes difficult for us to keep updating the firmware frequently due to bugs. 

We would like to see the SSL VPN feature included again in Fortinet FortiGate since it was removed from version 7.6.3 onwards. 

For DDoS protection, there can be more features in Fortinet FortiGate.

We have been using Fortinet FortiGate for about 15 years.

It is stable.

As implementers, we find it easy to scale up.

We have about 100 people, and we are using Fortinet FortiGate 60.

I would rate Fortinet tech support a nine out of ten based on my experience.

Positive

We also work with Palo Alto firewalls. The main difference is in the software. Palo Alto's database is also updated for threat analysis. If you are installing a Palo Alto firewall for the first time, it is a bit complex, but with Fortinet FortiGate, the implementation is easiest, as the tabs are easy to understand.

I would recommend it. It is user-friendly.

I would rate Fortinet FortiGate as an eight out of ten.

We use Fortinet FortiGate as our security and routing solution.

We implemented Fortinet FortiGate to enhance our security posture by blocking and restricting access to certain websites and securing our VPN traffic. 

Fortinet FortiGate offers enhanced visibility and segmentation for our industrial devices, a crucial process when some machines utilize systems demanding high-level security.

We have implemented Fortinet Security Fabric on our VM infrastructure, and it has provided great service in helping us meet regulations, governance, and compliance requirements. This is important to us because Fortinet Security Fabric connects to our sandbox, allowing us to scan shares across all clusters and enabling FortiGate to resolve any online issues.

Fortinet FortiGate has enhanced our organization's security by enabling secure VPN access and restricting access to social media sites, thus ensuring that employees can focus on their work. We saw the benefits of FortiGate within weeks of the deployment.

FortiGate helps reduce the risk of cyberattacks that could disrupt our production by isolating the affected traffic and creating a log for us.

It also helps to centralize the management of our network and security operations.

The centralized management allows us to access all of our firewalls and policies using a single interface.

Fortinet provides actionable data to help us make informed decisions about the actions to take. For example, if one of our firewalls goes down, the solution helps us rectify the issue by providing details on the problem and how to address it.

By consolidating the numerous individually connected batches, FortiGate helped us reduce operational expenses associated with the extra costs they incurred.

Fortinet FortiGate has helped us mature our approach to cybersecurity for protecting our industrial equipment. Their knowledge and daily webinars on email security and virus prevention have empowered us to stop attacks and maximize our efficiency.

The most valuable features are SD-WAN, application control, IPS control, and FortiSandbox. These features help reduce our downtime, manage the ISPs, and deploy SLAs for all the website traffic.

The graphical user interface of Fortinet's FortiGate product does not function well with text-based interfaces. This functionality should be improved.

I have been using Fortinet FortiGate for seven years.

I would rate the stability of Fortinet FortiGate a ten out of ten.

While Fortinet FortiGate firewalls are scalable, upgrading to a new version or adding hardware requires purchasing a new license to migrate the old backup to the new firewall. 

While the technical support team is knowledgeable, their response time to support tickets is concerning. It typically takes them 48-72 hours to respond, which significantly disrupts my work.

Neutral

While we previously used the open-source PSS firewall, it lacked the layered security architecture offered by Fortinet FortiGate.

We migrated to Fortinet FortiGate for its superior control, in-depth scanning, and ability to minimize cybersecurity risks, features not offered by other firewall solutions.

The initial deployment is easy. The solution can be installed by following the on-screen prompts, and the policies can be implemented through the interface dashboard.

Deploying the system takes one full business day. We begin by gathering user requirements from each department, as they have varying policies. The policies are implemented department-first, followed by branches. Finally, VPNs are generated for remote users. Two people are required for the deployment.

The implementation was completed in-house.

Since implementing Fortinet FortiGate, we have observed an increase in user productivity, which translates to a positive return on investment.

While Fortinet FortiGate has a higher price point compared to Sophos XG, its user-friendly interface justifies the cost. Additionally, its fixed pricing structure eliminates concerns about surprise fees.

After evaluating Sophos XG and finding its interface overly complex for our needs, we opted for the user-friendly interface of Fortinet FortiGate.

I would rate Fortinet FortiGate an eight out of ten.

We have one person that deals with maintaining Fortinet FortiGate.

We have 1,100 users in multiple cities and departments using FortiGate.

The Fortinet FortiGate 60F is a good choice for organizations to begin evaluating firewalls.

We've deployed FortiGate on some customer premises. We've also deployed other Fortinet products, such as FortiMail and FortiManager. We often bundle Fortinet devices. We use FortiGate as a firewall. It is for security and protection. 

The solution has helped our clients secure their network efficiently. It offers security across multiple sites and helps monitor traffic effectively.

It's very good and very stable for businesses. It works very well. 

The UI is better than the alternatives. 

We like using Fortinet devices. They integrate well with one another.

Fortinet provides good visibility and segmentation.

Fortinet's devices are purpose-built to operate in various environments. It operates well across clouds. We can run Fortigate as an MSP.

It helps with intrusion prevention specific to various environments. It provides us with details about the traffic for better monitoring. 

FortiGate has helped reduce the risk of cyberattacks that might disrupt our client's production. 

The product provides policies for strict monitoring to make the network secure. If something hits against a policy, it will be blocked.

We'd like to see the product offer higher discounts to users. They should offer special pricing to premium partners and customers. 

The company has been using the solution for the last five or so years. I've maybe used it for three years.

The stability depends on the FortiGate model. You need the right model for the amount of GB traffic. If a customer deploys a smaller model on more traffic, there may be issues. Otherwise, it handles traffic well. Overall, it's a stable solution. I'd rate stability nine out of ten. 

Our clients are quite sizable. One of them is one of the biggest telecoms in our country. We also have smaller customers that deal with smaller FortiGate models. We have a variety of customers of different sizes from around the country.

It's a scalable solution. I'd rate it nine out of ten. 

Technical support is good. They offer very accurate solutions. We learn a lot from them. We're happy with their level of service. 

Positive

We typically deploy the solution to our client's VMs. The deployment sometimes takes about a month. We have a team of 12 people who work on the FortiGate side. 

Their services are good, and we are happy to work with them, however, the pricing could be cheaper. 

We're a Fortinet partner. 

If we have the option of which firewall to choose, whether Fortinet, Cisco, Juniper, et cetera, we will choose Fortinet. We're very comfortable with their devices. We have a very skillful team, and we've become very comfortable with Fortinet. They have good support as well.

I'd rate the solution ten out of ten. 

Our customers use these devices as security devices, and we sell these devices to our customers. We also use it ourselves. We have the entire lab, and we use some of the functions in our local network.

It protects our customers' networks from viruses and threats.

The firewall, IPS, and VPN functions are the most valuable features. The antivirus functions are also good.

It works very well. It has a lot of different functionalities. Its cost is also fine for our customers.

In some cases, its initial setup could be hard for customers.

I have 10 to 12 years of experience with these devices.

Their devices are quite stable. We have not had any problems with the operating systems or maintenance of subscriptions. It is a robust device.

In most cases, they work very fast. It also depends on the device they are supporting. In the case of FortiGate, we do not have any complaints, but when we had to buy the FortiADC solution for one of our customers, we faced quite a few difficulties with technical support. I do not know why, but it could be that some devices are supported by different teams in Fortinet. We had difficulties with FortiADC, but we have not had any problems with FortiGate. I would rate their support for FortiGate a nine out of ten.

Positive

We worked with Cisco and Check Point firewalls. We worked with Cisco ASA for a long time. We worked with it for about five years, and we were happy with it, but it was old-fashioned. We went to Fortinet and started working with this company. 

FortiGate has good security functions and high-level technical documentation. Their documentation is very easy to understand. 

FortiGate's performance is also better than Cisco ASA. It has 10 VDOMs. It is a great function because you can add virtual functions for different groups in your network. It is quite useful.

It is deployed on-premises. Our customers prefer to deploy not only Fortinet devices but all security devices on-premises. They rarely use cloud licenses. Some customers only buy it from us, and for some customers, we also set it up.

Its setup is easy for us, but not every company wants to use our service for setting it up because of the cost. They prefer to install it themselves. In some cases, it could be hard for them.

In terms of the implementation strategy, we first try to understand what problem a customer wants to solve by using FortiGate. We collect a lot of information about a customer's network, such as protocols and devices being used. We try to prepare this device in our local lab. We preload the device and send it to the customer, and then we finalize the installation in the customer's building.

We have very technical staff, and we do not have difficulties with installations. We have had situations where customers do not have much experience with it, and then we recommend them to go for certain features such as IPS, antivirus, etc. 

The deployment duration depends on the size of the environment, but generally, it does not take more than one or two months. 

Generally, two to three people are required for the deployment.

For maintenance, our customers have technical staff. They regularly check and ensure that all the functions are working. We are glad to help them if they need any help.

We have seen an ROI. We have bought a lot of these devices, and we have had a good experience with them. It has saved us a lot of money.

It is quite affordable for our customers. There is a separate cost for IPS, antivirus, web filtering, and other features. They have a great choice of licenses. You can go for the license that you want, which is quite useful.

You have to buy a support license for FortiCare. In most cases, people buy the UTM bundle that comes with IPS, web filtering, and FortiCare. 

They are on the right path. They have improved a lot over the past 10 years. Fortinet is one of the leaders in security devices along with Cisco, Palo Alto, and Check Point.

I would rate Fortinet FortiGate a nine out of ten. It is stable. It has quite a lot of features, such as IPS, VPN, etc. It is affordable for our customers. It is a good choice.

There are various use cases for Fortinet FortiGate, including firewall protection for internet access, data centers, branches, and SD-WAN. We use the firewall in multiple locations throughout our network, taking advantage of its many features, such as the promising CDR feature and security profiles like the WAF filter and application DNS security. We deploy these features in different parts of the network. Additionally, some customers use Fortinet FortiGate in the cloud to safeguard their cloud servers within platforms like Microsoft tenants.

Our customers are using Secure SD-WAN for connecting different branches. For example, oil and gas companies have different branches all over Egypt, which are not in the main city, so they need a secure connection and stability for certain protocols, such as voice and things like that. They also need visibility. They need to understand which applications are consuming SD-WAN. 

Some of the customers are also using SD-WAN for load balancing. For SD-WAN, you need at least two internet connections, so some of the customers are using it as a load-balancing technique. Overall, there are a lot of features for which customers are using SD-WAN.

For our customers, Secure SD-WAN is very useful for giving the right priority to the applications and controlling the proper use of the application.

Secure SD-WAN's interoperability with other systems and applications in the environment is very good. The integrated application protection provided by Secure SD-WAN is also good. There is a very good integration with all the applications and portfolios. We don't integrate the firewall with the application itself, but it does what is needed to control and reroute the traffic.

Secure SD-WAN has a lot of benefits. There is a calculator on Fortinet's website. When you feed the right information to that calculator, it tells you how much money you will save by acquiring SD-WAN. The first benefit is that you're going to save money. Instead of buying multiple ISP connections, MPLS, and other such things, you can use the normal internet and apply SD-WAN on it, so you can save a lot of money. You also don't need to increase the bandwidth. SD-WAN helps with the routing of your traffic and the optimum use of your links. It's efficient and secure, and it saves you a lot of money, and of course, there is the security of the firewall that's applied on SD-WAN. If we're comparing it with other vendors like Cisco, you are not getting the firewall features.

It's very efficient. There is a lot of visibility. It reduces the number of incidents. If there is any problem, you can immediately log in to the firewall, and you will know if there is a notification about bandwidth consumption or any other issue, or if there is any drop in connectivity. It makes the operation very easy. It makes it easy for the teams to respond to incidents and manage issues. SD-WAN helps to remediate threats more quickly and efficiently because, with SD-WAN, there are a lot of applications going through different links, so if you can know which link an application is using and what's on the link, you can make the right decision in a very fast way to fix it. It provides both visibility and efficiency.

It reduces your mean time to detect (MTTD). In the new version, which is version 7.x, of the FortiGate firewall, through the main dashboard, you can know what is going on. If you've done the dashboard and you're putting these statistics in front of you on a screen, once you look at it, you'll know what's going on and what's the problem. It, of course, will give you the tools and the right information to reduce the time to solve.

It's hard to say whether it has reduced help desk tickets because it's more on the operational side, but it helps them a lot. The operations team is not handling the firewall. It's either the network team or the network security team. Generally, once it's up and running, it just works. It's different from having an antivirus or something else that can be changed from day-to-day activities. With this one, once you turn it on, the service will be stable unless you have a problem with your internet. It doesn't cause a lot of problems.

In terms of helping to future-proof business, from a partner perspective, it gives you a lot of flexibility to enhance the customer network. It opens a lot of doors for sales, for a new business, and for new potential. That's from the partner side. From the customer side, you can save money and solve a lot of problems. If you need to connect with a few branches all over the country, it's efficient. You don't need to travel for five to ten hours to reach the second branch. If you have proper SD-WAN technology and it's connected in a good way with good vendors, you can save a lot of time, effort, and money. You can have proper connectivity between branches as if the guy you are talking to is next door. So, SD-WAN gives a lot of benefits at the vendor level, partner level, and customer level.

Fortinet FortiGate is user-friendly and affordable.

When it comes to Secure SD-WAN, ease of use is valuable. The visibility and reporting are also valuable. A cool thing is that SD-WAN is free of charge with the Fortinet firewall. You can just use it just by using the Fortinet appliances that you already have in the branches. You cannot have appliances from different vendors. Fortinet customers can use the feature in a very easy way. It takes one click to integrate with the firewalls. It's very very easy to deploy. You don't need to build anything.

In the past, NSS Labs was utilized to test files and verify the numbers and datasheets. It would be beneficial to have an organization or testing lab that can verify the numbers in our datasheets since changes are frequently made, which can be inconvenient for review. For instance, when comparing different competitors such as Forcepoint, Palo Alto, and Check Point, the throughput or numbers in the datasheet may be lower than the actual numbers. Conversely, Fortinet typically reports very high numbers, but they cannot be replicated in the real world. Therefore, it would be advantageous for them to partner with a neutral testing organization such as NSS Labs to validate these numbers, thus providing more credibility and comfort to everyone regarding the accuracy of the datasheets.

For the migration, everyone has a firewall in use and I am selling Fortinet. Typically, I am replacing another firewall. Previously, there was a tool available to convert configurations from one firewall, such as Palo Alto, to Fortinet, but this tool is no longer free. If it could be made free again, it would be very beneficial. This tool shows a lot of promise and is very good. Making it free would help many companies deliver their products in a more efficient and integrated way. It would also be more valuable to include the tool with the firewall package or license instead of having to pay extra for it. Paying extra puts more pressure on small companies to deliver the firewall and complete the configuration, especially if they have hundreds or thousands of policies. It's very painful to move through these policies line by line.

The stability has room for improvement.

When it comes to Secure SD-WAN, everything is fine. They are going the right way. SD-WAN is very promising. They can provide the SD-WAN solution separately, but they will not take this approach because even the smallest firewall can support the features, so there is no need to have a separate service or appliance. They are following the right steps, and there is nothing to be improved. Feature-wise, I'm really satisfied with the new release, and the features they have added. For now, it's fine.

I have been using Fortinet FortiGate for seven years, and I have been using Secure SD-WAN for two years.

Secure SD-WAN is stable, but when it comes to the firewall, sometimes there are issues with the throughput and related factors. Improper handling of these can lead to a memory surge, a well-known bug that can cause the entire system to freeze. When this happens, the system appears to be running but no traffic is processed, causing disruptions to applications, users, and overall internet connectivity. This can be confusing because the firewall appears to be functioning correctly. Typically, the solution is to restart the firewall. However, when we contact support, they require logs before restarting, which can be challenging in urgent situations. As a result, we prioritize quick resolution over troubleshooting. This is a common drawback of the operating system.

I'd rate Fortinet FortiGate's scalability an eight out of ten.

While the technical support offered online and on-site is generally effective, there may be occasions when we need to escalate an issue to a higher level due to its complexity. 

I initially sought assistance from level-one support, but they were unable to resolve my issue. Eventually, they informed me that the problem would be addressed in a future patch. However, within a day or two, a level three engineer intervened and provided me with an update to resolve the issue. He explained that it required a command line configuration, as it couldn't be done through the graphical user interface. I was impressed with the level-three engineer's expertise and problem-solving skills. It taught me that if we persist and communicate our needs, we can achieve our desired outcomes.

Positive

The initial setup is straightforward. We need to determine whether the firewall will be positioned in an active-standby or active-active configuration. Based on this decision, we will choose the appropriate license. If the firewall is intended for use with the Internet, we will need to include features such as a full DNS filter. However, if it's being used in a data center, these features may not be necessary. Additionally, we need to consider the speed of the interface, 1G or 10G, and the expected amount of network traffic to properly size the firewall model and ensure proper throughput. This is the initial phase of the process. Once the firewall has been deployed, it's a matter of connecting it and configuring policies. 

When it comes to the deployment model of SD-WAN, my customers usually buy the appliance. They already have FortiGates, so we're just connecting firewalls to each other. In Kuwait and Egypt, there are mostly on-prem deployments. It's rare to have someone deploying a firewall on the cloud, and if it's deployed on the cloud, it's for a certain reason. It's not for SD-WAN because you're not loading balancing or you don't need SD-WAN for cloud access. In the countries where I was responsible for its implementation, there was only on-prem deployment.

There is one single challenge with the deployment of SD-WAN, but it's not from the FortiGate side. It's from the customer side. You need to understand your traffic so you can get the best out of SD-WAN. For some organizations, it's huge because they don't know which application is doing what and which is more important than the other. Especially during the COVID years, a lot of applications popped up. Companies used to release an application every few weeks. To do a proper implementation, you need to understand your network, understand your application, and set your priorities. Once you do this, the implementation will be a piece of cake. If you have all the information, it will take a day or two days.

We implement the solution for our clients. One person can easily deploy multiple Fortinet products through the firewall including FortiAnalyzer for the logs, FortiManager, and FortiMail.

For SD-WAN also, one senior security engineer can do everything for a customer. The maintenance is easy. We haven't faced any critical problems with it.

We have experienced a positive return on investment by utilizing Fortinet's products. For instance, their website features a calculator for SDR, which enables us to measure the actual ROI in dollar amounts. We input our current expenses, the products we intend to purchase, and our connectivity plans, along with a few other details. At the end of the process, we receive data that indicates the amount of money we will save, such as two hundred thousand, for example. This provides us with clear and precise figures on our savings, making it an excellent tool.

Our customers have seen time to value with Secure SD-WAN. Its time to value is seen within weeks of implementation.

The price for the Fortinet FortiGate is reasonable. Secure SD-WAN is free of charge. If you have their firewall, it's free of charge. It's very tempting. Other vendors, such as Palo Alto, will charge you to have an SD-WAN license, whereas, with Fortinet, it's free of charge.

When purchasing a firewall, stability is non-negotiable. For small to medium businesses, Fortinet's affordability and ease of deployment make it a suitable option. However, for enterprise-level businesses, Palo Alto or Check Point would be preferred for their robust clients and immediate updates, despite the higher cost.

When comparing the pros and cons of Secure SD-WAN with other solutions, the challenge is not with SD-WAN. It's with the appliance that's offering SD-WAN, which is the firewall. So, the first comparison would be between the FortiGate firewall and other firewalls, and if the other firewalls are already offering the same service, the comparison will be between different levels, not just SD-WAN. There could be other firewalls that are more efficient or lower in cost or even more familiar to customers than Fortinet. So, the challenge is not with SD-WAN. The main reason I use SD-WAN on FortiGate is to get the benefit of the security profiles or security features of the firewall on top of the SD-WAN. Otherwise, I can use my internet router, the basic load balancing protocols, and the basic IP tunneling, and send some traffic here and some traffic there, and I'll save the cost. 

I'd rate Fortinet FortiGate an eight out of ten.