One drawback of Fortinet FortiGate is that they provide two types of models: one with a hard disk and another without. The model without a hard disk has very low ROM where you can store very few logs, after which you need to upload it to the cloud or purchase a firewall with SSD. That's the only drawback.

In terms of improvements for Fortinet FortiGate, they could offer evaluation licenses, as compared to Meraki, which provides a 90-day evaluation. In Fortinet FortiGate, they do not provide standard evaluation licenses; instead, we need to request them from the OEM through the account manager for POCs. If we want to conduct a demo, we need to work with real hardware. 

In comparison to Cisco, we have DCloud, which helps with providing demos to customers, but in Meraki, I need to reach out to them, book a lab, and they need to provide all the hardware. I need remote access and L3 engineers to program it; only then can I offer a real-time demo to the customer.

We haven't tapped into most of the functionalities that Fortinet FortiGate offers because we're using it just for gateway security. One of the things that I would prefer is a more expansive use of their analyzer. They could do more work on FortiAnalyzer in terms of the data and the information coming from it. I'm not sure if it is because the team managing our analyzer isn't giving us all the information that's required. It could be something based on our own usage of the platform. As we continue to use the appliance, we may learn more about the utility and functionalities that are offered.

From a support perspective, I had more issues that I didn't think the person on my case handled the way I was expecting. We called them for a geolocation issue and we didn't get any proper assistance.

Fortinet FortiGate is a very good device overall, though it can be improved in certain areas regarding the licenses, particularly the big one called unified threat management, which has many capabilities. The big license options have web filtering, IDS, and a lot of other things, but it's not like they are all good. That's the only thing I would change because the rest is very good.

Whenever I perform a firmware upgrade or any upgrade on a VM, there are instances where the routing gets lost in the configuration itself on the running VM. 

They have recently acquired a CNAP solution which should be integrated into FortiGate boxes natively for protection at any application layer. Since Fortinet FortiGate has Layer 7 protection, they should integrate that as soon as they can for threat detection and network detection. At the moment, if you don't integrate any third-party solution with a simple Fortinet FortiGate box, the box would not function as expected for superb protection. Compared to others, Palo Alto has more integration. 

I'm waiting for Fortinet FortiGate to be more mature in terms of integrating AI. They already have AI automation in the configuration, but that's just the configuration. They need to address AI in threat intelligence and how they integrate with threat intelligence sources to protect customers using their Fortinet FortiGate boxes or Fortinet FortiGate VM instances.

If you want to conduct some statistics or generate a report to understand the status of your configuration or filtering, you need FortiGate Analyzer for long-term data retention. FortiGate can only retain logs for 24 hours or 7 days. I'm not sure if it holds them for a longer period, such as for a month. It will be useful for assessing our strategy and monitoring our environment without investing in FortiGate Analyzer. It would be beneficial if Fortinet could enhance the FortiGate by providing more statistical and monitoring views for a longer timeframe, rather than requiring access to FortiGate Analyzer. Without Fortinet Analyzer, currently, I cannot see past events.

For Fortinet FortiGate, their code development would definitely be something they need to improve on to reduce vulnerabilities that need to be patched. 

Additionally, if I were to suggest another improvement, it would be their competitive pricing.

The AI with Fortinet FortiGate is not very well integrated on their devices, and their cloud infrastructure is not as good as Cisco's. 

The support is inadequate. The support staff I have dealt with lately are very rude. Some support staff are not up-to-speed with the technology. They basically read a script. If they don't know how to fix an issue, they send me to another engineer. 

I wish that they could integrate zero-trust technology into Fortinet FortiGate. I am not sure whether it has been done already, but if they could implement that, it would help significantly.

It's one of the more expensive brands.

FortiManager has not been my favorite. I don't use it and cannot say I really care for FortiManager for managing the firewalls. I primarily just access and manage the firewalls individually. Nothing else particularly comes to mind, as it has been a pretty good experience.

As of now, I haven't identified areas for improvement. However, once the firewall is in production and all traffic is shifted, I might be able to provide more feedback. The configuration part was challenging, especially converting configurations from another OEM to FortiGate.

I believe there is room for improvement in machine learning and AI in Fortinet FortiGate. I would like to see more automation regarding AI and machine learning in Fortinet FortiGate.

I have several concerns about Fortinet, however, regarding Fortinet FortiGate itself, they could improve their support system. It's hard to get a good engineer to help you.

Additionally, they lack a post-sale process; once the sale happens, they just vanish, and then you're on your own. That is my main problem.

The WAF is extremely limited. You can't create exceptions, for example. You can only enable or disable. You can create exceptions, however, they must be applied globally. 

I am doing my first implementation with SASE. With Google, it lacks a lot of app integration and a lot of features that the other competitors have.

Some features in Fortinet FortiGate need improvement as we discover when calling support that certain actions must be done from the command line. Not all features are available in the web UI. Features such as enabling multiple MPLS circuits can only be accomplished through the command line, so these need to be made available in the web UI.

Fortinet needs to improve customer support and documentation.

Its pricing can be better. I cannot think of anything else because it pretty much satisfies our requirements. I am comfortable with this product. 

The only issue that I have is with FortiNAC. The firewall is fine, but the FortiNAC interface is a little bit too jumbled or too complicated, not as straightforward as it is on the Fortinet FortiGate firewall and FortiAnalyzer. 

Their support's response time can be better. In the past six months, they took quite a long time to respond to the support tickets. I don't know if they are overwhelmed with too much activity, but for the last six months, the support has not been very good. Previously, it was very good.

They could simplify their deployment process, especially when customers have existing devices. The configuration approach depends on whether customers need to start from scratch or can utilize existing backups and rules. 

I would seek to improve Fortinet FortiGate by exploring additional features, such as SASE solutions that we are currently studying and implementing. The configuration could be made easier, particularly during initial setup. We need to ensure comprehensive utilization of all device features and learn best practices from other cases.

From my experience, I see that the datasheets of the Fortinet FortiGate portfolio need to be more accurate because correct sizing is essential. The datasheets should provide clear information when deploying features. 

When comparing Fortinet to all other vendors, I believe most features are available in Fortinet. I'm not sure if the DNS security license is available in Fortinet; if not, it is important to add Fortinet DNS security and sandboxing licenses. I know Fortinet has a separate sandbox solution, but I am unsure about sandbox features in the firewall. In contrast, Palo Alto has a DNS security license, email security, and WildFire license that serves as a sandbox solution.

We faced difficulties with the configuration because there are many features we could optimize using Fortinet FortiGate, but our reseller didn't have a good understanding of it. So, we just use it on a basic level, not with the best practice for using FortiGate.

I prefer Palo Alto over Fortinet FortiGate. Its IPS engine is not better than the Palo Alto version. The monitoring tool needs improvement, and the syslog configuration needs enhancement.

The management plane and control plane are not separated as they are in the same hardware devices, whereas in Palo Alto, everything is separated. So, if the CPU and GPU usage gets higher in the data plane, the admin also becomes unreachable.

The web filter in Fortinet FortiGate is not very useful. While you can add web filters in security policies, it is difficult to understand and not flexible to use.

Fortinet FortiGate frequently experiences IPS engine problems. 

Fortinet FortiGate has started implementing AI, however, it hasn't reached full maturity. Their AI solution doesn't compare to solutions such as Microsoft Copilot and SharePoint, primarily since AI relies on data, and Fortinet FortiGate focuses on perimeter defense and security rather than internal network data.

One notable limitation is the absence of honeypot capabilities, which competitors such as Palo Alto offer. These capabilities entice and trap attackers, allowing analysis of attack vectors. Fortinet FortiGate focuses purely on defense mechanisms without actively gathering intelligence about potential threats. This approach aligns with their mid-market focus, where such advanced threat intelligence features might be less critical than in enterprise environments.

We are pretty happy with it. If anything, I believe the web interface could be simpler, especially for someone who has limited networking experience. I mostly do administration, and I found Cisco to be the hardest major firewall manufacturer to deal with, with Fortinet FortiGate being the second hardest for me. In comparison, there's a bit of an easier and more user-friendly interface with WatchGuard.

At this moment, we believe that Fortinet FortiGate should be improved by injecting more AI because the kind of threats we are seeing are more ransomware threats. Fortinet FortiGate is able to ensure these threats do not enter, but we would prefer to see more proactive alerting mechanisms come out.

Their support can be better, and there should be better policies for immediate replacement in critical situations. Their replacement policy varies depending on the type of support subscription. With the standard support subscription, if the device goes down, the customer has to first ship the box, and then Fortinet sends the replacement. With the higher support, the customer has to ship the device after they have the replacement. It would be better for customers to get immediate replacements even with a standard subscription.

They should do a better job in testing when they put out a new release because when a new software version is released, it is not always stable or does not always have all the previous features working correctly. They should do more testing or launch a new version later when they have tested it more thoroughly. 

They already did a good job in their GUI, but they can make more features available in the GUI that are still only accessible through the command line.

Regarding challenges, customers initially faced issues like internet dropping, but after firmware upgrades, everything worked well.

I believe Fortinet should offer short and frequent training sessions, preferably in video format, whenever they introduce new features. These sessions should be around five to ten minutes long, allowing users and partners to quickly grasp the information without disrupting their daily tasks.

Long training sessions spanning one or two full days can lead to distractions and reduced focus due to continuous support calls. Therefore, providing brief and focused training snippets would be more beneficial for users.

With the web filter, when I go to post some websites under certain categories and open these categories, I experience some problems. 

Additionally, I face difficulties integrating Fortinet FortiGate with Active Directory. When I set preferences to use Active Directory users, it sometimes works and sometimes does not work. When I integrate Fortinet FortiGate with Active Directory and use this integration to make a web filter policy, the functionality is inconsistent. I have tried restarting the Active Directory domain controller and the firewall, but the problem persists. As a workaround, I use the MAC address of the user to define the settings.

Areas of improvement for Fortinet FortiGate include the need for more training and certification, especially when dealing with distributors globally, which presents challenges in product availability and delivery timelines.

There should also be more training and certification.

One of the most important areas for improvement for Fortinet FortiGate is the limited resources for tests. I was limited to a few interfaces for one month, and it would be great if Fortinet could improve these features in their test versions.

Since everyone is talking about AI, they should consider having AI embedded or working with developers in terms of AI to improve Fortinet FortiGate. 

The issue lies with features available in GUI versus CLI during configuration. When using GUI, I want to accomplish everything there, but sometimes it requires using CLI to ensure proper configuration.

Performance on the box and technical support are areas where Fortinet FortiGate can be improved. In their datasheet, they put the throughput as huge, but once you enable all the features of the box, the performance is impacted dramatically. In reality, it will be 20% to 30% of what they have mentioned in the datasheet.

Fortinet should improve its software, as we are seeing lots of firmware versions generated for each vulnerability issue. It becomes difficult for us to keep updating the firmware frequently due to bugs. 

We would like to see the SSL VPN feature included again in Fortinet FortiGate since it was removed from version 7.6.3 onwards. 

For DDoS protection, there can be more features in Fortinet FortiGate.

The room for improvement for Fortinet FortiGate is related to prices; the renewal prices have to be aligned with the customer's pockets, as at times they are very aggressive, leading to the possibility of changing vendors.

The anti-malware engine could use an upgrade. It should automatically classify and sandbox malicious packets with more granular controls, including providing details like TV numbers.

In my opinion, Fortinet FortiGate could be improved by making the appliance smaller than what we have here, as it is pretty big.

It contains every feature that is required. The things we require are already sorted out, so there isn't any scope for improvement as far as our requirements go. However, its price can be better.

Areas that have room for improvement in Fortinet FortiGate include support and GUI enhancement. While the GUI is already simple, further improvements would greatly benefit them.

Overall, we are satisfied with the product. However, we encounter occasional capacity issues. The FortiAnalyzer, being a hardware appliance, has limited expansion capabilities. As our organization has grown, we've outpaced the FortiAnalyzer's performance. The inability to scale the FortiAnalyzer to match our growth necessitates the purchase of new hardware. This is an area that could be improved. If we anticipate reaching the size of six countries within the next five years, investing in a solution that can accommodate such growth would be more cost-effective than repeatedly purchasing new hardware. The ability to scale the FortiAnalyzer in tandem with our growth would be a significant improvement.

I would like to see improvements in Fortinet FortiGate regarding the active-active scenario. The active-active scenario is supported but not recommended, whereas other vendors are implementing active-active without issues. Perhaps in the future, we could effectively use both firewalls to increase the throughput. If there are two boxes, they both should be able to work.

Other than that, I don't have anything. I'm very happy with the features.

Regarding improvements for Fortinet FortiGate, there is always room for improvement in any product. In information technology, things fade away quickly, and new technologies come in. It is how quickly each of these companies adapts to that and brings in more value to the customer.

I just don't like giving products ten out of ten. There's always something new that can be added or fixed.

The firmware updates are sometimes not stable. The stability issues can vary, sometimes happening once a month or quarterly. New firmware updates can occasionally introduce bugs, causing some policies to fail. We then have to raise a ticket, and Fortinet usually provides a fix within a few days.

The only issue is their renewal pricing. For more than 10 years, we have been customers of multiple Fortinet FortiGate security devices, and every time, it's at a high price. It is very difficult for small companies, especially in India. If Fortinet can reduce the renewal price a little bit, it can expand and target small businesses as well. Currently, only medium and large-scale organizations can afford it. Startups and small companies cannot afford it. The renewal cost is very high. When we get the equipment along with the license, it's acceptable, but the next renewal after one or three years is very expensive compared to other firewalls.

The main thing they have to improve in Fortinet FortiGate is the technical support; the rest of the features are good enough. We can handle them, but sometimes you really need support, and in that case, we are not getting it at the proper time. I have been mentioning this for the last two years.

There is a migration issue from 600D to 600E, as we are not able to export the configuration file to 600E. It should be like export and import in all variants.

I find the management console not very straightforward, so that's an area where Fortinet FortiGate can improve. They should simplify it and make it more user-friendly. In the next release, I would prefer a more simplified GUI; that's one area I would want to see a quick change.

Fortinet FortiGate could be improved in terms of user friendliness at the policy level and assigning URL based and keyword based features.

I want some additional features. For example, I want something to ensure that when we are using Google email or Microsoft email, or Google Workspace, emails can only be accessed on designated machines given to our employees. I would like them to access data from designated machines, not from any machine. It should work for designated mobiles and laptops. I don't know if Fortinet provides something like that out of the box.

They could improve the response time and quality of support.

I'm not sure what additional features they need to have in the future to make it better. For the purpose that we use it, it is doing the job, but I haven't explored some of the features.

Fortinet needs to overhaul its documentation. Our current reliance on outdated documentation has resulted in significant time wastage. While we can locate the necessary documentation, the constant daily revisions necessitate meticulous identification of the relevant documents to prevent the use of outdated information that could jeopardize our environment. At the very least, Fortinet should classify its documentation to clearly indicate the applicable version, as our attempts to do so manually are becoming increasingly tedious.

The area that Fortinet may improve is customer support. When you have an incident, situation, or open a case, the support is not as good as Cisco or other platforms I have tested. There are many opportunities for improvement.

While FortiGate offers a wide range of security features, I sometimes feel that the platform could benefit from more extensive improvements. Given the multitude of functions it provides, I wonder if the developers have enough time to adequately refine each aspect. However, for our specific needs, FortiGate currently performs adequately.

The debugging and troubleshooting has room for improvement.

I would like to see greater integration with third-party solutions. For instance, one example would be integrating Endpoint Protection with FortiGate, such that if an issue arises with Endpoint Protection, an action could be automatically triggered on FortiGate.

I am concerned about Fortinet's ability to help us meet regulatory compliance because its optimal functionality requires deploying all solutions within the mesh as Fortinet products. This raises questions about the compatibility and integration of non-Fortinet technologies within the Fortinet Security Fabric. 

We'd like to see what they will do when AI attacks are generated. They will need to ensure their prevention continues to be exceptional. 

The solution isn't missing any features. Maybe they could make some features more accessible, such as a way to translate directions between two networks that share the same subnets.

There are too many updates coming for VPN, and the VPN keeps disconnecting frequently, which I find problematic. It does what it's supposed to do, but I practically face reconnection issues with the VPN. 

Regarding the Fortinet FortiGate firewall, I don't have any input. My scope is limited.

In an incident, after a restart, Fortinet FortiGate did not connect to FortiGuard servers. Due to that reason, on the customer end, all websites got blocked. I don't know why this happened. The firewall of a bank in Sri Lanka rebooted yesterday, and after that, FortiGuard servers did not connect properly, blocking all customer environment websites.

The good things aside, there are improvements needed in the Fortinet FortiGate. My customers requested specific features to be included in the Fortinet FortiGate.

From a reporting perspective, there's room for improvement. They provide FortiAnalyzer through which one can get some enhancements, but the visibility and reporting still need slight improvement. Recently, a customer had a requirement of getting some reports on their internet usage. Palo Alto has a bit better reporting than the Cisco and Fortinet firewalls, but we cannot get granular details about the user-level security, usage, etc.

Their support also needs improvement.

The user interface of the Fortinet FortiGate management console could be more intuitive and user-friendly, and the log analysis and reporting features could be enhanced to provide more flexibility and customizable insights.

The solution could be improved by addressing limited local reporting. It requires obtaining the FortiAnalyzer for proper visibility because you can't do much from a reporting perspective with just the firewall alone.

In terms of convergence, it is a good solution, but it can be better. FortiGate has the capability to support their switching and wireless platforms. They are quite excellent on their wireless side, but I found a couple of gaps in terms of how FortiGate integrates with their own switching platform. There are some gaps there.

Ideally, I'd like to see most CLI configuration options exposed in the GUI to avoid manual command typing. However, there should be a more user-friendly approach than simply replicating everything in the GUI. Alternatively, some users might prefer scheduling tasks through commands for automation.

The log analyzer, for instance, is a product being developed as a common solution for multiple FortiGate devices. Consequently, the log analyzer's functionalities are not fully integrated into the individual FortiGate products. I would prefer to have more detailed logs within the FortiGate products themselves rather than relying on a separate tool.

While Fortinet claims to offer a comprehensive network solution, it falls short in addressing computer application issues, particularly server security. Fortinet's capabilities are primarily focused on network security.

There should be some open-source training or free training for decision makers, or some webinars should be available. These would help understand the new product line and the existing product line features. 

Additionally, it would be helpful to have comparisons between competitors such as Cisco, Juniper, and others with Fortinet FortiGate.

The graphical user interface of Fortinet's FortiGate product does not function well with text-based interfaces. This functionality should be improved.

They can improve the backend functionality of Fortinet FortiGate, particularly how the policies work in a real-time environment. Improving this aspect can ensure that policies work effectively.

We'd like to see the product offer higher discounts to users. They should offer special pricing to premium partners and customers. 

In some cases, its initial setup could be hard for customers.

In the past, NSS Labs was utilized to test files and verify the numbers and datasheets. It would be beneficial to have an organization or testing lab that can verify the numbers in our datasheets since changes are frequently made, which can be inconvenient for review. For instance, when comparing different competitors such as Forcepoint, Palo Alto, and Check Point, the throughput or numbers in the datasheet may be lower than the actual numbers. Conversely, Fortinet typically reports very high numbers, but they cannot be replicated in the real world. Therefore, it would be advantageous for them to partner with a neutral testing organization such as NSS Labs to validate these numbers, thus providing more credibility and comfort to everyone regarding the accuracy of the datasheets.

For the migration, everyone has a firewall in use and I am selling Fortinet. Typically, I am replacing another firewall. Previously, there was a tool available to convert configurations from one firewall, such as Palo Alto, to Fortinet, but this tool is no longer free. If it could be made free again, it would be very beneficial. This tool shows a lot of promise and is very good. Making it free would help many companies deliver their products in a more efficient and integrated way. It would also be more valuable to include the tool with the firewall package or license instead of having to pay extra for it. Paying extra puts more pressure on small companies to deliver the firewall and complete the configuration, especially if they have hundreds or thousands of policies. It's very painful to move through these policies line by line.

The stability has room for improvement.

When it comes to Secure SD-WAN, everything is fine. They are going the right way. SD-WAN is very promising. They can provide the SD-WAN solution separately, but they will not take this approach because even the smallest firewall can support the features, so there is no need to have a separate service or appliance. They are following the right steps, and there is nothing to be improved. Feature-wise, I'm really satisfied with the new release, and the features they have added. For now, it's fine.

The SD-WAN functionality is a bit overly complicated and not fully documented.

The documentation available for Fortinet FortiGate should be improved. Often, I find documentation of older models and not the latest version of Fortinet FortiGate. I have to often utilize the older documentation and reengineer the information for the latest model of Fortinet FortiGate. 

There are competitor products in the market that can monitor all logs, which are referred to as SOC; Fortinet FortiGate should have such in-built features. The solution should be able to implement machine learning and analytics of all the logs for threat detection and protection. 

Currently, I am working on improvements. One of the main areas is the processing and integration of new features. In my opinion, refreshing the CPM technology with zero-trust access could enhance its performance.

FortiGate can improve its token system, as it requires a purchase before use. Additionally, the VPN system could be more efficient, especially regarding VLAN passing through, which is currently a limitation. Another suggestion for improvement would be better timezone coordination for customer support. Currently, there are issues with calls coming at inconvenient times due to timezone differences. Another area for enhancement could be the response time for support tickets, as there is a delay of at least twelve hours, even for urgent tickets, which can be frustrating.

Palo Alto has a feature called WildFire Analysis that is unavailable in FortiGate. WildFire is better than a sandbox because it can address zero-day threats and vulnerabilities. It can immediately identify zero-day threats from the cloud. 

Fortinet uses a separate solution called FortiSandbox. It needs to download signatures to identify malware, which takes significantly longer. WildFire is a cloud-based platform that collects threat information from users worldwide. 

Fortinet technical support is lacking, as OEM support is slightly better. Improvement in their technical support could include response time as well as having more technically sound people in tech support.

The advanced models are expensive.

The process of configuring firewall rules appears excessively complex. While FortiGate offers greater functionality than other firewall solutions, its user interface could benefit from simplification.

I would like the log viewing process to be improved to provide a clearer understanding of the logs.

I was not looking after the operations part, but sometimes, I did get engaged in some critical activities related to operations. There are some caveats in every product. Tunnel flapping was one of the major things I had seen wherein your internet link remains but your VPN tunnel is down. However, since I got a fix from the TAC team, I have not noticed it, but the customer complained a few times that they couldn't access the internet because of this problem. There were tunnel issues where there was already established connectivity, but at the kernel level, there were some issues. For example, there's a feature for auto-site connectivity wherein whenever it automatically creates a new tunnel, at the kernel level, it also creates an interface. Sometimes, that interface crashes and a new interface could not be created, which results in connectivity loss. 

Fortinet has established itself in the SMB market segment. It's doing pretty well in that space, but when it comes to the enterprise segment, they are lagging a little bit. It all boils down to the performance of the hardware. If I enable all of the security features available on my device, the throughput degrades quite a lot. If I have put 10 GBPS of throughput on a firewall and I enable all of these features available, such as IPS or UTM functionalities, the throughput comes down to 1 GBPS.

Though the tool's GUI is user-friendly, it can be considered as an area with certain shortcomings where improvements are required.

There is room for improvement related to the logging and reporting aspect. It was somewhat challenging as I delved into the logs during an incident. Navigating through the logs to trace the specific information we needed, as well as generating the corresponding report, proved to be less intuitive. In comparison, when considering Sophos XG, which we also use, the logging and reporting functionality is notably more efficient.

Improvements for Fortinet FortiGate could be made by making it easier to implement on networks and simpler to add users and accounts that utilize this solution. That's basically the only challenge that I see.

Fortinet should focus on enhancing the capabilities of FortiGate by consolidating its various products, such as FortiGate Cloud, FortiManager, and FortiAnalyzer. Currently, these multiple products often confuse users and clients. It would be beneficial if Fortinet could offer a comprehensive integrated solution instead of separate products that cause user confusion. By providing an integrated solution, users would have access to all features and functionalities within a single window, eliminating the need to navigate through multiple windows. This approach would greatly improve the user experience.

In their IPS Web Security Gateway, the reporting functions need to be a little bit more user-friendly for how to get the reports from it. That's one of the reasons why we don't use that function.

With the reports, you can see it, and you can get good feelings so upper management can go, "Oh, wow. That looks pretty." However, it's very basic.

For Fortinet FortiGate, I am not sure yet what can be improved or enhanced because currently, I am comfortable with this solution.

When we first started, Fortinet was using a single appliance with a firewall module in the region. They later came up with many different solutions. I have also used FortiDB, but it has been discontinued. We have since removed it. We are looking forward to Fortinet considering a sandboxing solution. This would allow us to secure our database at that layer. I see the database area as being weaker. I would suggest that Fortinet add sandboxing to their solution.

There is some development gap. We had experienced bugs in their operating system. When we were planning to upgrade it, there was no patch available for a bug, and the support team was saying that they need to work on that. That's the part they should work on.

There are some complex administration tasks in their administration portal. That needs to be improved.

There are mainly two areas of improvement in Fortinet FortiGate— the licensing cost and the timing of upgrading licenses for boxes. FortiGate's renewal cost is quite high, and our customer care team also receives complaints about it. The renewal part of the firewall is expensive. If a customer pays for the license in advance, they may lose their privileges.

For example, if the license of a box expires in one or two months, and the customer wants to upgrade, there are three to four months between the operation and the end of the current license. If I purchase a new license, it will only take effect from that date. So, it fails in the backward fetch, and I am currently busy setting it up. But if the customer is not processing the card for six months, they will not benefit from the system.

The support we receive when we need to upgrade is not satisfactory and has room for improvement.

We sometimes have issues with FortiGate's routing table in the latest firmware update. We had to downgrade the device because our customers complained about bugs. 

At the moment, the main concern is the pricing and the type of licensing. Fortinet offers different types of licensing, and my idea is that the best approach is to have only one, two, or a maximum of three types of licensing.

The Fortinet FortiGate 60D Series poses a problem by causing a bottleneck when several users access their emails simultaneously, as the device consistently consumes 90 percent of the CPU resources.

The reporting could be improved. Currently, without the additional reporting module, we only have access to basic reporting. However, reporting is crucial for network security, and it should be included as a standard feature.

The price and technical support have room for improvement.

The pricing could always be better. It is very expensive. 

We'd like to see Fortgate include WAF services.

The maintenance of the product can be a bit difficult. 

We do not need any other features.

We'd like more management across other integrations. It would be ideal if it could centralize the management, and we could therefore manage all solutions under Fortinet instead of managing everything individually.

In some cases, depending on the module and the age, performance could be better.

I haven't had a single issue since using Fortinet. 

Improvements depend on your specific needs. Currently, it meets my requirements. Whenever I need something, Fortinet improves and updates the software for me.

My only complaint about FortiGate is a lack of QinQ VLAN tunneling. I haven't found this feature in any Fortinet product. You can do this on all Cisco routers, including the smaller models. However, QinQ isn't available on the biggest, most expensive Fortinet units. They still don't have that. I think now we're on software version 6.0, and they still haven't found a solution for QinQ. It isn't a dealbreaker, but that's my main complaint.

I can't think of an area of the product that needs improvement. Even the cost is okay. I have no real complaints. 

It would be good if they had fewer updates. Almost every update has bots that are either critical or something small yet valuable. Whenever I try to do an update, I always fear that something will break.

I don't really have anything negative to say as far as Fortinet firewalls are concerned. If anything, they can support a user a little bit better. They can stop being so time-sensitive about how much time the support call has taken, and they can help you do it yourself.

Some websites or proxies are not embedded in the correct category, and we need to update the Fortinet FortiGate database because numerous websites are appearing every day. Some websites are embedded in the wrong category which we can block, resulting in everything being blocked, so this database needs improvement.

The licensing cost should be more affordable than it is currently. The SD-WAN of Fortinet FortiGate needs improvement; when we create a group address, sometimes the rule doesn't work properly.

Regarding the Fortinet FortiGate database issues, some websites or categories that should be classified as proxy are in different categories. When we open that category due to some other website that needs to be accessed, some proxies are also opened. The FortiGate web filter categories need to improve their database for better control.

The updates Fortinet provides are sometimes unstable. We have to check everything thoroughly before any upgrade.

Fortinet FortiGate needs to improve the logging and reporting. Additionally, the next-generation application's policies should be improved. When they were released they had bugs.

With the addition of some features, it is possible that FortiGate can be used in all verticals.

While FortiGate is cheaper than most other solutions, we're seeing increased license renewal costs. Most of our clients are asking for more significant discounts because the price is going up. 

It would be nice if FortiGate incorporated some built-in endpoint protection features. I would also like a built-in SOC dashboard for managing multiple Fortinet firewalls. 

The routing capability on the FortiGate devices has room for improvement.

One of the features that I would like to have is endpoint protection, this should be integrated. For example, the firewall gets notified of any kind of forensic event that needs to be done, such as if there is a ransomware attack and how it originated, all those records have to be available from the firewall, which is not.

I don't see any area of improvement at this moment. I'm responsible for the IT infrastructure. I'm not a security specialist. The IT security is being managed by the CSO in our company. 

We had some issues in the beginning while setting it up, but after doing the firmware update, it is working fine.

Their support can be improved in terms of the response time and the quality of support.

There are some tiny bugs that sometimes affect the operations. In the past revision of it, there was a bug. Because of the bug, we had to downgrade the version. It happened only with the last revision.

Usually, we sell the bundle with the UTM or threat management piece with IPS, IDS. Other providers, such as Palo Alto, are ahead in terms of safe functionality. So, for me, delivering truly safe service is probably something that still needs to be improved.

Anything they can bring around safe service would be brilliant. At the end of the day, when we talk to customers about deploying, split tunneling, and looking at endpoint security, remote access or safe type of features would be useful.

What I'd like to be improved in Fortinet FortiGate is for it to have advanced WAF functionality. Even in FortiADC, WAF functionality is not supported for advanced attacks, e.g. mobile bot attacks. Fortinet FortiGate needs to improve its WAF function.

SD-WAN is also good in this product, but it still needs improvement, particularly in security. We saw some attacks last year, so they need to improve on that.

Their software support needs improvement. I would prefer to have better support for bug fixes. Sometimes, we open a ticket, and it is very difficult to get a solution. Specifically, we are not at all happy with their support for load balancing. 

The renewal price and the availability could be improved. We faced a lot of delivery issues because of the pandemic situation. We are a customer, but sometimes we have sister companies, so we deliver or order a few extra boxes. In these cases we are facing some delays, like three or four months. There are a massive delays in deliveries and they're saying that it's from the vendor itself. I don't know how long this will last or if it's just temporary.

Currently, FortiGate is providing SSL VPN. But they're missing some features that are available in Palo Alto's SSL VPN. Palo Alto provides a compliance check along with the VPN, and they have a very broad checklist. So Palo Alto's global protection can scan and check multiple things, and we can choose what access users can have based on compliance with policies. So I think this is one area where FortiGate can improve. Also, multi-factor authentication isn't native to FortiGate. If you want to incorporate multi-factor authentication, you have to add a secondary or third-party solution. 

We have never encountered any issues with it. The price and deployment part of Fortinet FortiGate is good, but it can always be better.

The platform's compatibility with Wi-Fi equipment needs improvement. Sometimes, the Wi-Fi units don't work, or one of the networks stops working, and we have to reboot the FortiGate client's endpoint.

The non-error conserve mode has room for improvement.

The improvement is related to logs. Instead of the CLI, we should be able to have more insights into the logs of the firewall in the GUI.

I faced a lot of issues when I was trying to deploy the firewall through FortiManager. The firewall is stable, but FortiManager is too buggy, and it doesn't work properly. It gives too many errors.

There are some issues with Fortinet SD-WAN. It's quite complex.

In the next release, the tool can have more features in a single box that can be multi-applied to integrate everything.

I would like to see improvements in the product's application rules. 

Fortinet FortiGate could improve the user interface. There should be more functionality and options through the GUI.

Fortinet FortiGate can be integrated with different platforms. They have integrations in place, but I can't say they're 100%.

It is quite new for us, and we need to go more in-depth into the monitoring tools. It provides different features that we need to do what we want. So far, it is okay for us. In terms of improvement, in the future, they can provide a faster implementation of features. Some of the features are first available in other solutions. Fortinet sometimes takes a little bit longer than other solutions, such as Check Point, to implement new features.

Price, of course, can always be more competitive or better.

If a customer has a requirement for firewall, security, WiFi, and analytics, it is good if we can propose a solution from the same vendor, but we have found that no distributor in Hong Kong has sufficient knowledge to deploy Network Access Control (NAC) solutions. They have a wide range of products, but apart from the popular ones, such as a firewall or an AP,  there is not sufficient support here in Hong Kong for NAC solutions.

Fortinet FortiGate could improve if it had a cloud-managed solution.

Fortinet FortiGate could improve by adding FortiAnalyzer to its solution, we should not have to use another solution. FortiAnalyzer can provide more detailed information.

I hope that Fortinet FortiGate provides a software define network(SDN) solution.  and provide the interface for the user. If we have the SDN interface we can develop our system to manage Fortinet devices.

I'm not sure if it's something that they already have or are developing something, however, we need some dedicated features for container security. Other vendors have developed some kind of specific product to protection. Containers now are very common, especially in the cloud. It's an area that needs to be addressed.

The solution could improve by being more secure.

The logging details need to be improved.

Its filtering is sometimes too precise or strict. We sometimes have to bypass and authorize some of the sites, but they get blocked. We know that they are trusted sites, but they are blocked, and we don't know why.

In terms of additional features, I don't have any requirements. It is okay for me. I do lots of things, and I still don't know everything about FortiGate. If I need something, it might already be there in FortiGate. 

The solution overall is quite good. It works how we need it to. I can't recall seeing any features that are lacking.

We haven't had any breaches in our organization, however, I have read in journals that there have been some issues.

There may have been some bugs after an update, however, that has since been resolved. We saw a few bugs in the web field and when we ran an update it was resolved in the new version. 

Some resources must be accessed via web fields. We were not able to access them at first. However, it was a simple task to fix it and that has since been resolved.

The pricing could be a bit better, especially when you consider how they have the most basic offering priced.

FortiLink is the interface on the firewall that allows you to extend switch management across all of your switches in the network. The problem with it is that you can't use multiple interfaces unless you set them up in a lag. Only then you can run them. So, it forces you to use a core type of switch to propagate that management out to the rest of the switches, and then it is running the case at 200. It leaves you with 18 ports on the firewall because it is also a layer-three router that could also be used as a switch, but as soon as you do that, you can't really use them. They could do a little bit more clean up in the way the stacking interface works.

Some use cases and the documentation on the FortiLink checking interface are a little outdated. I can find stuff on version 5 or more, but it is hard to find information on some of the newer firmware.

The biggest thing I would like to see is some improvement in the switch management feature. I would like to be able to relegate some of the ports, which are on the firewall itself, to act as a switch to take advantage of those ports. Some of these firewalls have clarity ports on them. If I can use those, it would mean that I need to buy two less switches, which saves time. I get why they don't, but I would still like to see it because it would save a little bit of space in the server rack.

The commercial side of things can be improved a bit. They have such a good product, and when you disable some features, it has to be commercialized for you to enjoy those features. Therefore, you are actually buying half a product. You have hardware there, and yet, your features are not enabled. The primary things, such as the antivirus, web filter, DNS filter, application intrusion, file filter, and email filter come with the general license. There are other things that you want to also enjoy in this system and you can't. 

There are SD-WAN network monitoring, SD-WAN features, Industrial Databases, Internet of Things, Detection, etc., however, we do have not licenses for those features. We thought that if you bought a product, you should have all of the features it offers. Why should you need to make so many extra purchases to enable features? They should have one price for the entire offering. That's one of the drawbacks they could look at. 

Sometimes the firmware automatically updates itself. Then it corrupts the configuration and you have to roll back or you have to do amendments to the configurations. That, however, has happened only once with us. We have put in controls for automatic updates to stop them and now we do manual allowance or we allow the manual update.

Most of the features are good. They give you pricing and you get a VPN for about 10 users where you can test it. For us, we feel that we need to buy extra licenses due to COVID, as people are working from home. Under the current conditions, we are not getting the best out of the firewall. 

They could just maybe put better graphics or better reporting into the solution. I want to know who is the user and what is the exact website they're visiting. Something like that would help. They should do more like what the GFI is doing.

The only thing is sometimes you have to learn with CLI. For those not familiar with CLI it can be an issue. It would be ideal if we could avoid using CLI. If you make a mistake in the command line, it's harder to detect. It would be much better if they had a user-friendly GUI.

The initial setup is complex.

Web security solutions can be improved.

Fortinet FortiGate needs to improve the protection, it did not prevent us from being attacked. Additionally, Fortinet FortiGate could provide more features for WAF devices. I should not have to purchase two solutions, it would be a benefit to combine these features into one solution.

The main challenge to IT is hacking, and damaging the network software. Anything that can make a threat to our servers,  accounts, VC, from an email or internet connection. We need all companies to make investments to improve the facilities of these devices in order to provide a one-package solution to protect our servers, and systems from any hacking, ransomware, virus, any command, or any other threats. They need to improve all the security features.

It can be a little bit more user-friendly in terms of policy definition and implementation. It seems a little bit complicated, and it could be simplified.

When there is a change in the IP address from the ISP, there is some disruption in the service. So, we try to do it when we have the least number of people working, which means very late at night. So, for the time being, it is working fine.

The firmware needs improvement because there are bugs when a new release comes through. Sometimes, the configuration changes, and it's a bit harder to see where the fail is. The first time that you have the firmware, it tends to have some issues, and it's better to wait a bit to update the equipment.

All the development of the firmware should be fixed before the update at the page level.

API tokens need to be improved, particularly with regard to integration with other cloud solutions. In other words, proxy flow and API integration need improvement.

The configuration option availability is not 100% from the website of the FortiGate web management site. When we log on to the web interface on FortiGate, we do not have everything under this web solution. If we need some specific configuration or need to do some specific configuration, we need to do additional things on the CLI. 

The stability could be a bit better.

I would like to see better pricing in the next release, as well as a simplification of the installation.

I would like Fortinet to add more automation to FortiGate.

There are limited features.

Scalability could be improved.

The issues with the IOS are that they occasionally hang. They are not as reliable as they once were. 

When there is an issue with IOS, new updates are introduced, but the updates also have a lot of issues.

Performance and technical support are the main issues with this solution.

When compared to Cisco ISE, the device administration is not very good.

Fortinet is not very good at firewalls when compared to Cisco. Cisco offers full administration control, TripleA, SQT, they use TACACS security protocols, and they have much more control. Cisco's approach is superior.

Fortinet FortiGate could improve by having better visibility. Palo Alto has better visibility.

When using Fortinet FortiGate you sometimes have to use the CLI to do some configurations which can be sometimes more difficult than using a GUI that other solutions can use, such as Palo Alto.

The solution could be more secure and stable.

I'm satisfied with the product more or less. If we are presenting Fortinet and proposing Palo Alto also, Fortinet is not able to develop the kinds of features available right now in the market. Even with the sandboxing feature, which is an advanced synchronized security, right now most customers are asking for a complete solution like EDR, XTR, or a kind of firewall. It should get synced, and there should be a type of URL filtering application that filters all kinds of visibility.

The feature which gives us a lot of pain is ASIC architecture. The firewall architecture is a kind of an operating system in the chip. We have our kind of base operating system in raw mode, so nobody is able to hack it out. The problem is that every time your base operating system gets an upgrade, customers need to upgrade the firewall. It means you have to replace the older firewall. That's a pain area. It should not be that kind of ASIC base. It should be based like Check Point and Palo Alto so if there is a major update coming in, they can be updated on the same firewalls.

A sandbox would be good in order to be able to inspect the emails containing spam and be able to validate the emails that contain malware, prior to delivering to the customer.

Its initial setup could be simpler.

Fortinet FortiGate could improve by adding enhancements to FortiMail, FortiSOAR, and FortiDeceptor. 

Fortinet FortiGate can improve by integrating the web application firewall and the DDoS protection part of the solution. Having a WAF feature, web application firewall, and proxy together would be a good benefit.

FortiGate should have a better way of detecting and managing the system memory because otherwise if the memory is too low, a system restart is required.

The scalability could be better.

Its reporting and pricing need improvement.

The integration with third-party tools may be something that they should work on. We haven't actually tried to implement that, however.

In terms of what can be improved, they do have certain features that you can only configure through a CLI and there's no GUI interface for it. That's a pain. But it's nice that the user can do everything one way or the other.

They sometimes hide some features and if you want to enable them, you have to go in the CLI, enable the feature and configure it through the CLI. Customers, typically, like everything to be done by the GUI.

The biggest "gotcha" is that if the client purchases what they call the UTM shared bundle, which has unified threat management on both, it's not as easy to manage if you have more than one firewall. 

If I wanted a unified console, I have to pay extra. And that's the downfall. That's the only needed improvement that I would say for the Fortinet solution, is that they should have it web-based from the get-go. You should not have to buy an extra bundle or an extra device.

If I have to make an update to a web filter, and I have 12 devices, I've got to do it in 12 places. If I don't want to do that the client can pay for a pretty expensive device or virtual appliance that does that for them. It's like an expensive centralized management tool. That's the big downfall of Fortinet. It doesn't come included, you have to pay for it. Their web-based one, that's sort of just like an inventory manager. It's not really good for distributing roles. With Cisco, you don't have to do anything. The one from Aruba HD has one too. Fortinet should try to be similar to those options.

In the next release, it would be amazing if they could give a better tool for upgrading, so that if I upgrade from an older version to the other, it can read the configuration and processes it for me so that I don't have to rewrite it from scratch. In FortiConverter, they have a tool like this, however, it doesn't work well. It's really more for bringing items in from other vendors, not from one version to the other.

That was my last experience where they operated from version five to six. However, that's really the only big thing. The main thing is to include the FortiManager cloud software like Cisco does. To have one solution. If you paid $150 a year for the support, you might as well get that too so I could manage all the devices at one spot. They do have FortiCloud, however, it's not the same as the way Cisco does it. They are selling another product called FortiManager. FortiManager should be included with the support, and that would make it more of a business solution, rather than a feature request.

From my perspective, every day is a new opportunity for improvement. I believe that the continual improvement is Fortinet’s best feature. I’m very happy with their ability to consistently improve.

The solution's after-sales service needs improvement.

They need to improve features related to mobiles with more and more customers adopting that as their way to manage things. They need to look to the future with their features and meet filtering requirements which the solution cannot currently do. 

Fortinet Fortigate could benefit by simplifying some of their processes. For example, if you are using Cisco, and you want to find a source and a destination, you type the IP of the source and then the IP of the destination. Cisco will find any denied packet by highlighting it in yellow.  To access it with Cisco, all you need to do is right click. FortiGate is not that simple.

The solution is very expensive.

Fortinet FortiGate should improve the VPN tokens. 

The upgrades should be reviewed more frequently, such as daily, to avoid any corruption or issues that can happen, without losing my VPN client. We should not need to downgrade the solution to fix the problems until the Fortinet FortiGate support solves it.

Fortinet FortiGate could improve by having a frequent ask questions(FAQ) area for people to receive quick answers to popular questions. Additionally, it would be beneficial to have an SMS notification feature. For example, if you cannot access your email you could receive an SMS message.

An additional feature I'm expecting from Fortinet FortiGate is for it to have an analysis feature, rather than having the analysis done via integration with a different product.

They have to just improve its performance when we enable all UTM features. When you enable all the features, the performance of FortiGate, as well as of Sophos and SonicWall, goes down.

The cloud management and automation capability could be improved.

I'd like to see training provided for new features and upgrades, it's not currently available. They really need to work on their support. There's a huge market for enterprise business right now and Pakistan is focusing on network security. Fortinet lacks local premium support.

Fortinet FortiGate needs to improve to be on par with its competitors, such as Palo Alto and Sophos. They are the market leaders. Fortinet FortiGate needs to improve its capabilities. However, we are happy with Fortinet FortiGate.

Fortinet FortiGate should provide firewall certifications training for NSE 1, 2, and 3. 

Bandwidth usage in reporting could be improved. There's an aspect in reporting that I'm trying, but what I noticed is if you logged into the VPN, there's an effect on the reporting in terms of bandwidth, that needs improvement.

The platform's interface could improve.

The client and the Fortinet FortiGate have good integration, but there are times it doesn't work as it should. The union with the two technologies, endpoint, and firewall, doesn't work well. There are some things that do not work.

We require troubleshooting and those kinds of things. We have to worry about debugging. It would be ideal if they had some sort of GUI interface for troubleshooting and diagnostics. That would be much better. FortiGate has only CLI-based diagnostic capabilities. Sometimes it's become very difficult to do all this troubleshooting.

Fortinet FortiGate could improve by having more storage in the hardware for log data.

The Wi-Fi controller feature needs a lot of improvement. The function itself is not as stable as it should be in our use case which might be a problem in either the APs or the controller.

Would like to see more wizards and automation for more features such as virtual servers, SSL VPN, and others where policies, rules entries are created automatically form wizard input.

Some of the features related to load-balancing and traffic shaping are not as straightforward as they need to be. 

The VPN functionality needs low-level debugging get what really going on. Log level is too detailed and requires someone who is quite experienced to analyze and solve those issues. 

Zero-trust base features are lagging behind the other competition, based on what I have read. Would like to see those features in a clearly in the UI.

The logs need to be better. They need to be more visible and easier to access.

The VPN features could use some improvement.

Security is a continuous process. In every product, there is a requirement for improvement. Its pricing should also be improved according to Indian market requirements.

They must also improve on the reporting part. Its reporting can be more precise. If we can get a real-time report in a specific format, it will be helpful for customers to know about the current status of their security.

The only problem that we have here in China is that the whole subscription process on Fortinet is a little bit difficult if you are doing it from China. China has kind of a firewall around the country, and we sometimes have complications due to that aspect.

As a whole, I don't think that the product is actually missing any features.

You do need some IT knowledge in order to effectively work with the solution.

In our environment, we need multiple virtual firewalls to facilitate end users and customers. Fortinet doesn't provide that but they really should include that feature. 

The support costs and licensing are sometimes so expensive. They should work on their pricing model.

They can do more tests before they release new versions because I would like to be more assured. We had some experiences where they release something new and great, but some of the old features are disabled or they don't work well, which impacts the product satisfaction. The manufacturer should be able to prove that everything works or not only that it might work. This is applicable to most of the other services, software, and hardware companies. They all should work on this. We cannot trust every new release, such as a beta release, on the first day. We wait for some comments on the forums and from other companies that we know. We always wait a few weeks before we use the updated version. 

They should also extend the VPN client application, especially for Linux versions. Currently, it has an application for Linux devices, but it doesn't work the way we want to connect to the VPN. They use only the old connection, not the new one. They have VPN client applications for Windows and Mac, but they can add more useful features to better manage the devices and monitor the current health of each device. Such features would be helpful for our company. 

The solution isn't really lacking features per se.

The product does need better support in the cloud environment. It's not exactly cloud-native right now.

The solution needs to do more on the deployment in the multi-cloud. For example, clients have GCP and AWS. How do we deploy FortiGate in a cloud environment? Right now, there's no solution for that.

We're worried that the scalability isn't as good as it could be.

The only challenge that we are facing is that a good internet connection is required for VPN stability.

Some of the web policy reports could be improved. There are reports generated that show exactly which user is using how much bandwidth, and which sites they have been browsing. We should have a way to show that on a single screen. As it is now, when I click on a user, the information shows on another tab.

They are doing good, but they can improve the distributor assignment. The availability of the product and the timeline of delivery are the main things. The distribution should be swift, and the distributor should not reach out to end customers directly. They should work as a distributor. There should also be one more local distributor. Currently, there is only one distributor in Pakistan, and the rest of them are in UAE. It is difficult to work with only one distributor. Sometimes, you don't get along with the same distributor, and that's why they should have one more distributor. 

Their licensing should also be improved. The activation or renewal of the product should be done from the date of renewal, not from the date on which the license expired.

The ease of use could be improved. 

The product has enterprise capabilities, which means there are a ton of configurations possible.  What I'd like to see in the product is more of a branch in the box wizard deployment for those that are not as well versed in firewall and routing.  For a small business, the firewall should be able to self-configure for a Unified Threat Management configuration with 2 SSIDs for protected wireless network for internal gear and a guest wireless network for employee cell phones and guests.  I'd like to open the box, plug in the router behind the cable modem, and check a few boxes, and the rest is done automatically.  I don't want to have to build a configure VLANs, SSIDs, security protocols for each port, and try to figure out and understand all the layers in an effort to deploy a solution.  It's great to have those capabilities in case you need them, but for most of the offices I am trying to deploy these into--it should be a branch in a box.

I'm not sure if the solution is really lacking anything major. For us, it works okay.

They seem to have made a lot of improvements since the last release.

Technical support could be better. You don't always get the level of help you need right away.

I don't like that anything more than very basic reporting is not included. You have to buy their cloud module that's an add-on for getting more customized reporting.

It has just about everything that we are looking for and the customer is needing. It's just the reporting part that is lacking in the base application.

Technical support could be improved.

The cloud management should improve. There are other manufacturers that have better management cloud solutions. Aruba, for example, is very good at this aspect. Fortinet could look to them as a model of how to do something interesting with management solutions.

Fortinet across the board needs to improve the LAN aspect of their products.

The solution lacks multi-language support.

They could offer access points to small companies and firewalls at those access points. Aruba, in that sense, is much better for smaller organizations as they provide this possibility.

Fortinet is a very big product. It has FortiGate, FortiWiFi, FortiSwitch, email security, etc. Due to this, they have some weaknesses in the ISPs, the services. They could improve these aspects. Hotspot services especially could be a lot better. 

There are just some services that aren't available. For example, the Ethernet or point-to-point protocols. They could add these services to their product offering - especially services for ISPs.

Fortinet is good in terms of security and threat prevention, but they are not leading. For example, the signature database can be improved.

If they had better integration with security products, such as Cisco ISE or Rapid Threat Containment, then it would be an improvement. Customers that have ISE implemented are able to provide inputs based on malicious traffic, and then ISE will automatically block it.

If it would integrate everything in one place then it would be an improvement.

I wanted to buy some switches and integrate them into the system, but we couldn't find anyone here in Israel to provide them or to provide support. Also, we could not get a replacement if something needed to be replaced. 

We wanted to use one vendor to do everything from one managed central management point. It may be something they offer now, but I am not sure.  

It would be helpful if we can have one easy place to manage, or from the cloud to all the devices that are at the client's location. This is the backbone, the switches, the access points, FortiGate, everything. 

Sometimes you do need to know some CLI commands, so it's a bit harder for technicians or new people that don't know it. 

So, if you could do everything without that, it would be much easier when you do V-LANs.

The performance and speed are aspects of the solution that could always be improved upon.

In the enterprise proprietary world, Fortinet, in my experience, considering its cost and reliability (maybe they could bring the price down or maybe they could make more plans), I honestly don't think that there is much room for improvement. I think it's a pretty good solution for anyone who is looking for a proprietary solution. I wouldn't look anywhere else.

Cisco, for example, is probably way overpriced. Fortinet on the other hand, one of their strong sides is that they have an all-encompassing solution with a very reasonable price point. Cisco and other brands are a little bit more modular — to get everything you'd have to buy a lot of different packages.

An automated guide feature or templates that you could pick and choose would be a nice addition.

It's definitely not as easy to look at traffic as I would like. Sometimes when I'm trying to see what traffic has been blocked or what traffic has been passed, it's not as easy as I would like to filter it out or to monitor bandwidth.

The monitoring is not as good as it could be. It could be a lot easier to understand. For example, I was trying to figure out, in a given timeframe, how much was downloaded off of a certain interface and I didn't really understand how I could get that information or if it was even available. I was searching the documentation online and I couldn't even figure it out. Monitoring and reporting could be better; It's very good, but there's definitely a lot of ways to improve it.

I would like to see a more intuitive dashboard.

Technical support can improve in knowledge sharing and they can implement better.

The dashboard appearance needs to be more refined. It has to be smoother and more customer-friendly.

As the cloud is more prominent and more are moving towards the cloud, people are used to certain ease of doing things, and less complicated.

I understand that a firewall is a technical product, but we can try to make it a better customer experience which will increase usability with good results.

FortiGate is really good. We have been using it for quite some time. Initially, when we started off, we had around 70 plus devices of FortiGate, but then Check Point and Palo Alto took over the place. From the product perspective, there are no issues, but from the account perspective, we have had issues. 

Fortinet's presence in our company is very less. I don't see any Fortinet account managers talking to us, and their presence has diluted in the last two and a half or three years. We have close to 1,500 firewalls. Out of these, 60% of firewalls are from Palo Alto, and a few firewalls are from Check Point. FortiGate firewalls are very less now. It is not because of the product; it is because of the relationship. I don't think they had a good relationship with us, and there was some kind of disconnect for a very long time. The relationship between their accounts team and my leadership team seems to be the reason for phasing out FortiGate.

Fortigate's hardware capacities could be improved. In the next release, Fortigate should include SSL decryption.

The cloud features and integration could be improved. There are also sometimes problems connecting the endpoint protection to the firewall.

The security of Fortinet FortiGate could improve.

At the moment, we are having some problems with IP multicast. 

We would like to have the ability to disable some of the security functionalities. 

Fortinet FortiGate can improve the integration with Active Directory. Additionally, I would like to have a Cloud Controller, such as they do in the Cisco Meraki solution.

Fortinet FortiGate could improve by having more capabilities for troubleshooting VPN connections. For example, I do get some feedback about the current status, but I could use some history and logging of important events. The information is logged in our Syslog server, but I could use that information from the device. If they could provide a GUI to have some more insight on what's going with my VPN would be useful.

The way Fortinet FortiGate handles the phase two connection of a VPN setup could be better. For example, if I have to make a phase two traffic selector input, I cannot add more ports. For example, on a specific IP address pair, if I have an IP address pair source and destination, then I can only add one port. I'm not sure if I can do that through the command line, but on the GUI, I cannot, and this is a problem. I have to select another IP address pair to allow another port and this means new traffic selectors and a new set of tunnels. This causes more tunnels to need troubleshooting. 

I would like to be able to pass more diverse information through the same tunnel, and it doesn't seem to be possible if you want to limit the traffic through the tunnel and not allow all protocols between the same IP address pair. If we want to limit the ports, then I find there is a problem.

I would like to see integration into other systems. That would be really great for me. The fabric works well only if you're using other Fortinet devices, but they're not exactly the best in terms of switching or access points. If they could extend their fabric towards other vendor environments for integration, that would be great.

The solution's framework needs to be frequently updated in order to have a stable solution.

The reporting in Fortinet FortiGate could improve. Customers are having to purchase additional reporting components. in  Fortinet FortiGate you have to use additional tools to have the features needed.

We need to use FortiAuthenticator to have additional bandwidth. Fortinet should include more features in the solution instead of having separate tools.

An area for improvement for Fortinet FortiGate is that their support needs to be more customer friendly.

Fortinet FortiGate is not very easy to use. The navigation could be improved to make it easier to use. Instead of double clicking the items FortiGate needs to click the "details" button to get the configurations or record details

Its reporting can be improved. Sometimes, I don't get proper reports.

There are some limitations to the solution such as publishing multiple servers with a single IP. I'd also like to see some improvement in the support system. 

We are managing FortiGate using a FortiManager and it needs improvement with respect to the ease of administration tasks.

There is a lot of improvement needed with SSL-VPN.

Technical support could be improved.

It would be a benefit if Fortinet would release a one-stop solution that is better integrated with other products and has an automated emergency response system.

We aren't really missing any features. 

The solution isn't lacking anything. We've been overall very please with the experience we've had. There aren't really any negative aspects to discuss.

The solution could have licensing fees reduced in the future.

We currently have two on-premise data centers with several separate firewall units and unfortunately they don't connect with each other. We'll likely migrate to Azure in the next two years because of that. 

The price could be improved.

In the next release, I would like to see the interface simplified to be more user-friendly.

In terms of what could be improved, the SD-WAN is quite difficult, because if you install in the new box, 15 is okay, but if you change from an old configuration, if there is already a configuration and a policy when you change to SD-WAN, you must change the whole policy that you see in the interface.

We would like to see an upgrade to the VPN feature, we are using the VPN from outside of our office and there is a limitation to 10 connections, more connections would be suitable. Also, the security could improve on some features that are available.

The feedback that I have received is that the performance could be better, and the user experience is not as good compared to a previous solution we used. It could be more user-friendly. Of course, it still works fine for our operations.

It's good, and I feel that there is nothing more that can be added.

The pricing could be reduced or include the first year warranty.

In terms of the product, we don't have anything to improve. But I have a concern about the FortiGate team here in Egypt, because there is an opportunity that we are working on and when we opened it and did the deal installation, it was rejected. When I talked to the FortiGate team here in Egypt, they told me they know about the deal, but they rejected it.

Additionally, they could make some modifications in the license. There are some license issues. Not every feature must have a separate license. There must be some kind of synergy between the license so we don't have to pay for every individual license that we would like to have.

There is room for improvement. When it comes to email spam detection, Baracuda is the highest or the best, Cisco is the lowest, and Fortinet FortiGate is in the middle. Application management can be improved. Analysis and sandbox can also be improved in the next release. 

The customization could be improved. Cisco, for example, is much better at this. They need to work to be at least as good as they are.

We have an issue with the license when it expires because we're unable to use the computers. We are in the hotel industry and there's an issue with vouchers when guests come in wanting to use them. 

Its reporting capabilities can be improved. Some out-of-the-box reports needs to be able to provide usable data for example for web monitoring and reporting or browsing patterns and details.  Some customers does not require any forensic type reporting and may not want to invest in all the features offered by the FortiAnalyzer.

A feature for bandwidth monitoring and the ability to have more bandwidth testing would be useful to include in future releases.

I think some improvements could be made in vulnerability scanning. I'd also like to see additional features in the authentication. They support RADIUS, LDAP  but the solution doesn't have API integration with other solutions. They have API in FortiAuthenticator, but not in the firewall and not all customers want to buy another solution. 

It's difficult to add or define, and it's not that easy to configure and manage. We're looking for something more flexible for the long term. I also find that the performance is limited in comparison to other solutions. 

The price of FortiGate should be reduced because there are some other leading products that are cheaper.

In terms of what could be improved, the FortiGate support could do some improvements on their IPv6 configuration. Right now it's still in the very early stage for utilizing in an enterprise level network environment

In terms of the FortiGate IPS, we haven't gotten additional tools because they are not free, and we have to purchase them to maximize this IPS feature. As long as they can perform some basic functions to meet our business needs, that is okay. I'm okay with this feature right now, so far.

In the next release of FortiGate the price could be better.

Fortinet currently has many products bundled with FortiGate including the basic firewall and load balancer, and I think that that they need to have separate product portfolios for each of these specialized services. When it comes to large deployments, I don't think it's a good plan to have all of these services in a single box.

I think that they should introduce in-line security at the packet level, where they can do filtering and other firewall functions. It should not comes down to the infrastructure level but rather, offer services at the ISP level.

If I had any criticism that I would give FortiGate, it would be that they need to stop changing their logging format. Every time we do a firmware upgrade, it is a massive issue on the SIM. Parsers have to be rebuilt. Even the FortiGate guys came in and said that they don't play well in the sandbox.

The support could be improved upon somewhat.

The performance could be a bit better. Right now, I find it to be lacking. Having good performance is very important for our work.

The command line operation is a bit out of our depth.

The solution needs to improve its integration with cybersecurity. While in general, it's pretty good, this is always a concern as the landscape shifts constantly. They need to ensure they stay on top of things so that their security and integrations stay constantly up to date in order to protect our company. 

It should have a better pricing plan. It is too expensive. 

It should also have a more granular view of the attack. I don't have FortiAnalyzer, and it is difficult for me to have a complete view when there is an attack on my server.

The PPPoE server protocol with a connection to a Radius server is used a lot by ISPs and not so much by the end user. I think it would be great to see this solution with the protocol developed for ISPs.

The search tool needs improvement. It's very difficult to search for policies right now.

When we need to engage with the endpoint or our customer during an investigation, there should be a way to investigate the issues without the need for the customer to be present. It would make it much easier.

It is stable, but its stability can be improved. 

Fortinet is huge in today's market and they've become quite expensive. I think there are products at the same level as Fortinet, but with better prices. They've changed their subscription plan and are now forcing companies to subscribe 24/7. 

It should be more stable. There should be full integration within Fortinet products themselves as well as with other third-party products. Especially when you're not dealing with SIEM and the correlation of the security box, we want Fortinet to be able to share that information with as many other products as it can.

The visibility of the network can be better. The GUI can be improved for better visibility of the network flow. Other solutions have better GUI in terms of network visibility.

There are a lot of known issues in some newer versions of the FortiGate operating system, so there is room for improvement with that. One of the problems I was having was with user mapping, and it is an issue for which I have escalated tickets with Fortinet support.

Having the newer features work in the older, more stable versions of the product would be great. Some of the new features might really help a lot, but there are problems with stability.

I'm from the sales side and therefore I wouldn't really know if there are features that are lacking.

It's my understanding that more of the current generation features could be brought in. There could be more integration with EDRs, for example.

There are some cloud-based features that could be much more flexible than they currently are.

It's my understanding that they are currently working on improving the cloud solution quite substantially.

Quality control on their firmware versions needs improvement. When they introduce new firmware, there tend to be bugs.

I would like the licensing price to be better. It would be nice if it were less than 25 percent of the hardware costs.

For me, this solution has nothing to improve and it meets the needs that I have. I don't see any way to improve, at least from my point of view on regular use.

In the next release, maybe the documentation on how to use this solution could be improved.

What I have noticed is that when we have done some configurations directly from the command line, there is not a lot of information regarding splitting.

To the best of my knowledge, Fortinet does not have a CASB solution and Fortinet does not have a Zero trust solution. Fortinet claims to do everything Zscaler is capable of and I'm looking for a comparison between the supported features.

Fortinet VPN and DDoS capabilities are great, yet we need to provide a solution that enables CASB and integration to the cloud.

A couple of things I've seen that need improvement, especially in terms of a hard coding. The driver-level active moment really is out-of-the-box and we have to have contact the customer support and sometimes it is difficult to resolve.

My only solution would be please don't make it as a closed source. Don't make it as
a closed source. Give some kind of a power to the user so that they can consider it
according to their determine that it should have some flexibility on concurrent
connections not be restricted. I agree that to some concurrent connections the CPU and
the box may be a lower model and it need some higher scale level with this. But, there
should be a provision. There should be a provision to go to at least to 60-70% onto the
threshold to go beyond the designed capacity of something. Like we call it as a design
capacity, and since 70% addition to the 100% of it.

WAN load-balancing could be a lot better at detecting when a link is poor or inconsistent, and not just flat out dead. There are lots of options for routing traffic over a specific path when you have WAN load-balancing enabled, but they are not as clear and consistent as they could be, and most can only be set at the CLI.

Some configuration elements cannot be easily altered once created.  For instance, there is no way to rename an interface (say, for a VPN tunnel), unless you create an entirely new one and perform a little gymnastics to switch from one to the other. Or, you export the config, rename the elements in question, then re-import the entire config.

Creating a meshed VPN connection (Office A with two WAN links connecting to Office B with two WAN links) requires a massive bundle of four IPsec interfaces, with two policies. It would be nice to have a cleaner, simpler config for that functionality, something not very uncommon today.

I have found that if you have a console cable in the device when you reboot it for a disk check, it will boot to the device firmware. This will not happen for a regular reboot.

If you have more than a very basic environment, you quickly have to escalate past the first level of support. The initial level is so-so.  The next level up has been stellar for me, and quick to figure out issues and resolve them.

I would like some automated custom reporting.

The security features are good but I'd like to see additional security options. 

In an upcoming release, Fortinet FortiGate should add an SD-WAN feature.

In Brazil, the main problem that we have is related to the protection from various attacks and ransomware in the public sector and the commercial sector. The main focus in Brazil is to deploy a solution to counter-attack ransomware and other attacks.

There can be more security in hybrid implementations. When a customer has a hybrid environment where some parts are in the cloud, we need a consistent security solution for such scenarios. 

I would like reporting to be improved and should offer a lot more tools to monitor the products.

I think that the infrastructure for the VPN could be improved. The way that it is bundled also made it difficult to use and sell as it is too expensive.

It is very expensive, and their support is not very good. I hope that their technical support will be better in the future.

In terms of new features, it is a complete product. I don't expect any new features.

Its price could be better.

I would like to see improvements with the antivirus and IPS as they are not working properly all the time.

There are a lot of bugs I have found in the solution and it is difficult to upgrade. These areas need improvement.

The initial setup and configuration are not intuitive and require training.

The cloud features can be improved. The sandboxing part is only available in limited parts of the cloud. If they could expand that, customers would find it slightly better. The price can always be cheaper as well.

In the balance between links feature normally you can just choose one option to balance. It would be better for the solution to have more than one option, preferably three.

We would like to see better pricing.

The way everything is set up could be easier. Currently, people need a lot of experience and knowledge to administer it and to link it to devices.

Need to Improvement in Reporting

The solution could be more user friendly.

The Fortinet support needs improvement and also the quality control of the firmware (there are a lot of bugs)

The sniffing packets or packet captures can be simplified and improved because it's a little confusing. The automation feature has some limitations and could be better. 

Technical support needs to be improved.

Technical support is good but the response time could be faster.

When it's overloaded, it works slower and overheats.

The data analysis could be improved.

The support structure needs to be improved because every time we contact them, there is a delay in the response.

The support is the main thing that needs to be improved.

I would like to see the product updated more frequently.

In the future, I would like to see improvements made to cloud-based management. They already have some features for this, but it's very basic.

The solution could be more evenly structured and I'd like to see orchestration in the calls included. The solution currently lacks that feature. 

It should provide better visibility over the network and more information in the form of reports for the end users. Its installation should also be easier.

The captive portal could be improved.

The central management for the FortiGate Fortinet Firewall needs improvement. They have the manager to do the essential management for both SD-WAN and the security policy. They should also improve the SD-WAN function.

The command line is complicated, and the interface could be better.

The user interface could be improved.

It could be more stable and secure. They can improve the ability to make changes, change requests, and provide more rounded monitoring in terms of security and potential threats.

The license renewal process, annual renewal price, and the web application firewall features should be improved.

Some of the features in the graphical user interface do not work, which requires that we used the command-line-interface. We have problems with that.

Log retention should be greater than 24 hours.

I think there could be more QoS features in GUI. FortiGate has Traffic Shaping feature that is enough in most cases when shaping egressing packets, but sometimes I just need 802.1p prioritizing (Class of Service) of incoming packets and manual ingress queue assignment. This is what would be nice to have, but I realize that such a job is more efficiently done by L4 switch standing before firewall. Fortinet has a FortiSwitch that can do it, and it also can be controlled by FortiGate via FortiLink protocol.

[Firmware version FortiOS 6.2 update]: There are a lot of improved and newly added things, so it is very hard to imagine any additional features.

We would like to see a better training platform implemented.

We had a minor problem where there was a major system upgrade on the hardware platform and the Apple Mac client was not available as soon as it might have been. The PC client was available immediately, but we had to wait a month or so, before there was a Apple Mac client. I was slightly irritated that it was not ready on time, but it was eventually resolved.

The user interface could be improved to make it less confusing and easier to set up. There are too many pull-down menus.

Improvement is needed in the Web Filter quotas to restrict users with allocated quotas.

It would be an improvement to add a feature for active users to change/reset their own passwords.

Fortinet renewal prices for all models are too high, so they should offer discounts for customers on renewal. 

FortiWAN was supposed to help in doing intersite linking, but we've realized that most of the ISPs use BGP. FortiWAN supports OSPF but does not support the BGP protocol. This is a problem for us because without BGP they are not doing anything, and we've had to pack them up. I would like to see the BGP protocol supported on FortiWAN.

Technical support for this solution can be improved.

I would like to have logs, monitoring, and reporting for a month without extra fees.

The Web-filter in this solution is not very good. Perhaps because Fortinet does not want to compete with its own dedicated solution.

FortiOS is not simple. Too many people think it should be simple to use, but the complexity of the product makes that impossible.

This product could be improved with active directory integration and better handling in IPsec and GRE Tunnels. There are not enough recent online materials to assist in integration with Cisco for VPN, GRE, and IPSec.

I use the FortiGate 60D model and realized the 300Mbps bandwidth limitation. Because it is a product that offers many services, I think it could have greater bandwidth capacity.

It is mainly our own application of FortiGate that we need to improve. If you compare FortiGate to any other products, all of the other products have more signatures. I couldn't find that many signatures available in the application.

Some features of Fortinet FortiGate are actually fee enabled that are inconvenient for deploying in production. Other issues relate to isolation with Cisco products and your server.

Fortinet should make it so that we are not able to use analytics from Cisco at the same time that FortiGate is installed. We are not able to do real-time network monitoring.

For the next release, FortiGate should be improved to support these issues. For the setup, you need to prepare a lot for that before engaging the deployment. 

I learned a lot about FortiGate from books. That should be important in preparation. Fortinet should implement these changes, then we would be able to do more.

The reporting needs to be improved. Also, the VPN (Virtual private network) monitoring needs improvement.

Beyond these improvements, I cannot think of any additional features that I would like.

Since we are in the initial stages of implementation I can't suggest any additional features for the next release. At this point, I really need more time to evaluate the tool. The only thing I can recommend at this time is to make improvements for the user end when the user website is running slowly; the speed can definitely be improved. There is room to include IP wise and net-wise and bandwidth settings.

The main aspect of FortiGate that could be improved is load balancing. Our management team does not want to buy another appliance for only load balancing.

The network routing with Fortinet FortiGate can be an issue, but it generally depends on the size of the company.

We have many users currently with this solution. One issue that I have had is that sometimes I need to monitor the traffic, so I need to filter it according to the user and which user is using it the most. I experience a bottleneck most of the time, particularly at peak time when the number of contracts and users are at maximum. We feel a kind of bottleneck.

When I first entered the log section, I could not find any results. I did not find any proof, i.e. reporting and analytics on the speed and network availability were not optimized. I could not find any such log from the server, maybe Fortinet could improve this service.

I recently saw the new updates that are coming, such as the ability to quarantine a user's machine. Once done, you have the ability to connect to it from the FortiManager Console and you can bring it back online, out of quarantine. This is all very good news.

One of the areas that I feel need improvement is on the DLP (Data Leak Prevention) side of things. Compared to some other products, the DLP is not at par for the moment.

Also, if in the next few years this solution can be made to support HE between models, it would be better.

I feel that improvements can be made on the security side. Sometimes the product does a good job, but sometimes not.

Fortinet could improve the windows opener or the virtual IP solutions for opening windows. The virtual IP settings need improvement as firewalls are trending in new development directions.

Flexibility is questionable when it comes to the hardware parts. If Fortinet can make FortiGate modular so that you can actually upgrade it without changing the parts, I would prefer it. 

If Fortinet FortiGate could actually integrate with the hybrid cloud architecture without changing the storage parts, i.e. the hardware, it would be better.

Fortinet needs more memory to save the log files (like in the 101E, the old product). We need it to save the logs on the hardware and not in the cloud. 

I know this feature is available in FortiCloud, but if we need to log locally, it is not available. Also, the log only records a little time and needs to be longer.

The Fortinet FortiGate firewall has been improved with many new functions. Fortinet is working to develop a new generation of firewalls with better security.

Fortinet already improved FortiGate, but in the current market, many brands of security devices have improved together. Fortinet still needs to catch up with market standards. 

Fortinet is lacking in features in comparison to competitors.

The FortiGate reporting system needs to be more detailed about files. Palo Alto Networks is more detailed in the reporting system than Fortinet.

Currently, as for our security, we don't need more. The main reporting in Palo Alto Networks is much more developed than Fortinet, especially in the part of the file exchange.

As a security lead, I think Fortinet FortiGate is much more reliable than Palo Alto Networks.

The monitoring and the visibility, in this proxy, is very weak. I would for them to develop better visibility, monitoring, and reporting.  

They should improve the interface to make it more user-friendly. 

I would like to see some sort of reporting if there was an issue with the connecting network sources or connections.

They need to improve their technical support. 

Some of the filtering is not robust, you can escape it with a VPN. Some of the users bypass some of the filters. It catches some but it also misses some, that area could be improved. It's functioning reasonably but there's room for improvement in that area.

There is a feature that Palo Alto has called Traps. It helps to prevent attacks on the system. A feature similar to this would be worth adding.

FortiGate is a complete solution, but it is very expensive compared with other solutions. Then actually, we are analyzing other solutions.

They should make the rule sets more understandable for the end user. When you're trying to explain to somebody how a computer network is secured, sometimes it's difficult for an end user or customer to understand. If there was a way to make the terminology more accessible to the end user, the set up could be easier. They should translate the technical jargon to an easily relatable and understandable conversation for the end user, the customer. Particularly in an environment where the IT structure is audited regularly, there's always pressure from the auditor to up the standards and up the security and you get your USCERT's that come out and there's a warning about this and the customer will want to lock out so much so when you apply it they run into issue where they can't search the internet or print to their remote office. Of course they can't print to their remote office, they just locked it up. They should make the language more understandable for the customer. If there's a product out there that made the jargon understandable to John Q. Public, I would buy that.

There's a link off of the reports that you can click and make suggestions, which is pretty awesome because it seems like somebody is reading those and doing something about it. If I could save reports on a format where I could save space and not have to reprint them and move information down from letterheads and that sort of stuff that would be great. Formatting reports is the only thing I would change about that product right now.

There could be more integration between the logging and analytical platforms to make it more seamless and integrated.

The web-cache feature which was previously on the FortiGate device, but was deleted with the recent upgrade, should be returned. It was a very valuable feature for us.

I think they need to improve more in order to be a competitor with the leaders of the field. 

The UTM filtering control could be improved. 

The speed of synchronization between FortiManager and FortiGate could be improved, but that could be because we host them in Azure.

I would like to see more advanced developments of a wireless controller in the future.

I think the only issue that needs improvement is the interface.

The room for improvement is about the global delivery time period. Usually I need to wait for almost one month to deliver it overseas. So if you can shorten the deliver time it would be great.

The UI could be improved. 

I am looking to implement key authentication for admin access for the Fortinet product.

I would like to see improvements made to the dashboard and UI, as well as to the reporting. I would also like them to consider offering more predefined security templates.                       

It could use more templates for third-party site-to-site VPN setups other than FortiGate and Cisco.

There are problems with the custom reporting of the unique traffic. The data is there, but it is too difficult for us to extract. 

They need faster serviceability and more security features.

The reports are very basic.

After four years it has started to fail. The firewall engine is not so strong as of now, in my opinion. For that reason, we want to migrate to Check Point. This is one of the concerns that I have right now. 

My second concern is that, while they have Zero-day vulnerability and anti-malware features, the threat engine needs to be strengthened, its efficiency can be increased.

I also need user-behavior analytics, to find threat scenarios from inside the organization, insider attacks. That would be very helpful for us. In addition, I would like next-generation features for small and medium businesses. These businesses require UTM, all in one product. Fortinet must include it.

It should come integrated or have its own type of network monitor tool in a module. There should just be one package, and you are good to go.

At first glance, the interface for the device is very confusing. However, every version is getting better.

Cisco Meraki products are rising very quickly in the cloud and the connected era. Meraki products are future proof and offer much better ROI, upgradability, and manageability.

IT is continuously evolving, and every few days or months, there is something new. Whoever evolves first will take the lead over the competition. Adopting and evolving is the key to success.

• It needs more available central management. 
• It could use better throughput on some of the smaller boxes for the branch offices.

One area for improvement is the performance on the bandwidth demands for smaller devices, as well as better web filtering.

I have only one request and that is to have Fortinet as a market download in Azure. 

For me, at this time, it's very complete.

I would like to be able to do segmentation, for a specific user, with more priveledges. I would also like to see an easier user interface to implement that.

One area for improvement is the performance on bandwidth demands for smaller devices, as well as better web filtering. Each manufacturer has their own way of filtering and each one needs improvement in categories, URL, and/or application filtering.

It needs to improve its ISP load balancing.

Reporting is limited to providing an external appliance for improving the reporting capabilities of the FortiAnalyzer. It does not offer a central management and is also sold separably as an appliance.

I can't think of too much which they can improve upon. I just have not come across any situation where they have fallen short of expectations.

MTBF: Hardware failure is more common when compared to SonicWall or Cisco ASA.

It claims it does DLP, but the degree and level of controls are very basic. We recommend that our clients supplement it with other products.

Stability and technical support are the two major issues I have found with Fortinet.

When we need to enable Netflow on the firewall, there is a high CPU and memory usage that occurs. They should improve that high CPU and memory usage that occurs.

NGN, reporting and controls.

It would be nice if backups could more easily migrate between different models.

Grouping/tabbing (not only by interface) in the policy table of the web GUI would be a great addition.

They could improve vulnerability scanning.

1. sFlow and NetFlow

I could not configure sFlow from the FortiGate graphical user interface. I realized that the sFlow configuration is available only from the CLI, and discovered that sFlow is not supported on virtual interfaces, such as VDOM links, IPsec, or GRE.

NetFlow is a network protocol developed by Cisco for collecting IP traffic information and monitoring network traffic. It is not supported on FortiGate for those who have a NetFlow analyzer/collector already setup in their network.

2. Policies

To control traffic in a firewall, you need to create and apply policies to the FW interfaces. By default, policies are sorted by FW interfaces and this makes FW interfaces an integral part of the policies. Zones provide the option to logically group multiple virtual and physical FortiGate firewall interfaces. Then, you apply security policies to those zones (logical groups of interfaces) to control traffic flow on those interfaces.

In a FortiGate unit with a lot of interfaces (including virtual interfaces), there is a high probability of having duplication of policies.

I'd like to see an improvement in the Bandwidth Management and Traffic limit control.

Also, the licenses are expensive, turning off some users.

Better documentation about usage of the CLI. I learned most of what I know in diagnostic functionality through saving SSH sessions with the customer support staff while in WebEx sessions.

I have tried looking up the manuals. They are OK in some respects, but I feel exhaustive documentation about the CLI "with examples" should be there, and I feel it's not.

I'm saying, hey lets consolidate some of the primary real world scenarios like:
Section A: - Troubeshooting B2B VPN peering with a business partner or client when initially setting up the VPN tunnel.

Inevitably, there are always quirks and nuances between the fortigate vendor versus peering with a Palo Alto or an ASA firewall or even a Juniper SSG.

Imagine providing all steps, command line syntax, and GUI (if available) and how to take steps to debug the flow and see what's failing.
Sometimes it's super hard to figure out what's wrong with a fortigate VPN unless you know the commands on the CLI to see the flow and how to interpret it.

If they had all the methods / syntax and the "how's and why's" for a scenario; even possibly an instructional video showing how via the CLI and gui alongside the documentation. It would be like the pearly gates had opened and I had gone to heaven.

They could improve performance with all the UTM features working.

Sometimes, we have seen that when you enable the antivirus sensor, customers report slow web browsing. We know this is normal, but we would like to know if it is possible to make feel the customer their web browsing is fast with not as much delay. The antivirus sensor analyzes all the protocols and packets we specified, and this is an important performance affectation. In my personal point of view, I don’t think it is a serious issue, but we receive many reports from users who browse the web with antivirus sensors applied to their firewall policies.

I feel they need to work on the alert and event logs. We were not able to get anything much out of it when we were facing issues. Not sure if it was a configuration issue; we were, in fact, not able to see any system-related logs.

The reports provided by the equipment could be more detailed, and not so dependent on the FortiAnalyzer.

The FortiGate internal reports are good, but could have more details and options for viewing certain network data. For the client to get the richest reports, they need to buy the FortiAnalyzer appliance or hire FortiCloud service. These two aim to catch all of the FortiGate logs and turn them into friendly reports, many of which are not present in FortiGate itself.

I think the graphical interface always has room for improvement. I would like to see more attention put towards the logging functions as well.

• Maybe Linux system monitoring can be improved by the developers of the product.
• Although it has policy control and web filtering, these could be better.
• Application filter needs more control options.
• IP tracing works only so-so.
• Controlling and tracing with web console for Linux only obtains IP addresses.

• Fix all pending bugs present in 5.0.x branch
• Improve the testing process of newly published firmware like using real and representative configurations submitted to consequent traffic load during a while
• Support SNMPv3 INFORM requests
• Uniform the scheduled backup between FortiGate, FortiManager and FortiAnalyzer
• Integrate graphical troubleshoot tools for policies based on devices or user identities

It's not intuitive, as the rules will be in the last place you look. You can look for a report for an hour, eventually getting a blank page. User experience for the administrator is basically not good as it needs to be more proficient.

The FortiGate series does not have that much troubleshooting & network testing features in its GUI, hence we’ll definitely be looking for some add-on features in near future.

The web interface could be made better.

A real-time log viewer in the GUI with the capability to filter traffic displayed. Cisco ASA's have this and it's fantastic.

• WAN link load balancing
• Reports
• Anti-virus.

I'm happy with the product, however the licensing fees could be lower.

Its web interface needs to be more stable, and more functional, through the variety of browsers. Additionally a nice add-on would be a “diagnostic sniffer” capability in the web interface.

This product can't show the NAT status or NAT logs.

• Security
• LAN
• WAN

Everything needs to be improved, but they have improvements with each new version.

They need to improve a bit the SSL VPN to integrate with Sharepoint single sign on, with form base, Windows claim base and SALM base authentication.