Fortinet FortiGate-VM Reviews

The use case was a bit more complex than other clients, however, the typical usage was for VPNs for end-users to get into the internal network. For a mid-size company, that's a pretty much typical use. 

The only thing out of the ordinary would be the SIEM for all the network information, all the metadata, that is cloud-based. We had to create a tunnel to it so that the collector, being in the cloud, would be able to access the internal information.

It performs the functions it needs to perform and it's been reliable. It didn't need to be modified and we didn't have problems where things would just crop up. After months configured it's been rock solid, which is good. That's why I haven't touched it in a year and a half.

I liked its general capabilities.

Its cloud management is very good.

I did like the ability to back up the configuration into the cloud, as opposed to having to store the configurations or just downloading them, the backups, to local devices.  When you want to back up the configuration you can download it as a local file and save it to the cloud.   

That flexibility was very useful. 

The product had a fairly good user interface. It was well thought out and the controls seem to be in a logical hierarchy. I was able to find stuff without having to configure things. There was just a logical breakdown of how to find things.

There were a few cases where I had to use the command line interface on it. Now they do have the ability to pop up a command line, which is nice, however, the fact that you can't do everything within the GUI is probably a problem. There's a thing I have for most products that have started out in the command line and have added GUI, and the GUI is always somewhat behind in capability.

If you have a product you should be able to control the entire product through your user interface. You shouldn't have to drop back into backend command line commands in order to tweak something. There's a couple of cases where we had to do that when we were trying to set up one of the tunnels in particular. We were talking to Check Point or some other company. You've got two different manufacturers with a sort of standard for tunneling with all kinds of encryption methods and stuff like that. You have all these options, and, in order to get the right one, we couldn't discern it from the logs that we were viewing with the user interface. We had to drop down to the command line in order to do that. I would have thought that there should be enough information options made visible in what you can just do from the user interface.

I have been dealing with the solution for three years or so. However, the last time I used it was within the last 12 months or so. The company was restructuring their office due to COVID, and so we had to go in and make changes and set up different connections, That's the last time I was actually in it.

The stability is rock solid. It's a very good solution. I haven't had to touch it for a year. The last thing I did was a firmware upgrade. That was a year ago, and they haven't requested any more work on that now. It's still operational and solid. There have been no complaints really on it.

The product was sized for what the client was doing. I can't really say one way, or the other, whether it's more or less scalable than other solutions. I know we could do things to it - that we didn't do - to increase its capability. However, it didn't need to be done and they didn't have the budget for adding anything to it. It's hard to say. I can't really speak to the scalability of it.

Technical support has been great. They really helped us when we had issues with some early problems during setup.

It ties to the device, so it's pretty easy to see whether or not you have support, however, it was not difficult to get in touch with them. You get someone with knowledge right away. You don't have to go through a filter of people asking you "Is it plugged in?"

I'm actually reselling a managed service of SonicWall. It's not completely hands-on. Now all I do is get reports from it and I can look at the dashboard, however, I don't actually have to configure it.

I've also resold Barracuda.

The initial setup was straightforward. It got complex when we started adding in requirements for tunneling et cetera. The implementation involved VPNs and the general configuration of the firewall. Then they added in these other requirements that it needed to connect to AWS. First, it was to their remote hosted environment. Then, subsequently, to the AWS environment as well. It grew over time. Over the course of a year, we spent a lot of time on it.

I'd rate the initial setup experience at a four out of five. Most of the stuff went pretty well. We had one issue and we had to drop down into it. However, their support was very good. We were able to contact support, and they were able to stay online and walk us through that problem, so without any issues. They didn't balk at it. We didn't have to beg them to help us. Some support you get in there and have to say, "I'm sorry, yes I've done all those things. Get me to the next level."

They had good quality support.

In terms of deployment, it was there when I got there. They had purchased it out of the box and they hadn't configured it. For six months it just sat there. We had it up and running within a month of me getting there. Then over time, we added more and more requirements to it. It didn't take very long to figure out what they wanted to do with it and get it set up. The actual configuration was very quick. It was just the planning beforehand that took time.

Besides myself, there were about four other people in the IT department working on the product. However, really, only one person is responsible for the gateways.

The ROI that they were looking for was an improvement in security for the whole company. It was one of those evolving things, that as new security deployments come up some of them get implemented within the firewall and others are implemented structurally or in other ways. It was able to help them meet their security goals. That was probably the biggest value that they were looking for. It also did not impede their normal operating procedure.

The licensing costs are in line with everyone else. It all seems expensive when you're talking about firewalls, however, they're all the same. It's likely in the middle of the pack.

There are costs involved with FortiTokens. Everyone has different ways of controlling VPN access, however, with the FortiTokens you get a certain amount with the device, and then you have to buy more as you add them on. They're not costly.

However, it's something you have to buy in batches, so if you've got 40 people you're going to buy a bunch of FortiTokens, and each token is an encryption key so that you can have your little app that's multifactor. They charge for that. Everyone else, in terms of competition, charges for that too.

I can't speak to if the client evaluated another solution prior to choosing this.

I primarily work as a consultant. 

The solution's deployment was on-premises, however, there were VPNs set up for remote access, VPNs set up for site-to-site, and VPNs set up for cloud-based SIEM.

As with any solution, you need to size it. You need to plan what you're going to do and what your expectations are with it before you choose the pure model. After that, proper planning is needed before you try to deploy it so you don't have to back stuff out.

I'd rate the solution at an eight out of ten.

The use case for VMs is if you're going to deploy them like a SaaS edge, to protect your applications or provide deeper visibility into the traffic. Or you could use it in your data centers as well. However, that's not our preference.

We primarily use the solution for network segmentation at our data centers and remote connectivity to our distributed sites.

We were able to take advantage of their management tool, FortiManager, to get a single pane of glass. FortiManager and FortiAnalyzer do not have a single panel glass. Rather, they are two panes of glasses to manage and monitor the firewalls where previously we were using Cisco. I don't want to call them legacy firewalls, however, with Cisco firewalls, we didn't have that management or logging visibility.

The product has pretty good logging and reporting capabilities native to the firewall. Then they also use FortiAnalyzer to aggregate that traffic and provide more detailed and aggregated reporting. That's going to help when you're analyzing network traffic for network segmentation initiatives.

The stability is excellent.

It's very easy to set up, even for more junior developers.

The scalability has improved. 

It's got a clean interface and it's very intuitive. Everything is easy to navigate.

Their offering for MFA isn't the cleanest. They have a product called FortiAuthenticator. It's not a FortiGate but that is one of their MFA offerings. However, other products that I've used, like Duo, are better from a user experience standpoint. They are easier to configure. 

I've been using the solution for ten years. It's been a while. 

Six or seven years ago, they had issues with code versions where they would make changes within the code version and they would have some bugs. That said, over the last six or so years, their releases have been very stable. We've had very few issues with any type of bugs or issues.

Scalability has gotten better with their SD-WAN offering. They're able to utilize inexpensive lines such as 4G, 5G, or DSL. It has allowed us to move away from expensive MPLS lines.

Historically, conventional or Next-Gen firewalls have been utilized at data centers and remote sites. Now, however, a lot of customers are moving towards Zero-Trust access and SASE. I'm currently looking to get a little bit more information on Zero-Trust architecture, as it reduces the overall management and need for physical firewalls in all your locations, which can get expensive.

We also use the Cisco ASA firewalls. I do find that Fortinet is easier to handle than Cisco as you don't need to handle tasks via the command line, which makes it easier especially for junior-level developers.

The initial setup is very straightforward. I started out in the Cisco world with Cisco firewalls and switches. Then we started deploying FortiGate and I found that FortiGate was easier to learn, especially for junior-level engineers. We were able to get junior-level engineers up to speed quicker than if it was a Cisco platform, especially if they haven't used the command line before.

Deployment usually takes a day, depending on the complexity of the firewall. It might be a day to two, depends on if we are using multiple IPSec tunnels if it's at a data center or a remote site. 

In terms of deployment and maintenance, in my experience, by a rough order of magnitude, a company would need one technician per 30 firewalls. For our company, we had a team of three network engineers and we had a fleet of about 120 firewalls.

I handed the implementation myself with my team. We didn't need any integrators or consultants.

For our entire fleet of 120 firewalls, we're paying about $100,000 per year. The licensing fees give you support and the capability to download updated definitions of threat intelligence from Fortinet.

I was previously a customer. now I am a reseller and Fortinet partner.

We primarily use hardware-based appliances, including the 100 D/E series, 100F, 190 D/E's, ADCs, 600 E's. They are similar to VMs.

We're using the most recent code level at this time. We're one version behind the latest version. We tend to use one version behind the most recent for safety reasons so that we can avoid troublesome bugs or glitches.

Anyone looking to deploy Next-Gen firewalls, in general, should really define their use cases to be able to decide on the proper technology to deploy within the environment. If you're looking to deploy Next-Gen firewalls at all your locations and create point-to-point VPN tunnels, they can get cumbersome and difficult to manage policies. It is also difficult to do network segmentation. With some of the Zero-Trust offerings, you're able to actually move your clients outside of your corporate perimeter, and then isolate those applications based on the user per application, instead of requiring them to dial back via traditional VPN to your data centers, which sometimes isn't the best user experience for your end-users.

I'd rate the solution at an eight out of ten.

We use Fortinet FortiGate-VM for managing inbound and outbound internet traffic through our environment. Sometimes, we also use it for managing the site's internet outbound and routing. We also use it for IPSec on Azure. We also have an on-premises environment, and we're using it for IPSec on that environment. 

All the routing happens through it because we're swinging all the traffic on the Azure side through a firewall which is basically the gateway. It acts as the gateway and manages outbound traffic in that environment. We have also set up the SSL VPN for users. We do have FortiGate on-premise, and we set up the SSL VPN connection for users.

It made the routing of traffic seamless and it helped us with SD-WAN as well as load balancing.

I like the visibility and monitoring features because they're easy to use to monitor traffic. Features like geo-blocking and more have AI, and we're currently using all of it. But for now, we're only using geo-blocking, and we're able to block traffic from different countries. I also like that it's highly responsive. VM04 is also very powerful.

It would be better if it could provide you with options before completely blocking anything through the web filter. If you are doing a deep SSL inspection on the site if it says it's expired, it doesn't give you the option to continue at your own risk. I can't say that it's bad, but SSL internally isn't really a requirement. However, its security features can help. Right now, we have people going out and spending on purchasing the SSL certificates for internal sites. 

I have been using this solution for three years.

Fortinet FortiGate-VM is a stable and very reliable solution.

Fortinet FortiGate-VM is a scalable solution. It's very powerful, and I've never seen that machine running out of resources. It always worked.

Tech support is okay, but we do a lot of management by ourselves. We have a third party that we use when we do implementations, and I haven't contacted Fortinet even though I have access to it. The local support that we use costs much less. 

I still remember using Check Point, and it took a long time to apply a policy. To install the policy, you had to wait for ten to 20 minutes or even 30 minutes. Fortinet FortiGate-VM instantly applies the policy on the FortiGate itself.

The initial setup was difficult because we were all new when it came to the Azure environment. It was a little difficult to create space and understand that you have to have more than one interface. But once you get used to it. It's pretty straightforward.

It's straightforward if you have all that is required when you're clearing your traffic. If you're clearing your traffic already into your internal length to communicate with the firewall range, and you have information and understand it before the implementation, it will be very seamless. It will be stress-free when you understand the environment where you're going to implement it.

Our license is yearly, but we're thinking of going monthly. I think it's somewhere around 100,000 for VM04. Nowadays, everyone wants to be a hacker, so we believe in security. That's why we also have third-party people that we involve to make sure that we're secure. 

I don't think the costs are too bad. You still want to get advice from people who worked in security for many years, so you add a third party. The third party also said they would give their share like 100K, or 200K or something like that, so I don't think it's too expensive for security. I think it just adds more trust. 

We have been using Check Point Firewall so it was easy to identity the difference.

I will recommend the solution. If it's a first-time deployment in Azure, they need to understand a couple of things, like the interfaces we need to create. The good thing about FortiGate is that they don't hide how their devices work. You can go to their website and get every instruction that you need at any time. It's straightforward and even has pictures showing you what you should expect. I've done a few changes for the first time, and I didn't have to stress. But you must know the infrastructure well.

On a scale from one to ten, I would five Fortinet FortiGate-VM a ten.

The use case of FortiGate-VM is primarily for securing the perimeter of private clouds in the dedicated environment created for customers. This can be achieved through a virtual appliance or physical hardware solution. Beyond only perimeter security, some customers also require DDoS services, and FortiGate-VM can provide this through its own solutions that can be combined and offered as a bundle to meet the specific needs of the customer.

The solution can be deployed on-premise and on the cloud too.

The most valuable features of Fortinet FortiGate-VM are its flexibility and scalability. This solution is available as a license, which allows us to activate it based on the specific needs of the customer. This gives us and the customer a great deal of versatility and customization options. 

There is always room for improvement in any solutions, including Fortinet's FortiGate-VM. Although the solution claims to have a superior throughput compared to other OEMs, upon closer examination and comparison, there is potential for significant improvement in this area. In today's rapidly evolving technology world, it is important to continuously strive for enhancement and development, and I believe Fortinet can make significant strides in this direction for the FortiGate-VM.

I have been using Fortinet FortiGate-VM for approximately 18 years.

The solution is stable.

I rate the stability of Fortinet FortiGate-VM an eight out of ten.

The solution is scalable, it can be easily and effectively expanded as the customer's requirements grow and change. This makes it an incredibly agile solution that can be tailored to meet even the most demanding demands. There is some room for improvement in this area.

The solution is suitable for small to enterprise-sized companies.

I rate the scalability of Fortinet FortiGate-VM an eight out of ten.

The support from Fortinet FortiGate-VM is excellent, it is one of their strongest points.

I rate the support from Fortinet FortiGate-VM a nine out of ten.

Positive

The initial setup of the solution is simple because everything comes with GUI. The entire infrastructure for the customer is simple to set up with the GUI.

The choice between an on-premise or cloud solution is a decision that ultimately depends on the specific needs and requirements of the customer. Currently, there is a trend towards utilizing cloud-based products as they offer a wider selection and can be easily deployed. On the other hand, some customers may prefer an on-premise setup, which involves deploying physical equipment on the customer's premises or a virtual machine from an OEM. The cloud solution offers greater agility, flexibility, and speed but can also present challenges, especially in the semiconductor industry where delivery times may be longer due to stress in the market. In conclusion, both options have their own advantages and disadvantages, and the decision between them should be based on the specific requirements of the customer.

Taking into consideration the magnitude of the entire implementation, the deployment process could potentially take approximately three weeks, assuming all necessary components are readily available for the physical setup. After this stage, the User Acceptance Testing (UAT) phase commences, which may last for an additional week. Subsequently, before the final implementation into production, the customer would conduct a final UAT to ensure all elements have been successfully deployed and functioning as intended.

I rate the initial setup of Fortinet FortiGate-VM an eight out of ten.

The price of the solution is competitive. Fortinet FortiGate-VM had a lot of advantages when it came to pricing. However, the competition has also geared up to a larger extent and it has become comparable now to the other solutions.

In terms of security, it is crucial to understand that the cost of security measures should not be the sole determining factor. The security of your overall infrastructure and setup must be a top priority, regardless of the price of security appliances or OEMs. However, when considering the entire solution, including the security infrastructure, the cost will play a crucial role in the final decision-making process.

It is imperative to choose the best available options, but the cost of the entire solution should not be exorbitant and prevent it from gaining approval from clients.

I rate the price of Fortinet FortiGate-VM an eight out of ten.

When evaluating the overall solution, it is important to consider both the benefits and drawbacks. Fortinet FortiGate-VM presents a multitude of advantages that make it a fantastic product choice. It offers exceptional stability, a scalable design, and unparalleled support from the manufacturer. It is with great confidence that I wholeheartedly recommend Fortinet as a reliable and valuable solution.

I would recommend this solution to others as long as it's fulfilling the requirements of the customer.

I rate Fortinet FortiGate-VM an eight out of ten.

We're using FortiGate-VM on-prem for our firewalls. The Fortinet component in the cloud is FortiGuard. We get our virus definitions regularly updated from the cloud, but the FortiGate firewalls are all on-prem. While the virtual firewalls are created inside the physical firewall, there is an option for a virtual machine firewall where we'll give you the VHD file, and you can install it to a server.

Virtual machines aren't widely used in Brunei because the Brunei government isn't ready for these things yet. They're more confident in hardware, but everything is slowly starting to head in this direction. Others are watching what will happen when people use the apps before they try them.

Some customers prefer VM, especially those customers already leveraging the virtual machine environment. Typically, they don't want to spend on the hardware because they already have all these VMs, so they choose the VM option. But in most deployments, they still prefer the hardware for their firewall because it's already hard-coded.

To improve FortiGate-VM, Fortinet needs to harden it more. For example, if you are using Hyper-V, then you need guidelines for hardening FortiGate-VM that are specific to the Hyper-V environment. If it's VMware, there should be at least a guideline on how to harden the firewall.

We've been working with FortiGate-VM since 2010.

Fortinet-VM is more scalable than the hardware version. If you're using an appliance, there are limitations in terms of hardware specs. So if you want a more scalable firewall, you can get a VM and install it on a high-end server. From there, you have more leverage on how many virtual firewalls you want to create based on that VM. In other words, it's already fixed hardware in the appliance — it's already hard-coded in the appliance. So if you are using a VM and installing it on a high-specs server, then your machine has much higher performance in packaging all these policies and all these hardware security features. 

We proved the frontline support for our client organizations or customers. So far we are satisfied with Fortinet support. We have currently have Fortinet-certified engineers in our company, so we don't have to contact support unless it's a complex issue. We have an NSE7-certified engineer, so we are quite confident with our deployment now.

FortiGate-VM setup is pretty straightforward. It depends on the implementation size, but it takes a week for an organization of around 100 users. Normally Fortinet helps their customers with deployment and post-deployment adjustments, so you don't have any problems. If anything goes wrong, Fortinet is there to support you. 

Like most similar products in the market, Fortinet's enterprise customers need to pay for annual support. They call it FortiCare, and it's direct support from Fortinet. FortiCare is renewed annually and covers support for new releases, purchases, and updates. 

I rate Fortinet FortiGate-VM eight out of 10. However, based on experience, we usually don't recommend using VM firewalls. We still prefer using a hardware-based firewall when that's appropriate. It depends on your needs and the size of your user base. With FortiGate-VM, you can control the size of your firewall if you're using VMs. But on the other hand, if you are using Microsoft Hyper-V, you need to address all these vulnerabilities of Microsoft. And if you're using VMware, then you need to deal with VMware's vulnerabilities. The hardware version of FortiGate has already been hardened based on FortiGate standards. That's the main difference between the FortiGate appliance and FortiGate-VM.

We primarily use the solution for our internal worldwide corporate network.

It's allowed us to have fewer personnel requirements in relation to maintenance. 

The maintenance part is definitely quite easy. We do not require any additional manpower to maintain this. It's quite simple and it has the least required manpower over it based on an individual unit.

The initial setup is pretty simple. 

The solution can scale well.

The stability is quite good.

Right now, we are totally satisfied with this solution. There are several units worldwide. We have only one unit at our Kolkata location, and we are satisfied as of now in terms of its capabilities.

Price-wise, it could be slightly better, however, if you compared it to other makes and models of equal category, it is generally cheaper.

I've used the solution over the last seven months. 

The stability has been good. Its performance is reliable. There are no bugs or glitches. it doesn't crash or freeze. 

The scalability is there. When taking into consideration our business environment right now, I find that this is capable of handling all the requirements until the end of 2022.

Right now in the Kolkata office, we are around a hundred people - and that is in the Kolkata office only. If you talk about India, then we have around 250.

We do not plan to increase usage at this time. However, in the future, scaling may be required. 

I've never directly dealt with technical support and therefore cannot speak to how helpful or responsive they are.

We did previously use a different solution, however, the main office makes the decisions around product changes. They may have chosen this product as it is less expensive. 

We had been using a British Telecom hybrid VPN solution. In April, we stopped that and migrated to this new SD-WAN connectivity solution based on the Fortinet firewall. 

The implementation process was not complex or difficult. It was straightforward. 

The deployment takes around two to three hours.

Maintenance aspects are handled by the vendor. 

The implementation was done by our vendor as well as our internal team.

We won't have a sense of an ROI until we've used the solution for another year and a half. 

The pricing is pretty reasonable when compared to other solutions of the same caliber.

We pay a yearly licensing fee. I do not know the exact costs, however, as that is handled by the team in Luxembourg.

We don't make product decisions. Decisions of that scale come from Luxembourg. 

We are a customer and an end-user.

I'm not sure which version of the solution we're using.

I'd rate the solution at a nine out of ten.

We are using Fortinet FortiGate-VM for network-level security.

There is a cloud and on-premise version of the solution available.

Our company deploys this solution to many companies.

The most valuable features of Fortinet FortiGate-VM are the ease of use, IPS system, application filter, web filtering, and email security. Additionally, there is a migration tool that other vendors do not provide. We only need to upload the configuration file to the tool, and it converts everything, except the passwords, and gives us the new configuration, which we can directly upload on the firewall. This migration process takes a maximum of 15 minutes.

The solution can improve by adding separate interfaces for proxy and flow-based usage.

In the next release, the web application firewall should be integrated into the hardware. There is separate hardware for the web application firewall and for  FortiGate.

I have been using Fortinet FortiGate-VM for approximately seven years.

I rate the stability of Fortinet FortiGate-VM an eight out of ten.

We have approximately 30 users and 30,000 users.

This is a scalable solution.

I rate the scalability of Fortinet FortiGate-VM an eight out of ten.

The support from Fortinet FortiGate-VM exhibits high responsiveness. Whenever I raise a ticket on their portal, they typically respond within 15 to 20 minutes. In urgent cases, we can contact them via a ticket, and an engineer will be promptly assigned to assist.

I rate the support from Fortinet FortiGate-VM an eight out of ten.

Positive

I have used multiple types of firewalls and vendors, such as Cisco Firepower. Palo Alto, and Sophos.

Palo Alto is a great solution but it is expensive. I would choose them over Fortinet FortiGate-VM but they are too expensive. For my use case, Fortinet FortiGate-VM is the best for the environment.

Fortinet FortiGate-VM has discounts for generalized partners.

The initial setup time of Fortinet FortiGate-VM depends on the policies and filters that need to be applied to different users. The time can vary a lot on the environment. Its time ranges from minutes to a month. However, we can do the process remotely and it takes approximately 10 minutes.

We do the implementation of the solution.

The license can be purchased at intervals of one, three, and five years.

The price of the solution is in the middle range compared to the other vendors. However, the vendor is increasing the price gradually.

One person is suitable in a 24-hour period for the maintenance of the solution. A three to five administrator maintenance team would be sufficient to cover all the maintenance shifts per week.

I highly recommend Fortinet FortiGate-VM to others.

I rate Fortinet FortiGate-VM a nine out of ten.

I primarily use the solution as a firewall. It's used for security. I use it for the DMZ. It's related to architecture and is strategically positioned in the network. 

Based on its position, it offers good control over the communication between users and the data center. It's a good unified solution, and you can manage everything from the Fortigate portal.

It's a familiar solution to our clients. We don't spend time selling it. The brand is very popular and recognizable. 

The solution integrates well with other Fortinet products.

The pricing is fine. 

It's a good solution for small to medium-sized companies. 

The integration can be a bit easier. You need to maintain the integrations. You shouldn't have to. For example, in Cisco, you don't have to maintain integration that same way.

The support could be a bit better.

There are no missing features or items we would like to see in the future.

This is not a good solution for enterprises. It's better for smaller companies. 

I've used the solution for the last six years. 

The solution is mostly stable. I'd rate it six out of ten. The updates and availability, however, are not so smooth. 

The solution is not so scalable. It's not necessarily difficult to scale. However, it is not easy either. 

I'd rate the scalability seven out of ten overall. 

Typically, my clients are small to medium-sized entities. 

I'd like to see better support. They are okay. They could be better.

Positive

I also have experience with Cisco solutions.

At the perimeter, we also use Palo Alto. 

The initial setup is very easy. It's not complex. I'd rate the ease o setup eight out of ten. 

The deployment might take two to three days. It's pretty fast to get everything up and running. 

I did not handle the deployment in a hands-on way, so I don't have information on the technicalities in terms of what steps were taken.

The pricing is okay. I'd rate it eight out of ten in terms of affordability.

I'm a Fortinet reseller. I'm not sure which version of the solution we're using. We're likely using version seven or six. 

We use cloud and on-premises deployments. 

I'd recommend the solution to other small or medium-sized companies. I would not recommend it to enterprises. 

I would rate the solution eight out of ten. It is unified, and it is easy to integrate into other Fortinet products.