IT Central Station is now PeerSpot: Here's why

Fortinet FortiGate-VM OverviewUNIXBusinessApplication

Fortinet FortiGate-VM is #12 ranked solution in best firewalls. PeerSpot users give Fortinet FortiGate-VM an average rating of 8 out of 10. Fortinet FortiGate-VM is most commonly compared to Azure Firewall: Fortinet FortiGate-VM vs Azure Firewall. Fortinet FortiGate-VM is popular among the large enterprise segment, accounting for 54% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 28% of all views.
Fortinet FortiGate-VM Buyer's Guide

Download the Fortinet FortiGate-VM Buyer's Guide including reviews and more. Updated: June 2022

What is Fortinet FortiGate-VM?

FortiGate Virtual Appliances allow you to mitigate blind spots by implementing critical security controls within your virtual infrastructure. They also allow you to rapidly provision security infrastructure whenever and wherever it is needed. FortiGate virtual appliances feature all of the security and networking services common to traditional hardware-based FortiGate appliances. With the addition of virtual appliances from Fortinet, you can deploy a mix of hardware and virtual appliances, operating together and managed from a common centralized management platform.

Fortinet FortiGate-VM was previously known as FortiGate Virtual Appliance, FortiGate-VM.

Fortinet FortiGate-VM Customers

Security7 Networks, COOPENAE

Fortinet FortiGate-VM Video

Fortinet FortiGate-VM Pricing Advice

What users are saying about Fortinet FortiGate-VM pricing:
  • "Our license is yearly, but we're thinking of going monthly. I think it's somewhere around 100,000 for VM04. Nowadays, everyone wants to be a hacker, so we believe in security. That's why we also have third-party people that we involve to make sure that we're secure. I don't think the costs are too bad. You still want to get advice from people who worked in security for many years, so you add a third party. The third party also said they would give their share like 100K, or 200K or something like that, so I don't think it's too expensive for security. I think it just adds more trust."
  • "It's not a cheap solution but it comes with its benefits."
  • Fortinet FortiGate-VM Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Peter Salerno - PeerSpot reviewer
    Owner / Principal Consultant at Stratus Concept LLC
    Consultant
    Flexible with good cloud management and a straightforward user interface
    Pros and Cons
    • "I did like the ability to back up the configuration into the cloud, as opposed to having to store the configurations or just downloading them, the backups, to local devices."
    • "Now they do have the ability to pop up a command line, which is nice, however, the fact that you can't do everything within the GUI is probably a problem."

    What is our primary use case?

    The use case was a bit more complex than other clients, however, the typical usage was for VPNs for end-users to get into the internal network. For a mid-size company, that's a pretty much typical use.  The only thing out of the ordinary would be the SIEM for all the network information, all the metadata, that is cloud-based. We had to create a tunnel to it so that the collector, being in the cloud, would be able to access the internal information.

    How has it helped my organization?

    It performs the functions it needs to perform and it's been reliable. It didn't need to be modified and we didn't have problems where things would just crop up. After months configured it's been rock solid, which is good. That's why I haven't touched it in a year and a half.

    What is most valuable?

    I liked its general capabilities. Its cloud management is very good. I did like the ability to back up the configuration into the cloud, as opposed to having to store the configurations or just downloading them, the backups, to local devices.  When you want to back up the configuration you can download it as a local file and save it to the cloud.    That flexibility was very useful.  The product had a fairly good user interface. It was well thought out and the controls seem to be in a logical hierarchy. I was able to find stuff without having to configure things. There was just a logical breakdown of how to find things.

    What needs improvement?

    There were a few cases where I had to use the command line interface on it. Now they do have the ability to pop up a command line, which is nice, however, the fact that you can't do everything within the GUI is probably a problem. There's a thing I have for most products that have started out in the command line and have added GUI, and the GUI is always somewhat behind in capability. If you have a product you should be able to control the entire product through your user interface. You shouldn't have to drop back into backend command line commands in order to tweak something. There's a couple of cases where we had to do that when we were trying to set up one of the tunnels in particular. We were talking to Check Point or some other company. You've got two different manufacturers with a sort of standard for tunneling with all kinds of encryption methods and stuff like that. You have all these options, and, in order to get the right one, we couldn't discern it from the logs that we were viewing with the user interface. We had to drop down to the command line in order to do that. I would have thought that there should be enough information options made visible in what you can just do from the user interface.
    Buyer's Guide
    Fortinet FortiGate-VM
    June 2022
    Learn what your peers think about Fortinet FortiGate-VM. Get advice and tips from experienced pros sharing their opinions. Updated: June 2022.
    608,010 professionals have used our research since 2012.

    For how long have I used the solution?

    I have been dealing with the solution for three years or so. However, the last time I used it was within the last 12 months or so. The company was restructuring their office due to COVID, and so we had to go in and make changes and set up different connections, That's the last time I was actually in it.

    What do I think about the stability of the solution?

    The stability is rock solid. It's a very good solution. I haven't had to touch it for a year. The last thing I did was a firmware upgrade. That was a year ago, and they haven't requested any more work on that now. It's still operational and solid. There have been no complaints really on it.

    What do I think about the scalability of the solution?

    The product was sized for what the client was doing. I can't really say one way, or the other, whether it's more or less scalable than other solutions. I know we could do things to it - that we didn't do - to increase its capability. However, it didn't need to be done and they didn't have the budget for adding anything to it. It's hard to say. I can't really speak to the scalability of it.

    How are customer service and support?

    Technical support has been great. They really helped us when we had issues with some early problems during setup. It ties to the device, so it's pretty easy to see whether or not you have support, however, it was not difficult to get in touch with them. You get someone with knowledge right away. You don't have to go through a filter of people asking you "Is it plugged in?"

    Which solution did I use previously and why did I switch?

    I'm actually reselling a managed service of SonicWall. It's not completely hands-on. Now all I do is get reports from it and I can look at the dashboard, however, I don't actually have to configure it. I've also resold Barracuda.

    How was the initial setup?

    The initial setup was straightforward. It got complex when we started adding in requirements for tunneling et cetera. The implementation involved VPNs and the general configuration of the firewall. Then they added in these other requirements that it needed to connect to AWS. First, it was to their remote hosted environment. Then, subsequently, to the AWS environment as well. It grew over time. Over the course of a year, we spent a lot of time on it. I'd rate the initial setup experience at a four out of five. Most of the stuff went pretty well. We had one issue and we had to drop down into it. However, their support was very good. We were able to contact support, and they were able to stay online and walk us through that problem, so without any issues. They didn't balk at it. We didn't have to beg them to help us. Some support you get in there and have to say, "I'm sorry, yes I've done all those things. Get me to the next level."They had good quality support. In terms of deployment, it was there when I got there. They had purchased it out of the box and they hadn't configured it. For six months it just sat there. We had it up and running within a month of me getting there. Then over time, we added more and more requirements to it. It didn't take very long to figure out what they wanted to do with it and get it set up. The actual configuration was very quick. It was just the planning beforehand that took time. Besides myself, there were about four other people in the IT department working on the product. However, really, only one person is responsible for the gateways.

    What was our ROI?

    The ROI that they were looking for was an improvement in security for the whole company. It was one of those evolving things, that as new security deployments come up some of them get implemented within the firewall and others are implemented structurally or in other ways. It was able to help them meet their security goals. That was probably the biggest value that they were looking for. It also did not impede their normal operating procedure.

    What's my experience with pricing, setup cost, and licensing?

    The licensing costs are in line with everyone else. It all seems expensive when you're talking about firewalls, however, they're all the same. It's likely in the middle of the pack. There are costs involved with FortiTokens. Everyone has different ways of controlling VPN access, however, with the FortiTokens you get a certain amount with the device, and then you have to buy more as you add them on. They're not costly. However, it's something you have to buy in batches, so if you've got 40 people you're going to buy a bunch of FortiTokens, and each token is an encryption key so that you can have your little app that's multifactor. They charge for that. Everyone else, in terms of competition, charges for that too.

    Which other solutions did I evaluate?

    I can't speak to if the client evaluated another solution prior to choosing this.

    What other advice do I have?

    I primarily work as a consultant.  The solution's deployment was on-premises, however, there were VPNs set up for remote access, VPNs set up for site-to-site, and VPNs set up for cloud-based SIEM. As with any solution, you need to size it. You need to plan what you're going to do and what your expectations are with it before you choose the pure model. After that, proper planning is needed before you try to deploy it so you don't have to back stuff out. I'd rate the solution at an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Richard Domikis - PeerSpot reviewer
    Chief Technology Officer at cornerstone defense
    Real User
    Top 5
    Slightly unstable, needs a better user interface, and lacks good monitoring capabilities
    Pros and Cons
    • "It's a relatively simple product that is easy to use. It's not overly complex."
    • "The product does not have a good graphical interface."

    What is our primary use case?

    We primarily use the solution for checking a 250-person defense contracting company with multiple locations.

    How has it helped my organization?

    It's improved our operations by not being overly problematic.

    What is most valuable?

    The solution seems to be very reliable. 

    It's a relatively simple product that is easy to use. It's not overly complex.

    The initial setup is fairly straightforward.

    What needs improvement?

    The product does not have a good graphical interface. Their patches and their upgrades are not always compatible with configuration. That means that often you find after you upgrade that there was something else you have to do to the rest of the infrastructure, whether it's a printer or a user or whatever. It doesn't appear to me that their upgrades are well tested. They usually do what they're supposed to do, however, they also usually do some other things that FortiGate doesn't seem to be aware of.

    It doesn't maintain legacy capabilities very well.

    The stability of the solution isn't ideal.

    They don't seem capable of supporting their own product.

    The solution needs a better user interface and more intelligent services like spam blocking and auto whitelisting, gray listing, blacklisting, et cetera. It just basically needs better user monitoring.

    For how long have I used the solution?

    I've been using the solution for about four years at this point. It's been a while now.

    What do I think about the stability of the solution?

    While I wouldn't describe the solution as unstable, there are definitely hiccups. I expect firewalls to be really efficient and very stable and I would say they're only sort of stable. I don't expect to have to figure out how to create a scan-to-email solution every time I upgrade my firewall, for instance.

    Of course, they'll blame it on the vendor of the printer and say now how they're not following the standard or something, however, it was working with their product previously and the printer wasn't the item that changed. Their product gets a patch and it no longer works and you're like, "Well, I like your theory, but I don't exactly accept it." I don't think they have the features that a Palo Alto has, let's say.

    What do I think about the scalability of the solution?

    The solution seems to be scalable. For our purposes, it scales well.

    We have about 250 users on the solution currently.

    How are customer service and technical support?

    Technical support isn't that great. On a scale from one to ten, they're a five at best. A couple of times where we had a problem, they couldn't solve the problem. We researched the problem on our own, unfortunately, via Google, and we found the solution and the solution was actually written by one of their techs and they didn't even know it.

    How was the initial setup?

    The initial setup is not too difficult. It's not overly complex. I'd describe it as pretty straightforward. A company shouldn't have any issues with implementation.

    For deployment, we did one site and then the other site and it took probably two weeks to deploy it, with maybe 30 days to get it fully configured. Then, once we had one site deployed, configured, and functional, we implemented a copy of that to the other site. We followed this pattern for each of our locations.

    In terms of maintenance, it's hard to quantify what you need for the firewall. The firewalls are relatively low in terms of required maintenance. We have one IT administrator that may be a day a month has duties that are firewall-related. It varies, however, it's not significant work to maintain the firewall.

    What about the implementation team?

    We did not need the assistance of an integrator or consultant. We were able to handle it ourselves.

    What was our ROI?

    We haven't really seen an ROI. It does what it's supposed to do, however, I'm not sure that it makes my job easier. It's kind of a sunk cost. It's one of the frustrations I have. I would expect it to be smarter and capable of doing things that it really doesn't do.

    What's my experience with pricing, setup cost, and licensing?

    We pay a yearly licensing fee. It's probably a couple of thousand dollars per firewall.

    On top of that, if you maintain a hardware warranty, so that you own the devices, you still maintain a warranty on them. There's sort-of a service contract, or you can go at risk. I don't know where we are in that. I'd have to go look, but I know at one point in time we talked about again, if we're going to be doing a tech exchange, maybe we don't want to maintain the warranties on them anymore.

    The competitors actually have lower prices for more functionality. On the higher side, if you go with Cisco, it's more expensive, however, it's obviously more functional. A Palo Alto is probably a better solution than a FortiGate.

    Which other solutions did I evaluate?

    We're currently looking for alternatives to this solution.

    We're looking at alternatives. However, the deficiencies that they have are not significant enough that I would like to immediately leave them, however, they're big enough that I'm looking for alternatives. 

    When I come to end the life and I do a tech refresh, if we're not going to go 100% virtual, which is certainly another consideration, I am going to look at an alternate product. I'm not sure we're going to go away from them with a timeline right now, however, I'm certainly looking at it.

    We don't yet have a shortlist, however, we'll likely look at the top big names in the market.

    What other advice do I have?

    We're an end-user and a customer.

    We have a plug-in with the subscription. We use the current version on their 100Es.

    In general, I would advise other users that they need to look at whether they're going to go physical or virtual. I'd advise once they decide that to then look at the maybe lesser known next-generation firewalls that have functionality. The folks that are going to be operating the tool need to look at the user interface to make sure that that it is easy to use. Most users at an enterprise don't even know the firewall's there, let alone what it is, so they're not unique. I think all of the firewalls are pretty decent at not impacting users. The differentiator is which ones are easy to set up, which ones are easy to configure and use and how good they are at reporting.

    The other thing I would say is, look at whether or not they integrate into your overall IT management, whether you're using ServiceNow or what you're using for IT management. How do the firewalls integrate with that or not? It's important.

    I'd rate the solution at a four out of ten. It does base functions and it's doing that at a pretty high price.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Buyer's Guide
    Fortinet FortiGate-VM
    June 2022
    Learn what your peers think about Fortinet FortiGate-VM. Get advice and tips from experienced pros sharing their opinions. Updated: June 2022.
    608,010 professionals have used our research since 2012.
    Senior Security Engineer at a energy/utilities company with 1,001-5,000 employees
    Real User
    Very intuitive with a clean interface and good stability
    Pros and Cons
    • "It's very easy to set up, even for more junior developers."
    • "Their offering for MFA isn't the cleanest."

    What is our primary use case?

    The use case for VMs is if you're going to deploy them like a SaaS edge, to protect your applications or provide deeper visibility into the traffic. Or you could use it in your data centers as well. However, that's not our preference.

    We primarily use the solution for network segmentation at our data centers and remote connectivity to our distributed sites.

    How has it helped my organization?

    We were able to take advantage of their management tool, FortiManager, to get a single pane of glass. FortiManager and FortiAnalyzer do not have a single panel glass. Rather, they are two panes of glasses to manage and monitor the firewalls where previously we were using Cisco. I don't want to call them legacy firewalls, however, with Cisco firewalls, we didn't have that management or logging visibility.

    What is most valuable?

    The product has pretty good logging and reporting capabilities native to the firewall. Then they also use FortiAnalyzer to aggregate that traffic and provide more detailed and aggregated reporting. That's going to help when you're analyzing network traffic for network segmentation initiatives.

    The stability is excellent.

    It's very easy to set up, even for more junior developers.

    The scalability has improved. 

    It's got a clean interface and it's very intuitive. Everything is easy to navigate.

    What needs improvement?

    Their offering for MFA isn't the cleanest. They have a product called FortiAuthenticator. It's not a FortiGate but that is one of their MFA offerings. However, other products that I've used, like Duo, are better from a user experience standpoint. They are easier to configure. 

    For how long have I used the solution?

    I've been using the solution for ten years. It's been a while. 

    What do I think about the stability of the solution?

    Six or seven years ago, they had issues with code versions where they would make changes within the code version and they would have some bugs. That said, over the last six or so years, their releases have been very stable. We've had very few issues with any type of bugs or issues.

    What do I think about the scalability of the solution?

    Scalability has gotten better with their SD-WAN offering. They're able to utilize inexpensive lines such as 4G, 5G, or DSL. It has allowed us to move away from expensive MPLS lines.

    Historically, conventional or Next-Gen firewalls have been utilized at data centers and remote sites. Now, however, a lot of customers are moving towards Zero-Trust access and SASE. I'm currently looking to get a little bit more information on Zero-Trust architecture, as it reduces the overall management and need for physical firewalls in all your locations, which can get expensive.

    Which solution did I use previously and why did I switch?

    We also use the Cisco ASA firewalls. I do find that Fortinet is easier to handle than Cisco as you don't need to handle tasks via the command line, which makes it easier especially for junior-level developers.

    How was the initial setup?

    The initial setup is very straightforward. I started out in the Cisco world with Cisco firewalls and switches. Then we started deploying FortiGate and I found that FortiGate was easier to learn, especially for junior-level engineers. We were able to get junior-level engineers up to speed quicker than if it was a Cisco platform, especially if they haven't used the command line before.

    Deployment usually takes a day, depending on the complexity of the firewall. It might be a day to two, depends on if we are using multiple IPSec tunnels if it's at a data center or a remote site. 

    In terms of deployment and maintenance, in my experience, by a rough order of magnitude, a company would need one technician per 30 firewalls. For our company, we had a team of three network engineers and we had a fleet of about 120 firewalls.

    What about the implementation team?

    I handed the implementation myself with my team. We didn't need any integrators or consultants.

    What's my experience with pricing, setup cost, and licensing?

    For our entire fleet of 120 firewalls, we're paying about $100,000 per year. The licensing fees give you support and the capability to download updated definitions of threat intelligence from Fortinet.

    What other advice do I have?

    I was previously a customer. now I am a reseller and Fortinet partner.

    We primarily use hardware-based appliances, including the 100 D/E series, 100F, 190 D/E's, ADCs, 600 E's. They are similar to VMs.

    We're using the most recent code level at this time. We're one version behind the latest version. We tend to use one version behind the most recent for safety reasons so that we can avoid troublesome bugs or glitches.

    Anyone looking to deploy Next-Gen firewalls, in general, should really define their use cases to be able to decide on the proper technology to deploy within the environment. If you're looking to deploy Next-Gen firewalls at all your locations and create point-to-point VPN tunnels, they can get cumbersome and difficult to manage policies. It is also difficult to do network segmentation. With some of the Zero-Trust offerings, you're able to actually move your clients outside of your corporate perimeter, and then isolate those applications based on the user per application, instead of requiring them to dial back via traditional VPN to your data centers, which sometimes isn't the best user experience for your end-users.

    I'd rate the solution at an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Abdul  Faheem - PeerSpot reviewer
    Sr. Project Consultant (IFS-Complex MRO Process) at a aerospace/defense firm with 201-500 employees
    Real User
    Top 10
    Good monitoring and competitive pricing but needs integration with the exchange
    Pros and Cons
    • "We are able to closely monitor the usages of individual users and see their usage habits and other items, including the data itself, which gives us quite a bit of visibility."
    • "The one thing that could be improved is the integration with the exchange. The gateway level controls can be enhanced a bit more. For example, it's still little here and there. You do get malicious attacks and suspicious emails like spam. It's not like Sophos where we got a lot of spam email, and yet, it's still relatively vulnerable. It can be upgraded, maybe with a fifth-generation firmware that it is ready for unknown threats."

    What is our primary use case?

    The solution is mainly used for remote connectivity and endpoint and gateway network security.

    What is most valuable?

    The most valuable aspect of the solution is the V-Scanner which is the monitoring software. That's something that I love. 

    We are able to closely monitor the usages of individual users and see their usage habits and other items, including the data itself, which gives us quite a bit of visibility.

    What needs improvement?

    I think one thing we couldn't find in the software console was all of our logs. In the logs themselves, for example, we couldn't find if a user was accessing all of the VPN. We don't get to know or we don't have a report that shows on what date or for how long and from what time he user has logged on. We don't have that particular feature or that kind of visibility. That could be improved. Reporting, therefore, in general, could be improved.

    The one thing that could be improved is the integration with the exchange. The gateway level controls can be enhanced a bit more. For example, it's still little here and there. You do get malicious attacks and suspicious emails like spam. It's not like Sophos where we got a lot of spam email, and yet, it's still relatively vulnerable. It can be upgraded, maybe with a fifth-generation firmware that it is ready for unknown threats. 

    Especially after this pandemic situation, it requires a little more enhancement. For an SME level organization, it's okay, but when it comes to corporate and banking enterprises it still requires a lot of enhancement. Comparing it to Palo Alto, for example, it's still very behind the curve.

    For how long have I used the solution?

    We've been using the solution for two years.

    What do I think about the stability of the solution?

    The solution is very stable. It's reliable, for the most part.

    It's stable, comparatively, to the fifth generation UDL appliances or other software that is available in the market. It's quite stable for the integration. It still requires more of a formal enhancement for speedy patches and speedy updates.

    What do I think about the scalability of the solution?

    The solution has a moderate amount of scalability potential. I wouldn't say it's the best, however, it is possible to scale it if you need to.

    We have about 25-30 people on the VM currently.

    How are customer service and technical support?

    We've never had to contact Fortigate's technical support, so I can't speak to their quality of service. If we have any issues on the solution, we tend to handle the problem internally.

    Which solution did I use previously and why did I switch?

    We used to have Sophos and we shifted to Fortinet about two years ago.

    The integration of the active directory with Sophos was not up to spec. We decided to drop it and instead went ahead with Fortinet.

    How was the initial setup?

    The initial setup was a bit difficult. It's not perfectly straightforward. This may have been due to the fact that we were using ISA, which is pretty determined, and we had to migrate from ISA to Sophos and from Sophos to Fortinet. It was a little difficult, but not that complex.

    For us, the implementation took about two weeks.

    Each quarter we have a managed service contract with the integrator and they do any preventative maintenance every quarter. We have four visits in a year that we have agreed upon. Every quarter they come to us and they do some penetration testing and see the usability features and give us a report.

    What about the implementation team?

    We outsourced the implementation to an integrator that handled the setup for us. They also handle quarterly maintenance for us.

    What's my experience with pricing, setup cost, and licensing?

    The pricing of the solution is moderate. It's competitive, although I wouldn't consider it a cheap solution per se.

    Aside from the licensing, there are some add-ons that need to be added that we personally haven't added. There are features such as content filtering, etc., that we haven't opted for. However, users can add them on if they need to for an additional cost.

    What other advice do I have?

    We're just customers. We don't have a professional relationship with the organization. We're using the latest version of the solution.

    I have learned that they have some internal resources available. However, those who are not trained and certified should not be experimenting with it. 

    I'd advise other organizations that, if they don't have a proper administrator who can monitor and maintain their appliance, it's better they if don't implement it. It's not like somebody who has a background of software can handle Fortinet. They need to be properly trained and knowledgable.

    I'd rate the solution seven out of ten overall.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    ThendoNdzimeni - PeerSpot reviewer
    Network Administrator Team Lead at a financial services firm with 51-200 employees
    Real User
    Top 20
    A full-featured virtual appliance with valuable monitoring and visibility features
    Pros and Cons
    • "I like the visibility and monitoring features because they're easy to use to monitor traffic. Features like geo-blocking and more have AI, and we're currently using all of it. But for now, we're only using geo-blocking, and we're able to block traffic from different countries. I also like that it's highly responsive. VM04 is also very powerful."
    • "It would be better if it could provide you with options before completely blocking anything through the web filter. If you are doing a deep SSL inspection on the site if it says it's expired, it doesn't give you the option to continue at your own risk. I can't say that it's bad, but SSL internally isn't really a requirement. However, its security features can help. Right now, we have people going out and spending on purchasing the SSL certificates for internal sites."

    What is our primary use case?

    We use Fortinet FortiGate-VM for managing inbound and outbound internet traffic through our environment. Sometimes, we also use it for managing the site's internet outbound and routing. We also use it for IPSec on Azure. We also have an on-premises environment, and we're using it for IPSec on that environment. 

    All the routing happens through it because we're swinging all the traffic on the Azure side through a firewall which is basically the gateway. It acts as the gateway and manages outbound traffic in that environment. We have also set up the SSL VPN for users. We do have FortiGate on-premise, and we set up the SSL VPN connection for users.

    What is most valuable?

    I like the visibility and monitoring features because they're easy to use to monitor traffic. Features like geo-blocking and more have AI, and we're currently using all of it. But for now, we're only using geo-blocking, and we're able to block traffic from different countries. I also like that it's highly responsive. VM04 is also very powerful.

    What needs improvement?

    It would be better if it could provide you with options before completely blocking anything through the web filter. If you are doing a deep SSL inspection on the site if it says it's expired, it doesn't give you the option to continue at your own risk. I can't say that it's bad, but SSL internally isn't really a requirement. However, its security features can help. Right now, we have people going out and spending on purchasing the SSL certificates for internal sites. 

    What do I think about the stability of the solution?

    Fortinet FortiGate-VM is a stable and very reliable solution.

    What do I think about the scalability of the solution?

    Fortinet FortiGate-VM is a scalable solution. It's very powerful, and I've never seen that machine running out of resources. It always worked.

    How are customer service and technical support?

    Tech support is okay, but we do a lot of management by ourselves. We have a third party that we use when we do implementations, and I haven't contacted Fortinet even though I have access to it. The local support that we use costs much less. 

    Which solution did I use previously and why did I switch?

    I still remember using Check Point, and it took a long time to apply a policy. To install the policy, you had to wait for ten to 20 minutes or even 30 minutes. Fortinet FortiGate-VM instantly applies the policy on the FortiGate itself.

    How was the initial setup?

    The initial setup was difficult because we were all new when it came to the Azure environment. It was a little difficult to create space and understand that you have to have more than one interface. But once you get used to it. It's pretty straightforward.

    It's straightforward if you have all that is required when you're clearing your traffic. If you're clearing your traffic already into your internal length to communicate with the firewall range, and you have information and understand it before the implementation, it will be very seamless. It will be stress-free when you understand the environment where you're going to implement it.

    What's my experience with pricing, setup cost, and licensing?

    Our license is yearly, but we're thinking of going monthly. I think it's somewhere around 100,000 for VM04. Nowadays, everyone wants to be a hacker, so we believe in security. That's why we also have third-party people that we involve to make sure that we're secure. 

    I don't think the costs are too bad. You still want to get advice from people who worked in security for many years, so you add a third party. The third party also said they would give their share like 100K, or 200K or something like that, so I don't think it's too expensive for security. I think it just adds more trust. 

    What other advice do I have?

    I will recommend the solution. If it's a first-time deployment in Azure, they need to understand a couple of things, like the interfaces we need to create. The good thing about FortiGate is that they don't hide how their devices work. You can go to their website and get every instruction that you need at any time. It's straightforward and even has pictures showing you what you should expect. I've done a few changes for the first time, and I didn't have to stress. But you must know the infrastructure well.

    On a scale from one to ten, I would five Fortinet FortiGate-VM a ten.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Microsoft Azure
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Dhsrms Fff - PeerSpot reviewer
    Team Leader Network & Security at Rogers Capital
    Real User
    Top 10
    User friendly with good documentation and a quick deployment
    Pros and Cons
    • "The VM it's very quick for deployment. If we need to have a POC for a customer, if we don't have any hardware physically at our premises, at our store, in our office, we can download the VM from Fortinet and install all the VM to their environment in order to run it. If we have a customer that says "let's start tomorrow" we are able to do that in a way that's not possible with a hardware version."
    • "The licensing needs to be improved. We need longer licensing periods, especially for POCs and trials. It should be for six months. Right now, it's too short of a timeframe."

    What is most valuable?

    The virtual and hardware versions of the solution are mostly the same. 

    The VM it's very quick for deployment. If we need to have a POC for a customer, if we don't have any hardware physically at our premises, at our store, in our office, we can download the VM from Fortinet and install all the VM to their environment in order to run it. If we have a customer that says "let's start tomorrow" we are able to do that in a way that's not possible with a hardware version.

    Normally Fortinet is very flexible that it supports almost all environments. 

    The solution is user friendly.

    The cost of the solution is pretty fair.

    The documentation is very good.

    The SD-WAN is very good, as compared to, for example, Citrix SD-WAN which has an overall lack of security and needs to leverage other devices, like Palo Alto, to cover this.

    What needs improvement?

    The licensing needs to be improved. We need longer licensing periods, especially for POCs and trials. It should be for six months. Right now, it's too short of a timeframe. 

    Overall as I say, the features-wise and performance-wise the VM and hardware versions are the same. The main difference is that the hardware-based option ins is more powerful compared to the VM version. 

    Their technical support is not helpful and I try to avoid using it.

    For how long have I used the solution?

    I've been using the solution for ten years. It's been a decade now.

    What do I think about the stability of the solution?

    We do occasionally get bugs on the solution, and when that happens, we do need to go to technical support to get the issue resolved.

    What do I think about the scalability of the solution?

    Let's say tomorrow we want to upgrade in terms of memory, in terms of processor. If we are VM  based we are using files and by default, we have some spec which is set to the VM. If tomorrow we need more capacity for this logging, we can just upgrade it. We take an analyzer like G1 or G5 and we upload the license, and it will upgrade automatically. 

    It's so much easier as compared to hardware, due to the fact that, with hardware, you need to change everything completely. 

    We have nine people on our team working with the solution regularly.

    How are customer service and technical support?

    The support for Fortinet is not very good, and so I tend not to contact them if I can avoid it. They are not good in their general response time. Some team members are quite technical, however, that's not everyone, and you aren't guaranteed to get someone who knows what they are talking about. Sometimes their answers are irrelevant as if they aren't even replying to your actual questions. Other times they tell you what you need is not possible.   

    Fortinet has forums for users, and if you go there, you'll see that there are a lot of others saying they are unhappy with support as well. While I'm a big fan of Fortinet, I do not like their support.

    We only really use it now if we have an issue with a bug and there's no workaround except to go right to them. Otherwise, we don't contact them.

    What's my experience with pricing, setup cost, and licensing?

    The cost of the solution is good.

    What other advice do I have?

    Normally I don't really push a virtual appliance. Some customers may be interested in a virtual appliance for scalability. For most of our customers, we are pushing hardware-based solutions and not a virtual appliance.

    For example, if we have a customer that has a private data center in Mauritius and wants to have a hybrid solution, let's say to interconnect on the public cloud, and they want to do SD-WAN to secure it from the public to its current on-premises data center, normally we will go with the virtual appliance on the public side. 

    I would recommend Fortinet's hardware 100% of the time, especially in comparison to Palo Alto. With the VM, it's a harder question to answer. A better question would be: what do you will prefer for a next-generation firewall? Do you prefer Fortinet? Do you recommend Fortinet or Cisco or Palo Alto? I would say personally I always recommend Fortinet. I will continue to due to the fact that the cost and the integration, and the general user-friendliness, are all impressive.

    I'd rate the solution eight out of ten. I'd rate it higher if it had a longer trial, better licensing, and stronger technical support. There are still places for improvement in the solution.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Lead Cybersecurity Analyst at a consultancy with 5,001-10,000 employees
    Real User
    Top 20
    Very stable, great user interface, and can scale well
    Pros and Cons
    • "The user interface is the most valuable aspect of the solution."
    • "The solution is fairly complex."

    What is our primary use case?

    The client wants to use the solution for a mix of things, however, I can't recall exactly what they are at this time.

    What is most valuable?

    The user interface is the most valuable aspect of the solution.

    What needs improvement?

    It's important that, over time, the solution just keeps up with additional features. There's nothing specific that comes to mind, however, it's important for Fortinet to stay as much on the edge as possible, as far as keeping up with what's out there.

    The solution is fairly complex.

    For how long have I used the solution?

    I've probably been using the solution for three or four years at this point, although I'm not exactly sure.

    What do I think about the stability of the solution?

    We don't really need to worry about stability. Most of the time, what we were running into is just trying of get the client familiar enough with the solution, so that way they can deal with it going forward on their own. There's a little bit of training going on at the outset.

    What do I think about the scalability of the solution?

    That's primarily why we steer clients in the direction of Fortinet. With this solution, clients have the potential to grow in the near future. It's just one of those items that we wanted to make sure they had. It's something that is robust enough to be able to handle growing. It's somewhat robust without breaking the bank, initially. 

    Our organization doesn't use the solution ourselves, so we don't have a large number of users on the solution. Out of 160 people, maybe a third use it here. It's different, of course, with clients, who use it more extensively.

    How are customer service and technical support?

    We've never had any technical issues on the solution and have never had to reach out to technical support. However, I've heard that they are quite helpful. I just can't personally speak to the quality or responsiveness of their services.

    For those trying to troubleshoot on their own, the solution doesn't really need or have tutorials, however, you can find so much information online, it's not necessary. It would be nice it newly released features had a bit more information. It doesn't happen often, so it's not too big of an issue.

    Which solution did I use previously and why did I switch?

    We previously worked with a lot of open source products.

    How was the initial setup?

    The solution's initial set up was pretty complex. There were a lot of on-site VPN connections to set up, so we went through a lot of additional setup for the clients.

    The deployment was pretty quicksand was probably completed in just a couple of days.

    What about the implementation team?

    We didn't need a consultant or integrator. We handled the implementation ourselves.

    What's my experience with pricing, setup cost, and licensing?

    Since we don't primarily work with the solution, I'm not sure what the licensing costs are.

    What other advice do I have?

    We aren't really a customer or reseller, however, we do occasionally recommend the solution to clients from time to time.

    The entity I was recently researching for was looking basically to replace some existing solutions. That was the reason why they were asking me to help them do some research. I, on a normal basis, don't do that much with it anymore. However, because I have access, I've been helping them.

    I'm not using the latest version. I may be using the one before that, although I don't know the exact version number.

    I would warn other organizations that there are some places where some people run into some roadblocks, and they're not sure what to do. My experience in the past has always been that, at least, the support is actually really good. Therefore, if they're running into a situation that they're not sure about, it's probably better to call and seek professional help, as opposed to trying to force it, because it can get confusing really quick.

    I'd rate the solution eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Solutions Architect at a computer software company with 5,001-10,000 employees
    Real User
    Top 5
    Integrates well, provides centralized reporting, good support and has a firewall for security
    Pros and Cons
    • "The most valuable features of this solution are the integration within the environment, with centralized reporting."
    • "Compatibility and integration with other products or vendors such as Cisco SD-WAN products need improvement."

    What is our primary use case?

    We are service providers, and we provide managed services to external customers.

    The primary use case of this solution is for firewalling, web applications, and proxying.

    We use all of the UTM (Unified Threat Management) features that come with this product.

    What is most valuable?

    The most valuable features of this solution are the integration within the environment, with centralized reporting. 

    One analyzer and the different devices feeding into that environment. 

    The firmware is always up-to-date.

    What needs improvement?

    Compatibility and integration with other products or vendors such as Cisco SD-WAN products need improvement.

    The multi-tenancy environment for multiple customers, to make it more secure, needs some improvement.

    When you buy a bigger box, you should have the ability to slice and dice data. It should also have the ability to give customers either read and write or more privileged access to that environment. Specifically, to the environment that doesn't overflow into the other parts that have been sliced up.

    I would like to see a type of portal for on-site deployment, where they can report into a cloud portal and have a high-level view of utilization. Basic indicators on the performance of the environment, including health status, should be displayed.

    For how long have I used the solution?

    I have been using this solution for approximately six years.

    What do I think about the stability of the solution?

    We are completely satisfied with the stability of this solution.

    What do I think about the scalability of the solution?

    Because we're sitting on a multi-tenant type of setup the scalability will depend on the customer's ability to upgrade.

    Externally we have several customers that range from government to enterprise clients that use the product and we manage the backend. 

    The number of users can range from a site that has 100 users to a site that has 2,000 to 3,000 users.

    With the multi-tenant environment, we are able to use resources from multiple accounts. 

    We run a 24/7 operation with various requirements, and have a team of 15 to 20 to maintain this solution.

    We have plans to increase the usage as the requirement increases for more secure environments with more advanced features or other features within the security space. We would go from a standard firewall to maybe a web application firewall, or to authentication with the two-factor type of services.

    How are customer service and technical support?

    Technical support is good. We work through a distributor and it's just a matter of a phone call to explain what needs to be done or a feature that we need to enable, and within an hour or two they come back to explain what has to be done.

    They also give advice going forward with what to deploy.

    How was the initial setup?

    The initial setup is fairly straightforward.

    The implementation varies from being complex to being straightforward. It can take two to three weeks to implement with some tweaking afterward.

    What about the implementation team?

    Part of the implementations comes with professional services from Fortinet themselves. In most cases, if it's a new version or a new deployment, we typically get the implementation services from a service provider rather than the vendor.

    What's my experience with pricing, setup cost, and licensing?

    We have clients with three-year licensing and others with five. 

    It's not a cheap solution but it comes with its benefits.

    It's all bundled. When we purchase this product, it is bundled with a support license for that period.

    What other advice do I have?

    With our clients, there is a range of Fortinet FortiGate versions, anything from FortiGate 60E to FortiGate 3700D. 

    Management connects to a FortiAnalyzer, and we have application firewalls as well.

    We have a centralized data center where we have a combination of customers with on-premises equipment. This includes small devices to secure the customer's environment, and larger devices at the data center, specifically for our customers.

    We try to build our services around Fortinet products.

    We prefer to work with Fortinet products based on what we have learned from the Gartner Magic Quadrant, and I recommend them.

    I would rate this solution a nine out of ten.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Buyer's Guide
    Download our free Fortinet FortiGate-VM Report and get advice and tips from experienced pros sharing their opinions.
    Updated: June 2022
    Product Categories
    Firewalls
    Buyer's Guide
    Download our free Fortinet FortiGate-VM Report and get advice and tips from experienced pros sharing their opinions.