Coming October 25: PeerSpot Awards will be announced! Learn more

Fortinet FortiGate-VM OverviewUNIXBusinessApplication

Fortinet FortiGate-VM is #10 ranked solution in best firewalls. PeerSpot users give Fortinet FortiGate-VM an average rating of 8.4 out of 10. Fortinet FortiGate-VM is most commonly compared to Azure Firewall: Fortinet FortiGate-VM vs Azure Firewall. Fortinet FortiGate-VM is popular among the large enterprise segment, accounting for 52% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 27% of all views.
Fortinet FortiGate-VM Buyer's Guide

Download the Fortinet FortiGate-VM Buyer's Guide including reviews and more. Updated: September 2022

What is Fortinet FortiGate-VM?

FortiGate Virtual Appliances allow you to mitigate blind spots by implementing critical security controls within your virtual infrastructure. They also allow you to rapidly provision security infrastructure whenever and wherever it is needed. FortiGate virtual appliances feature all of the security and networking services common to traditional hardware-based FortiGate appliances. With the addition of virtual appliances from Fortinet, you can deploy a mix of hardware and virtual appliances, operating together and managed from a common centralized management platform.

Fortinet FortiGate-VM was previously known as FortiGate Virtual Appliance, FortiGate-VM.

Fortinet FortiGate-VM Customers

Security7 Networks, COOPENAE

Fortinet FortiGate-VM Video

Fortinet FortiGate-VM Pricing Advice

What users are saying about Fortinet FortiGate-VM pricing:
  • "Our license is yearly, but we're thinking of going monthly. I think it's somewhere around 100,000 for VM04. Nowadays, everyone wants to be a hacker, so we believe in security. That's why we also have third-party people that we involve to make sure that we're secure. I don't think the costs are too bad. You still want to get advice from people who worked in security for many years, so you add a third party. The third party also said they would give their share like 100K, or 200K or something like that, so I don't think it's too expensive for security. I think it just adds more trust."
  • "There is no additional cost. Once you get the licensing fee, you're good."
  • Fortinet FortiGate-VM Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Peter Salerno - PeerSpot reviewer
    Owner / Principal Consultant at Stratus Concept LLC
    Consultant
    Flexible with good cloud management and a straightforward user interface
    Pros and Cons
    • "I did like the ability to back up the configuration into the cloud, as opposed to having to store the configurations or just downloading them, the backups, to local devices."
    • "Now they do have the ability to pop up a command line, which is nice, however, the fact that you can't do everything within the GUI is probably a problem."

    What is our primary use case?

    The use case was a bit more complex than other clients, however, the typical usage was for VPNs for end-users to get into the internal network. For a mid-size company, that's a pretty much typical use. 

    The only thing out of the ordinary would be the SIEM for all the network information, all the metadata, that is cloud-based. We had to create a tunnel to it so that the collector, being in the cloud, would be able to access the internal information.

    How has it helped my organization?

    It performs the functions it needs to perform and it's been reliable. It didn't need to be modified and we didn't have problems where things would just crop up. After months configured it's been rock solid, which is good. That's why I haven't touched it in a year and a half.

    What is most valuable?

    I liked its general capabilities.

    Its cloud management is very good.

    I did like the ability to back up the configuration into the cloud, as opposed to having to store the configurations or just downloading them, the backups, to local devices.  When you want to back up the configuration you can download it as a local file and save it to the cloud.   

    That flexibility was very useful. 

    The product had a fairly good user interface. It was well thought out and the controls seem to be in a logical hierarchy. I was able to find stuff without having to configure things. There was just a logical breakdown of how to find things.

    What needs improvement?

    There were a few cases where I had to use the command line interface on it. Now they do have the ability to pop up a command line, which is nice, however, the fact that you can't do everything within the GUI is probably a problem. There's a thing I have for most products that have started out in the command line and have added GUI, and the GUI is always somewhat behind in capability.

    If you have a product you should be able to control the entire product through your user interface. You shouldn't have to drop back into backend command line commands in order to tweak something. There's a couple of cases where we had to do that when we were trying to set up one of the tunnels in particular. We were talking to Check Point or some other company. You've got two different manufacturers with a sort of standard for tunneling with all kinds of encryption methods and stuff like that. You have all these options, and, in order to get the right one, we couldn't discern it from the logs that we were viewing with the user interface. We had to drop down to the command line in order to do that. I would have thought that there should be enough information options made visible in what you can just do from the user interface.

    Buyer's Guide
    Fortinet FortiGate-VM
    September 2022
    Learn what your peers think about Fortinet FortiGate-VM. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
    633,184 professionals have used our research since 2012.

    For how long have I used the solution?

    I have been dealing with the solution for three years or so. However, the last time I used it was within the last 12 months or so. The company was restructuring their office due to COVID, and so we had to go in and make changes and set up different connections, That's the last time I was actually in it.

    What do I think about the stability of the solution?

    The stability is rock solid. It's a very good solution. I haven't had to touch it for a year. The last thing I did was a firmware upgrade. That was a year ago, and they haven't requested any more work on that now. It's still operational and solid. There have been no complaints really on it.

    What do I think about the scalability of the solution?

    The product was sized for what the client was doing. I can't really say one way, or the other, whether it's more or less scalable than other solutions. I know we could do things to it - that we didn't do - to increase its capability. However, it didn't need to be done and they didn't have the budget for adding anything to it. It's hard to say. I can't really speak to the scalability of it.

    How are customer service and support?

    Technical support has been great. They really helped us when we had issues with some early problems during setup.

    It ties to the device, so it's pretty easy to see whether or not you have support, however, it was not difficult to get in touch with them. You get someone with knowledge right away. You don't have to go through a filter of people asking you "Is it plugged in?"

    Which solution did I use previously and why did I switch?

    I'm actually reselling a managed service of SonicWall. It's not completely hands-on. Now all I do is get reports from it and I can look at the dashboard, however, I don't actually have to configure it.

    I've also resold Barracuda.

    How was the initial setup?

    The initial setup was straightforward. It got complex when we started adding in requirements for tunneling et cetera. The implementation involved VPNs and the general configuration of the firewall. Then they added in these other requirements that it needed to connect to AWS. First, it was to their remote hosted environment. Then, subsequently, to the AWS environment as well. It grew over time. Over the course of a year, we spent a lot of time on it.

    I'd rate the initial setup experience at a four out of five. Most of the stuff went pretty well. We had one issue and we had to drop down into it. However, their support was very good. We were able to contact support, and they were able to stay online and walk us through that problem, so without any issues. They didn't balk at it. We didn't have to beg them to help us. Some support you get in there and have to say, "I'm sorry, yes I've done all those things. Get me to the next level."

    They had good quality support.

    In terms of deployment, it was there when I got there. They had purchased it out of the box and they hadn't configured it. For six months it just sat there. We had it up and running within a month of me getting there. Then over time, we added more and more requirements to it. It didn't take very long to figure out what they wanted to do with it and get it set up. The actual configuration was very quick. It was just the planning beforehand that took time.

    Besides myself, there were about four other people in the IT department working on the product. However, really, only one person is responsible for the gateways.

    What was our ROI?

    The ROI that they were looking for was an improvement in security for the whole company. It was one of those evolving things, that as new security deployments come up some of them get implemented within the firewall and others are implemented structurally or in other ways. It was able to help them meet their security goals. That was probably the biggest value that they were looking for. It also did not impede their normal operating procedure.

    What's my experience with pricing, setup cost, and licensing?

    The licensing costs are in line with everyone else. It all seems expensive when you're talking about firewalls, however, they're all the same. It's likely in the middle of the pack.

    There are costs involved with FortiTokens. Everyone has different ways of controlling VPN access, however, with the FortiTokens you get a certain amount with the device, and then you have to buy more as you add them on. They're not costly.

    However, it's something you have to buy in batches, so if you've got 40 people you're going to buy a bunch of FortiTokens, and each token is an encryption key so that you can have your little app that's multifactor. They charge for that. Everyone else, in terms of competition, charges for that too.

    Which other solutions did I evaluate?

    I can't speak to if the client evaluated another solution prior to choosing this.

    What other advice do I have?

    I primarily work as a consultant. 

    The solution's deployment was on-premises, however, there were VPNs set up for remote access, VPNs set up for site-to-site, and VPNs set up for cloud-based SIEM.

    As with any solution, you need to size it. You need to plan what you're going to do and what your expectations are with it before you choose the pure model. After that, proper planning is needed before you try to deploy it so you don't have to back stuff out.

    I'd rate the solution at an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Richard Domikis - PeerSpot reviewer
    Chief Technology Officer at cornerstone defense
    Real User
    Top 5
    Slightly unstable, needs a better user interface, and lacks good monitoring capabilities
    Pros and Cons
    • "It's a relatively simple product that is easy to use. It's not overly complex."
    • "The product does not have a good graphical interface."

    What is our primary use case?

    We primarily use the solution for checking a 250-person defense contracting company with multiple locations.

    How has it helped my organization?

    It's improved our operations by not being overly problematic.

    What is most valuable?

    The solution seems to be very reliable. 

    It's a relatively simple product that is easy to use. It's not overly complex.

    The initial setup is fairly straightforward.

    What needs improvement?

    The product does not have a good graphical interface. Their patches and their upgrades are not always compatible with configuration. That means that often you find after you upgrade that there was something else you have to do to the rest of the infrastructure, whether it's a printer or a user or whatever. It doesn't appear to me that their upgrades are well tested. They usually do what they're supposed to do, however, they also usually do some other things that FortiGate doesn't seem to be aware of.

    It doesn't maintain legacy capabilities very well.

    The stability of the solution isn't ideal.

    They don't seem capable of supporting their own product.

    The solution needs a better user interface and more intelligent services like spam blocking and auto whitelisting, gray listing, blacklisting, et cetera. It just basically needs better user monitoring.

    For how long have I used the solution?

    I've been using the solution for about four years at this point. It's been a while now.

    What do I think about the stability of the solution?

    While I wouldn't describe the solution as unstable, there are definitely hiccups. I expect firewalls to be really efficient and very stable and I would say they're only sort of stable. I don't expect to have to figure out how to create a scan-to-email solution every time I upgrade my firewall, for instance.

    Of course, they'll blame it on the vendor of the printer and say now how they're not following the standard or something, however, it was working with their product previously and the printer wasn't the item that changed. Their product gets a patch and it no longer works and you're like, "Well, I like your theory, but I don't exactly accept it." I don't think they have the features that a Palo Alto has, let's say.

    What do I think about the scalability of the solution?

    The solution seems to be scalable. For our purposes, it scales well.

    We have about 250 users on the solution currently.

    How are customer service and technical support?

    Technical support isn't that great. On a scale from one to ten, they're a five at best. A couple of times where we had a problem, they couldn't solve the problem. We researched the problem on our own, unfortunately, via Google, and we found the solution and the solution was actually written by one of their techs and they didn't even know it.

    How was the initial setup?

    The initial setup is not too difficult. It's not overly complex. I'd describe it as pretty straightforward. A company shouldn't have any issues with implementation.

    For deployment, we did one site and then the other site and it took probably two weeks to deploy it, with maybe 30 days to get it fully configured. Then, once we had one site deployed, configured, and functional, we implemented a copy of that to the other site. We followed this pattern for each of our locations.

    In terms of maintenance, it's hard to quantify what you need for the firewall. The firewalls are relatively low in terms of required maintenance. We have one IT administrator that may be a day a month has duties that are firewall-related. It varies, however, it's not significant work to maintain the firewall.

    What about the implementation team?

    We did not need the assistance of an integrator or consultant. We were able to handle it ourselves.

    What was our ROI?

    We haven't really seen an ROI. It does what it's supposed to do, however, I'm not sure that it makes my job easier. It's kind of a sunk cost. It's one of the frustrations I have. I would expect it to be smarter and capable of doing things that it really doesn't do.

    What's my experience with pricing, setup cost, and licensing?

    We pay a yearly licensing fee. It's probably a couple of thousand dollars per firewall.

    On top of that, if you maintain a hardware warranty, so that you own the devices, you still maintain a warranty on them. There's sort-of a service contract, or you can go at risk. I don't know where we are in that. I'd have to go look, but I know at one point in time we talked about again, if we're going to be doing a tech exchange, maybe we don't want to maintain the warranties on them anymore.

    The competitors actually have lower prices for more functionality. On the higher side, if you go with Cisco, it's more expensive, however, it's obviously more functional. A Palo Alto is probably a better solution than a FortiGate.

    Which other solutions did I evaluate?

    We're currently looking for alternatives to this solution.

    We're looking at alternatives. However, the deficiencies that they have are not significant enough that I would like to immediately leave them, however, they're big enough that I'm looking for alternatives. 

    When I come to end the life and I do a tech refresh, if we're not going to go 100% virtual, which is certainly another consideration, I am going to look at an alternate product. I'm not sure we're going to go away from them with a timeline right now, however, I'm certainly looking at it.

    We don't yet have a shortlist, however, we'll likely look at the top big names in the market.

    What other advice do I have?

    We're an end-user and a customer.

    We have a plug-in with the subscription. We use the current version on their 100Es.

    In general, I would advise other users that they need to look at whether they're going to go physical or virtual. I'd advise once they decide that to then look at the maybe lesser known next-generation firewalls that have functionality. The folks that are going to be operating the tool need to look at the user interface to make sure that that it is easy to use. Most users at an enterprise don't even know the firewall's there, let alone what it is, so they're not unique. I think all of the firewalls are pretty decent at not impacting users. The differentiator is which ones are easy to set up, which ones are easy to configure and use and how good they are at reporting.

    The other thing I would say is, look at whether or not they integrate into your overall IT management, whether you're using ServiceNow or what you're using for IT management. How do the firewalls integrate with that or not? It's important.

    I'd rate the solution at a four out of ten. It does base functions and it's doing that at a pretty high price.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Fortinet FortiGate-VM
    September 2022
    Learn what your peers think about Fortinet FortiGate-VM. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
    633,184 professionals have used our research since 2012.
    Senior Security Engineer at a energy/utilities company with 1,001-5,000 employees
    Real User
    Very intuitive with a clean interface and good stability
    Pros and Cons
    • "It's very easy to set up, even for more junior developers."
    • "Their offering for MFA isn't the cleanest."

    What is our primary use case?

    The use case for VMs is if you're going to deploy them like a SaaS edge, to protect your applications or provide deeper visibility into the traffic. Or you could use it in your data centers as well. However, that's not our preference.

    We primarily use the solution for network segmentation at our data centers and remote connectivity to our distributed sites.

    How has it helped my organization?

    We were able to take advantage of their management tool, FortiManager, to get a single pane of glass. FortiManager and FortiAnalyzer do not have a single panel glass. Rather, they are two panes of glasses to manage and monitor the firewalls where previously we were using Cisco. I don't want to call them legacy firewalls, however, with Cisco firewalls, we didn't have that management or logging visibility.

    What is most valuable?

    The product has pretty good logging and reporting capabilities native to the firewall. Then they also use FortiAnalyzer to aggregate that traffic and provide more detailed and aggregated reporting. That's going to help when you're analyzing network traffic for network segmentation initiatives.

    The stability is excellent.

    It's very easy to set up, even for more junior developers.

    The scalability has improved. 

    It's got a clean interface and it's very intuitive. Everything is easy to navigate.

    What needs improvement?

    Their offering for MFA isn't the cleanest. They have a product called FortiAuthenticator. It's not a FortiGate but that is one of their MFA offerings. However, other products that I've used, like Duo, are better from a user experience standpoint. They are easier to configure. 

    For how long have I used the solution?

    I've been using the solution for ten years. It's been a while. 

    What do I think about the stability of the solution?

    Six or seven years ago, they had issues with code versions where they would make changes within the code version and they would have some bugs. That said, over the last six or so years, their releases have been very stable. We've had very few issues with any type of bugs or issues.

    What do I think about the scalability of the solution?

    Scalability has gotten better with their SD-WAN offering. They're able to utilize inexpensive lines such as 4G, 5G, or DSL. It has allowed us to move away from expensive MPLS lines.

    Historically, conventional or Next-Gen firewalls have been utilized at data centers and remote sites. Now, however, a lot of customers are moving towards Zero-Trust access and SASE. I'm currently looking to get a little bit more information on Zero-Trust architecture, as it reduces the overall management and need for physical firewalls in all your locations, which can get expensive.

    Which solution did I use previously and why did I switch?

    We also use the Cisco ASA firewalls. I do find that Fortinet is easier to handle than Cisco as you don't need to handle tasks via the command line, which makes it easier especially for junior-level developers.

    How was the initial setup?

    The initial setup is very straightforward. I started out in the Cisco world with Cisco firewalls and switches. Then we started deploying FortiGate and I found that FortiGate was easier to learn, especially for junior-level engineers. We were able to get junior-level engineers up to speed quicker than if it was a Cisco platform, especially if they haven't used the command line before.

    Deployment usually takes a day, depending on the complexity of the firewall. It might be a day to two, depends on if we are using multiple IPSec tunnels if it's at a data center or a remote site. 

    In terms of deployment and maintenance, in my experience, by a rough order of magnitude, a company would need one technician per 30 firewalls. For our company, we had a team of three network engineers and we had a fleet of about 120 firewalls.

    What about the implementation team?

    I handed the implementation myself with my team. We didn't need any integrators or consultants.

    What's my experience with pricing, setup cost, and licensing?

    For our entire fleet of 120 firewalls, we're paying about $100,000 per year. The licensing fees give you support and the capability to download updated definitions of threat intelligence from Fortinet.

    What other advice do I have?

    I was previously a customer. now I am a reseller and Fortinet partner.

    We primarily use hardware-based appliances, including the 100 D/E series, 100F, 190 D/E's, ADCs, 600 E's. They are similar to VMs.

    We're using the most recent code level at this time. We're one version behind the latest version. We tend to use one version behind the most recent for safety reasons so that we can avoid troublesome bugs or glitches.

    Anyone looking to deploy Next-Gen firewalls, in general, should really define their use cases to be able to decide on the proper technology to deploy within the environment. If you're looking to deploy Next-Gen firewalls at all your locations and create point-to-point VPN tunnels, they can get cumbersome and difficult to manage policies. It is also difficult to do network segmentation. With some of the Zero-Trust offerings, you're able to actually move your clients outside of your corporate perimeter, and then isolate those applications based on the user per application, instead of requiring them to dial back via traditional VPN to your data centers, which sometimes isn't the best user experience for your end-users.

    I'd rate the solution at an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    ThendoNdzimeni - PeerSpot reviewer
    Network Administrator Team Lead at a financial services firm with 51-200 employees
    Real User
    Top 20
    A full-featured virtual appliance with valuable monitoring and visibility features
    Pros and Cons
    • "I like the visibility and monitoring features because they're easy to use to monitor traffic. Features like geo-blocking and more have AI, and we're currently using all of it. But for now, we're only using geo-blocking, and we're able to block traffic from different countries. I also like that it's highly responsive. VM04 is also very powerful."
    • "It would be better if it could provide you with options before completely blocking anything through the web filter. If you are doing a deep SSL inspection on the site if it says it's expired, it doesn't give you the option to continue at your own risk. I can't say that it's bad, but SSL internally isn't really a requirement. However, its security features can help. Right now, we have people going out and spending on purchasing the SSL certificates for internal sites."

    What is our primary use case?

    We use Fortinet FortiGate-VM for managing inbound and outbound internet traffic through our environment. Sometimes, we also use it for managing the site's internet outbound and routing. We also use it for IPSec on Azure. We also have an on-premises environment, and we're using it for IPSec on that environment. 

    All the routing happens through it because we're swinging all the traffic on the Azure side through a firewall which is basically the gateway. It acts as the gateway and manages outbound traffic in that environment. We have also set up the SSL VPN for users. We do have FortiGate on-premise, and we set up the SSL VPN connection for users.

    What is most valuable?

    I like the visibility and monitoring features because they're easy to use to monitor traffic. Features like geo-blocking and more have AI, and we're currently using all of it. But for now, we're only using geo-blocking, and we're able to block traffic from different countries. I also like that it's highly responsive. VM04 is also very powerful.

    What needs improvement?

    It would be better if it could provide you with options before completely blocking anything through the web filter. If you are doing a deep SSL inspection on the site if it says it's expired, it doesn't give you the option to continue at your own risk. I can't say that it's bad, but SSL internally isn't really a requirement. However, its security features can help. Right now, we have people going out and spending on purchasing the SSL certificates for internal sites. 

    What do I think about the stability of the solution?

    Fortinet FortiGate-VM is a stable and very reliable solution.

    What do I think about the scalability of the solution?

    Fortinet FortiGate-VM is a scalable solution. It's very powerful, and I've never seen that machine running out of resources. It always worked.

    How are customer service and technical support?

    Tech support is okay, but we do a lot of management by ourselves. We have a third party that we use when we do implementations, and I haven't contacted Fortinet even though I have access to it. The local support that we use costs much less. 

    Which solution did I use previously and why did I switch?

    I still remember using Check Point, and it took a long time to apply a policy. To install the policy, you had to wait for ten to 20 minutes or even 30 minutes. Fortinet FortiGate-VM instantly applies the policy on the FortiGate itself.

    How was the initial setup?

    The initial setup was difficult because we were all new when it came to the Azure environment. It was a little difficult to create space and understand that you have to have more than one interface. But once you get used to it. It's pretty straightforward.

    It's straightforward if you have all that is required when you're clearing your traffic. If you're clearing your traffic already into your internal length to communicate with the firewall range, and you have information and understand it before the implementation, it will be very seamless. It will be stress-free when you understand the environment where you're going to implement it.

    What's my experience with pricing, setup cost, and licensing?

    Our license is yearly, but we're thinking of going monthly. I think it's somewhere around 100,000 for VM04. Nowadays, everyone wants to be a hacker, so we believe in security. That's why we also have third-party people that we involve to make sure that we're secure. 

    I don't think the costs are too bad. You still want to get advice from people who worked in security for many years, so you add a third party. The third party also said they would give their share like 100K, or 200K or something like that, so I don't think it's too expensive for security. I think it just adds more trust. 

    What other advice do I have?

    I will recommend the solution. If it's a first-time deployment in Azure, they need to understand a couple of things, like the interfaces we need to create. The good thing about FortiGate is that they don't hide how their devices work. You can go to their website and get every instruction that you need at any time. It's straightforward and even has pictures showing you what you should expect. I've done a few changes for the first time, and I didn't have to stress. But you must know the infrastructure well.

    On a scale from one to ten, I would five Fortinet FortiGate-VM a ten.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Microsoft Azure
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Engineering Manager at Primatel Communication Snd Bhd
    Real User
    Top 20
    More scalable than the hardware version
    Pros and Cons
    • "Fortinet-VM is more scalable than the hardware version. If you're using an appliance, there are limitations in terms of hardware specs. So if you want a more scalable firewall, you can get a VM and install it on a high-end server."
    • "To improve FortiGate-VM, Fortinet needs to harden it more. For example, if you are using Hyper-V, then you need guidelines for hardening FortiGate-VM that are specific to the Hyper-V environment. If it's VMware, there should be at least a guideline on how to harden the firewall."

    What is our primary use case?

    We're using FortiGate-VM on-prem for our firewalls. The Fortinet component in the cloud is FortiGuard. We get our virus definitions regularly updated from the cloud, but the FortiGate firewalls are all on-prem. While the virtual firewalls are created inside the physical firewall, there is an option for a virtual machine firewall where we'll give you the VHD file, and you can install it to a server.

    Virtual machines aren't widely used in Brunei because the Brunei government isn't ready for these things yet. They're more confident in hardware, but everything is slowly starting to head in this direction. Others are watching what will happen when people use the apps before they try them.

    How has it helped my organization?

    Some customers prefer VM, especially those customers already leveraging the virtual machine environment. Typically, they don't want to spend on the hardware because they already have all these VMs, so they choose the VM option. But in most deployments, they still prefer the hardware for their firewall because it's already hard-coded.

    What needs improvement?

    To improve FortiGate-VM, Fortinet needs to harden it more. For example, if you are using Hyper-V, then you need guidelines for hardening FortiGate-VM that are specific to the Hyper-V environment. If it's VMware, there should be at least a guideline on how to harden the firewall.

    For how long have I used the solution?

    We've been working with FortiGate-VM since 2010.

    What do I think about the scalability of the solution?

    Fortinet-VM is more scalable than the hardware version. If you're using an appliance, there are limitations in terms of hardware specs. So if you want a more scalable firewall, you can get a VM and install it on a high-end server. From there, you have more leverage on how many virtual firewalls you want to create based on that VM. In other words, it's already fixed hardware in the appliance — it's already hard-coded in the appliance. So if you are using a VM and installing it on a high-specs server, then your machine has much higher performance in packaging all these policies and all these hardware security features. 

    How are customer service and support?

    We proved the frontline support for our client organizations or customers. So far we are satisfied with Fortinet support. We have currently have Fortinet-certified engineers in our company, so we don't have to contact support unless it's a complex issue. We have an NSE7-certified engineer, so we are quite confident with our deployment now.

    How was the initial setup?

    FortiGate-VM setup is pretty straightforward. It depends on the implementation size, but it takes a week for an organization of around 100 users. Normally Fortinet helps their customers with deployment and post-deployment adjustments, so you don't have any problems. If anything goes wrong, Fortinet is there to support you. 

    What's my experience with pricing, setup cost, and licensing?

    Like most similar products in the market, Fortinet's enterprise customers need to pay for annual support. They call it FortiCare, and it's direct support from Fortinet. FortiCare is renewed annually and covers support for new releases, purchases, and updates. 

    What other advice do I have?

    I rate Fortinet FortiGate-VM eight out of 10. However, based on experience, we usually don't recommend using VM firewalls. We still prefer using a hardware-based firewall when that's appropriate. It depends on your needs and the size of your user base. With FortiGate-VM, you can control the size of your firewall if you're using VMs. But on the other hand, if you are using Microsoft Hyper-V, you need to address all these vulnerabilities of Microsoft. And if you're using VMware, then you need to deal with VMware's vulnerabilities. The hardware version of FortiGate has already been hardened based on FortiGate standards. That's the main difference between the FortiGate appliance and FortiGate-VM.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    IT Engineering Manager at Mission Critical Partners
    Real User
    Top 5
    Rock solid, has most of the features, and provides greater security and flexibility
    Pros and Cons
    • "Primarily, the VPN solution is most valuable. It allows you to have more flexibility in terms of what is there on the end-user device, and what is not there. You can check and make sure that they're current. It has more flexibility than just a straight VPN solution. It works really well. It has the features that 99% of people need."
    • "They should keep us up to date about the latest version. That's the biggest thing. Currently, we have to go looking for the latest version. We should get notified about what's going on with the versions. I would like to see easier dual-factor authentication."

    What is our primary use case?

    It is primarily for VPN access and restricting access into the network. One of our clients has a shared system between multiple counties, and it is used to keep the right traffic flowing between counties and blocking the rest.

    Each client has a specific version. We're trying to get them all current. Our number one client has the current version.

    How has it helped my organization?

    It provides greater security and flexibility. Instead of just opening it all up, it allows access to only those people who should have access. The network itself is pretty open, and with FortiGate, we can lock down exactly what they have access to.

    What is most valuable?

    Primarily, the VPN solution is most valuable. It allows you to have more flexibility in terms of what is there on the end-user device, and what is not there. You can check and make sure that they're current. It has more flexibility than just a straight VPN solution.

    It works really well. It has the features that 99% of people need. 

    What needs improvement?

    They should keep us up to date about the latest version. That's the biggest thing. Currently, we have to go looking for the latest version. We should get notified about what's going on with the versions.

    I would like to see easier dual-factor authentication.

    For how long have I used the solution?

    Our clients have been using it for several years, and we've been helping them with that.

    What do I think about the stability of the solution?

    It is rock solid.

    What do I think about the scalability of the solution?

    It is reasonably scalable. It is not as flexible in scalability as Cisco Firepower with their FMC.

    Usually, the clients who use it are cost-conscious. They don't want to spend money on a Cisco device, so they go for Fortigate. A large organization usually goes with Cisco. A smaller organization tends to go for Fortigate or some other solution because of the price.

    Our clients use it all over the place. It is not just for their internet. It is used for their internal networks and the rest of it.

    How are customer service and technical support?

    It was average. I wasn't overly impressed. I was also not disappointed.

    How was the initial setup?

    There is a little complexity to it but not more than other solutions. I haven't noticed greater complexity.

    The deployment duration depends on how detailed you are and what you don't want to get. You can deploy one of these firewalls in half an hour, but if you're going to add a bunch of complexities and things to it, it can take at least a couple of hours to get it all set up the way you want. It ranges from half an hour to four hours.

    What about the implementation team?

    We help our clients in implementing it. We also manage it. We just have one network support person to take care of things. It is not a job that requires more than one person.

    What's my experience with pricing, setup cost, and licensing?

    There is no additional cost. Once you get the licensing fee, you're good.

    What other advice do I have?

    Realize that it is not Cisco, and it doesn't work the same way. You got to pay attention to what you're doing. Those who are super familiar with Cisco got to pay attention to what you're doing because it works differently.

    I would rate this solution a nine out of ten. It works well. Except for the dual-factor authentication feature, it has all the next-generation features that you need for a standard user.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    Head of IT at a mining and metals company with 10,001+ employees
    Real User
    Easy to maintain, simple to set up, and offers good stability
    Pros and Cons
    • "The solution can scale well."
    • "Price-wise, it could be slightly better, however, if you compared it to other makes and models of equal category, it is generally cheaper."

    What is our primary use case?

    We primarily use the solution for our internal worldwide corporate network.

    How has it helped my organization?

    It's allowed us to have fewer personnel requirements in relation to maintenance. 

    What is most valuable?

    The maintenance part is definitely quite easy. We do not require any additional manpower to maintain this. It's quite simple and it has the least required manpower over it based on an individual unit.

    The initial setup is pretty simple. 

    The solution can scale well.

    The stability is quite good.

    What needs improvement?

    Right now, we are totally satisfied with this solution. There are several units worldwide. We have only one unit at our Kolkata location, and we are satisfied as of now in terms of its capabilities.

    Price-wise, it could be slightly better, however, if you compared it to other makes and models of equal category, it is generally cheaper.

    For how long have I used the solution?

    I've used the solution over the last seven months. 

    What do I think about the stability of the solution?

    The stability has been good. Its performance is reliable. There are no bugs or glitches. it doesn't crash or freeze. 

    What do I think about the scalability of the solution?

    The scalability is there. When taking into consideration our business environment right now, I find that this is capable of handling all the requirements until the end of 2022.

    Right now in the Kolkata office, we are around a hundred people - and that is in the Kolkata office only. If you talk about India, then we have around 250.

    We do not plan to increase usage at this time. However, in the future, scaling may be required. 

    How are customer service and support?

    I've never directly dealt with technical support and therefore cannot speak to how helpful or responsive they are.

    Which solution did I use previously and why did I switch?

    We did previously use a different solution, however, the main office makes the decisions around product changes. They may have chosen this product as it is less expensive. 

    We had been using a British Telecom hybrid VPN solution. In April, we stopped that and migrated to this new SD-WAN connectivity solution based on the Fortinet firewall. 

    How was the initial setup?

    The implementation process was not complex or difficult. It was straightforward. 

    The deployment takes around two to three hours.

    Maintenance aspects are handled by the vendor. 

    What about the implementation team?

    The implementation was done by our vendor as well as our internal team.

    What was our ROI?

    We won't have a sense of an ROI until we've used the solution for another year and a half. 

    What's my experience with pricing, setup cost, and licensing?

    The pricing is pretty reasonable when compared to other solutions of the same caliber.

    We pay a yearly licensing fee. I do not know the exact costs, however, as that is handled by the team in Luxembourg.

    Which other solutions did I evaluate?

    We don't make product decisions. Decisions of that scale come from Luxembourg. 

    What other advice do I have?

    We are a customer and an end-user.

    I'm not sure which version of the solution we're using.

    I'd rate the solution at a nine out of ten.

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Chief of Security and Research at a tech services company with 1-10 employees
    Real User
    Top 20
    Easy to configure and manage with good pricing
    Pros and Cons
    • "It's a very simple solution to manage."
    • "Right now, we have two data centers that are a thousand kilometers apart. It would be nice to be able to string them together."

    What is our primary use case?

    We primarily use it to protect edge devices. We use it as a firewall.

    What is most valuable?

    It's a very simple solution to manage.

    It's quite stable.

    The scalability potential is good.

    It's an easy solution to configure.  

    The pricing is pretty good.

    What needs improvement?

    I'd like for it to be possible to cluster together data centers. Right now, we have two data centers that are a thousand kilometers apart. It would be nice to be able to string them together.

    For how long have I used the solution?

    I've been using the solution since 2005.

    What do I think about the stability of the solution?

    The solution is quite stable and reliable. There are no bugs or glitches. It doesn't crash or freeze. 

    What do I think about the scalability of the solution?

    The product is very scalable. If a company needs to expand it, it can do so.

    The entire company ends up using the solution, and we have between 25,000 and 50,000 employees. We have about five offices and in each data center, we use Fortigate.

    How are customer service and support?

    Occasionally, if the partner cannot resolve the problem, you do have to work with some Fortigate techs. They are excellent and quite helpful. 

    Which solution did I use previously and why did I switch?

    I am working with Fortinet, Cisco, Palo Alto, and Forcepoint. I am using ASA from Cisco. It's very difficult to manage. Palo Alto is excellent, and the best in the market. Fortigate is right behind them. The central management is great.

    How was the initial setup?

    While the product is easy to configure, I cannot get into specifics in regards to the initial setup. It's handled by a partner. We pay them to do the setup.

    The actual installation process is pretty quick. It might take about half a day or so. 

    I'd rate the experience of setting up the solution at a five out of five. 

    There are bout five people that can handle the maintenance of the product across our different data centers. They are all administrators. 

    What about the implementation team?

    Our partner sets up the solution for us. 

    What was our ROI?

    We've seen a decent ROI as it has helped us maintain a good level of security. I'd rate the ROI we've seen at a five out of five. 

    What's my experience with pricing, setup cost, and licensing?

    We tend to have a three-year contract with Fortigate. While I don't know the exact costs, my understanding is that it is less expensive than some other options. 

    What other advice do I have?

    I'm a customer and an end-user.

    We use the on-premises version due to the fact that, in Algeria, we do not use cloud deployments. 

    I'd advise potential new users that it's a good edge solution, and not necessarily the best for data centers.

    I'm very happy with this product and would rate it at a ten out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free Fortinet FortiGate-VM Report and get advice and tips from experienced pros sharing their opinions.
    Updated: September 2022
    Product Categories
    Firewalls
    Buyer's Guide
    Download our free Fortinet FortiGate-VM Report and get advice and tips from experienced pros sharing their opinions.