Fortinet FortiGate-VM Reviews

We are mainly using Fortinet FortiGate-VM firewalls which are particularly hosted in cloud environments. It will connect cloud environments with on-premise networks and secure cloud-hosted VM traffic, both outgoing and incoming traffic. Those are the main requirements we are receiving.

Real-time threat response is really good, and sandboxing and all the signatures are most of the time accurate. They are aligned with recent threats, and Fortinet also has Fortinet Labs where they do their own research and publish new signatures and threats in real-time to the firewalls and all the devices, so I think it is pretty good.

When comparing with Sophos, I think Fortinet's Security Fabric is really nice because they do have more signatures. When we talk about IPS and all these security features, I think Fortinet is good in that aspect.

Fortinet does provide a lot of visibility in Fortinet FortiGate-VM, and some devices do not have an inbuilt HDD. For logs and data retention, they provide the FortiCloud free service for seven days. Using those features, we gather information to troubleshoot and find root causes. They also have a FortiView section, which is very useful to find out the top sources, top destinations, and which sessions are running. It is very useful.

We mainly get firmware upgrades from time to time, and there are bugs. For the moment, I do not have any features in my mind to mention regarding improvements.

Since I have not worked with VMs so frequently, I cannot tell exact points. Overall, you are asking about the improvements which have to be done on the VM side. They are updating frequently, but sometimes it depends on internet connectivity. Those databases are not getting updated in such cases, so external threat feeds are helpful.

I can say it has been about one to two years using it as a company. We use both the platforms.

I have not experienced any stability issues.

It is scalable, but as per my knowledge, the license is bound to the hardware it comes with, which I have read.

I have worked with the customer team and also the technical team. When we come to technical support, they provide very professional support to mitigate threats or troubleshoot issues. They provide the expected support.

Three years ago, I worked in a different company. Now I work in a different one.

I think someone who is new to firewalls can do the initial setup without any issue if they follow the guide. It is not that complex.

Most of the time, we are purchasing it through our local partners and local distributors.

Obviously, when a customer hosts their firewalls in VMs, they will get ROI because they do not need that many specifications or hardware requirements to host a firewall.

It is reasonable.

I am actually working with Fortinet and Sophos, and also I am looking partially for a rival to Checkpoint as well.

Both Fortinet FortiGate-VM and appliance are available. The difference between Fortinet FortiGate-VM and appliance is the platform which you are hosting. In the appliance, I am really seeing the appliance already with the required OS and everything. When we go to the VM side, we have to host the VM according to the defined specifications, and we have to get the licensing for it. Basically, in the firewall maintenance and configuration part, I cannot see any huge difference. It is the same. When we go to the VM side, all the network cable management and some things are happening virtually.

Feature-wise, as per my knowledge, there are no additional features when you go to the VM or the appliance. You can have the same features either you go with the appliance or VM.

Fortinet FortiGate-VM, mainly affordability and flexibility because some customers do have their infrastructure in cloud environments. Some customers do not prefer to use the cloud platform's native firewalls. In those cases, customers are listing to host their own firewall. For cases in those situations, the customer can get the benefit for those areas since it is affordable. I think it is more affordable than cloud-native firewalls.

Benefits mean the main benefit is when a customer is trying to purchase a firewall. They do not need to pay a price for the appliance. They only need to purchase a license. For the appliance, they can use their own platform to host the firewall. I think that is the main benefit when it comes to the VM side.

Overall network security posture: when a customer implements their firewall in the VM in the cloud environment, they can monitor their hosted VMs' outgoing and incoming traffic. They can restrict access, and they can include IPS, AV, ATP, all these things to secure the traffic. I think it is a huge benefit rather than using the native cloud firewall that is provided by the platform.

When we come to threat detection, I can mention IPS as well. Also under the threat landscape, since as I remember, Fortinet FortiGate-VM has the largest signature base in the IPS. They help us to prevent a lot of known threats using their signature database, which updates continuously.

When we compare it with Sophos, I think the most benefits are their security posture. They have a strong security posture in Fortinet FortiGate-VM compared to Sophos. Also the utilization: Fortinet FortiGate-VM OS is very suitable for small hardware because Sophos OS runs on Linux, which requires huge CPU and RAM utilization. Those are the pros and cons when you compare it with Sophos.

We are using that. Recently we have done an implementation where when someone tries to scan our ports in the firewall for a few times, we have scripts to block those IPs. It is very useful and user-friendly. We can get a lot of tasks done through that automation feature.

Rather than depending on Fortinet's security posture, they provide us the possibility to integrate our firewalls with external threat feeds, which is a huge benefit. If Fortinet misses any host or signature update, we can get it updated through the external threat database.

It is very flexible. We can use several external authentication platforms to integrate with our firewall, for example, SAML or LDAP. They provide so many integration points, and as I remember, they are free of charge as well.

You have to size your firewall depending on your connection types and the threat sources. Fortinet FortiGate-VM firewall is based on that. You have to do proper sizing on the VM that you are putting the firewall on.

In our country, Sri Lanka, most of the customers use their internal firewall and perimeter firewalls. When we take all the customers, it is about more than thirty to forty percent using Fortinet FortiGate-VM as their internal or perimeter firewalls. Huge customers, so we do have a high demand for Fortinet for the internal and perimeter levels.

I would rate this product a seven out of ten overall.

Majorly, we have cloud migration solutions where we connect Fortinet FortiGate-VM with, usually for the FortiGate of the customer, an in-house solution. We have been through many different kinds of projects where we had to adapt the customer firewall solution. 

A significant portion of our clients comes from the retail sector, particularly grocery stores. In the grocery market here in Brazil, there is generally low maturity in IT solutions and cybersecurity overall. MikroTik is commonly used for networking. Many of our clients utilize MikroTik or pfSense as their primary solution for their stores. Occasionally, they may also use Sophos or Fortinet at their headquarters. Through numerous projects, we have identified various vulnerabilities during penetration tests conducted in their environments. One of the primary concerns is usually the firewall, which prompts us to explore different security options. For example, we have a strong partnership with Trend Micro for Endpoint Detection and Response (EDR).

From there, we establish a connection between the customer's solutions and Fortinet. Sometimes, we implement SD-WAN to connect every store securely. This allows them to connect even with firewalls and SASE solutions, enabling connections via 5G to integrate the entire company with our cloud solutions. In summary, the foundation of our projects typically revolves around cloud migration, starting with security solutions or penetration tests that identify vulnerabilities. This leads us to implement both physical appliances and VM appliances as needed.

Our visibility into network traffic has improved since implementing Fortinet FortiGate-VM, at least based on the feedback from the operations team. 

Fortinet adapts to evolving threats based on what I've seen. With AI implemented, they can analyze how new threats behave, enhancing their ability to respond. Nowadays, the prevalence of AI as a threat vector makes security harder; therefore, having a partner that's developing AI features for improved security is commendable.

My background is primarily in cloud infrastructure rather than security. When considering Zero Trust Network Access (ZTNA) or SASE solutions, I believe it effectively closes many gaps in a customer's connectivity and environment. For me, this level of security is crucial.

There are areas for improvement because usually, most policies don't change much. There's always room for enhancements, whether for VM or physical appliances, because threats evolve, necessitating adaptation and a different approach to the security environment.

I have about two years of experience with Fortinet FortiGate-VM. We primarily used to work with open-source solutions. Three years ago, we established a strong partnership with Fortinet. Since then, we have been working with Fortinet FortiGate as our primary solution for firewalls. I am familiar with both Fortinet FortiGate-VM and FortiGate physical appliance.

I can't rate technical support or customer service because I'm in the commercial area. From my perspective, I would rate it an eight out of ten. We are primarily supported by our own sales team, and recently we gained help from a Fortinet partner account manager, who has been assisting us with key customers and opportunities. 

Positive

Our clients used different solutions. I believe that Fortinet has a larger installed base, which means they are exposed to more threats. This exposure helps them evolve more quickly and develop new solutions and protections against emerging threats. As a result, their response to issues is generally faster than that of their competitors. While I wouldn’t say they have more features than all the others, they do tend to introduce new solutions, policies, and tools more rapidly because of their extensive installed base. This allows them to be more responsive to new threats than other companies.

The initial setup used to be complex, but with the addition of features, potentially involving AI, it has become more straightforward. As far as I know, that was a challenge previously, but with recent releases, the setup process is increasingly automated.

We have a direct contract with Fortinet, but we primarily use the OCI environment. While we also partner with AWS, Azure, and GCP, about 90% of our infrastructure is in OCI. We are an ISV for Oracle. We offer a platform that enhances scalability for client-server solutions in the cloud. Over time, we have developed capabilities in integration, data management, and AI agent building. Our platform not only manages the infrastructure but also incorporates security tools like Fortinet and other solutions for phishing protection. In terms of integration, we provide an iPad solution along with a data warehouse and lake house construction process. This allows users to create their own data pipelines and ultimately deliver information to Business Intelligence (BI) tools or DataView tools. Additionally, users can build their own AI agents that operate entirely within their environment, using their own data without the need to export it to external tools. Oracle recognized us as an ISV capable of managing our customers' environments within our own accounts. Currently, we have more than 20,000 companies integrated into our operations within OCI.

What's more important than just having good policies in place is to have a security operations center that monitors all the KPIs and thresholds. This allows us to use that feature wisely and take timely measures to position ourselves effectively. If all the policies are well-placed, we can even automate responses, locking parts of the network to prevent attacks based on vulnerabilities or threats detected within our policies. 

I would rate Fortinet FortiGate-VM a nine out of ten. It's much better compared to the open source solutions we've used before. Not only is my average ticket a bit lesser due to the licensing and other factors, but I also experience fewer issues with my customers, at least when it comes to the Fortinet products.

My use cases primarily involve cloud environments for Azure or AWS, and 90% of my usage would be in the Azure environment.

What I appreciate the most about Fortinet FortiGate-VM is that it is not much different than hardware appliances. I have worked with other VMs in Azure that are firewalls, and the SSH capabilities on those devices lack functionality, whereas I don't have that problem with Fortinet FortiGate-VM. I can SSH into the firewall without issues.

The Security Fabric real-time threat response capabilities are great if customers have all the products to go with it. In most cases, they may have two firewalls or they may have one firewall and FortiAnalyzer. If a customer is utilizing FortiMail, all these components can integrate together, allowing logs to be centralized and feeding back to one another in the event of a potential threat. It's great, yet unfortunately, we don't have enough customers using different products from Fortinet to really take advantage.

In terms of room for improvement, logging could be improved. Sometimes the logs are more difficult to read and to identify root cause analysis. Another enhancement that would be great, but wouldn't just be on VMs, could target the VM—the addition of a syslog table we could view to better identify what to expect from logging.

I have been using it for the last three to four years in my career.

Fortinet FortiGate-VM is a very scalable product, especially from an HA standpoint.

I have contacted technical support and customer support. When I compare them to SonicWall, they are about equal in contrast, as we have about the same number of challenges between both of them.

Positive

I have used alternatives to this VM.

The initial deployment of Fortinet FortiGate-VM was easy for me. To deploy the VM took maybe an hour.

Fortinet FortiGate-VM requires ongoing maintenance on my end. I have to keep track of the CVEs that may be out there, and that's probably one thing that Fortinet is plagued by, having a number of CVEs out there. The good thing is they patch them quickly and let their customer base know about them as soon as they do, or at least as it appears compared to other vendors that try to hide them.

Deployment would be a team effort due to it being in the Azure environment. You have to have the Azure engineer deploy the VM itself, and then I would gain access and do the initial provisioning of the firewall.

Regarding the pricing, it tends to be a bit higher compared to SonicWall. That's why we end up having customers go the SonicWall path when they would be much better off going the Fortinet FortiGate-VM path.

The closest solution I would compare it to would be SonicWall NSVs, which I've worked with the most, although I wouldn't compare it in a positive light. 

For a small office or a small company, the NSV may be fine, but I appreciate the granularity of Fortinet FortiGate-VM. Granularity in security policies is where Fortinet FortiGate-VM stands out. I prefer Fortinet FortiGate-VM over SonicWall NSV because of the granularity. The ability to have security policies is a major plus, as each firewall policy can have its own security policy, which I can't do with SonicWall. This makes Fortinet FortiGate-VM the much better product.

I do not use the Hybrid Mesh Firewall feature by default. Regarding the downsides of the VM, I haven't run into any problems to suggest improvements. I use it just as if it's a physical appliance, and I don't have any offset differences.

I rate Fortinet FortiGate-VM a seven out of ten.

I mostly use FortiGate VM for securing cloud databases or internal in-house databases. It serves as the main perimeter firewall in our data centers.

FortiGate VM allows me to avoid the hardware lease recycle every five to eight years. I can purchase the VM, lock the hardware cost, and simply pay for licensing each year. This saves on capital expenditures in the long run. It can be upgraded or downgraded as needed. If the organization grows, a partial license can increase the device's capacity.

The previous version 5.6 had integrated features for logging, monitoring, and management. Now, these features require separate products like FortiManager, FortiAnalyzer, and a FortiCloud subscription for reporting. Many users are now turning to Sophos for the integrated features that were once part of Fortinet but are now separate.

I have been working with FortiGate VM for three to four years.

I would rate the stability as eight out of ten. Previously, patches had fewer bugs, however, recently they have had more, requiring internal testing to ensure deployment stability.

Scalability is an excellent selling point for FortiGate VM. It can start with a single core and scale up to a 32-core license for a robust deployment.

The partner support is quite low, and the end-user support is delayed at levels L2 and L3. L1 support is quick.

Neutral

Many users have shifted to Sophos due to changes in Fortinet's logging and monitoring features.

The initial setup depends on the hardware. It should be compatible with supported drivers for optimal performance.

I often customize the hardware and drivers based on client needs to deploy FortiGate VM.

FortiGate VM is considered a premium product, which can be costly, especially in regions with low budgets for IT infrastructure like Pakistan.

I evaluated Sangfor and MikroTik as the main competitors in Pakistan.

The solution rates as an eight out of ten. 

It is essential for the best solution to be properly deployed with appropriate policies, and users must be trained; otherwise, it might fail.

We are a system integrator, so we are dealing with Fortinet and Sophos. I work with all of them, depending on the customer's needs. I have experience with Fortinet, particularly with deployment experience using Fortinet FortiGate-VM, this particular firewall.

For me personally, the best features of Fortinet FortiGate-VM are that it is user-friendly and easy to deploy. The GUI is very user-friendly, so anyone can quickly learn how to use it.

Fortinet FortiGate-VM is time-saving and robust from a security perspective, so it brings positive benefits to the organization.

In the future, I would like to see configuration backup on email included in Fortinet FortiGate-VM.

The AI capabilities that they launched last year should be enhanced. If we procure FortiManager, then through FortiAI, we can find out the issues or the configuration changes required as per best practices. Those things need to be added to help us troubleshoot more easily. If the AI helps us even with troubleshooting, it will save a lot of time for us as well.

Some of the compatibility and technical support issues are reasons why I rate it eight instead of nine or ten; the rest of everything is good.

I have been working with Fortinet FortiGate-VM for around five to ten years.

We were facing challenges while deploying Fortinet FortiGate firewall on AWS with Graviton instances; we were not able to build HA. The Graviton processor has some limitations. I do not know exactly what the issue was, but we changed the instance type and then installed it. There must be some compatibility issues with that particular Graviton CPU and Fortinet.

It took a couple of weeks, approximately two to three weeks, to overcome all those issues.

The technical support is very helpful, but reaching technical support is quite difficult because whenever we have raised a ticket, it takes a lot of time to reach them and even make them understand the issue. When we raise a ticket, it routes to some L1 engineer, and they might not have adequate AWS or Azure knowledge, which is why it took a lot of time to get an L3 or L2 engineer and find a resolution.

We have an entire team of ten to fifteen people involved in the process of deployment, and they are the implementation engineers.

With respect to cloud networks, we may require some detailed documentation because that will help improve our implementation.

It was good; I did not find any challenge with Fortinet Security Fabric's real-time threat response capabilities.

We do not utilize Fortinet FortiGate-VM's Hybrid Mesh Firewall feature.

It is better how I assess the impact of Fortinet FortiGate-VM's threat detection on our IT security and our customer's IT security after implementation.

It is very affordable and very competitive pricing; I think it is a good solution. I rate this product eight out of ten.

We are a service provider. We have the client project, so we are recommending Fortinet FortiGate for this solution. We are not just recommending; we are billing also. It's basically SD-WAN, a software-defined WAN network. On our client side, we are setting up a mini data center, and in that, we are using Fortinet FortiGate.

The best features in Fortinet FortiGate are the VPNs for the outside network and IPsec tunnels between the point-to-point links between their head office and branch offices. Software VPNs provide remote access features and remote access services. Fortinet Unified settings are good for our cloud-based management and centralized management. I think it is a better option for that.

We have not yet tried the Unified Agent. We would need more details to explore how it can be used for our business use cases.

We have been using Fortinet FortiGate for two years.

It is stable. As of now, there are no performance issues.

We have many scalable customers that have scaled in different areas. If we can get proactive support before the issues are identified by the customer itself, we can resolve it easily. We can do some proactive maintenance for that purpose.

We are using AI and ML-enhanced FortiGuard services within Fortinet FortiGate. We do use Fortinet FortiGate's data center solution.

We have Firewalls in our internal network. We have software Firewalls and Fortinet FortiGate Firewalls, which are hardware. We use Sophos and Fortinet FortiGate. We have two Firewalls mainly, for internal and outside networks. The Sophos Firewall is for external networks and Fortinet FortiGate Firewall is for internal networks.

We haven't done the full SD-WAN integration as of now. We have our own software-defined network that is cloud-based. Our customer is preferring the hardware-based solution, so Fortinet FortiGate is under consideration. Currently, we are not using Fortinet FortiGate SD-WAN, but we have a plan for that.

The Fortinet FortiGate solution is affordable and not complex. It can be manageable on private cloud. Most of our customers are government companies, so we are preferring the private cloud. Scalability is very important for us, though it's only scalable on our server.

I have been using Sophos myself from the management side, and our team has hands-on experience with multiple vendors. The only concern is support-related. We have not tried AI and ML integration with Fortinet FortiGate, but we can consider it and will refer it to our clients.

On a scale of 1-10, I rate Fortinet FortiGate a 10.

Our use case for Fortinet FortiGate is that our organization's environment meets specific criteria, which is why we are using the FortiGate, not the other firewalls.

The most valuable features of Fortinet FortiGate are the web filters, as we are using them mostly; our content is condition-based, so we are accessing the websites by using the web filters. Fortinet FortiGate is a stable solution, as we are using it in our organization for proxies.

I believe that Fortinet FortiGate can be improved, especially in support response times. If you have a critical scenario in your organization, when you email them and call, they ask you to log the ticket first, which takes time.

I have approximately six years of experience working with Fortinet FortiGate.

It's a good solution, and we are using it for almost six years without experiencing any bad scenarios. However, there is an issue with Fortinet support, as we are using the premium support but have not received good results, since they take a long time to resolve queries after we submit them.

Fortinet FortiGate is a scalable solution.

My concern is primarily about the support. The product is good, but my overall concern is about the support.

Before Fortinet FortiGate, I haven't used any other solutions; it was the first one, and I am using it until now.

The initial setup of Fortinet FortiGate was very easy for me.

We have just deployed Fortinet FortiGate in our organization by ourselves, without help from the support or any other vendors.

I just work on Fortinet FortiGate, but I have heard in the market that Fortinet FortiGate is better than others in terms of cost and overall solution. My total experience is only with Fortinet FortiGate, so I am very comfortable with this product.

In my opinion, the price of Fortinet FortiGate is good, as it is a good solution with a good price.

In comparison to other firewalls, it is a good solution with a good price.

I would rate Fortinet FortiGate overall as nine out of ten, as it has made different products for different needs. You cannot get all the solutions in one box, but for dedicated requirements, you need dedicated hardware for other functions. I would rate technical support from Fortinet at a three on a scale of one to ten.

My main use case for Fortinet FortiGate includes deploying all Fortinet solutions, from zero to a complete deployment for infrastructure security. This includes securing the internal network infrastructure, securing the edge network for perimeter protection, and interconnecting sites through site-to-site VPN, multi-site, remote access, and SSL VPN.

Additionally, it includes the protection of DMZ servers through the most advanced UTM security profiles of Fortinet.

The use of Fortinet FortiGate helps me with site-to-site VPN and remote access. The use of Fortinet products occurs in real, professional deployment projects for the clients I work with. The specifications are based on the deployment of SD-WAN, site-to-site VPN, multi-site, hub and spoke, SSL VPN, and many other subjects for securing the infrastructure, whether it involves remote sites with small appliances or a head office site with data center or campus appliances.

For interconnecting remote sites, whether through site-to-site VPN or multi-site, the process is simple. It depends on the context and the client's specifications. For a client who has a site to interconnect, it will be a simple site-to-site deployment with IPsec VPN to allow interconnection of different sites. For a client who has several sites, I propose and deploy a hub and spoke setup with ADVPN for scalable interconnection of multiple sites.

The standout features of Fortinet FortiGate include its ease of use, intuitive interface for implementation, and simplified maintenance, administration, and daily management from deployment to monitoring. The accessible support and documentation that Fortinet makes available to all users is essential.

One of the advantages of using Fortinet is that it uses an identical FortiOS system for all Fortinet products. They all have an intuitive interface that is easy to use and learn, even for novices. They can easily integrate and adapt to use Fortinet in different use cases. In my experience with products from other providers such as Palo Alto, Cisco, and Check Point, Fortinet is the only provider to have successfully set up a unified operating system on all its products in the network security ecosystem.

Through a Fortinet FortiGate, you have the ability to manage the entire ecosystem of your network through a simple management system. The Security Fabric of FortiGate allows you to simplify management and threat response from all security equipment that can collaborate and be used together. Additionally, FortiManager accompanies this solution to unify the centralized management of all Fortinet products, using the same FortiOS system.

The use of Fortinet FortiGate in an infrastructure saves time, reduces costs, improves the security of users and resources, and prevents data leakage. When deployed properly to secure the infrastructure, there is increased productivity, improved user performance, and reduction in bandwidth consumption.

I think Fortinet FortiGate can be improved as Fortinet must address significant points of evolution. When I mention points of evolution at Fortinet, I mean they must implement simplified processes for deployment scenarios and enhance their ability to support customers, despite existing documentation and support access.

I started using Fortinet FortiGate over six years ago. In the last three years, the use of FortiGate and many other Fortinet products has become intense and regular.

In my experience, Fortinet FortiGate is not stable at all.

Fortinet FortiGate's scalability is good.

Most of the clients I support technically with their Fortinet products appreciate the service. They don't have any problems, so there is no significant negative feedback.

Before using Fortinet FortiGate, I used Cisco ASA. We switched to Fortinet because they provided much more concrete solutions, were more up-to-date, and focused on network security as their core business.

On the cloud side, purchasing Fortinet FortiGate through the AWS Marketplace is very simple to deploy and easy to set up. My experience with the configuration process in AWS has been globally simple.

I have not seen a return on investment since using Fortinet FortiGate.

My experience with pricing, setup cost, and licensing for Fortinet FortiGate is that the licensing and hardware pricing is reasonable compared to other security solution providers. However, Fortinet must review the access to these licenses at reduced prices, and the appliance prices must be reviewed to allow access to all organizations, including small, medium, and large-sized businesses.

I would add that all of Fortinet's UTM protection solutions are solutions that respond to the current ecosystem for the protection of critical infrastructures. My advice to others looking into using Fortinet FortiGate would be that while recommendations are great, they should ask more questions. I rate Fortinet FortiGate an eight out of ten.