Fortinet FortiGate-VM Reviews

I was called regarding a review on Fortinet FortiGate, FortiSOAR, and I mentioned working with it, so it is acceptable for me to answer some questions. I have just initiated one requirement with FortiSOAR. The impact of SD-WAN on the network performance is significant, and SD-WAN is the basic feature today offered by every firewall OEM. Previously, we worked with Fortinet FortiGate for IPsec VPN tunneling, and today we have implemented SD-WAN as well. We are implementers with many customers for whom we have been working. Some customers are big, some are small, but we have been working with many companies. My customers work in varied industries, including banking, finance, manufacturing, and IT, because cybersecurity is the need of the hour. Every company requires it, and firewalls are basic; companies choose either Fortinet FortiGate, Check Point, Palo Alto, or SonicWall. We have integrated SD-WAN capabilities with Fortinet FortiGate for our customers' networks. We have not partnered with any company for that matter. We implement and do the servicing. People purchase, and we do the servicing and integration to their network.

One feature of Fortinet FortiGate that I find very unique is the virtual domain, VDOM. The VDOM feature allows you to integrate multiple domains; if you have multiple domains, you can create multiple VDOMs. VDOMs are a feature that is very unique and not available with other competitors. Fortinet FortiGate has that feature, which I really appreciate. Regarding Fortinet Unified SASE, the effectiveness of security policies across multiple locations is managing efficiently with FortiManager. The stability of Fortinet FortiGate is excellent.

For Fortinet FortiGate firewall, I have been working for the last 15 years.

The stability of Fortinet FortiGate is excellent. It is a very stable product.

It is easy to scale Fortinet FortiGate. There are no problems with scalability.

I had a chance to work with Fortinet support. My impression of the support is really good. It rates 9 out of 10 for support. If you consider it, 10 out of 10 is acceptable. I don't see any challenge with the support center. The support needs to be maintained at a high standard.

Positive

Setting up Fortinet FortiGate is really very easy.

People purchase, and we do the servicing and integration to their network.

My customers' return on investment after implementing Fortinet FortiGate depends on how they analyze it. Quantifying it is complicated, and Fortinet FortiGate is definitely a proven product with strong threat handling and management. The value of Fortinet FortiGate is significant, with a huge database of signatures that effectively blocks attacks. However, quantifying the return on investment in percentage terms is very subjective.

As an implementer, I don't sell devices, so I may not know about pricing. However, I interact with pre-sales and support teams, and I find their adaptability and support to be very good.

My customers work in varied industries, including banking, finance, manufacturing, and IT, because cybersecurity is the need of the hour. Every company requires it, and firewalls are basic; companies choose either Fortinet FortiGate, Check Point, Palo Alto, or SonicWall.

We feel that Fortinet FortiGate is a very proven product that has undergone many changes in the market and has added many products. I recommend Fortinet FortiGate as a proven product that needs to be sized properly for proper implementation. It is easily integrable, especially for us. I strongly suggest Fortinet FortiGate. On a scale of 1-10, I rate this solution a 10.

Our main use cases for Fortinet FortiGate include using it as a perimeter firewall. Fortinet FortiGate manages all our policies and other things.

Fortinet FortiGate has impacted our cost savings and security efficiency positively.

Fortinet FortiGate's VPN capabilities are very effective for us. We utilize the VPN facilities of Fortinet FortiGate all the time, so anybody who accesses our SAP systems utilizes the VPN of Fortinet FortiGate.

It has been quite seamless in terms of integration. We find it very useful for us.

The features I find most useful in Fortinet FortiGate are its simplicity of utilization, which is very important, and its provision of interfaces to see the alerts and other things. It is very useful. We use it to understand who our top users of the internet are, what they are using, and when they are using it. It gives us many glimpses into the inner workings of the organization.

At this moment, we believe that Fortinet FortiGate should be improved by injecting more AI because the kind of threats we are seeing are more ransomware threats. Fortinet FortiGate is able to ensure these threats do not enter, but we would prefer to see more proactive alerting mechanisms come out.

I have been working with Fortinet FortiGate in this company for about a year or over a year now, and in my previous company, I used it for almost four years, totaling five years of experience.

For stability, I have no complaints; we are satisfied customers.

Fortinet FortiGate is scalable enough for our environment. We are using Fortinet FortiGate in the consumer durables industry for electrical products. We currently have a little over 2,000 users working with Fortinet FortiGate in our environment.

We plan to increase the usage of Fortinet FortiGate in the future, shortly upgrading and increasing the number of users.

For technical support of Fortinet FortiGate, we utilize a channel partner and we are very happy with them. They support us almost instantly. They have backend support from Fortinet FortiGate, which they utilize. I would rate the support an eight out of ten.

Positive

The setup of Fortinet FortiGate is very simple, worthy of a nine out of ten rating.

The deployment part of Fortinet FortiGate takes a couple of hours. We decided to go for Fortinet FortiGate because it was simple to implement, it was simple to get the policies implemented, and the interfaces were quite simple. Simplicity was the main reason. The product is very good.

I find it quite reasonable.

Before working with Fortinet FortiGate, we evaluated Check Point, Palo Alto, and Blue Coat solutions. The reason we chose Fortinet FortiGate was basically because of security and simplicity of use.

I would recommend Fortinet FortiGate to those who are looking into using it because if they look at the manner in which it protects their enterprise, it does a wonderful job of that. 

I would rate Fortinet FortiGate an eight out of ten.

I have been dealing with Fortinet FortiGate-VM and have implemented it many times at customer sites. We are providing both hardware and VM solutions to connect branch sites and implementing FortiManager to manage Fortinet FortiGate-VMs as a cloud solution or as a dedicated VM to manage all of Fortinet FortiGate-VMs.

I utilize Fortinet FortiGate-VM Hybrid Mesh Firewall feature. We have used it as a demo and have purchased it already, but have not fully configured it.

In my opinion, Fortinet FortiGate-VM is stable, and the best aspect is usability. Fortinet has many good things regarding usability. It has a great user interface and you can easily manage it, easily view information, and easily generate reports. This applies not only to Fortinet FortiGate-VM but to all Fortinet products. The support is also one of the most good features of Fortinet.

My impression of Fortinet FortiGate-VM Security Fabric real-time threat response capabilities is that it is a first-world security fabric compared to others.

In assessing the impact of Fortinet FortiGate-VM threat detection on my IT security operations, it relies on FortiGuard. If you have an IP and the correct license, it has powerful capabilities with IPS signatures and updated signatures from FortiGuard about attacks. One of the standout features is providing some models with a WAF module. This can help many customers, including small customers, by providing them with WAF functionality to protect web application servers. I think threat prevention is excellent on Fortinet FortiGate-VM.

Fortinet FortiGate-VM can be improved in certain areas. It has most of the features I want, and honestly, it is one of my favorite VMs and one of my favorite vendors. Compared to others, Palo Alto is excellent, and I work with Palo Alto as well, but Fortinet offers a good quality product at a lower price point compared to Palo Alto.

It would be beneficial if Fortinet FortiGate-VM could set up high availability with hardware. Some Fortinet products already have this feature, but I do not think Fortinet FortiGate-VM will do it now. You can make high availability with hardware rather than on the same VM or with the same license requirements. If you have a VM, you can make it a high availability solution with hardware, which would be a great feature. FortiNAC from Fortinet has this feature already, but not Fortinet FortiGate-VM.

I would generally recommend Fortinet FortiGate-VM to others. I would strongly recommend using Fortinet FortiGate-VM if you have a requirement to implement a firewall.

The support is one of the most good features of Fortinet. Compared to others, such as IBM, I have had many issues with IBM support. It does not have enough engineers to support many customers. You can open a ticket and expect to receive a response in four business days if you have a medium impact case, which is very critical in SOC environments.

I would rate the technical support by Fortinet at a 10.

Positive

The initial setup of Fortinet FortiGate-VM is straightforward and is the best aspect. It is easy to set up and easy to maintain. All Fortinet portfolio products have a default IP of 192.168.1.99. You can upgrade it in seconds. Compared to others, this is one of the standout features.

We are mainly using Fortinet FortiGate-VM firewalls which are particularly hosted in cloud environments. It will connect cloud environments with on-premise networks and secure cloud-hosted VM traffic, both outgoing and incoming traffic. Those are the main requirements we are receiving.

Real-time threat response is really good, and sandboxing and all the signatures are most of the time accurate. They are aligned with recent threats, and Fortinet also has Fortinet Labs where they do their own research and publish new signatures and threats in real-time to the firewalls and all the devices, so I think it is pretty good.

When comparing with Sophos, I think Fortinet's Security Fabric is really nice because they do have more signatures. When we talk about IPS and all these security features, I think Fortinet is good in that aspect.

Fortinet does provide a lot of visibility in Fortinet FortiGate-VM, and some devices do not have an inbuilt HDD. For logs and data retention, they provide the FortiCloud free service for seven days. Using those features, we gather information to troubleshoot and find root causes. They also have a FortiView section, which is very useful to find out the top sources, top destinations, and which sessions are running. It is very useful.

We mainly get firmware upgrades from time to time, and there are bugs. For the moment, I do not have any features in my mind to mention regarding improvements.

Since I have not worked with VMs so frequently, I cannot tell exact points. Overall, you are asking about the improvements which have to be done on the VM side. They are updating frequently, but sometimes it depends on internet connectivity. Those databases are not getting updated in such cases, so external threat feeds are helpful.

I can say it has been about one to two years using it as a company. We use both the platforms.

I have not experienced any stability issues.

It is scalable, but as per my knowledge, the license is bound to the hardware it comes with, which I have read.

I have worked with the customer team and also the technical team. When we come to technical support, they provide very professional support to mitigate threats or troubleshoot issues. They provide the expected support.

Three years ago, I worked in a different company. Now I work in a different one.

I think someone who is new to firewalls can do the initial setup without any issue if they follow the guide. It is not that complex.

Most of the time, we are purchasing it through our local partners and local distributors.

Obviously, when a customer hosts their firewalls in VMs, they will get ROI because they do not need that many specifications or hardware requirements to host a firewall.

It is reasonable.

I am actually working with Fortinet and Sophos, and also I am looking partially for a rival to Checkpoint as well.

Both Fortinet FortiGate-VM and appliance are available. The difference between Fortinet FortiGate-VM and appliance is the platform which you are hosting. In the appliance, I am really seeing the appliance already with the required OS and everything. When we go to the VM side, we have to host the VM according to the defined specifications, and we have to get the licensing for it. Basically, in the firewall maintenance and configuration part, I cannot see any huge difference. It is the same. When we go to the VM side, all the network cable management and some things are happening virtually.

Feature-wise, as per my knowledge, there are no additional features when you go to the VM or the appliance. You can have the same features either you go with the appliance or VM.

Fortinet FortiGate-VM, mainly affordability and flexibility because some customers do have their infrastructure in cloud environments. Some customers do not prefer to use the cloud platform's native firewalls. In those cases, customers are listing to host their own firewall. For cases in those situations, the customer can get the benefit for those areas since it is affordable. I think it is more affordable than cloud-native firewalls.

Benefits mean the main benefit is when a customer is trying to purchase a firewall. They do not need to pay a price for the appliance. They only need to purchase a license. For the appliance, they can use their own platform to host the firewall. I think that is the main benefit when it comes to the VM side.

Overall network security posture: when a customer implements their firewall in the VM in the cloud environment, they can monitor their hosted VMs' outgoing and incoming traffic. They can restrict access, and they can include IPS, AV, ATP, all these things to secure the traffic. I think it is a huge benefit rather than using the native cloud firewall that is provided by the platform.

When we come to threat detection, I can mention IPS as well. Also under the threat landscape, since as I remember, Fortinet FortiGate-VM has the largest signature base in the IPS. They help us to prevent a lot of known threats using their signature database, which updates continuously.

When we compare it with Sophos, I think the most benefits are their security posture. They have a strong security posture in Fortinet FortiGate-VM compared to Sophos. Also the utilization: Fortinet FortiGate-VM OS is very suitable for small hardware because Sophos OS runs on Linux, which requires huge CPU and RAM utilization. Those are the pros and cons when you compare it with Sophos.

We are using that. Recently we have done an implementation where when someone tries to scan our ports in the firewall for a few times, we have scripts to block those IPs. It is very useful and user-friendly. We can get a lot of tasks done through that automation feature.

Rather than depending on Fortinet's security posture, they provide us the possibility to integrate our firewalls with external threat feeds, which is a huge benefit. If Fortinet misses any host or signature update, we can get it updated through the external threat database.

It is very flexible. We can use several external authentication platforms to integrate with our firewall, for example, SAML or LDAP. They provide so many integration points, and as I remember, they are free of charge as well.

You have to size your firewall depending on your connection types and the threat sources. Fortinet FortiGate-VM firewall is based on that. You have to do proper sizing on the VM that you are putting the firewall on.

In our country, Sri Lanka, most of the customers use their internal firewall and perimeter firewalls. When we take all the customers, it is about more than thirty to forty percent using Fortinet FortiGate-VM as their internal or perimeter firewalls. Huge customers, so we do have a high demand for Fortinet for the internal and perimeter levels.

I would rate this product a seven out of ten overall.

Majorly, we have cloud migration solutions where we connect Fortinet FortiGate-VM with, usually for the FortiGate of the customer, an in-house solution. We have been through many different kinds of projects where we had to adapt the customer firewall solution. 

A significant portion of our clients comes from the retail sector, particularly grocery stores. In the grocery market here in Brazil, there is generally low maturity in IT solutions and cybersecurity overall. MikroTik is commonly used for networking. Many of our clients utilize MikroTik or pfSense as their primary solution for their stores. Occasionally, they may also use Sophos or Fortinet at their headquarters. Through numerous projects, we have identified various vulnerabilities during penetration tests conducted in their environments. One of the primary concerns is usually the firewall, which prompts us to explore different security options. For example, we have a strong partnership with Trend Micro for Endpoint Detection and Response (EDR).

From there, we establish a connection between the customer's solutions and Fortinet. Sometimes, we implement SD-WAN to connect every store securely. This allows them to connect even with firewalls and SASE solutions, enabling connections via 5G to integrate the entire company with our cloud solutions. In summary, the foundation of our projects typically revolves around cloud migration, starting with security solutions or penetration tests that identify vulnerabilities. This leads us to implement both physical appliances and VM appliances as needed.

Our visibility into network traffic has improved since implementing Fortinet FortiGate-VM, at least based on the feedback from the operations team. 

Fortinet adapts to evolving threats based on what I've seen. With AI implemented, they can analyze how new threats behave, enhancing their ability to respond. Nowadays, the prevalence of AI as a threat vector makes security harder; therefore, having a partner that's developing AI features for improved security is commendable.

My background is primarily in cloud infrastructure rather than security. When considering Zero Trust Network Access (ZTNA) or SASE solutions, I believe it effectively closes many gaps in a customer's connectivity and environment. For me, this level of security is crucial.

There are areas for improvement because usually, most policies don't change much. There's always room for enhancements, whether for VM or physical appliances, because threats evolve, necessitating adaptation and a different approach to the security environment.

I have about two years of experience with Fortinet FortiGate-VM. We primarily used to work with open-source solutions. Three years ago, we established a strong partnership with Fortinet. Since then, we have been working with Fortinet FortiGate as our primary solution for firewalls. I am familiar with both Fortinet FortiGate-VM and FortiGate physical appliance.

I can't rate technical support or customer service because I'm in the commercial area. From my perspective, I would rate it an eight out of ten. We are primarily supported by our own sales team, and recently we gained help from a Fortinet partner account manager, who has been assisting us with key customers and opportunities. 

Positive

Our clients used different solutions. I believe that Fortinet has a larger installed base, which means they are exposed to more threats. This exposure helps them evolve more quickly and develop new solutions and protections against emerging threats. As a result, their response to issues is generally faster than that of their competitors. While I wouldn’t say they have more features than all the others, they do tend to introduce new solutions, policies, and tools more rapidly because of their extensive installed base. This allows them to be more responsive to new threats than other companies.

The initial setup used to be complex, but with the addition of features, potentially involving AI, it has become more straightforward. As far as I know, that was a challenge previously, but with recent releases, the setup process is increasingly automated.

We have a direct contract with Fortinet, but we primarily use the OCI environment. While we also partner with AWS, Azure, and GCP, about 90% of our infrastructure is in OCI. We are an ISV for Oracle. We offer a platform that enhances scalability for client-server solutions in the cloud. Over time, we have developed capabilities in integration, data management, and AI agent building. Our platform not only manages the infrastructure but also incorporates security tools like Fortinet and other solutions for phishing protection. In terms of integration, we provide an iPad solution along with a data warehouse and lake house construction process. This allows users to create their own data pipelines and ultimately deliver information to Business Intelligence (BI) tools or DataView tools. Additionally, users can build their own AI agents that operate entirely within their environment, using their own data without the need to export it to external tools. Oracle recognized us as an ISV capable of managing our customers' environments within our own accounts. Currently, we have more than 20,000 companies integrated into our operations within OCI.

What's more important than just having good policies in place is to have a security operations center that monitors all the KPIs and thresholds. This allows us to use that feature wisely and take timely measures to position ourselves effectively. If all the policies are well-placed, we can even automate responses, locking parts of the network to prevent attacks based on vulnerabilities or threats detected within our policies. 

I would rate Fortinet FortiGate-VM a nine out of ten. It's much better compared to the open source solutions we've used before. Not only is my average ticket a bit lesser due to the licensing and other factors, but I also experience fewer issues with my customers, at least when it comes to the Fortinet products.

My use cases primarily involve cloud environments for Azure or AWS, and 90% of my usage would be in the Azure environment.

What I appreciate the most about Fortinet FortiGate-VM is that it is not much different than hardware appliances. I have worked with other VMs in Azure that are firewalls, and the SSH capabilities on those devices lack functionality, whereas I don't have that problem with Fortinet FortiGate-VM. I can SSH into the firewall without issues.

The Security Fabric real-time threat response capabilities are great if customers have all the products to go with it. In most cases, they may have two firewalls or they may have one firewall and FortiAnalyzer. If a customer is utilizing FortiMail, all these components can integrate together, allowing logs to be centralized and feeding back to one another in the event of a potential threat. It's great, yet unfortunately, we don't have enough customers using different products from Fortinet to really take advantage.

In terms of room for improvement, logging could be improved. Sometimes the logs are more difficult to read and to identify root cause analysis. Another enhancement that would be great, but wouldn't just be on VMs, could target the VM—the addition of a syslog table we could view to better identify what to expect from logging.

I have been using it for the last three to four years in my career.

Fortinet FortiGate-VM is a very scalable product, especially from an HA standpoint.

I have contacted technical support and customer support. When I compare them to SonicWall, they are about equal in contrast, as we have about the same number of challenges between both of them.

Positive

I have used alternatives to this VM.

The initial deployment of Fortinet FortiGate-VM was easy for me. To deploy the VM took maybe an hour.

Fortinet FortiGate-VM requires ongoing maintenance on my end. I have to keep track of the CVEs that may be out there, and that's probably one thing that Fortinet is plagued by, having a number of CVEs out there. The good thing is they patch them quickly and let their customer base know about them as soon as they do, or at least as it appears compared to other vendors that try to hide them.

Deployment would be a team effort due to it being in the Azure environment. You have to have the Azure engineer deploy the VM itself, and then I would gain access and do the initial provisioning of the firewall.

Regarding the pricing, it tends to be a bit higher compared to SonicWall. That's why we end up having customers go the SonicWall path when they would be much better off going the Fortinet FortiGate-VM path.

The closest solution I would compare it to would be SonicWall NSVs, which I've worked with the most, although I wouldn't compare it in a positive light. 

For a small office or a small company, the NSV may be fine, but I appreciate the granularity of Fortinet FortiGate-VM. Granularity in security policies is where Fortinet FortiGate-VM stands out. I prefer Fortinet FortiGate-VM over SonicWall NSV because of the granularity. The ability to have security policies is a major plus, as each firewall policy can have its own security policy, which I can't do with SonicWall. This makes Fortinet FortiGate-VM the much better product.

I do not use the Hybrid Mesh Firewall feature by default. Regarding the downsides of the VM, I haven't run into any problems to suggest improvements. I use it just as if it's a physical appliance, and I don't have any offset differences.

I rate Fortinet FortiGate-VM a seven out of ten.

We are a system integrator, so we are dealing with Fortinet and Sophos. I work with all of them, depending on the customer's needs. I have experience with Fortinet, particularly with deployment experience using Fortinet FortiGate-VM, this particular firewall.

For me personally, the best features of Fortinet FortiGate-VM are that it is user-friendly and easy to deploy. The GUI is very user-friendly, so anyone can quickly learn how to use it.

Fortinet FortiGate-VM is time-saving and robust from a security perspective, so it brings positive benefits to the organization.

In the future, I would like to see configuration backup on email included in Fortinet FortiGate-VM.

The AI capabilities that they launched last year should be enhanced. If we procure FortiManager, then through FortiAI, we can find out the issues or the configuration changes required as per best practices. Those things need to be added to help us troubleshoot more easily. If the AI helps us even with troubleshooting, it will save a lot of time for us as well.

Some of the compatibility and technical support issues are reasons why I rate it eight instead of nine or ten; the rest of everything is good.

I have been working with Fortinet FortiGate-VM for around five to ten years.

We were facing challenges while deploying Fortinet FortiGate firewall on AWS with Graviton instances; we were not able to build HA. The Graviton processor has some limitations. I do not know exactly what the issue was, but we changed the instance type and then installed it. There must be some compatibility issues with that particular Graviton CPU and Fortinet.

It took a couple of weeks, approximately two to three weeks, to overcome all those issues.

The technical support is very helpful, but reaching technical support is quite difficult because whenever we have raised a ticket, it takes a lot of time to reach them and even make them understand the issue. When we raise a ticket, it routes to some L1 engineer, and they might not have adequate AWS or Azure knowledge, which is why it took a lot of time to get an L3 or L2 engineer and find a resolution.

We have an entire team of ten to fifteen people involved in the process of deployment, and they are the implementation engineers.

With respect to cloud networks, we may require some detailed documentation because that will help improve our implementation.

It was good; I did not find any challenge with Fortinet Security Fabric's real-time threat response capabilities.

We do not utilize Fortinet FortiGate-VM's Hybrid Mesh Firewall feature.

It is better how I assess the impact of Fortinet FortiGate-VM's threat detection on our IT security and our customer's IT security after implementation.

It is very affordable and very competitive pricing; I think it is a good solution. I rate this product eight out of ten.

We are a service provider. We have the client project, so we are recommending Fortinet FortiGate for this solution. We are not just recommending; we are billing also. It's basically SD-WAN, a software-defined WAN network. On our client side, we are setting up a mini data center, and in that, we are using Fortinet FortiGate.

The best features in Fortinet FortiGate are the VPNs for the outside network and IPsec tunnels between the point-to-point links between their head office and branch offices. Software VPNs provide remote access features and remote access services. Fortinet Unified settings are good for our cloud-based management and centralized management. I think it is a better option for that.

We have not yet tried the Unified Agent. We would need more details to explore how it can be used for our business use cases.

We have been using Fortinet FortiGate for two years.

It is stable. As of now, there are no performance issues.

We have many scalable customers that have scaled in different areas. If we can get proactive support before the issues are identified by the customer itself, we can resolve it easily. We can do some proactive maintenance for that purpose.

We are using AI and ML-enhanced FortiGuard services within Fortinet FortiGate. We do use Fortinet FortiGate's data center solution.

We have Firewalls in our internal network. We have software Firewalls and Fortinet FortiGate Firewalls, which are hardware. We use Sophos and Fortinet FortiGate. We have two Firewalls mainly, for internal and outside networks. The Sophos Firewall is for external networks and Fortinet FortiGate Firewall is for internal networks.

We haven't done the full SD-WAN integration as of now. We have our own software-defined network that is cloud-based. Our customer is preferring the hardware-based solution, so Fortinet FortiGate is under consideration. Currently, we are not using Fortinet FortiGate SD-WAN, but we have a plan for that.

The Fortinet FortiGate solution is affordable and not complex. It can be manageable on private cloud. Most of our customers are government companies, so we are preferring the private cloud. Scalability is very important for us, though it's only scalable on our server.

I have been using Sophos myself from the management side, and our team has hands-on experience with multiple vendors. The only concern is support-related. We have not tried AI and ML integration with Fortinet FortiGate, but we can consider it and will refer it to our clients.

On a scale of 1-10, I rate Fortinet FortiGate a 10.