Fortinet FortiGate-VM Reviews

Fortinet FortiGate is our primary security solution for network communication. It enforces segregation between the IT and OT networks. All communication, integrations, and other traffic between IT and OT must pass through the FortiGate, which inspects and controls it.

FortiGate also serves as our VPN concentrator. Both internal users and partners connect their VPNs to FortiGate. We manage the entire VPN process, including access control and security policies.

All web traffic within the organization flows through the FortiGate for inspection and security controls. We leverage FortiGate's UTM capabilities, including web filtering, intrusion prevention, and application control.

While we have several websites running behind FortiGate, they are primarily static content sites with limited business activity. Therefore, we utilize the basic WAF functionality within FortiGate instead of a dedicated WAF device. This approach has proven effective for our needs due to the low volume of transactions and sensitive data on these websites.

FortiGate also manages communication between our internal IT units. With five units in operation, efficient inter-unit communication is critical. FortiGate ensures secure and controlled data exchange between these units.

FortiGate provides us with both visibility and segmentation for our industrial devices. This allows us to achieve good segmentation and also gain a clear view of the assets that reside behind them. Now, if I need to find a specific asset within our industrial environment, I can simply access Fortinet and check the assets listed there. Additionally, FortiGate utilizes sensing technology that identifies the type of each device, further enhancing our overall visibility.

FortiGate helps a lot to reduce the risk of cyberattacks that could disrupt our production.

FortiGate enables centralized management of our organization's network and security operations, providing comprehensive visibility into our environment for proactive threat detection and mitigation.

The effectiveness of our response to a production disruption depends on the affected environment. Some environments have sufficient redundancy to continue operating without the system, while others require immediate intervention. To address this variability, we utilize a strategically deployed FortiGate across all environments. This firewall enforces pre-defined rules to manage traffic and data flow effectively, ensuring that disruptions are minimized and operations continue smoothly.

FortiGate provides us with actionable data, enabling us to make informed decisions. The visibility it grants into the devices operating within our environment empowers us to take timely action and safeguard them.

All our OT traffic traversing to and from our IT environment passes through our Fortinet FortiGate firewall, which helps to reduce our operational expenses.

The security fabric helps reduce our mean time to remediation.

Fortinet has helped us take a more serious approach to cybersecurity. 

The Intrusion Prevention System and the web filtering are both working well. The Deep Packet Inspection is also functioning properly, allowing us to see all network traffic, including encrypted data. I find the DPI to be a valuable and user-friendly feature. Additionally, the logs are clear and easy to understand. Having worked with Cisco and Check Point in the past, I can confidently say that these logs are on par with those of other leading security solutions. They greatly aid in troubleshooting, investigations, and general network monitoring. Overall, I am impressed with this solution's web filtering capabilities and robust IPS functionality. It is both easy to manage and deploy, making it a valuable tool for our network security.

While FortiGate offers a wide range of security features, I sometimes feel that the platform could benefit from more extensive improvements. Given the multitude of functions it provides, I wonder if the developers have enough time to adequately refine each aspect. However, for our specific needs, FortiGate currently performs adequately.

The debugging and troubleshooting has room for improvement.

I would like to see greater integration with third-party solutions. For instance, one example would be integrating Endpoint Protection with FortiGate, such that if an issue arises with Endpoint Protection, an action could be automatically triggered on FortiGate.

I am concerned about Fortinet's ability to help us meet regulatory compliance because its optimal functionality requires deploying all solutions within the mesh as Fortinet products. This raises questions about the compatibility and integration of non-Fortinet technologies within the Fortinet Security Fabric. 

I have been using Fortinet FortiGate for two years.

I would rate the stability of Fortinet FortiGate an eight out of ten. 

I would rate the scalability of Fortinet FortiGate an eight out of ten.

The technical support responds quickly.

Positive

I have worked with Cisco, Check Point, and Palo Alto. I worked with Cisco for ten years and I find Fortinet FortiGate to be a better solution.

The price is fair for what we get with FortiGate.

I would rate Fortinet FortiGate a nine out of ten.

Although we currently don't use any Fortinet devices designed for extreme environments, we are planning to test a few Fortinet switches in such conditions. This initial experiment aims to assess their performance and suitability for our harsh environment. If the switches perform well, we may consider switching our current supplier. While we don't frequently change our OT networks, prioritizing long-term stability has been our main objective, and we've achieved that so far. However, since Fortinet is our network supplier, testing their switches and confirming their reliability is a prudent step for when we need to update our switches.

Potential users should understand their needs before purchasing the solution.

We use FortiGate-VM as a firewall. My company has more than 4,000 users, and we plan to increase usage. 

I like FortiGate's IPS, IDS, and URL filtering. 

I think Fortinet should provide us with more reporting from the AI/ML point of view. They could also offer the SaaS application in a single box. The VPN and ZTNA have so many verticals that they work as a standalone solution. They need to be in a single box.

I have worked with FortiGate-VM for the last three years.

I rate FortiGate-VM eight out of 10 for stability. 

From a scalability point of view, we have a physical user license. If we need to upgrade, we can get a box. There is presently sufficient formal organization to scale up.

I have no problems with Fortinet support.

Positive

We have used Check Point and Palo Alto firewalls. 

We deployed FortiGate-VM with the help of a partner and the vendor. The deployment process took three months. We previously used Cisco ASA and had no migration tool, so we had to start from scratch. 

FortiGate-VM is affordable. In terms of operating costs, we contract with the OEM for a three-year contract and then renew. We haven't received any notice from them because all of our infrastructure is under contract. Every three years, if we cannot get a good price from the vendor, we replace the box.

I rate Fortinet FortiGate-VM eight out of 10. It has all the features. The only recommendation is to combine the vertical into a single box. To improve performance, they should build an engine in the box that enables them to scale per the user requirement. 

I have experience in deployment for banking processes and at the perimeter of a financial institution. I have experience in configuration for PCI DSS compliance.

The best feature of Fortinet FortiGate-VM is the deployment. I applied best practices for deployment with Fortinet FortiGate-VM. By the VPN connection into the site, on-premise and cloud or hybrid for segmentation of level of security, the perimeter and inside zone.

It's very robust. It's a solution that is very complete with accessible support. The feature for deep inspection (DPI) for Fortinet FortiGate-VM is used for generating alerts or to automate threat response.

Licensing could be easier to understand.

I have been using Fortinet FortiGate-VM for around six years and Cisco for around 10 years.

The support deserves a rating of ten out of ten.

Positive

I have also worked with Cisco firewalls. The main differences between FortiNet and Cisco include the price, which is very different. The variant of Cisco ASA, Cisco Firepower, is more difficult for configuration. Firepower is more complicated. Fortinet FortiNet is easier to deploy and also less expensive.

I find that the initial setup of Fortinet FortiGate-VM is easy. Of course, I am very experienced in the area of telecom, and this setup and configuration is friendly. I see that other people find Fortinet FortiGate-VM to be user-friendly. The setup and learning curve is short.

I would rate Fortinet FortiGate-VM a 10 out of 10. It is very good.

I use the solution in my company for the data center's server protection to segregate the data center VLANs and the other VLANs used in the production, testing, and development phases, including the areas consisting of DMZ and VLAN. We are using Fortinet FortiGate-VM as a software-based tool and as a firewall for our data center.

It filters out the unnecessary connectivity that I would probably expect to be connected from the end user site or from external to the data center site. It is also used to filter unauthorized access to sites and to mitigate risks if, in cases, because of the asset policy, the remote desktop connectivity or remote connectivity is not allowed to restrict something. It is used to deal with phishing or something that may not pass through the network. The tool serves as an industrial firewall so that we can use it as a filter more efficiently.

The security offered by the tool has certain shortcomings, making it in area where improvements are required. Security, by nature, is very dynamic, and continuous improvement is required. Every time, the policy and the configuration need to be checked in that aspect now, so in that aspect, it needs some improvement, especially when it comes to some filtering mechanisms, and protocols.

I have been using Fortinet FortiGate-VM for more than three years.

In terms of stability, it is stable. Stability-wise, I rate the solution an eight out of ten.

It is scalable because it is a virtual appliance. You can probably scale it up more.

Fortinet FortiGate-VM is a security solution, so users are not expected to access it. It is actually required to protect the network and the environment, so there is no need for actual user access for the solution.

The product's initial setup phase requires some special expertise. The initial setup phase might not be complex, but it requires experts since it is a security solution.

If there is an expertise that is actually doing the implementation or deployment, then it is a straightforward process.

The solution requires a license. The tool is neither expensive nor cheap, so it is okay.

The product's implementation does affect our compliance with industry regulations, and it is one of the reasons why we prefer using Fortinet FortiGate-VM.

My suggestion to other people related to the tool depends on their requirements because there are other different solutions in terms of cost, efficiency, security, reliability, and security. Depending on the requirements, the tool is recommendable. Fortinet is one of the top security solutions in the market. Anybody can choose from multiple tools in the market, including Palo Alto products and other solutions. Fortinet is usually recommended to others.

I think that Fortinet FortiGate-VM has some solutions that offer AI features. For our use case, we don't actually use the AI functionalities since we want to control everything. In my company, we are the ones who are actually dealing with the product and are just not supported by AI.

I rate the tool a seven out of ten.

We use Fortinet FortiGate-VM as an edge firewall for Internet traffic control and as the main firewall for cloud environments. Whether they're on AWS, Alibaba Cloud, or another platform, FortiGate-VM serves as the primary firewall.

One notable feature is the SD-WAN, which is a strong component of the FortiGate-VM. The fabric feature is also good, but not all customers use FortiGate's networking components, such as the switches. We enable various protection features on FortiGate, such as IPS and web application security. Most customers utilize these protection features to enhance their security.

Integrating multi-factor authentication with FortiGate-VM can be challenging. While multi-factor authentication is important, not all customers have it enabled. Integration with third-party solutions like ManageEngine or Duo can be complex and sometimes problematic during testing. However, high availability works smoothly with FortiGate-VM. We use high availability, and SD-WAN features effectively; overall, the performance is good.

I have been using Fortinet FortiGate-VM as a reseller for eight years.

The stability is good.

I rate the solution’s stability a nine out of ten.

We implemented it for more than one thousand users.

I rate the solution’s scalability a ten out of ten.

Support from the engineering team has some weaknesses. Sometimes, they focus on closing tickets quickly or asking for logs without thoroughly addressing the issue. However, the support team includes knowledgeable and responsive individuals, especially those from non-Arabic backgrounds. 

Positive

Setting up FortiGate-VM is straightforward, but there is a step that can be a bit tricky. After installing the VM, you need to log into the CLI for the first time to set a static IP address if you have multiple interfaces. By default, interfaces will receive IP addresses via DHCP from the cloud service provider. You must disable DHCP on the additional interfaces and set static IPs to ensure proper access and configuration. You may have trouble accessing the firewall if you don't do this.

Issues with certificates and licenses often arise from the distributor, not Fortinet.

The setup process is generally easy. FortiGate is becoming popular in Saudi Arabia due to its user-friendly interface and ease of configuration compared to other vendors like Palo Alto. High availability setup is also simple and not overly complicated.

When comparing Fortinet to other vendors in Saudi Arabia, like Palo Alto, Fortinet stands out positively. In comparison to Sophos, many customers are currently switching to Fortinet. Fortinet's pricing is competitive, making it an attractive option.

To block HTTPS management traffic from the WAN, you must carefully manage the HTTPS settings. If HTTPS is not enabled on the WAN interface, you won't be able to block management traffic effectively. Some customers require HTTPS because of NAT services and use public IPs. Disabling HTTPS can disrupt management access. Better controls for managing the interface from the WAN side would be helpful.

Fortinet FortiGate is easier to configure and manage compared to Palo Alto. Setting up policies, routing, and VPN tunnels on FortiGate is more straightforward and faster. Palo Alto can be complex, requiring multiple steps to create a policy and manage interfaces.

FortiGate also excels in troubleshooting and logging. The logs are easier to read and provide better classification, making it simpler to troubleshoot issues. In contrast, Sophos is less effective for larger-scale operations and doesn’t match Fortinet’s capabilities. 

In cloud environments, we recommend FortiGate-VM because it integrates well with cloud service providers. On-premises, many customers prefer physical FortiGate hardware, particularly with VMware setups. However, FortiGate-VM is more commonly used for service providers like SCC, Alibaba, and AWS.

Overall, I rate the solution a ten out of ten.

We have a private cloud environment with two firewalls and a physical host with a total storage capacity of approximately 5 terabytes running on VMware. The private cloud is a payment services gateway processing transactions from 1,500 outlets nationwide. We have around a thousand virtual machines, and all of them use Fortinet. 

We like FortiGate-VM's IPS features and its ability to create multiple virtual firewalls. 

I have used FortiGate-VM for five years. 

Stability is one area where Fortinet stands out. We don't see dropped sessions or downtime. The hardware is extremely stable, and our utilization stays well below the limits. 

You need to upgrade your box to scale, but it's easy to migrate from one to the other. 

Fortinet support needs improvement. The response times are lackluster. Fortunately, the product is stable and we seldom have issues. Also, it takes months for them to deliver hardware when we order it. 

Neutral

It's easy to install and configure FortiGate-VM. One engineer can finish the job in half a day. 

You will recover your investment if you purchase the right size and use it for six or seven years. However, you'll lose money if you need to replace or upgrade the box after three years. It's critical to buy the correct size from the start.

FortiGate-VM is a little expensive compared to Sophos. You pay a fixed license for the box, but there are various options if you need to upgrade. 

I rate Fortinet FortiGate-VM nine out of 10. It's a solid product overall, but Fortinet support has a lot of room for improvement. I wouldn't recommend it for an enterprise use case. It might work, but you should test it first. They have various options, so you should pick one that meets your business requirements and your environment.

My company had once deployed multiple firewalls and switches in an organization.

My company uses the firewall capabilities of the product for L1, L2, and L3 switches, along with FortiClient VPN.

My company mostly deals with an organization that works with on-premises software. My company uses the tool to block the traffic from the outside area that may reach our infrastructure or network. My company uses the product as a firewall to create a blockage for outside traffic.

The most likable feature of the firewall functionalities stemmed from the fact that it did not allow anyone from outside the organization to have any kind of access to the company's information, and it ensured that it blocked outside traffic.

The product's setup is quite complex, making it an area where improvements are required.

I have experience with Fortinet FortiGate-VM for four to five years.

Stability-wise, I rate the solution an eight out of ten.

My company is involved in research and development activities, and some of our employees or teams are constantly involved in research or development, owing to which some product features are not implemented in our organization. In general, the product is not used to its 100 percent potential.

Scalability-wise, I rate the solution a ten out of ten.

I have experience with Palo Alto Networks.

The product's initial setup phase is a bit complex.

The solution is deployed on an on-premises model.

The solution can be deployed in three working days.

The deployment process can be carried out with the help of our company's in-house team.

Though I cannot give any numbers, I can say that the product's ROI is good. The tool is able to give good returns considering the amount of money that my company invested in the product for our infrastructure.

I rate the tool's benefits a nine out of ten since the product always helps to maintain security and safety in our company.

There is a need to make payments towards the licensing costs attached to the solution.

The tool improved the security in our company's virtualized environment, as it was helpful in creating an additional layer of security for the organization and for the use of the internet. The tool was the most important product to be implemented in the organization.

To be able for our organization to build our services, we need to operate inside a certain network while ensuring that the outside traffic gets blocked by using the firewall services from the tool, as it helps to create a secure network inside our company. Without the tool in our organization, our network would have been compromised. The aforementioned area consists of details related to how the tool helps with the workload protection aspect.

I recommend the solution to others who plan to use it since it helps in areas where it helps block a particular website with the help of the firewall functionalities that it possesses. The tool also helps block outside traffic, and it is mandatory to implement a firewall as an organization grows for the smooth operations of business.

I rate the tool a ten out of ten.

Fortinet FortiGate-VM is used for the firewall. Some clients would like to go for the solution because of pricing. They feel they can run it on their own hardware, cut down costs, and manage it.

I can vouch for the security aspect of Fortinet FortiGate-VM. It's a value-for-money appliance. Fortinet has always been our number one firewall appliance regarding recommendations to customers. The solution is very secure, and its technical support is on point.

I like Fortinet FortiGate-VM for tutorial purposes. You can set up the solution on your personal computer for apps and teaching.

Fortinet FortiGate-VM should improve its asset identification, wherein the device can identify assets on the network, like computers. We should be able to identify a device and the user account used to log on to that device.

I have been using Fortinet FortiGate-VM for more than five to six years.

Since it is a VM, the solution runs on a client-provided host machine. Most of the time, the host machine gives issues that affect the VM.

I rate the solution a five out of ten for stability.

Around 20 users are using Fortinet FortiGate-VM in our organization.

I rate the solution an eight out of ten for scalability.

The solution's technical support is responsive, but the only issue is you need to be specific with your problem. If you are not specific with your problem, it will take longer to resolve the issue because of time zone differences. All the engineers would like to know exactly the problem before they offer solutions.

Positive

We previously worked with pfSense. We switched to Fortinet FortiGate-VM because pfSense was giving us issues.

Fortinet FortiGate-VM is easy to implement, provided you know your network architecture and the basics.

On a scale from one to ten, where one is complex and ten is easy, I rate the solution's initial setup a nine out of ten.

The solution can be deployed in less than ten minutes.

Fortinet FortiGate-VM is a very expensive solution. It's a value-for-money appliance. You don't have every client going in for the solution unless there are some specific points.

You need to know exactly what you need at the point of purchase. That will guide you in purchasing the required license. If you miss and purchase the wrong license, you can wait and purchase another license during renewal. You can also negotiate with Fortinet to have your license changed to get the feature you want.

On a scale from one to ten, where one is expensive and ten is cheap, I rate the solution's pricing a three out of ten.

We used to troubleshoot for Fortinet FortiGate-VM, but now the new firmware doesn't really give issues. We do maintain the solution by checking on devices and updating the firmware. We have seven engineers in our technical team to deploy and maintain the solution.

I would not recommend Fortinet FortiGate-VM to other users because most users don't have the infrastructure. They will tell you they want to cut down costs. You get them the solution, and at the end of the day, as a technical person, you will be bothered by the solution.

Regarding the upgrade, the only time we've had an issue is when the customer gave the wrong information. The utilization exceeded what they actually needed. Aside from that, Fortinet FortiGate-VM is a good appliance for us.

Overall, I rate the solution an eight out of ten.