Fortinet FortiGate-VM Reviews

We are using Fortinet FortiGate-VM for network-level security.

There is a cloud and on-premise version of the solution available.

Our company deploys this solution to many companies.

The most valuable features of Fortinet FortiGate-VM are the ease of use, IPS system, application filter, web filtering, and email security. Additionally, there is a migration tool that other vendors do not provide. We only need to upload the configuration file to the tool, and it converts everything, except the passwords, and gives us the new configuration, which we can directly upload on the firewall. This migration process takes a maximum of 15 minutes.

The solution can improve by adding separate interfaces for proxy and flow-based usage.

In the next release, the web application firewall should be integrated into the hardware. There is separate hardware for the web application firewall and for  FortiGate.

I have been using Fortinet FortiGate-VM for approximately seven years.

I rate the stability of Fortinet FortiGate-VM an eight out of ten.

We have approximately 30 users and 30,000 users.

This is a scalable solution.

I rate the scalability of Fortinet FortiGate-VM an eight out of ten.

The support from Fortinet FortiGate-VM exhibits high responsiveness. Whenever I raise a ticket on their portal, they typically respond within 15 to 20 minutes. In urgent cases, we can contact them via a ticket, and an engineer will be promptly assigned to assist.

I rate the support from Fortinet FortiGate-VM an eight out of ten.

Positive

I have used multiple types of firewalls and vendors, such as Cisco Firepower. Palo Alto, and Sophos.

Palo Alto is a great solution but it is expensive. I would choose them over Fortinet FortiGate-VM but they are too expensive. For my use case, Fortinet FortiGate-VM is the best for the environment.

Fortinet FortiGate-VM has discounts for generalized partners.

The initial setup time of Fortinet FortiGate-VM depends on the policies and filters that need to be applied to different users. The time can vary a lot on the environment. Its time ranges from minutes to a month. However, we can do the process remotely and it takes approximately 10 minutes.

We do the implementation of the solution.

The license can be purchased at intervals of one, three, and five years.

The price of the solution is in the middle range compared to the other vendors. However, the vendor is increasing the price gradually.

One person is suitable in a 24-hour period for the maintenance of the solution. A three to five administrator maintenance team would be sufficient to cover all the maintenance shifts per week.

I highly recommend Fortinet FortiGate-VM to others.

I rate Fortinet FortiGate-VM a nine out of ten.

We employ Fortinet FortiGate-VM solely for testing purposes, similar to how we employ virtual machines in a virtual lab environment to evaluate solutions. When customers inquire about potential solutions, we typically construct and thoroughly test these solutions in our lab environment before providing confirmation. Once we've successfully conducted a proof of concept, we then extend an offer to the customer.

Both the hardware and virtual versions offer comprehensive capabilities required for perimeter network protection. Positioned at the network perimeter, they provide profiles that can be easily configured, including antivirus, DNS protection, web filtering, IPS, and application awareness for over five thousand applications. This allows for tailored configurations based on specific application usage within our network.

The scalability and flexibility of FortiGate VM have greatly benefited our organization. Its exceptional scalability allows us to adapt and expand according to our evolving needs.

Integrating FortiGate VM with our existing systems was straightforward, as I recall no difficulties during the process. I would rate it a solid ten out of ten for ease of integration.

The performance and availability of FortiGate-VM in our setup vary depending on the specific models chosen. We refer to data sheets and comparison tables to identify devices that meet our specific requirements. This involves considering factors such as performance metrics, encryption and decryption capabilities, and the number of secure connections supported. By comparing different models, we can select the one that best suits our needs.

The GUI of FortiGate is exceptional.

The features of FortiGate VM that we find most effective for network security include its universal operating system, which is the same across both hardware and virtual machine deployments. This consistency ensures that both real boxes and virtual machines run on identical images, accessible via both command line and graphical interfaces for convenience.

SD-WAN could be enhanced to provide a clear division between control and data planes, utilizing controllers to manage tasks within the network.

We have been using it for more than three years.

I am satisfied with its stability. I would rate it ten out of ten.

It provides outstanding scalability capabilities. I would rate it ten out of ten. 
We serve a diverse range of customers, including large government organizations in Ukraine and small businesses. FortiGate is suitable for a variety of customer types, accommodating the needs of both large enterprises and smaller organizations.

We haven't encountered any open trouble tickets in the past three years, so we don't have firsthand experience with how Fortinet handles cases.

The initial setup is straightforward, earning a rating of ten out of ten for ease of use. Compared to other options, it stands out as exceptionally simple, largely due to the extensive documentation provided by Fortinet. Additionally, numerous YouTube tutorials are available online, making it easy to find solutions without necessarily having to consult the documentation.

For deployment, FortiGate can be utilized in both on-premises and cloud environments, offering flexibility in its application. It can serve as a client-side perimeter device within a customer's network or function as a cloud-based service. Our organization predominantly offers cloud-based solutions, leveraging FortiGate installations at our Sentinel node facility. Here, we manage customer traffic by configuring it to pass through FortiGate, allowing us to provide next-generation firewall services to customers who lack their infrastructure. We tailor configurations to suit each customer's specific needs.

Alternatively, if a customer requires an on-premises solution, we may deploy a physical appliance at their site. In such cases, where the customer lacks the expertise to manage the firewall effectively, we offer a managed service option.

Deployment typically takes no more than a few hours, thanks to the straightforward installation process and the clarity of the documentation provided. Especially in simple configurations with uncomplicated topologies, deployment can be completed within minutes.

The price falls somewhere in the middle; it's neither cheap nor expensive. I would rate it five out of ten.

When purchasing an appliance, it's essential to acquire the accompanying subscription. This is crucial because frequent updates to antivirus profiles and other features are necessary, often occurring daily. Operating the device effectively requires a subscription from Fortinet, which we consistently purchase.

Fortinet FortiGate-VM is purpose-built as a next-generation firewall, excelling in its performance of this specific function. Its designated place in the network aligns perfectly with its capabilities, making it an ideal device for its intended purpose. Overall, I would rate it ten out of ten.

We use the solution as a firewall. 

Fortinet is user-friendly. 

We have lost some information and we do not know how that happened through the solution. That needs improvement. 

I have been using Fortinet FortiGate-VM for minimum five years. 

Once in a while there are stability issues otherwise the solution is stable. 

Presently, six thousand users are using the solution. 

The initial setup of Fortinet is easy. 

Overall, I would rate the solution a nine out of ten. 

The product accesses the perimeter firewall and internet proxy at the same time. It allows the creation of a virtual DMZ network. We can have services on the DMZ.

The reporting is good. The signatures are quite good. We have some confidence in the product’s protection capabilities.

The users must buy FortiSIEM to get advanced analytics. The product must provide users with more reports before asking them to buy FortiSIEM.

I have been using the solution for around a couple of years.

There are no stability issues. As long as we provide adequate resources, the solution works.

VM provides scalability options. We could pair the virtual firewalls and have more capacity. We know it's there, but it wasn't necessary, given the organization's size. Around 350 users from a small microfinance company use the solution. The product is extensively used since it also provides internet proxy and VPN. Almost all services that require connectivity are going through the firewall.

We contacted the technical support team regarding a clarification we needed on how to get some services to talk to one another. The team was very handy in that process.

The setup is not that complex. I wouldn't say it's simple, but It's relatively straightforward as long as we follow the guidelines and work with the recommendations.

We deployed the solution with the help of a local partner. We just had one engineer on-site who was supported by Fortinet Professional Services.

There is a good ROI on the product. The solution was quickly deployed, and we were able to have more protection and better visibility of our traffic on the network. We can get a lot of value out of the solution due to the reports.

The pricing is really good. The FortiGate licensing model is workable compared to many other providers who license everything. The local partner was there to guide us in structuring the license to keep the costs minimal. At the moment, there are no additional costs associated with the tool.

We had a competitive evaluation of other products. We chose Fortinet FortiGate-VM because of its affordability. It also had some of the features that were part of our roadmap.

It's a good solution. It’s worth checking out. It is easy to configure and quite easy to use. Some solutions are built by engineers for engineers. The product is a bit relatively easy to use and work with. Overall, I rate the solution an eight or nine out of ten.

I primarily use the solution as a firewall. It's used for security. I use it for the DMZ. It's related to architecture and is strategically positioned in the network. 

Based on its position, it offers good control over the communication between users and the data center. It's a good unified solution, and you can manage everything from the Fortigate portal.

It's a familiar solution to our clients. We don't spend time selling it. The brand is very popular and recognizable. 

The solution integrates well with other Fortinet products.

The pricing is fine. 

It's a good solution for small to medium-sized companies. 

The integration can be a bit easier. You need to maintain the integrations. You shouldn't have to. For example, in Cisco, you don't have to maintain integration that same way.

The support could be a bit better.

There are no missing features or items we would like to see in the future.

This is not a good solution for enterprises. It's better for smaller companies. 

I've used the solution for the last six years. 

The solution is mostly stable. I'd rate it six out of ten. The updates and availability, however, are not so smooth. 

The solution is not so scalable. It's not necessarily difficult to scale. However, it is not easy either. 

I'd rate the scalability seven out of ten overall. 

Typically, my clients are small to medium-sized entities. 

I'd like to see better support. They are okay. They could be better.

Positive

I also have experience with Cisco solutions.

At the perimeter, we also use Palo Alto. 

The initial setup is very easy. It's not complex. I'd rate the ease o setup eight out of ten. 

The deployment might take two to three days. It's pretty fast to get everything up and running. 

I did not handle the deployment in a hands-on way, so I don't have information on the technicalities in terms of what steps were taken.

The pricing is okay. I'd rate it eight out of ten in terms of affordability.

I'm a Fortinet reseller. I'm not sure which version of the solution we're using. We're likely using version seven or six. 

We use cloud and on-premises deployments. 

I'd recommend the solution to other small or medium-sized companies. I would not recommend it to enterprises. 

I would rate the solution eight out of ten. It is unified, and it is easy to integrate into other Fortinet products. 

The use case was a bit more complex than other clients, however, the typical usage was for VPNs for end-users to get into the internal network. For a mid-size company, that's a pretty much typical use. 

The only thing out of the ordinary would be the SIEM for all the network information, all the metadata, that is cloud-based. We had to create a tunnel to it so that the collector, being in the cloud, would be able to access the internal information.

It performs the functions it needs to perform and it's been reliable. It didn't need to be modified and we didn't have problems where things would just crop up. After months configured it's been rock solid, which is good. That's why I haven't touched it in a year and a half.

I liked its general capabilities.

Its cloud management is very good.

I did like the ability to back up the configuration into the cloud, as opposed to having to store the configurations or just downloading them, the backups, to local devices.  When you want to back up the configuration you can download it as a local file and save it to the cloud.   

That flexibility was very useful. 

The product had a fairly good user interface. It was well thought out and the controls seem to be in a logical hierarchy. I was able to find stuff without having to configure things. There was just a logical breakdown of how to find things.

There were a few cases where I had to use the command line interface on it. Now they do have the ability to pop up a command line, which is nice, however, the fact that you can't do everything within the GUI is probably a problem. There's a thing I have for most products that have started out in the command line and have added GUI, and the GUI is always somewhat behind in capability.

If you have a product you should be able to control the entire product through your user interface. You shouldn't have to drop back into backend command line commands in order to tweak something. There's a couple of cases where we had to do that when we were trying to set up one of the tunnels in particular. We were talking to Check Point or some other company. You've got two different manufacturers with a sort of standard for tunneling with all kinds of encryption methods and stuff like that. You have all these options, and, in order to get the right one, we couldn't discern it from the logs that we were viewing with the user interface. We had to drop down to the command line in order to do that. I would have thought that there should be enough information options made visible in what you can just do from the user interface.

I have been dealing with the solution for three years or so. However, the last time I used it was within the last 12 months or so. The company was restructuring their office due to COVID, and so we had to go in and make changes and set up different connections, That's the last time I was actually in it.

The stability is rock solid. It's a very good solution. I haven't had to touch it for a year. The last thing I did was a firmware upgrade. That was a year ago, and they haven't requested any more work on that now. It's still operational and solid. There have been no complaints really on it.

The product was sized for what the client was doing. I can't really say one way, or the other, whether it's more or less scalable than other solutions. I know we could do things to it - that we didn't do - to increase its capability. However, it didn't need to be done and they didn't have the budget for adding anything to it. It's hard to say. I can't really speak to the scalability of it.

Technical support has been great. They really helped us when we had issues with some early problems during setup.

It ties to the device, so it's pretty easy to see whether or not you have support, however, it was not difficult to get in touch with them. You get someone with knowledge right away. You don't have to go through a filter of people asking you "Is it plugged in?"

I'm actually reselling a managed service of SonicWall. It's not completely hands-on. Now all I do is get reports from it and I can look at the dashboard, however, I don't actually have to configure it.

I've also resold Barracuda.

The initial setup was straightforward. It got complex when we started adding in requirements for tunneling et cetera. The implementation involved VPNs and the general configuration of the firewall. Then they added in these other requirements that it needed to connect to AWS. First, it was to their remote hosted environment. Then, subsequently, to the AWS environment as well. It grew over time. Over the course of a year, we spent a lot of time on it.

I'd rate the initial setup experience at a four out of five. Most of the stuff went pretty well. We had one issue and we had to drop down into it. However, their support was very good. We were able to contact support, and they were able to stay online and walk us through that problem, so without any issues. They didn't balk at it. We didn't have to beg them to help us. Some support you get in there and have to say, "I'm sorry, yes I've done all those things. Get me to the next level."

They had good quality support.

In terms of deployment, it was there when I got there. They had purchased it out of the box and they hadn't configured it. For six months it just sat there. We had it up and running within a month of me getting there. Then over time, we added more and more requirements to it. It didn't take very long to figure out what they wanted to do with it and get it set up. The actual configuration was very quick. It was just the planning beforehand that took time.

Besides myself, there were about four other people in the IT department working on the product. However, really, only one person is responsible for the gateways.

The ROI that they were looking for was an improvement in security for the whole company. It was one of those evolving things, that as new security deployments come up some of them get implemented within the firewall and others are implemented structurally or in other ways. It was able to help them meet their security goals. That was probably the biggest value that they were looking for. It also did not impede their normal operating procedure.

The licensing costs are in line with everyone else. It all seems expensive when you're talking about firewalls, however, they're all the same. It's likely in the middle of the pack.

There are costs involved with FortiTokens. Everyone has different ways of controlling VPN access, however, with the FortiTokens you get a certain amount with the device, and then you have to buy more as you add them on. They're not costly.

However, it's something you have to buy in batches, so if you've got 40 people you're going to buy a bunch of FortiTokens, and each token is an encryption key so that you can have your little app that's multifactor. They charge for that. Everyone else, in terms of competition, charges for that too.

I can't speak to if the client evaluated another solution prior to choosing this.

I primarily work as a consultant. 

The solution's deployment was on-premises, however, there were VPNs set up for remote access, VPNs set up for site-to-site, and VPNs set up for cloud-based SIEM.

As with any solution, you need to size it. You need to plan what you're going to do and what your expectations are with it before you choose the pure model. After that, proper planning is needed before you try to deploy it so you don't have to back stuff out.

I'd rate the solution at an eight out of ten.

I occasionally implement Fortinet for clients. 

In the most recent instance, we had a cloud implemented and I was driving the infrastructure. The client had separate areas inside it purposely. They needed to implement a FortiGate solution in the same client, with different VMs, for different clients, to make different areas for these clients. 

It's great that we can have separate services for the same client. 

It's a complete solution. You only need to deploy it once. You can have many clients and many services for these clients in the same VM. It's a solution that works very well for companies that may need separated sections.

It makes things less expensive for clients. The pricing is good.

The interface is decent.

Technical support has a lot of knowledge.

The initial setup is simple. 

The solution is stable.

It can scale well.

The solution could use very well-defined support for resellers. There isn't necessarily 24/7 support and resolution.

The interface could be improved. 

The product could have more protocol routing options. 

I'd rate the solution at a seven out of ten.

The stability is good. There are no bugs or glitches. It doesn't crash or freeze. 

If you need to scale, this is a good option.

The technical support is pretty good. We are quite satisfied with the level of service on offer. 

The initial setup process is very easy and straightforward. It's not difficult or complex. 

We only need three people for deployment and maintenance. It's not a solution that requires a big team. You might need one or two field engineers. 

I'm working in a Fortinet partner company. I'm a reseller.

I'm dealing with the latest version of the product.

I like the 100F version, and it may be a good option for most clients, however, it might not be right for every company. It's a good idea to figure out what you need before you decide to avoid purchasing something that's not right for your company's needs.

We use the solution for the private cloud.

Fortinet FortiGate-VM has a standard hardware firewall and easy deployment. You download a pre-configured virtual machine and run it on your hypervisor, Hyper-V, or ESXi by VMware. It is an excellent solution for private cloud setups, allowing seamless management using Fortinet without additional hardware purchases. Moreover, it offers flexibility—you can integrate it with physical hardware for redundancy or establish branch office VPNs effortlessly. Fortinet's automation capabilities facilitate smooth connectivity between public and private clouds.

The solution is highly scalable, depending on the type of hardware it runs on. You need knowledge of hypervisors to learn about the virtualized environment.

I have been using Fortinet FortiGate-VM as an integrator for one year.

The product is stable.

We cater the solution to SMBs.

I have used SonicWall. Fortinet has fewer hardware requirements than SonicWall. The basic requirement is the same.

The initial setup is easy and doesn't take more than one hour.

ROI is pretty good because it's simply software as a service. You subscribe to a service, and VM is available from FortiGate to download, install, and run. You get all the features. The scalability depends upon the hardware or VM. It could be serving 1000s or 100s users, depending on the configuration.

The solution is expensive.

It could have some versions limited by several users to reduce the price. Else, they could limit the product features, and create some version for a smaller organization with basic requirements.

Support is additional and comes apart from the subscription.

There's not much maintenance required. One to two people is required. Patches and upgrades are required and happen automatically if you've configured it that way. It is easy to deploy over the cloud. There are ready appliances to run in a public cloud like Amazon, Microsoft, or Google Cloud.

I recommend the solution. It is fantastic, easy to deploy, and very scalable. It saves a lot of time. Some particular hardware is not available in stock. FortiGate-VM is a good alternative. You could download, configure, and apply it. You could buy it online or from a Fortinet partner. It's quick and easy to set up.

Overall, I rate the solution a ten out of ten.