Fortinet FortiGate-VM Reviews

We are using Fortinet FortiGate-VM for network-level security.

There is a cloud and on-premise version of the solution available.

Our company deploys this solution to many companies.

The most valuable features of Fortinet FortiGate-VM are the ease of use, IPS system, application filter, web filtering, and email security. Additionally, there is a migration tool that other vendors do not provide. We only need to upload the configuration file to the tool, and it converts everything, except the passwords, and gives us the new configuration, which we can directly upload on the firewall. This migration process takes a maximum of 15 minutes.

The solution can improve by adding separate interfaces for proxy and flow-based usage.

In the next release, the web application firewall should be integrated into the hardware. There is separate hardware for the web application firewall and for  FortiGate.

I have been using Fortinet FortiGate-VM for approximately seven years.

I rate the stability of Fortinet FortiGate-VM an eight out of ten.

We have approximately 30 users and 30,000 users.

This is a scalable solution.

I rate the scalability of Fortinet FortiGate-VM an eight out of ten.

The support from Fortinet FortiGate-VM exhibits high responsiveness. Whenever I raise a ticket on their portal, they typically respond within 15 to 20 minutes. In urgent cases, we can contact them via a ticket, and an engineer will be promptly assigned to assist.

I rate the support from Fortinet FortiGate-VM an eight out of ten.

Positive

I have used multiple types of firewalls and vendors, such as Cisco Firepower. Palo Alto, and Sophos.

Palo Alto is a great solution but it is expensive. I would choose them over Fortinet FortiGate-VM but they are too expensive. For my use case, Fortinet FortiGate-VM is the best for the environment.

Fortinet FortiGate-VM has discounts for generalized partners.

The initial setup time of Fortinet FortiGate-VM depends on the policies and filters that need to be applied to different users. The time can vary a lot on the environment. Its time ranges from minutes to a month. However, we can do the process remotely and it takes approximately 10 minutes.

We do the implementation of the solution.

The license can be purchased at intervals of one, three, and five years.

The price of the solution is in the middle range compared to the other vendors. However, the vendor is increasing the price gradually.

One person is suitable in a 24-hour period for the maintenance of the solution. A three to five administrator maintenance team would be sufficient to cover all the maintenance shifts per week.

I highly recommend Fortinet FortiGate-VM to others.

I rate Fortinet FortiGate-VM a nine out of ten.

We use the product primarily in environments requiring robust network security and compliance, especially in the banking and enterprise sectors.

The platform has enhanced our organization's security posture by providing effective threat protection, bandwidth management, and SDN capabilities.

They could enhance the product's functionality for more comprehensive threat detection and mitigation, especially for large-scale deployments.

I have been using Fortinet FortiGate-VM for several years. 

The product is stable. 

The product is scalable. 

The initial setup of FortiGate was straightforward. It involved detailed planning for appliance selection based on user numbers, throughput requirements, firewall, IPS capacity, and VPN needs. 

We managed the implementation in-house, leveraging our expertise in network configuration.

FortiGate offers a favorable ROI due to its competitive pricing structure and effective network security capabilities, making it a cost-effective choice for our organization.

We evaluated alternatives like Checkpoint and Palo Alto. We chose FortiGate for its cost-effectiveness, robust performance in our specific use cases, and the comprehensive support provided by Fortinet.

The product's threat protection features have been instrumental in managing subscription-based licensing and ensuring compliance with regulatory requirements, especially in banking environments.

I rate Fortinet FortiGate-VM an eight out of ten. 

We employ Fortinet FortiGate-VM solely for testing purposes, similar to how we employ virtual machines in a virtual lab environment to evaluate solutions. When customers inquire about potential solutions, we typically construct and thoroughly test these solutions in our lab environment before providing confirmation. Once we've successfully conducted a proof of concept, we then extend an offer to the customer.

Both the hardware and virtual versions offer comprehensive capabilities required for perimeter network protection. Positioned at the network perimeter, they provide profiles that can be easily configured, including antivirus, DNS protection, web filtering, IPS, and application awareness for over five thousand applications. This allows for tailored configurations based on specific application usage within our network.

The scalability and flexibility of FortiGate VM have greatly benefited our organization. Its exceptional scalability allows us to adapt and expand according to our evolving needs.

Integrating FortiGate VM with our existing systems was straightforward, as I recall no difficulties during the process. I would rate it a solid ten out of ten for ease of integration.

The performance and availability of FortiGate-VM in our setup vary depending on the specific models chosen. We refer to data sheets and comparison tables to identify devices that meet our specific requirements. This involves considering factors such as performance metrics, encryption and decryption capabilities, and the number of secure connections supported. By comparing different models, we can select the one that best suits our needs.

The GUI of FortiGate is exceptional.

The features of FortiGate VM that we find most effective for network security include its universal operating system, which is the same across both hardware and virtual machine deployments. This consistency ensures that both real boxes and virtual machines run on identical images, accessible via both command line and graphical interfaces for convenience.

SD-WAN could be enhanced to provide a clear division between control and data planes, utilizing controllers to manage tasks within the network.

We have been using it for more than three years.

I am satisfied with its stability. I would rate it ten out of ten.

It provides outstanding scalability capabilities. I would rate it ten out of ten. 
We serve a diverse range of customers, including large government organizations in Ukraine and small businesses. FortiGate is suitable for a variety of customer types, accommodating the needs of both large enterprises and smaller organizations.

We haven't encountered any open trouble tickets in the past three years, so we don't have firsthand experience with how Fortinet handles cases.

The initial setup is straightforward, earning a rating of ten out of ten for ease of use. Compared to other options, it stands out as exceptionally simple, largely due to the extensive documentation provided by Fortinet. Additionally, numerous YouTube tutorials are available online, making it easy to find solutions without necessarily having to consult the documentation.

For deployment, FortiGate can be utilized in both on-premises and cloud environments, offering flexibility in its application. It can serve as a client-side perimeter device within a customer's network or function as a cloud-based service. Our organization predominantly offers cloud-based solutions, leveraging FortiGate installations at our Sentinel node facility. Here, we manage customer traffic by configuring it to pass through FortiGate, allowing us to provide next-generation firewall services to customers who lack their infrastructure. We tailor configurations to suit each customer's specific needs.

Alternatively, if a customer requires an on-premises solution, we may deploy a physical appliance at their site. In such cases, where the customer lacks the expertise to manage the firewall effectively, we offer a managed service option.

Deployment typically takes no more than a few hours, thanks to the straightforward installation process and the clarity of the documentation provided. Especially in simple configurations with uncomplicated topologies, deployment can be completed within minutes.

The price falls somewhere in the middle; it's neither cheap nor expensive. I would rate it five out of ten.

When purchasing an appliance, it's essential to acquire the accompanying subscription. This is crucial because frequent updates to antivirus profiles and other features are necessary, often occurring daily. Operating the device effectively requires a subscription from Fortinet, which we consistently purchase.

Fortinet FortiGate-VM is purpose-built as a next-generation firewall, excelling in its performance of this specific function. Its designated place in the network aligns perfectly with its capabilities, making it an ideal device for its intended purpose. Overall, I would rate it ten out of ten.

We use the solution as a firewall. 

Fortinet is user-friendly. 

We have lost some information and we do not know how that happened through the solution. That needs improvement. 

I have been using Fortinet FortiGate-VM for minimum five years. 

Once in a while there are stability issues otherwise the solution is stable. 

Presently, six thousand users are using the solution. 

The initial setup of Fortinet is easy. 

Overall, I would rate the solution a nine out of ten. 

Our primary requirement is security. We are using it as part of our enterprise deployment with Fortinet. Currently, we are doing the firewalls using these appliances.

We are a services company that provides IT solutions for many other customers. As an IT service provider, we have different requirements from different customers and support them.

There is room for improvement in the pricing model. The pricing is expensive, but pricing should be competitive, and it should be unit-based pricing.

We have a decade of experience with Fortinet FortiGate-VM. We have different versions.

The stability is good. I would rate it a nine out of ten.

I rate scalability a ten out of ten because its mesh architecture allows consistent policies. Additionally, we can keep adding points and integrate them into the same dish, making it easy to scale up as needed.

The customer service and support team is of high quality. The reason is that we are a preferred partner and vendor for Fortinet. So, they are available whenever we call them, and we have no problems. We have a specialized team that is deployed only for our organization.

Positive

I would rate the initial setup a nine out of ten, where one is difficult, and ten is easy. You need to deploy it on a virtual appliance. Deploying the appliance itself is usually straightforward, but designing the architecture and arranging the solution can be challenging for many customers.

We deploy it on both on-prem and cloud, depending on the customer's preference. Our architecture is a mesh architecture. It depends on the customer's requirements. We choose the type of appliances and the capacity required to run. For instance, for a customer with a thousand workloads utilizing a Fortinet gateway, we would select the physical appliances that best suit their needs for on-prem deployment.

Conversely, we would use a mesh configuration with consistent policies across cloud engines for a data interface in the cloud. So, we've used both ways. We use a virtual version on-premises, physical appliances on-premises, and virtual appliances inside the cloud.

The whole deployment takes around four weeks to three months, depending on the architecture. It is quite a broad process, but if I summarize, we typically start with a high-level solution design and then move into the low-level details, such as port configuration and traffic flow. Finally, we move on to the actual deployment phase.

I would rate it a five, where one is low, and ten is high. We usually do monthly licensing costs as we don't invest capital and do more OpEx-based pricing.

My advice is if you have to go with the complete stack, go with the complete stack, not the replacement-only product. Don't look at it as a replacement. Choose a platform.

Overall, I would rate it a nine out of ten. The reason is that I have a next-generation firewall. Fortinet FortiGate-VM provides various deployment options, such as physical or virtual devices, and it can be easily integrated with public clouds. Additionally, I can integrate it with other Fortinet products like network access control or zero trust network access in a single step, which is very convenient. Their security stack portfolio works well with my hybrid mesh firewall, and I am satisfied with its integration capabilities.

We have had a very good experience with Fortinet FortiGate-VM. They are usually the first choice for us when it comes to designing. We have certain products for certain purposes, and this one is our preferred choice for firewall purposes.

Moreover, They have hardware appliances that can be deployed on-premise, virtual appliances deployed on the cloud, and a mesh that can form a cluster. It's very good.

I primarily use the solution as a firewall. It's used for security. I use it for the DMZ. It's related to architecture and is strategically positioned in the network. 

Based on its position, it offers good control over the communication between users and the data center. It's a good unified solution, and you can manage everything from the Fortigate portal.

It's a familiar solution to our clients. We don't spend time selling it. The brand is very popular and recognizable. 

The solution integrates well with other Fortinet products.

The pricing is fine. 

It's a good solution for small to medium-sized companies. 

The integration can be a bit easier. You need to maintain the integrations. You shouldn't have to. For example, in Cisco, you don't have to maintain integration that same way.

The support could be a bit better.

There are no missing features or items we would like to see in the future.

This is not a good solution for enterprises. It's better for smaller companies. 

I've used the solution for the last six years. 

The solution is mostly stable. I'd rate it six out of ten. The updates and availability, however, are not so smooth. 

The solution is not so scalable. It's not necessarily difficult to scale. However, it is not easy either. 

I'd rate the scalability seven out of ten overall. 

Typically, my clients are small to medium-sized entities. 

I'd like to see better support. They are okay. They could be better.

Positive

I also have experience with Cisco solutions.

At the perimeter, we also use Palo Alto. 

The initial setup is very easy. It's not complex. I'd rate the ease o setup eight out of ten. 

The deployment might take two to three days. It's pretty fast to get everything up and running. 

I did not handle the deployment in a hands-on way, so I don't have information on the technicalities in terms of what steps were taken.

The pricing is okay. I'd rate it eight out of ten in terms of affordability.

I'm a Fortinet reseller. I'm not sure which version of the solution we're using. We're likely using version seven or six. 

We use cloud and on-premises deployments. 

I'd recommend the solution to other small or medium-sized companies. I would not recommend it to enterprises. 

I would rate the solution eight out of ten. It is unified, and it is easy to integrate into other Fortinet products. 

The use case was a bit more complex than other clients, however, the typical usage was for VPNs for end-users to get into the internal network. For a mid-size company, that's a pretty much typical use. 

The only thing out of the ordinary would be the SIEM for all the network information, all the metadata, that is cloud-based. We had to create a tunnel to it so that the collector, being in the cloud, would be able to access the internal information.

It performs the functions it needs to perform and it's been reliable. It didn't need to be modified and we didn't have problems where things would just crop up. After months configured it's been rock solid, which is good. That's why I haven't touched it in a year and a half.

I liked its general capabilities.

Its cloud management is very good.

I did like the ability to back up the configuration into the cloud, as opposed to having to store the configurations or just downloading them, the backups, to local devices.  When you want to back up the configuration you can download it as a local file and save it to the cloud.   

That flexibility was very useful. 

The product had a fairly good user interface. It was well thought out and the controls seem to be in a logical hierarchy. I was able to find stuff without having to configure things. There was just a logical breakdown of how to find things.

There were a few cases where I had to use the command line interface on it. Now they do have the ability to pop up a command line, which is nice, however, the fact that you can't do everything within the GUI is probably a problem. There's a thing I have for most products that have started out in the command line and have added GUI, and the GUI is always somewhat behind in capability.

If you have a product you should be able to control the entire product through your user interface. You shouldn't have to drop back into backend command line commands in order to tweak something. There's a couple of cases where we had to do that when we were trying to set up one of the tunnels in particular. We were talking to Check Point or some other company. You've got two different manufacturers with a sort of standard for tunneling with all kinds of encryption methods and stuff like that. You have all these options, and, in order to get the right one, we couldn't discern it from the logs that we were viewing with the user interface. We had to drop down to the command line in order to do that. I would have thought that there should be enough information options made visible in what you can just do from the user interface.

I have been dealing with the solution for three years or so. However, the last time I used it was within the last 12 months or so. The company was restructuring their office due to COVID, and so we had to go in and make changes and set up different connections, That's the last time I was actually in it.

The stability is rock solid. It's a very good solution. I haven't had to touch it for a year. The last thing I did was a firmware upgrade. That was a year ago, and they haven't requested any more work on that now. It's still operational and solid. There have been no complaints really on it.

The product was sized for what the client was doing. I can't really say one way, or the other, whether it's more or less scalable than other solutions. I know we could do things to it - that we didn't do - to increase its capability. However, it didn't need to be done and they didn't have the budget for adding anything to it. It's hard to say. I can't really speak to the scalability of it.

Technical support has been great. They really helped us when we had issues with some early problems during setup.

It ties to the device, so it's pretty easy to see whether or not you have support, however, it was not difficult to get in touch with them. You get someone with knowledge right away. You don't have to go through a filter of people asking you "Is it plugged in?"

I'm actually reselling a managed service of SonicWall. It's not completely hands-on. Now all I do is get reports from it and I can look at the dashboard, however, I don't actually have to configure it.

I've also resold Barracuda.

The initial setup was straightforward. It got complex when we started adding in requirements for tunneling et cetera. The implementation involved VPNs and the general configuration of the firewall. Then they added in these other requirements that it needed to connect to AWS. First, it was to their remote hosted environment. Then, subsequently, to the AWS environment as well. It grew over time. Over the course of a year, we spent a lot of time on it.

I'd rate the initial setup experience at a four out of five. Most of the stuff went pretty well. We had one issue and we had to drop down into it. However, their support was very good. We were able to contact support, and they were able to stay online and walk us through that problem, so without any issues. They didn't balk at it. We didn't have to beg them to help us. Some support you get in there and have to say, "I'm sorry, yes I've done all those things. Get me to the next level."

They had good quality support.

In terms of deployment, it was there when I got there. They had purchased it out of the box and they hadn't configured it. For six months it just sat there. We had it up and running within a month of me getting there. Then over time, we added more and more requirements to it. It didn't take very long to figure out what they wanted to do with it and get it set up. The actual configuration was very quick. It was just the planning beforehand that took time.

Besides myself, there were about four other people in the IT department working on the product. However, really, only one person is responsible for the gateways.

The ROI that they were looking for was an improvement in security for the whole company. It was one of those evolving things, that as new security deployments come up some of them get implemented within the firewall and others are implemented structurally or in other ways. It was able to help them meet their security goals. That was probably the biggest value that they were looking for. It also did not impede their normal operating procedure.

The licensing costs are in line with everyone else. It all seems expensive when you're talking about firewalls, however, they're all the same. It's likely in the middle of the pack.

There are costs involved with FortiTokens. Everyone has different ways of controlling VPN access, however, with the FortiTokens you get a certain amount with the device, and then you have to buy more as you add them on. They're not costly.

However, it's something you have to buy in batches, so if you've got 40 people you're going to buy a bunch of FortiTokens, and each token is an encryption key so that you can have your little app that's multifactor. They charge for that. Everyone else, in terms of competition, charges for that too.

I can't speak to if the client evaluated another solution prior to choosing this.

I primarily work as a consultant. 

The solution's deployment was on-premises, however, there were VPNs set up for remote access, VPNs set up for site-to-site, and VPNs set up for cloud-based SIEM.

As with any solution, you need to size it. You need to plan what you're going to do and what your expectations are with it before you choose the pure model. After that, proper planning is needed before you try to deploy it so you don't have to back stuff out.

I'd rate the solution at an eight out of ten.

I occasionally implement Fortinet for clients. 

In the most recent instance, we had a cloud implemented and I was driving the infrastructure. The client had separate areas inside it purposely. They needed to implement a FortiGate solution in the same client, with different VMs, for different clients, to make different areas for these clients. 

It's great that we can have separate services for the same client. 

It's a complete solution. You only need to deploy it once. You can have many clients and many services for these clients in the same VM. It's a solution that works very well for companies that may need separated sections.

It makes things less expensive for clients. The pricing is good.

The interface is decent.

Technical support has a lot of knowledge.

The initial setup is simple. 

The solution is stable.

It can scale well.

The solution could use very well-defined support for resellers. There isn't necessarily 24/7 support and resolution.

The interface could be improved. 

The product could have more protocol routing options. 

I'd rate the solution at a seven out of ten.

The stability is good. There are no bugs or glitches. It doesn't crash or freeze. 

If you need to scale, this is a good option.

The technical support is pretty good. We are quite satisfied with the level of service on offer. 

The initial setup process is very easy and straightforward. It's not difficult or complex. 

We only need three people for deployment and maintenance. It's not a solution that requires a big team. You might need one or two field engineers. 

I'm working in a Fortinet partner company. I'm a reseller.

I'm dealing with the latest version of the product.

I like the 100F version, and it may be a good option for most clients, however, it might not be right for every company. It's a good idea to figure out what you need before you decide to avoid purchasing something that's not right for your company's needs.