Fortinet FortiGate-VM Reviews

It's an edge firewall that provides failover and redundancy management with the SD-WAN. We also use it for its traffic shaping capabilities and visibility through a central orchestrator.

It improves an organization because it's a single vendor solution for edge management.

It allows us to handle multiple types of connections at the edge and provide the proper routing and firewall services.

I really like that it's internationally deployable.

There should be more options to use lower-end models in a high availability configuration.

They should continue to improve the traffic shaping; they should add some AI to the traffic shaping. They should also consider learning from other organizations as opposed to just internally. They should follow patterns instead of everyone having to recognize patterns and make adjustments on their own. Instead, they should add some form of intelligence to guide administrators in best practices with traffic shaping. I think this will become very important as we move more toward a SaaS-type world. 

I have been using Fortinet FortiGate-VM for the past three years.

Stability is also high to very high. 

I'd say scalability is somewhere between high to very high.

The initial setup depends on the types of connections that you're bringing into it and the complexity of the business requirements for individual networks. It depends on how you want to route across the company. Overall, I'd say it's less complex than Cisco but it really depends on who's doing it. 

My advice would be to look to the anticipated growth of the network before starting the implementation so that you are appropriately sizing the scope and size of the equipment.

Overall, on a scale from one to ten, I would give this solution a rating of seven — it's a solid product. Depending on the solution you need, some of the appliances can be a little cost-prohibitive at the high end, but at the low end, they're very cost-effective. Plus, the interface is simple to use. For the right customer, I think it's a solid play.

The version I am using, 6.2.8., is not the latest. It's a somewhat older version and has not yet been upgraded. 

We have configured our use cases to be those of a banking environment. We have enabled the use of the firewall solution for our 300 branches. 

The solution has pretty awesome features. It supports at least 300 of our branches. We have yet to come across any issues concerning the 300 branches we have configured, a high number which equates many connections. This means that the solution can handle that much traffic. This is a feature of the firewall that we appreciate, as well as that of antivirus. In spite of the solution being inexpensive, it has everything one would need. 

There are certain GUI features that should be present but are not, although these we can address through the command-line interface. We have to make use of this to create certain policies or change the interface layer. These configuration restrictions should be addressed. 

Moreover, the reporting should be upgraded, as there are only a small number of reports available. We also encounter issues on the logging pages. GUI does not allow for live logging and the command-line interface must be used in its stead. The need to rely on CLI should be done away with entirely. 

While we consider the solution to be user-friendly, certain improvements should be made in this respect. 

I have been using Fortinet Fortigate-VM for the past two years. 

The solution is extremely reliable. As mentioned, it is being used in 300 branches and no issues have arisen.

The solution is scalable, although I have not attempted to undertake further plugins or additions. 

We have had no issues with the technical support. We have found them to be good, very knowledgeable and helpful. 

Other solutions I have used in the past include Check Point and Palo Alto.

The initial setup is straightforward, although the configurations can occasionally become involved. 

At present, the SD-WAN licenses are on an annual basis. 

We have no specific complaints about the licensing prices. 

I am on the implementation team, meaning that we configure the firewalls for our customers, mostly consisting of the BFSI banks and accounting for 2,000 people who make use of the solution. 

I cannot proffer advice to others who are considering implementation of the solution. All I can say is that it is straightforward and simple, only requiring configuration. 

I rate Fortinet Fortigate-VM as a seven out of ten.

We use the solution for IPS, internal segmentation, inspections, and VPN.

The most valuable features we have found to be the VPN, ease of use, and overall simplicity.

Web filtering is a feature that needs some improvement. There should be some additional features to allow active users to change their own passwords.

Additionally, the secure web gateway and the inspection feature need more security improvement in the next release.

I have been using the solution for approximately one year.

The solution has been reliable in my experience.

We have approximately 250 users using the solution in my organization and we plan to increase usage.

The technical support has been good.

The solution is easy to install.

We are on an annual license for this solution and it could be cheaper.

Previously we evaluated other solutions, such as Check Point and the Palo Alto firewalls. This solution is easier to understand than the others.

I would recommend this solution to others. Especially if they are new to these types of solutions, it is easy to understand.

I rate Fortinet FortiGate-VM an eight out of ten.

We primarily use the solution for checking a 250-person defense contracting company with multiple locations.

It's improved our operations by not being overly problematic.

The solution seems to be very reliable. 

It's a relatively simple product that is easy to use. It's not overly complex.

The initial setup is fairly straightforward.

The product does not have a good graphical interface. Their patches and their upgrades are not always compatible with configuration. That means that often you find after you upgrade that there was something else you have to do to the rest of the infrastructure, whether it's a printer or a user or whatever. It doesn't appear to me that their upgrades are well tested. They usually do what they're supposed to do, however, they also usually do some other things that FortiGate doesn't seem to be aware of.

It doesn't maintain legacy capabilities very well.

The stability of the solution isn't ideal.

They don't seem capable of supporting their own product.

The solution needs a better user interface and more intelligent services like spam blocking and auto whitelisting, gray listing, blacklisting, et cetera. It just basically needs better user monitoring.

I've been using the solution for about four years at this point. It's been a while now.

While I wouldn't describe the solution as unstable, there are definitely hiccups. I expect firewalls to be really efficient and very stable and I would say they're only sort of stable. I don't expect to have to figure out how to create a scan-to-email solution every time I upgrade my firewall, for instance.

Of course, they'll blame it on the vendor of the printer and say now how they're not following the standard or something, however, it was working with their product previously and the printer wasn't the item that changed. Their product gets a patch and it no longer works and you're like, "Well, I like your theory, but I don't exactly accept it." I don't think they have the features that a Palo Alto has, let's say.

The solution seems to be scalable. For our purposes, it scales well.

We have about 250 users on the solution currently.

Technical support isn't that great. On a scale from one to ten, they're a five at best. A couple of times where we had a problem, they couldn't solve the problem. We researched the problem on our own, unfortunately, via Google, and we found the solution and the solution was actually written by one of their techs and they didn't even know it.

The initial setup is not too difficult. It's not overly complex. I'd describe it as pretty straightforward. A company shouldn't have any issues with implementation.

For deployment, we did one site and then the other site and it took probably two weeks to deploy it, with maybe 30 days to get it fully configured. Then, once we had one site deployed, configured, and functional, we implemented a copy of that to the other site. We followed this pattern for each of our locations.

In terms of maintenance, it's hard to quantify what you need for the firewall. The firewalls are relatively low in terms of required maintenance. We have one IT administrator that may be a day a month has duties that are firewall-related. It varies, however, it's not significant work to maintain the firewall.

We did not need the assistance of an integrator or consultant. We were able to handle it ourselves.

We haven't really seen an ROI. It does what it's supposed to do, however, I'm not sure that it makes my job easier. It's kind of a sunk cost. It's one of the frustrations I have. I would expect it to be smarter and capable of doing things that it really doesn't do.

We pay a yearly licensing fee. It's probably a couple of thousand dollars per firewall.

On top of that, if you maintain a hardware warranty, so that you own the devices, you still maintain a warranty on them. There's sort-of a service contract, or you can go at risk. I don't know where we are in that. I'd have to go look, but I know at one point in time we talked about again, if we're going to be doing a tech exchange, maybe we don't want to maintain the warranties on them anymore.

The competitors actually have lower prices for more functionality. On the higher side, if you go with Cisco, it's more expensive, however, it's obviously more functional. A Palo Alto is probably a better solution than a FortiGate.

We're currently looking for alternatives to this solution.

We're looking at alternatives. However, the deficiencies that they have are not significant enough that I would like to immediately leave them, however, they're big enough that I'm looking for alternatives. 

When I come to end the life and I do a tech refresh, if we're not going to go 100% virtual, which is certainly another consideration, I am going to look at an alternate product. I'm not sure we're going to go away from them with a timeline right now, however, I'm certainly looking at it.

We don't yet have a shortlist, however, we'll likely look at the top big names in the market.

We're an end-user and a customer.

We have a plug-in with the subscription. We use the current version on their 100Es.

In general, I would advise other users that they need to look at whether they're going to go physical or virtual. I'd advise once they decide that to then look at the maybe lesser known next-generation firewalls that have functionality. The folks that are going to be operating the tool need to look at the user interface to make sure that that it is easy to use. Most users at an enterprise don't even know the firewall's there, let alone what it is, so they're not unique. I think all of the firewalls are pretty decent at not impacting users. The differentiator is which ones are easy to set up, which ones are easy to configure and use and how good they are at reporting.

The other thing I would say is, look at whether or not they integrate into your overall IT management, whether you're using ServiceNow or what you're using for IT management. How do the firewalls integrate with that or not? It's important.

I'd rate the solution at a four out of ten. It does base functions and it's doing that at a pretty high price.

It is primarily for VPN access and restricting access into the network. One of our clients has a shared system between multiple counties, and it is used to keep the right traffic flowing between counties and blocking the rest.

Each client has a specific version. We're trying to get them all current. Our number one client has the current version.

It provides greater security and flexibility. Instead of just opening it all up, it allows access to only those people who should have access. The network itself is pretty open, and with FortiGate, we can lock down exactly what they have access to.

Primarily, the VPN solution is most valuable. It allows you to have more flexibility in terms of what is there on the end-user device, and what is not there. You can check and make sure that they're current. It has more flexibility than just a straight VPN solution.

It works really well. It has the features that 99% of people need. 

They should keep us up to date about the latest version. That's the biggest thing. Currently, we have to go looking for the latest version. We should get notified about what's going on with the versions.

I would like to see easier dual-factor authentication.

Our clients have been using it for several years, and we've been helping them with that.

It is rock solid.

It is reasonably scalable. It is not as flexible in scalability as Cisco Firepower with their FMC.

Usually, the clients who use it are cost-conscious. They don't want to spend money on a Cisco device, so they go for Fortigate. A large organization usually goes with Cisco. A smaller organization tends to go for Fortigate or some other solution because of the price.

Our clients use it all over the place. It is not just for their internet. It is used for their internal networks and the rest of it.

It was average. I wasn't overly impressed. I was also not disappointed.

There is a little complexity to it but not more than other solutions. I haven't noticed greater complexity.

The deployment duration depends on how detailed you are and what you don't want to get. You can deploy one of these firewalls in half an hour, but if you're going to add a bunch of complexities and things to it, it can take at least a couple of hours to get it all set up the way you want. It ranges from half an hour to four hours.

We help our clients in implementing it. We also manage it. We just have one network support person to take care of things. It is not a job that requires more than one person.

There is no additional cost. Once you get the licensing fee, you're good.

Realize that it is not Cisco, and it doesn't work the same way. You got to pay attention to what you're doing. Those who are super familiar with Cisco got to pay attention to what you're doing because it works differently.

I would rate this solution a nine out of ten. It works well. Except for the dual-factor authentication feature, it has all the next-generation features that you need for a standard user.

We are service providers, and we provide managed services to external customers.

The primary use case of this solution is for firewalling, web applications, and proxying.

We use all of the UTM (Unified Threat Management) features that come with this product.

The most valuable features of this solution are the integration within the environment, with centralized reporting. 

One analyzer and the different devices feeding into that environment. 

The firmware is always up-to-date.

Compatibility and integration with other products or vendors such as Cisco SD-WAN products need improvement.

The multi-tenancy environment for multiple customers, to make it more secure, needs some improvement.

When you buy a bigger box, you should have the ability to slice and dice data. It should also have the ability to give customers either read and write or more privileged access to that environment. Specifically, to the environment that doesn't overflow into the other parts that have been sliced up.

I would like to see a type of portal for on-site deployment, where they can report into a cloud portal and have a high-level view of utilization. Basic indicators on the performance of the environment, including health status, should be displayed.

I have been using this solution for approximately six years.

We are completely satisfied with the stability of this solution.

Because we're sitting on a multi-tenant type of setup the scalability will depend on the customer's ability to upgrade.

Externally we have several customers that range from government to enterprise clients that use the product and we manage the backend. 

The number of users can range from a site that has 100 users to a site that has 2,000 to 3,000 users.

With the multi-tenant environment, we are able to use resources from multiple accounts. 

We run a 24/7 operation with various requirements, and have a team of 15 to 20 to maintain this solution.

We have plans to increase the usage as the requirement increases for more secure environments with more advanced features or other features within the security space. We would go from a standard firewall to maybe a web application firewall, or to authentication with the two-factor type of services.

Technical support is good. We work through a distributor and it's just a matter of a phone call to explain what needs to be done or a feature that we need to enable, and within an hour or two they come back to explain what has to be done.

They also give advice going forward with what to deploy.

The initial setup is fairly straightforward.

The implementation varies from being complex to being straightforward. It can take two to three weeks to implement with some tweaking afterward.

Part of the implementations comes with professional services from Fortinet themselves. In most cases, if it's a new version or a new deployment, we typically get the implementation services from a service provider rather than the vendor.

We have clients with three-year licensing and others with five. 

It's not a cheap solution but it comes with its benefits.

It's all bundled. When we purchase this product, it is bundled with a support license for that period.

With our clients, there is a range of Fortinet FortiGate versions, anything from FortiGate 60E to FortiGate 3700D. 

Management connects to a FortiAnalyzer, and we have application firewalls as well.

We have a centralized data center where we have a combination of customers with on-premises equipment. This includes small devices to secure the customer's environment, and larger devices at the data center, specifically for our customers.

We try to build our services around Fortinet products.

We prefer to work with Fortinet products based on what we have learned from the Gartner Magic Quadrant, and I recommend them.

I would rate this solution a nine out of ten.

The virtual and hardware versions of the solution are mostly the same. 

The VM it's very quick for deployment. If we need to have a POC for a customer, if we don't have any hardware physically at our premises, at our store, in our office, we can download the VM from Fortinet and install all the VM to their environment in order to run it. If we have a customer that says "let's start tomorrow" we are able to do that in a way that's not possible with a hardware version.

Normally Fortinet is very flexible that it supports almost all environments. 

The solution is user friendly.

The cost of the solution is pretty fair.

The documentation is very good.

The SD-WAN is very good, as compared to, for example, Citrix SD-WAN which has an overall lack of security and needs to leverage other devices, like Palo Alto, to cover this.

The licensing needs to be improved. We need longer licensing periods, especially for POCs and trials. It should be for six months. Right now, it's too short of a timeframe. 

Overall as I say, the features-wise and performance-wise the VM and hardware versions are the same. The main difference is that the hardware-based option ins is more powerful compared to the VM version. 

Their technical support is not helpful and I try to avoid using it.

I've been using the solution for ten years. It's been a decade now.

We do occasionally get bugs on the solution, and when that happens, we do need to go to technical support to get the issue resolved.

Let's say tomorrow we want to upgrade in terms of memory, in terms of processor. If we are VM  based we are using files and by default, we have some spec which is set to the VM. If tomorrow we need more capacity for this logging, we can just upgrade it. We take an analyzer like G1 or G5 and we upload the license, and it will upgrade automatically. 

It's so much easier as compared to hardware, due to the fact that, with hardware, you need to change everything completely. 

We have nine people on our team working with the solution regularly.

The support for Fortinet is not very good, and so I tend not to contact them if I can avoid it. They are not good in their general response time. Some team members are quite technical, however, that's not everyone, and you aren't guaranteed to get someone who knows what they are talking about. Sometimes their answers are irrelevant as if they aren't even replying to your actual questions. Other times they tell you what you need is not possible.   

Fortinet has forums for users, and if you go there, you'll see that there are a lot of others saying they are unhappy with support as well. While I'm a big fan of Fortinet, I do not like their support.

We only really use it now if we have an issue with a bug and there's no workaround except to go right to them. Otherwise, we don't contact them.

The cost of the solution is good.

Normally I don't really push a virtual appliance. Some customers may be interested in a virtual appliance for scalability. For most of our customers, we are pushing hardware-based solutions and not a virtual appliance.

For example, if we have a customer that has a private data center in Mauritius and wants to have a hybrid solution, let's say to interconnect on the public cloud, and they want to do SD-WAN to secure it from the public to its current on-premises data center, normally we will go with the virtual appliance on the public side. 

I would recommend Fortinet's hardware 100% of the time, especially in comparison to Palo Alto. With the VM, it's a harder question to answer. A better question would be: what do you will prefer for a next-generation firewall? Do you prefer Fortinet? Do you recommend Fortinet or Cisco or Palo Alto? I would say personally I always recommend Fortinet. I will continue to due to the fact that the cost and the integration, and the general user-friendliness, are all impressive.

I'd rate the solution eight out of ten. I'd rate it higher if it had a longer trial, better licensing, and stronger technical support. There are still places for improvement in the solution.

We provide Fortinet services to our clients, sometimes on-prem and sometimes on cloud. 
We are a system integrator which makes us a partner of Fortinet. I am an information technology solutions manager.

I like the web filtering and I like the IPS functionality.

Data reporting could be improved and also in terms of performance, some improvement should be made on VM, it should be more optimized. Scalability of the solution could also be improved. 

For an additional feature, Fortinet should add more SD-WAN with caching as a special functionality. It should be integrated with Fortinet. 

I've been using this solution for five years. 

Stability is good enough. It's not that problematic for now.

Scalability is a problem because the solution is VM. As a VM, you cannot have much scalability.

The Fortinet technical support is generally good. There are times when we don't get an immediate response and it requires escalation but that's all. 

The initial setup is straightforward. Deployment time depends on the case but can normally be done anytime from two hours to two days for it to be functional.

FortiGate-VM would be for more like a cloud or on-premise SMB environment. And for anyone wanting to scale-up and get big performance, it should be used as a physical appliance.

I would rate this solution a nine out of 10.