Fortinet FortiGate-VM Reviews

My primary use case is for controlling the internet in our organization, as well as for our VPN for those working from home. I also use it for routing the connection to stores so we can access them.

This solution allows us to easily access the stores from where we are. It also blocks a lot of websites that we don't want to allow access to during working hours. It has also made our network more secure, and it's now much harder for people to intrude into our network.

The most valuable feature is that its IPsec works perfectly. The work filter also works perfectly - it's able to detect anything coming in that is not supposed to be on the network.

We have had some issues with connecting to the VPN from home after firmware updates, which could be an area for improvement.

I have been using this solution for about five years.

I think the product's stability is very good.

The scalability depends on what you want to use it for - previously, we were using 60D, and it wasn't accommodating some features we wanted, so we had to go to 100D.

The technical support is very helpful.

I previously used pfSense but found it was a bit complicated in terms of configuration and didn't give periodic updates. I switched to FortiGate because they were very consistent in giving updates on outbreaks and what they were doing to resolve them.

The setup was straightforward because of the integrator's help. Deployment took about two days, and only my assistant and I were required for deployment and maintenance.

I implemented through an integrator.

Our main ROI has been the extra stability on our network - since we implemented this solution, we haven't had any major attacks.

The cost of this product is too high on a yearly license. The license can be renewed on a monthly or yearly basis. There are additional costs for extra features.

To me, this is one of the best firewalls I've ever used. I would rate this solution as nine out of ten.

We primarily use the solution for our internal worldwide corporate network.

It's allowed us to have fewer personnel requirements in relation to maintenance. 

The maintenance part is definitely quite easy. We do not require any additional manpower to maintain this. It's quite simple and it has the least required manpower over it based on an individual unit.

The initial setup is pretty simple. 

The solution can scale well.

The stability is quite good.

Right now, we are totally satisfied with this solution. There are several units worldwide. We have only one unit at our Kolkata location, and we are satisfied as of now in terms of its capabilities.

Price-wise, it could be slightly better, however, if you compared it to other makes and models of equal category, it is generally cheaper.

I've used the solution over the last seven months. 

The stability has been good. Its performance is reliable. There are no bugs or glitches. it doesn't crash or freeze. 

The scalability is there. When taking into consideration our business environment right now, I find that this is capable of handling all the requirements until the end of 2022.

Right now in the Kolkata office, we are around a hundred people - and that is in the Kolkata office only. If you talk about India, then we have around 250.

We do not plan to increase usage at this time. However, in the future, scaling may be required. 

I've never directly dealt with technical support and therefore cannot speak to how helpful or responsive they are.

We did previously use a different solution, however, the main office makes the decisions around product changes. They may have chosen this product as it is less expensive. 

We had been using a British Telecom hybrid VPN solution. In April, we stopped that and migrated to this new SD-WAN connectivity solution based on the Fortinet firewall. 

The implementation process was not complex or difficult. It was straightforward. 

The deployment takes around two to three hours.

Maintenance aspects are handled by the vendor. 

The implementation was done by our vendor as well as our internal team.

We won't have a sense of an ROI until we've used the solution for another year and a half. 

The pricing is pretty reasonable when compared to other solutions of the same caliber.

We pay a yearly licensing fee. I do not know the exact costs, however, as that is handled by the team in Luxembourg.

We don't make product decisions. Decisions of that scale come from Luxembourg. 

We are a customer and an end-user.

I'm not sure which version of the solution we're using.

I'd rate the solution at a nine out of ten.

The use case for VMs is if you're going to deploy them like a SaaS edge, to protect your applications or provide deeper visibility into the traffic. Or you could use it in your data centers as well. However, that's not our preference.

We primarily use the solution for network segmentation at our data centers and remote connectivity to our distributed sites.

We were able to take advantage of their management tool, FortiManager, to get a single pane of glass. FortiManager and FortiAnalyzer do not have a single panel glass. Rather, they are two panes of glasses to manage and monitor the firewalls where previously we were using Cisco. I don't want to call them legacy firewalls, however, with Cisco firewalls, we didn't have that management or logging visibility.

The product has pretty good logging and reporting capabilities native to the firewall. Then they also use FortiAnalyzer to aggregate that traffic and provide more detailed and aggregated reporting. That's going to help when you're analyzing network traffic for network segmentation initiatives.

The stability is excellent.

It's very easy to set up, even for more junior developers.

The scalability has improved. 

It's got a clean interface and it's very intuitive. Everything is easy to navigate.

Their offering for MFA isn't the cleanest. They have a product called FortiAuthenticator. It's not a FortiGate but that is one of their MFA offerings. However, other products that I've used, like Duo, are better from a user experience standpoint. They are easier to configure. 

I've been using the solution for ten years. It's been a while. 

Six or seven years ago, they had issues with code versions where they would make changes within the code version and they would have some bugs. That said, over the last six or so years, their releases have been very stable. We've had very few issues with any type of bugs or issues.

Scalability has gotten better with their SD-WAN offering. They're able to utilize inexpensive lines such as 4G, 5G, or DSL. It has allowed us to move away from expensive MPLS lines.

Historically, conventional or Next-Gen firewalls have been utilized at data centers and remote sites. Now, however, a lot of customers are moving towards Zero-Trust access and SASE. I'm currently looking to get a little bit more information on Zero-Trust architecture, as it reduces the overall management and need for physical firewalls in all your locations, which can get expensive.

We also use the Cisco ASA firewalls. I do find that Fortinet is easier to handle than Cisco as you don't need to handle tasks via the command line, which makes it easier especially for junior-level developers.

The initial setup is very straightforward. I started out in the Cisco world with Cisco firewalls and switches. Then we started deploying FortiGate and I found that FortiGate was easier to learn, especially for junior-level engineers. We were able to get junior-level engineers up to speed quicker than if it was a Cisco platform, especially if they haven't used the command line before.

Deployment usually takes a day, depending on the complexity of the firewall. It might be a day to two, depends on if we are using multiple IPSec tunnels if it's at a data center or a remote site. 

In terms of deployment and maintenance, in my experience, by a rough order of magnitude, a company would need one technician per 30 firewalls. For our company, we had a team of three network engineers and we had a fleet of about 120 firewalls.

I handed the implementation myself with my team. We didn't need any integrators or consultants.

For our entire fleet of 120 firewalls, we're paying about $100,000 per year. The licensing fees give you support and the capability to download updated definitions of threat intelligence from Fortinet.

I was previously a customer. now I am a reseller and Fortinet partner.

We primarily use hardware-based appliances, including the 100 D/E series, 100F, 190 D/E's, ADCs, 600 E's. They are similar to VMs.

We're using the most recent code level at this time. We're one version behind the latest version. We tend to use one version behind the most recent for safety reasons so that we can avoid troublesome bugs or glitches.

Anyone looking to deploy Next-Gen firewalls, in general, should really define their use cases to be able to decide on the proper technology to deploy within the environment. If you're looking to deploy Next-Gen firewalls at all your locations and create point-to-point VPN tunnels, they can get cumbersome and difficult to manage policies. It is also difficult to do network segmentation. With some of the Zero-Trust offerings, you're able to actually move your clients outside of your corporate perimeter, and then isolate those applications based on the user per application, instead of requiring them to dial back via traditional VPN to your data centers, which sometimes isn't the best user experience for your end-users.

I'd rate the solution at an eight out of ten.

In a recent scenario, a manufacturing company, was in need of migrating its services, specifically their ERP SAP application, to a cloud-native environment. They chose to migrate their servers to GCP for hosting. Since they required a firewall, they opted for cloud-native firewall solutions. They acquired two firewalls, one for internal usage and another from the GCP marketplace. Both firewall vendors provided yearly subscriptions. Following this, we proceeded with the configuration.

They established a VPN connection via the internal Forti firewall. Simultaneously, an external firewall from Palo Alto was set up. This external firewall, positioned at the perimeter, handled incoming traffic from Internet users. Our configuration focused on enabling ECPs for the Internet-based cloud network.

The ease of access and user-friendly setup is a valuable feature. Fortinet proves to be particularly straightforward to configure, offering simplicity without complexity. Moreover, visibility is easily attainable due to certain factors. Price, implementation, and budget considerations play a role. When it comes to Cisco implementation, the process tends to be more intricate, which many customers find unfavourable for their business needs.

Fortinet devices are acknowledged as highly potent and come with a notable cost. These devices offer extensive visibility, an array of configurations, and a range of security features. However, there's room for enhancement in their routing and switching security aspects, akin to Cisco's offerings.

A noteworthy aspect here is Meraki, which offers cloud controllers. If FortiGate were to introduce a similar cloud management solution, it could strongly compete with both Meraki and Cisco products. Cisco operates in two sectors: enterprise and SMB. Particularly in the SMB market, they hold sway due to their convenient cloud management features. For instance, Meraki's cameras and wireless access points can be easily controlled through their cloud management portal. If FortiGate were to provide cloud-based management solutions for SMB customers, it could cater to a significant portion of the market, considering that a substantial number of customers fall within the SMB and mid-level enterprise categories.

I have experience with Fortinet FortiGate-VM.

Hardware performance is a determining factor. A recent case made me notice that in comparison to the other vendors, Fortinet exhibited superior scalability. This was mainly due to their package-oriented approach, which involved scaling the VM version based on the number of customers. They offered various packages, and depending on the package, the VM version would be adjusted.I would rate it an eight out of ten.

I would rate scalability an eight out of ten.

The customer service and support is good. Within this domain, we have local support in place. They are primarily responsible for initial support. However, if a situation exceeds their capabilities, they escalate it to level two support. This setup is highly satisfactory.

Positive

FortiGate offers straightforward planning and a user-friendly interface. This simplicity is seen through graphical user interfaces (GUIs), enhanced visibility and effective troubleshooting. I would rate it eight out of ten. 

In the industry landscape, approximately seventy per cent of businesses predominantly rely on on-premise solutions. Specifically, our focus is directed towards banking clients, who are aligned with the guidelines of the Central Bank due to their emphasis on security, governance, and compliance protocols. However, the manufacturing sector and telecommunications companies are more inclined towards cloud adoption. This inclination is rooted in factors such as cost efficiency and power savings, internal infrastructure maintenance and resource allocation, including power and human resources.

In Sri Lanka, the banking and finance sector still prefers on-premise solutions. This choice is aligned with their security compliance needs and regulatory considerations.

In our proposals involving FortiGate, it's common practice to include FortiManager and FortiAnalyzer. Over the past two years, many clients have adopted FortiManager for cloud-based management. We've facilitated this by providing cloud subscriptions, allowing them to manage their FortiManager through the cloud. This approach is well-received, and it's worth noting that even in the banking sector, some customers prefer on-premise setups for their FortiManager.

It would be beneficial for Forti to expand its cybersecurity solutions even further. While solutions like FortiSolor exist, there's room to enhance feature sets in line with the increasing requirements of compliance and private security needs. These can effectively address client-side security needs. Comparing Forti's offerings to competitors, certain strengths stand out. There are notable visibility and flexible configuration options. The client-side experience benefits from robust management capabilities accessible through this solution and the troubleshooting becomes seamless because of good visibility and an effective controller. I would rate it an eight out of ten.

We use the solution for securing our network.

The solution's intrusion detection feature is excellent.

The solution's web-filtering configuration could be more straightforward. It takes a long time to configure.

I have been using the solution for eight years.

The solution is primarily stable. Although, some time ago, there were performance drops where it was freezing as the logs were full. We managed to resolve the issue. I rate its stability eight out of ten.

It is a very scalable product. The solution users in our organization include IT managers, finance officers, accountants, and chief financial officers. I rate its scalability a nine out of ten.

The solution's support team is excellent and efficient.

Positive

The solution's initial setup and configuration are straightforward. But if someone is trying to put policies and restrictions in place, then one has to understand many things. It takes one and half hours to configure and requires two executives for maintenance.

Initially, the solution's price was high for us. But it decreased on the purchase of more than one license.

I recommend the solution to others and rate it a nine.

We primarily use the solution as a virtual machine for firewalling.

The solution is very user-friendly. 

We have a next-generation firewall and can lock things in on a parameter level very effectively.

It is easy to set up the solution. 

The solution is stable.

I've found the technical support to be helpful and responsive. 

I can't recall any aspects that need improvement.

The pricing could be a bit better.

We'd like to have more customization and easier customization of policies. 

The scaling can be a bit better. 

I've been using the solution for the last two years. 

The solution is okay in terms of stability. We have not had issues. It's not too difficult to work with it. 

I'm the only person working directly with the product.

The scalability is limited. If we have to scale, we need to upgrade licenses after the license is up for renewal. Otherwise, we need to buy replacement licenses on top of the licenses we've already purchased instead of just expanding and adding onto what we have.

I've worked with technical support in the past. They are very good. When we open tickets, they respond quickly. I'm happy with the level of support overall. 

I have worked with other firewalls. Which is best depends on the requirements. It is also dependent on the budget. We need to consider performance and scalability and take onto consideration how much support will be available as well. 

The solution is easy to set up. There is a lot of documentation provided. For 70% to 80% we can do just fine, and for the rest, we just request documentation and can finish the job. 

We do not need much maintenance. We handle that ourselves, and it's not too difficult. 

The solution is set up and configured in-house. 

The pricing is okay. However, it could always be better. When you need to scale, you need to buy bigger, different licenses. 

We are using the latest version of the solution. 

I'd recommend the solution to others, depending on the business requirements. It's a pretty good solution in general. 

I'd rate the product eight out of ten. 

Whenever I need to deploy a Fortigate firewall, I go on Fortinet and do a trial license and work on it.  

The use case depends on the requirements. The requirements change from client to client. 

The virtual firewall feature is very good.

The solution is easy to deploy and manage, which makes it easy to test.

The products never disappoint us.

There are a lot of features that overlap and are similar to other products.

The setup is simple.  

I haven't had much of a chance to work on the VM environment too much. I don't have any notes for improvement. 

Technical support could be better. 

I've used the solution for two or three years on and off. 

The solution is stable and reliable. There are no bugs or glitches when handling testing in the lab environment. 

The solution is scalable. You can expand it easily. 

I'm not sure if there is a local person in Pakistan. Whenever I try to contact support, there is always a delay and I have not been so happy with the support services on offer. 

I also use Sophos. 

The initial setup is pretty straightforward. With the deployment of any type of firewall, you do have to do some workarounds. As long as you know the specifications, you are good to go. I'd state the ease of setup eight out of ten. 

The deployment, so long as it is not a migration, only takes a few hours. 

They do offer a one-month free trial. 

They offer affordable pricing. It was not expensive. I'd rate it seven or eight out of ten in terms of affordability. 

We are Fortinet partners. 

The solution is pretty good. 

I would recommend the solution to others. I've had a great experience with the virtual environment. 

I'd rate the solution eight out of ten. 

We are a reseller of FortiGate, but also a customer. I have configured it in my office. Our primary case use includes equipment installed with customers.

We have Fabric Security that integrates with other FortiGate family products like firewalls and switches. This means that we don't need to buy other licenses and it's easy to configure.

With every new version, there are issues and new parts due to the improvements. But the improvements are not always easy for the customer, especially when making a big configuration. Rather than being an improvement, it becomes more complicated.

We have been using FortiGate for almost 12 years.

The support is fine now, however, our last purchase was not as good. They have changed their situation and improved support again.

I had used Sophos UTM, the Endpoints, Access Points, and XG for two years in my office. We switched because of FortiGate's service and because it is a more flexible solution.

Installation does not require another license so it is inexpensive and easy to configure. 

Sophos has a nice interface and is easy to configure. The XG products are good and so are the endpoints. Sophos access points and on-premise are not good.  Sophos also doesn't have enough support to get into the console. Sophos has a Linux box, which is easy to try to resolve most issues, but Sophos support is not good.