Fortinet FortiManager alternatives and competitors

We use it on a virtual machine in our data center. We are not using a box.  

We have many types of clients so there are many types of use cases for our clients who we are deploying FortiGate for on-site to create the local network. Many sites are using FortiGate firewalls like 60E, 100E, 200E and 500E and some 3100D.  

We are using what we call zero-touch deployment. It is a very important technology or process that helps us to make the deployments efficiently. It is called zero-touch deployment or ZTD. It helps us to implement our configuration on these client sites by using FortiManager. Zero-touch deployment is the central piece here and it is made possible by the use of FortiManager. What happens is we prepare our configuration in the FortiManager. After that, the technicians who are doing the installation just need to connect the instance of FortiGate to the internet. They only have to do that and FortiGate automatically downloads the configuration from FortiManager. So this is the way we can optimize the implementation and reduce the duration of the setup time involved.  

It would normally take us a handful of days to install one FortiGate instance on one site. But with this technology, zero-touch deployment, we need just one hour or maybe as little as 30 minutes to install one site. It is much more efficient. We reduce the time further by installing the configuration in all the FortiGate instances that we are managing at the same time. For example, say we need to install a new policy to deny or to allow something to connect to the internet. We can create this configuration in the FortiManager and we can push it out to 100 or 200 FortiGate instances at the same time. So it helps us to reduce the time it takes to install and to perform maintenance as well as to minimize the errors. We are human so errors are more frequent than a deployment managed by a machine. With this process, if anything is wrong it is also easier to correct.  

The most valuable feature in FortiManager is the ability to automate the deployment processes and maintenance.  

Not just in FortiManager, but in any Fortinet project in general, the troubleshooting is very hard. If you compare it with other products from other vendors like Cisco or like Palo Alto, it is just more difficult. Say we are in a situation where we need to do some debugging. It is very hard to understand and to use the CMD and the CLI commands because there is not very much documentation. There is no description when you are using the CLI and there are no examples to follow. So it is hard to do some troubleshooting to find a problem. There is FortiAnalyzer that can help with this but it is not real-time. It is too hard to view real-time inbound and outbound traffic. Because we are network engineers and network administrators, we always need to have some time real-time traffic to view what is happening now, as it happens, to know what is really going on.  

I have been using Fortinet FortiManager for about two years.  

I would say that the product is not stable all the time. Sometimes, I need to reboot the virtual machine after we do some configuration. The configuration changes will only take place after a reboot. It is something that should not normally happen this way. We should not have to reboot it, but sometimes it happens that we are forced to.  

I think the product is very scalable. We can add a new instance of FortiGate with a simple click. We can configure it with high availability using two VMs active-backup. It is a very good product from the scalability point of view.  

There are now more than five people who are currently using FortiManager in our company and we are counting on more as we grow. We are a growing company of integrators. We have been on a mission for three years in our region to service our clients — all of them have more than 500 employees. We also have built up to more than 5000 employees total. These same five people using FortiManager are also what we need for the maintenance of the systems.  

The technical support is very good when I work with them. In reality, I give them seven or eight-out-of-ten. This is because sometimes you have a very good engineer; sometimes you do not get a very good engineer. This is the reason for the lower score. Last time we created a ticket, it took two months to resolve the problem. For the first month, I was working with someone who did not have a very good understanding and methods for resolving the problem. But, after that, I was allowed to work with another engineer who was very good. He was very good both technically and his methods.  

I work mostly with Fortinet now. I work with FortiGuard and FortiGate firewalls. I work with FortiExtender to connect with the 4G network. I work with FortiAnalyzer and FortiManager to manage the FortiGate firewalls. I use FortiManager with the network administrator on top to manage many firewalls at the same time. I can use FortiAnalyzer to analyze our network, to give us a lot of information about the stability of the network. And also to get reports like what are the top 10 hosts who are using the network.  

Before using FortiManager, generally, I worked with other vendors like Cisco, with FireSIGHT to manage the Firepower firewalls from Cisco installations. It was essentially the equivalent to FortiManager. It managed Firepower firewalls. I worked with around 700 Firepower firewalls and one other FireSIGHT appliance which was not VMware. But I found that Cisco was a little bit hard to manage. It is not very stable and we had some problems with it. We opened a ticket and I could see now that we did not get a good solution from the technical support. We just made a workaround which is not a good way to resolve issues. But in general, FortiManager is better than the FireSIGHT as a technology and as a solution.  

The initial setup is simple. It is not complex at all. We are using Fortinet FortiManager in our main data center and it publishes via virtual IT, or VIT, to our facility to connect to us from our spoke site. It is very simple, I think.  

Generally, what I know about the pricing is that Fortinet FortiManager is not expensive at all if you compare it with other vendors like Check Point and like Cisco. Fortinet products are the least expensive on the market in the category of firewalls.  

Really, it is not me who chose this solution. It was the staff before I come here. I do know the staff chose it as one of many potential options to be presented to the clients.  

I personally have a specialty using Fortinet but also SolarWinds — although not so much. But I am quite a bit more familiar in working with Cisco and Fortinet.

My advice to other people considering this solution is that they have to read about the product and they have to make an effort to pass the NSE 5 (Network Security Analyst) certification. It is for FortiAnalyzer and FortiManager products. Fortinet NSE 4 (Network Security Professional) certification talks about FortiGate and prepares your solution in a global sense. It is also very good to have. The main certification to have in my opinion is to pass the NSE 7 (Network Security Architect) certification because it talks about what I think is the negative part of Fortinet products, the troubleshooting. So my advice is that it is very important to pass the minimum of these three certifications to manage the solution with some level of expertise.  

On a scale from one to ten where one is the worst and ten is the best, I would rate FortiManager as an eight. Additional features I would like to see included in the next release of FortiManager to make it a nine or a ten is to be compatible with the management of other products like not just FortiGate. For example, it might work with FortiExtender.  

We are a solution provider, reseller, and distributor. Fortinet FortiManager is one of the security products that we implement for our customers.

FortiManager is a benefit to our clients who have several Fortinet products in their ecosystem. For example, they may have different products such as FortiGate firewall, FortiAnalyzer, and FortiSandbox, and they can orchestrate them from FortiManager.

It also allows for multitenancy, where we can manage the security solutions of several different customers.

Fortinet has the option of synchronization in the cloud, so you can manage everything if you have a cloud account.

FortiManager supports orchestration in distributed environments and provides features such as automation and profiling. It allows you to push the configuration for new deployments, which makes the setup of new systems easier.

It fits well into either NOC or SOC environments to assist with managing the overall security solution.

The GUI and the whole process of configuration should be improved.

The response times from technical support need to be a bit quicker.

I have been working with FortiManager for about two years.

This is a stable solution.

It is scalable, although if you are managing hardware appliances then there are some limitations. If you are using the VM then you can just upgrade your license and add resources.

The technical support wait times are long and this is an area that should be improved. Raising a ticket through the portal will sometimes take more than 24 or 48 hours. The response time definitely needs to be a bit quicker.

I work with a variety of security vendors and have a lot of experience with Fortinet products. I also work with solutions from McAfee and Palo Alto.

I have also worked with the Cisco DNA Center and they have some futuristic options in the interface.

The initial setup is not complex and it will take only one or two hours to get the appliance online. After this, it will take time to populate the configuration with all of your assets. There is a lot of planning involved in this stage.

In comparison with other products, the price of FortiManager is reasonable.

In terms of deployment options, it has a lot of options for enterprise-level organizations such as telcos and banks. Overall, I think that this product is okay.

I would rate this solution an eight out of ten.

FortiManager is a virtual appliance, you can have it in a cloud, buy your own license, or pay for the solution as a service. It's very helpful because you can manage many products from other customers, just from the cloud, which is where you administrate domains for all the customers you might have. You only have one point of deployment of the new FortiGates, for example, FortiSwitches, FortiAPs with a single click that you do not need to deploy the configuration on a unit itself. So it means, for example, you can just send the new boxes to new offices and from the cloud FortiManager, you just let some technical guy send it to the internet. It gets the serial number of the FortiManager. It can be paired and the configuration can be directly downloaded. You don't even need to touch the box physically. So that's an amazing feature. 

For the whole security fabric from Fortinet, with a simple click you can see if some workstations or services are affected by an attack. You can really easily quarantine it, check the solution, and fix it. It's very good from a security perspective. 

Fortinet is releasing quite a lot of new versions and I would say that most of the versions are not well tested before they're pushed out. Even the new versions sometimes are a bit buggy before it's all correct.

I have been using FortiManager for six to seven years. 

We don't have any issues with stability. 

Scalability is good. 

Our support was often sent to a foreign country and they didn't speak good English. But the second level of support was all perfect.

Checkpoint has a kind of manager that is similar. I think Palo Alto and Cisco have something similar as well.

The initial setup was straightforward and so simple. You don't need to know the functionality that much and it guides you on how to deploy it correctly. It's quite simple to set up as a solution.

The deployment takes a few days. 

I would rate it a nine out of ten. 

It does not make much sense if you only have one FortiGate. If you have multiple devices and you can share some kind of templates or configuration template for security rules then this is a product you should use.

In the next release, there should be a little bit better of a deployment for applications that should also be relevant for mobile phones.