Fortinet FortiOS Reviews

Our primary use case for this solution is for deploying network security systems for SMBs or mid-range corporations.

We use the SSL VPN web portal and we actually find it very useful because we don't need to bother with installing additional client-side software.

The most valuable part of the application is the graphic user interface of the application where you can see specifically what's going on in the system at a glance and quickly assess the system. The GUI is very good.

One thing that should be improved in future versions is an issue we have observed and had problems with a few times. When we try to reinstall a backup for FortiOS, you need to do a factory reset manually or you lose access to a device. I have experienced this situation a few times and it seems like something that should not be required and they should resolve.

I think the product is a pretty stable solution. I did have some cases with the webserver where the appliance actually crashed. Later I research about the issue and I found out that it was actually a bug in the latest version. I imagine that because they know they will issue a fix if they have not already.

I recommend this product to my clients partly because of the scalability. Scaling is never really a problem though it may cost more if the client requires additional licensing or hardware.

I don't often have to contact support. When I do I usually just get help from the online community. I really don't contact their support directly.

I go about initial setup by just implementing the configuration using CLI (Command Line Interface) to propagate the components. I think the initial setup is straightforward.

We are the consultants and we do the installations.

I think the cost of the product categorizes FortiOS because it is a bit more expensive than small businesses will usually want to spend. It is not really practical for SMB or for small businesses. It is mostly for mid-range or higher SMBs because of the pricing. It is not expensive compared to some products, but a small business may not justify the cost. The cost ends up being dependent on the solution you choose and if you want individual or package licensing.

As consultants, we provide different customers with different solutions based on what they need. So, there is no specific product that we evaluate as there are always several options. Mainly I use Fortinet or Sophos solutions to recommend to my customers. We will use on-premises or cloud depending on the needs and how it fits for the client. For Fortinet FortiOS we usually use it in on-premises installations.

I do recommend this product to clients for use but it depends on their case needs. For example, in the AAA (Authentication Authorization and Accounting) some of the accounting and some of the VPN tunneling features are removed from Fortinet FortiOS due to some security configurations. In some projects, we need those features for the client and when that is the case, I cannot recommend that the client use the FortiOS solution.

It would be a better product if there were a logging feature. You need to have FortiAnalyzer in your installation to have logging management capabilities. It will be a better solution if some logging and history capabilities were integrated without requiring an additional product installation.

On a scale from one to ten, where one is the worst and 10 is the best, I would rate Fortinet FortiOS a seven. It is a good product but there are a few problems.

Fortinet FortiOS is the operating system(OS) for the appliance to work.

The most valuable features of Fortinet FortiOS are the granular control and their interoperability is good.

Fortinet FortiOS can improve the GUI and remove the command line interface. All the functionality should be available from the GUI. Day-to-day management can be tough for IT administrators. Additionally, the reporting is not very good.

I have been using Fortinet FortiOS for approximately 10 years.

I have not used support very often. I have been able to figure out the problems myself.

I have used other solutions, such as SonicWall. I have found SonicWall's GUI to be less complicated than Fortinet FortiOS.

If I have to implement through the Fortinet FortiOS I have to go through multiple screens. For example, if I need to configure a simple VPN, and a site-to-site Sec VPN channel, in Fortinet FortiOS, I may have to go through multiple GUI pages or screens. Whereas, in SonicWall, everything can be done on one page.

When comparing the ease of configuration and management, with SonicWall, I find Fortigate needs some improvement. If it was improved it would make it a lot easier for implementers.

I recommend this solution to others.

I rate Fortinet FortiOS an eight out of ten because the reporting, configuration, and management for the IT administrators could improve.

The primary use case is for integrated cybersecurity.  

The VDOM (Virtual DOM) is a virtualized firewall that has some opportunities for flexibility that are an advantage in certain configurations. The other valuable part is that this flexibility makes it easy to integrate with Cisco products.  

The product really has everything that we need as far as features for this type of solution and our use case. It works fine for us. One thing that can be improved is the pricing model. It is currently subscription-based and I think they should probably try to change that.  

We have been using FortiO since around 2016. So we have been using it for four years.  

We had some issues with the stability of FortiOS, but I do not think it was because of Fortinet. It was because of how the integrator handled the configurations. The partner that implemented it originally did not do it optimally. We ended up having to change the partner in order to have it done correctly.  

So far we are satisfied with the technical support. We have not had a lot of need to use them.  

We had been using Check Point and we still use it. In fact, we have been working with Check Point more than Fortinet. I may be a bit biased toward Check Point because I already have more implementation support for it than FortiOS.  

The difference between the price of the products is also obvious. Pricing is more flexible with Check Point than with Fortinet. Fortinet ends up being more expensive because of the pricing scheme.  

The pros and cons of them are not so much different. If it were my choice and we were going to change what we use or choose between the two, then we would move back to using Check Point exclusively. 

I think that the setup was a bit complex because we have a complex network. Because of that, we had to do some interoperability testing first and that made the initial setup take longer than it would in another, simpler environment.  

The initial setup is one other area that could be simplified.  

We used a partner for the implementation. We ended up having to replace them with a different partner because of installation issues. The second partner was able to fix the issues.  

The costs for the maintenance and subscription for Fortinet FortiOS software alone is actually half of the cost of the hardware. For example, if your hardware costs were about $40,000, your yearly subscription to FortiOS is about $20,000. That is kind of the drawback to using Fortinet. By comparison, that $60,000 is already three years of maintenance or support with Check Point for the same scale setup. It is a significant cost difference.  

I would probably recommend Check Point to most users considering FortiO if they do not have any ACI (Application Centric Infrastructure) implementation or a Cisco ACI. If you could do a workaround on the ACI, then I would probably still recommend Check Point. But if you do not know how to make that type of adjustment or can not and you do not have any partners that need to access your systems, then it is better you go for Fortinet.  

Our primary use case for this solution is for firewalls and the efficient fulfillment of orders. Additionally, with Fortinet FortiOS, you get other features like inbuilt SD-WAN, where the customers are ready to deploy once they move into the SD-WAN features. So there are several additional features within the OS and integration with third-party software, other vendors and third-party solutions. So the integrability, adaptability, and value addition of the OS play a significant role.

We have found the inbuilt SD-WAN most valuable. For example, with FortiGates, we refer to it as being SD-WAN-ready because the customer has to buy it in the box, and the OS supports it by building a connection between two units. Also, regarding the OS integrability with other third parties, for example, with Ciga Group, you can deploy a unit in Sri Lanka, and the customer may have another unit in a different geography. Within Fortinet FortiOS and other competitive products, it's integrative, so it's used for data flexibility.

The solution is good but could be improved by supporting an allocation of quota base management regarding user data.

We have been using this solution for three years.

I rate customer service and support a ten out of ten.

The initial setup is straightforward, and it is very customer friendly. Fortinet FortiOS quickly provides many complex solutions when we deploy a simple firewall. So it's named one of the most customer-friendly OSs in the industry in Sri Lanka and globally. Therefore, customizability allows you to deploy the boxes and register a serial number. Eight people on our technical team are involved in deployment. I rate the initial setup process as nine out of ten.

I cannot comment on licensing costs as a different department handles that.

I rate this solution a nine out of ten.

We are using Fortinet FortiOS for our multi-level security. For example, we use the SD-WAN feature to protect our data center infrastructure.

There are many useful features, such as web security and advanced threat detection.

The solution could improve by making the dashboard easier to use.

I have been using Fortinet FortiOS for approximately 10 years.

The solution is reliable and stable.

The solution is scalable.

The technical support has been very helpful and they have local language support for Taiwan.

The installation was straightforward.

There is a license required for the solution and the price is fair.

I would recommend this solution to others.

I rate Fortinet FortiOS an eight out of ten.

For me, personally within our company, I am using this for business administration, but the company as a whole uses the product as a general firewall solution.

This product has improved our organization by providing an easy and simple means of filtering of traffic and establishing VPN connections and authentication.

The high-availability feature is the most valuable feature for our company. It is faster and more secure by creating a situation where there are more paths and less opportunity for failure and data loss.

While the product is good and does provide services we need for authenticating and establishing VPN connections, some time ago we had issues with logins. The login event and the performance for this feature were very poor but have improved.

Excluding the login performance — which we would have issues with in the past that made us have to turn off the feature in order to examine the infrastructure — every other feature and functionality has proven to be stable. We have also experienced some issues with performance with filtering traffic but it was on the appliance and because it was just a basic setup.  The real problem was the configuration and had we been more familiar at the time, we would have done a better job with it. So it was not the product that was unstable, it was our application of it.

The solution is scalable, but we really have not had too much of a reason to put the scalability to the test. I cannot imagine an issue where we would have to scale more right now as we use two hardware installations and the high-availability feature manages the traffic. Two appliances for us seems like more than enough.

I think the technical support is not really very good. When we had some issues in the past and sent them to support, we waited a few weeks and in that time we managed to figure out the solution ourselves.

The one issue I am talking about was a very tricky issue, but they should know more about the product than we do even if we are doing the installations. Meanwhile, we had to wait and it was very inconvenient. So I think the process of the way they handle the management of issues could be improved. We managed to get some of the easier issues resolved in part through the support team initially, but when we reached the next level of difficulty, it lasted too long to get a resolution.

We had been using our own solution and wanted to go with a dedicated, packaged product. It was a business decision and would allow us to refocus our internal resources.

Because we have been doing installations of this product for five years, the installation is fairly easy. It was not very easy the first time but now we have a lot of experience in doing installations so, for us, it is easy to set up.

We do not use integrators or resellers as that is what we do and it is our responsibility.

As far as choosing the best licensing solution for your organization, do not buy the cheapest solution. Instead, buy the one that fits the traffic for your company with some room for expansion or headroom. Next year, if the business grows — which is usually what you want to do — you could reach a point where there is more traffic and the performance could become an issue.

We have lots of experience in using and installing FortiOS, and because of the experience has mostly been positive, I recommend FortiOS as a solution for firewalling. Besides the few issues we have experienced in the past, this is a stable solution and the high-availability feature is very, very good. 

On a scale from one to ten, where one is the worst and ten is the best, I would you rate Fortinet FortiOS as a nine. Despite the few problems we had in the past it is a very good solution which does what it is designed to do.

We primarily use the solution for protecting our virtual infrastructure.

The solution needs to adjust its pricing model. With the way they are structured, everything is very disparate and sold separately, and, depending on the solution, it can get quite pricey.

The solution could be more intuitive. Especially when customers have access to it, it's not as simple and straightforward as some of the other devices I've taken a look at.

The solution seems very stable once you have everything up and running. 

The solution is extremely scalable.

Technical support is good. I would rate them nine out of ten.

The initial setup is pretty straightforward.

It wasn't technical people doing that deployment for the proof of concept, so it took about a day. We also hadn't set up all the features and capabilities. 

We pay $100,000. That covers the cost of the hardware that we run the VN's on. That also includes any SGNA costs for the internal support tech.

We use the private cloud deployment model.

I would rate the solution nine out of ten.

We use this solution as a gateway, a firewall for the office.

More Stability on VPN and SSL Deep Packet Inspection (Compare to Sonicwall)

It is very robust.

Many things are missing from the interface that necessitates using the CLI, so it needs to be improved. When I migrated to FortiGate, there many things that I wanted to do, but couldn't.

With FortiOS, you can use the router in two modes. The first mode is the profile mode, which is the starter mode that most use, but you have another mode that is a policy mode and is required before creating your firewall rule. The problem is that when you switch from one mode to the other, all of your firewall rules will be gone. This means that you have to decide if you want to use the policy mode firewall or a profile mode firewall.

With policy mode, you can have granular control on the application on the firewall rule because the firewall rule works with the source destination protocol. With the application, you have multiple rules, one by one. As an example, you can have one for Skype or one for OneDrive, etc. On the source, you can add a group, and add people to the group, and they can have access to Skype and OneDrive along with others added.

You can granularly control applications on the firewall rule with the policy mode, but you don't have access to the proxy mode rules. There are also issues with the antivirus, IPS, and you are forced to switch back to the profile mode where you have less granular control on the application.

I have problems with the IPS stability and the antivirus in Policy Based Mode. If the file is bigger, then the antivirus doesn't check it.

In policy Based Mode, There are many issues. (Firmware =< 6.4)

I have been using this solution for one year.

We are using the latest version, either 6.4 or 6.5.

This solution is very stable. It is more stable than SonicWall. The biggest difference is the stability on the VPN site to site, and on the DPI SSL for the HTTPS communication.

If you wanted to expand the firewall to another office you would have to use the FortiManager, which I have not used yet.

I have built five routers, one by one.

SonicWall is the same where you have the GMS that can be used to move the rule to the other firewall.

Technical support is not always good.

I can only compare it with SonicWall, and it is missing many advanced features that SonicWall has. SonicWall has multiple advanced features on the DNS, Antivirus, etc...  and a lot of options that don't exist in Fortinet.

With SonicWall, I never had to use the CLI but have had to with Fortinet. They are missing many things on the interface.

FortiGate is like a teenager, where SonicWall is the adult firewall. However, it is more robust than SonicWall, particularly on the VPN site to site and SLL Inspection.

When you build a VPN from site to site, you have to make sure the tunnel you select has the same option on both sides to make it work, but you have to also make sure that the routing exists, the mapping exists, and the firewall role exists. 

If one of them is not there, even if you create a site-to-site VPN with the other side and everything, there is no error, the VPN will not go up. 

On SonicWall, it's different. You build a tunnel, you put the same encryption, the same password on both tunnels, and you click up and it's up. If it's not working, it's because you didn't create yet the firewall rule, you work on the VPN, you click, then connect, and it's up.

Then if it's still not working, you create a firewall rule and it's up, or if you forgot the net rule, etc. You do that step-by-step, and it's working, but unfortunately if one of them has a mistake, even if you have no error on the site-to-site VPN setup, it's not going up.

With SonicWall, you can do it step by step and have it working, but with Fortinet, you have to do it all at the same time with no errors.

I work on the configuration and not really involved in the pricing. It was already in place when the company decided to switch back to Fortinet. 

I concentrate more on security.

I know Fortinet and SonicWall, and If I had to consider other solutions or if I have to redo it again, I would take a closer look with Palo Alto first.

With Palo Alto, the cost is more, but when I switch from SonicWall to Fortinet FortiOS, I lost a lot in the features. I would check to see if Palo Alto has what was lost in terms of features.

The stability is good. I would rate Fortinet FortOS an eight out of ten.