There is room for improvement in the reporting part. The reporting is only for logging data, and it's just a tabulation of the log in the report. I would like to be able to take down more information in the event of an incident.

Real-time threat monitoring is not there. The traffic hitting the firewall needs to be improved to have real-time monitoring. Traffic should be more visible and should be available on the dashboard. Even if something is blocked, we should be able to see the traffic. We need a security posture showing the organization's security posture to see the traffic hitting the firewall, the user or entity behavior, et cetera. If there's an abnormality, it should be reported. We need to be able to generate multiple reports and see everything in the logs. Logs are only available for a week; we should have them visible for up to three or six months or even a year.  

It can be a bit expensive.

If you have an emergency and need support immediately, it can be hard to reach them as they don't have a direct number to call. 

The pricing of the product is too high. They should work to lower it.

I would like to see more statistics in the monitoring part. There is monitoring, there are DSCPs, and everything; however, I would like to have more active monitoring of the traffic.

Sometimes we would like to monitor some threats. For example, where are some bots, and how do we detect these kinds of things. That would be good for us.

Right now, all the features meet my requirements. It's not lacking in any way.

We don't really find a lot of issues on it.

If I really have to complain about something, and there's not much, is the free VPN solution is a bit limited. Then again, it is a free solution. That's essentially it. Nothing else on the FortiGate or on the Fortinet OS side is really an issue. That's one of the main reasons why we use them: everything works and works well.

For what we use, there isn't really any missing feature. In fact, we actually want to get rid of some of the features that they have due to the fact that, for the security model that we need to implement, having more features actually opens up potential risk. We actually would like to have a device that is more focused specifically on OT environments the operational technologies.

We would prefer a device that's stripped down, that doesn't have all the other fluff in the more enterprise system. We actually want a feature where we can remove features that are there that we don't use. That is actually a thing that we find. We use it now in an operational technology environment. We use normal IT equipment. However, it's not a normal IT network. It differs significantly from a normal corporate IT environment. In a normal corporate IT environment, you like the fluff, and the additional features, and you can click, click, click, and you're done.

However, all of those features you add to a device open up risk for us. And that is something we do differently in the OT environment in operational technology. We prefer to not have the fluff. We prefer to have only what is needed for the device to do what it needs to do.

For example, imagine an additional feature for some sort of additional VPN technology has been added. However, it's not really needed for the OT environment, and it's not configured on the device, yet there's some sort of security threat in there. Now, all of a sudden, somebody can hack your system, and he's in there, and he's switching the lights on and off the entire city. And you don't know about it due to the fact that the additional fluff that we added to the system, we weren't aware of that issue was on there.

You can enable and disable certain modules in it. However, with disabling, nobody can really tell us if that module is disabled. Is it really disabled? Is it actually unloaded? Is it uninstalling Word from your laptop, or is it just not running Word?

The support could be better. Their first-level support is often poorly trained. 

We don't have any other requirements in terms of needing new features. 

I want to see a better integration or a better integration with the endpoint protection or with EDR with the security life cycle. I want to see if that enhances a bit more so I have granular datasets and the user level through to the gateway because that's where most of our threats come from. It's from user activities on the Internet and passes into your files over that gateway. That's where most of our threats would appear and where our exposure to vulnerabilities lies.

So if we can tighten that up, we can harden our infrastructure much better.

SD-WAN configuration could be easier. 

The support could be better.

We'd like to see bandwidth optimization and traffic prioritization capabilities. These are the two things that I'm looking for, especially in SD-WAN.

It should be controlled in the local environment as well. Its gateway security is more powerful. However, it should also manage the local DSCP network, so the policies, local LAN policies, and other stuff should be there.

The central management can improve in Fortinet FortiOS. It is sometimes difficult to manage all the devices.

I wrote my opinion about changes to the SSL-VPN authentication directly on the Fortinet forum, and they said that right now they will not change it. Hopefully, in the future, they will change the SSL-VPN authentication for groups and users.

Fortinet FortiOS's integration could be improved. It has extensive integration features, such as collectors for other services and third-party intelligence feeds.

The UI could be a bit better. The coming generation will not be from the Sierra, and therefore they have a chance to make it much better and more user-friendly. Right now, we have to contend with CLI. We'd like it to be easier. We need the features to be in a UI.

The solution needs improvement with DDoS protection. 

Fortinet FortiOS need to manage its memory and CPU utilization better. It peaks at times, which sometimes can be challenging.

In a feature release, if Fortinet FortiOS could have better cloud functionality would be a benefit.

There aren't any features missing at this time. 

For monitoring purposes, we don't have any option to monitor the ISP link. If the ISP link goes down, then there is no monitoring tool or in-built monitoring tool. We can use a third-party application, like Zoho or PRTG. However, we would like something in-built. 

They need to improve the solution at the application level. 

The solution's graphic interface could be a bit more responsive and include notations when changes are made

The product needs a feature that allows users to create another site on a VPN.

We have several access points on FortiGate, which were procured long ago. Those are not supporting the present firmware update we make on the UTM. Therefore, we cannot get the latest firmware updated on the UTMs. I was thinking that if we need to get rid of these physical devices, we should move to some cloud-based system.

The only problem that we are facing at the moment is that all the devices of FortiGate, whether it is for FortiGate's access points or authenticator or controllers or UTM, is in the FortiOS. They are interrelated and interdependent. It means if I buy a FortiGate car, I have to run FortiGate OS, I have to fill in FortiGate fuel, and I have to run it on a Fortinet road. I can’t mix and match it with different solutions. There is no flexibility.

The initial setup is a bit complex.

We would like to have NMS built into the solution.

It would be better if AWS instances were available. If I want to upgrade from T2.small to T2.medium, it should be available rather than having a big instance and paying a lot of money for that.

The issue is that we had deployed in AWS Cloud, and we were using a very small instance. Recently we wanted to move in-house and deploy it on the big instance because it was struggling with the RAM. If we use T2.small, we cannot upgrade it to the T2.medium. It has predefined instances in the marketplace with a lot of cost differences.

If I can increase the RAM, I have to choose the T3.large instance. If I'm paying $270 for the small instance, I have to pay more than double the cost for T3.large. It is about $850, and this is not good. So, it would be better if it was cheaper.

I think both AWS and Fortinet should think about that. They should provide it on lower instances as well. If I want to upgrade it from T2.small to T2.medium, it should be available, but it's a problem.

The solution is good, but they have poor marketing in Nigeria. They need to market their product better.

They need to work on their support. Cisco has the best technical support. In comparison, Fortinet's support takes too long. If you are paying for SLAs, you should also get value from your SLAs.

Right now, everybody is moving to the cloud. The solution has already worked on that aspect, and they are embedding security to the cloud. However, security can be more enhanced and as long as they continue to offer more protection I'll be happy.

Fortinet FortiOS can improve by limiting the need for the CLI and GUI combination. The more functions they can have on the GUI and less on CLI would be helpful.

The solution could improve the log retention and reports.

The solution's switches are lacking. They need more features added to them to build them out a bit. The switches are very simple if you compare them with other companies like Cisco or Aruba. Those organizations offer their clients much more.

Technical support could be better. Some competitors have much more responsive support teams.

I know the last version had NAC, network access control, added inside the firewall. It's a process, however. There's still work to do. The next version will be better. Right now, you can't authenticate other devices. You only can authenticate Forti devices and not devices from other companies. This could be the next addition to the solution that will make its performance even better. 

It would be great if they can push the Microsoft updates through Fortinet OS and provide a centralized patch management system.

They should also include the data loss prevention (DLP) and data leakage prevention features. They could also add network monitoring more effectively.

We haven't had any issues with the solution. It's been pretty good in general. 

We would like to see the ability to maybe monitor applications that use the SD-WAN. They need to integrate more with the SD-WAN.

We would like to see lower pricing. The price is high.

I would like to see the features of FortiAnalyzer included in Fortinet FortiOS. Right now, you're required to have an additional license and a different device for features such as processing the log, reporting, and analyzing traffic.

They're using a lot of application-specific IC, so that may be causing some performance issues. And whenever a Fortinet adds new features, it can affect performance. I don't handle implementation, so I have to ask my frontline engineers to implement new features, like software-defined WAN service. But I'm not sure these are stable and acceptable because this project is still in progress. FortiOS and all the other firewall products are adding SD-WAN service, and this kind of service needs a lot of resources from the fabrics, the hardware, and the software. Still, I think we have more confidence deploying this service with FortiOS than using the other brands, like Juniper.

In terms of what needs improvements, the troubleshooting could use improvement. When we work with other products like Cisco ASA, Palo Alto, and Check Point, we see a big difference in the troubleshooting. It's not easy to find a report. In order to overcome the problem, you have to install FortiAnalyzer to help you find the troubleshooting problem. FortiOS has its limitations.

The threat time interval lags a little, especially if there's a heavy load on the firewall.

The reporting and monitoring could improve, they have a lot of limitations. The monitoring is not easy compared to the other firewall.

The solution's firmware updates have significant bugs and issues. They affect the network and firewall. This particular area needs improvement. Also, they should include an advanced firewall feature.

I would like to see fewer bugs. If you use the box with its basic features, the solution is straightforward and stable, but you can run into bugs when using newer features or in more complex use cases. They included a DNS filter as a new feature, and I had issues that required raising a ticket with customer support.

FortiOS could provide a more detailed analysis of the network and connected devices.

The support could be improved, Fortinet's response time is very slow. 

Setting up the VPN could be made much easier, especially when deployed with Azure.

Some features I have found to be hidden and cannot be accessed through the graphical user interface, you can only access them through the command-line interface(CLI). All the features should be accessible through the graphical user interface.

The policies and the way that they are applied can be improved. It could be more direct, as it is an issue for some people. Generally, policy management could be made better and simpler to deploy.

The GUI could be improved to make it more usable, easier to administer, and easier to configure. 

The signature discs, compared to Palo Alto, aren't as good. It takes more time to get the signature updates.

The solution should be on the cloud a bit more. 

There should be a cookie eater. 

FortiOS doesn't work well with all browsers. I think they need to do a better job of making it compatible with the various browsers that are out there. I see weird stuff happen sometimes.

It doesn't crash the router bin itself, but it typically takes some time. Sometimes I'll have to reboot the router to get it working with a browser again. This is maybe just a problem with older versions. I can't say anything about the recent versions of the FortiOS, but over the years, I've seen weird stuff.  This is mainly just a problem with the browser interface. I've never had a problem with the command line.

We have had some performance issues, but that seems to be improving. I'd like to see better integrations and more flexibility for different scenario configurations. In comparison to Cisco, the CLI is quite difficult to use. Finally, I believe that the reporting could be enhanced to provide better visibility into the traffic. 

As an additional feature, Fortinet could have XDR embedded into it which would mean more visibility from the reporting side because right now we have to separately install FortiManager and FortiAnalyzer for driver analysis.

FortiOS's bandwidth and interface could be improved. In the next release, Fortinet should include an option to disable users.

The complexity of the VPNs should be improved. Certain versions of the operating system don't function with our current Fortinet unit. For instance, we've got a 60D FortiGate at our branch offices and the 60D FortiGate doesn't support the latest version of the 40 OS. Because of this, certain Wi-Fi access points that depend on those operating systems don't function so well. So that has room for improvement. I'd like to see that happen.

A switch should be introduced. 

One thing that should be improved in future versions is an issue we have observed and had problems with a few times. When we try to reinstall a backup for FortiOS, you need to do a factory reset manually or you lose access to a device. I have experienced this situation a few times and it seems like something that should not be required and they should resolve.

Fortinet FortiOS can improve the GUI and remove the command line interface. All the functionality should be available from the GUI. Day-to-day management can be tough for IT administrators. Additionally, the reporting is not very good.

The product really has everything that we need as far as features for this type of solution and our use case. It works fine for us. One thing that can be improved is the pricing model. It is currently subscription-based and I think they should probably try to change that.  

The solution is good but could be improved by supporting an allocation of quota base management regarding user data.

The solution could improve by making the dashboard easier to use.

While the product is good and does provide services we need for authenticating and establishing VPN connections, some time ago we had issues with logins. The login event and the performance for this feature were very poor but have improved.

The reporting for this solution could be improved. It could also be more stable and offer better pricing. 

The solution needs to adjust its pricing model. With the way they are structured, everything is very disparate and sold separately, and, depending on the solution, it can get quite pricey.

The solution could be more intuitive. Especially when customers have access to it, it's not as simple and straightforward as some of the other devices I've taken a look at.

Many things are missing from the interface that necessitates using the CLI, so it needs to be improved. When I migrated to FortiGate, there many things that I wanted to do, but couldn't.

With FortiOS, you can use the router in two modes. The first mode is the profile mode, which is the starter mode that most use, but you have another mode that is a policy mode and is required before creating your firewall rule. The problem is that when you switch from one mode to the other, all of your firewall rules will be gone. This means that you have to decide if you want to use the policy mode firewall or a profile mode firewall.

With policy mode, you can have granular control on the application on the firewall rule because the firewall rule works with the source destination protocol. With the application, you have multiple rules, one by one. As an example, you can have one for Skype or one for OneDrive, etc. On the source, you can add a group, and add people to the group, and they can have access to Skype and OneDrive along with others added.

You can granularly control applications on the firewall rule with the policy mode, but you don't have access to the proxy mode rules. There are also issues with the antivirus, IPS, and you are forced to switch back to the profile mode where you have less granular control on the application.

I have problems with the IPS stability and the antivirus in Policy Based Mode. If the file is bigger, then the antivirus doesn't check it.

In policy Based Mode, There are many issues. (Firmware =< 6.4)

For me, it is important to be able to block VPN applications, like Facebook, so I would like to see that included in the next release. With this version, if you want to block or allow a site, you now have to drag all the domains related to this site. 

The internet service is not as reliable in East Africa as in other parts of the world, and as such, the bandwidth that is required for updating the Fortinet OS should be reduced. I would like to see smaller and more frequent updates.

The report and policy optimization tools can be improved in the next release.

Their technical support needs improvement. 

All products have pluses and minuses. It will depend on a client's use case.

FortiOS's interface and monitoring could be improved.

Fortinet FortiOS can improve the monitoring function, it could be more accurate, easy to use, and understandable.

Fortinet's central management needs to be improved. FortiManager's technical tool provider ability should manage all Fortinet security products. Right now, FortiManager only manages the configuration of FortiGate.

Fortinet needs to make this solution even more robust. Sometimes when we get a DDoS attack, the cannot withstand it. We can run out of sessions very easily. That said, I suppose if you want more a robust system, then you could purchase higher-end solutions, which are more expensive. Still, I would like to see more protection from even in the low-end version.

The pricing needs to be improved. It's quite pricey.

In terms of the CLI, if they could make it more intuitive, and more user friendly, it would make the solution better. I like to work on CLI instead of through the GUI. If you are used to it then you wouldn't mind the way it works right now. However, for those that don't, there's just a sizeable learning curve.

Docker Container to have a good integration with kubernetes and more throughput as Cisco FP

Fortinet FortiOS could improve by having better authentication methods with Microsoft or Google Services.

In an upcoming release, they could improve the user interface.

I would like to see a drop in the license fees because it is a rather expensive program.

There are some features for FortiGate using FortiOS that can only be enabled via a command line. These aren't very advanced features they have been part of FortiOS for quite some time but they still aren't accessible from the graphical user interface. It makes it a little bit harder than it should be for us to manage the solution. That's my main concern with the user interface. Another concern we have is some elements for the user interface, if they're not properly configured, it could lead to hardware and performance degradation.

We have had some cases where the entire hardware is at a lockout. This means the CPU is  100% consumed and requires a reboot because of a malfunction with the graphical user interface dashboard widget. This is something that we saw a few years ago. We haven't had any new experience with this same issue. However, I'm not sure if that's because Fortinet fixed them, or because we have mow avoid using those specific regions.

There are some issues with the performance. We also had some issues while updating the firmware.  

The download options can be better. While downloading VPN clients, it is a little bit difficult to get different versions. You need to log on and search.

Their support can be better. 

In terms of what needs improvement, the pricing could be lower. The price is very steep.

I would like to see in the next release that any client, even small ones from a home office, can run on any access point, not just the one that can be used with Fortinet. It should have an appliance that can be used to support and manage other access points. All the products should be uniform and easy to find. 

Reporting, having only recently migrated to 6.04 there will be some time to see what improvements have been made, with some of the menu changes and inclusions through the versions.

Right now, it's very trendy to integrate everything into the cloud. This solution would be more effective if they did more integration in that regard.