Fortinet FortiWLM Reviews

We are a technical services company and this is one of the solutions that we provide to our clients. My client was interested in adding a guest network to the existing infrastructure. The main requirement was that the new access points needed to be able to integrate properly, but any guests should not be able to connect to his main network.

It was a very old network with no VLAN and there was no interest in implementing one. This solution allowed for the creation of different networks without the need for a VLAN or the installation of layer two switches.

The most valuable feature is the ability to connect and broadcast to different networks without using a VLAN or a layer two switch, which allows you to easily create guest networks. This is a very useful and very different feature compared to other solutions on the market. In every customer meeting, this is the feature that we highlight.

The solution is easy to use and the GUI is user-friendly.

The guest management features need to be improved by adding automation. There is a facility for guest management through a portal, but it should be automatic. As it is now, the IT person has to edit and do things manually. All of the details should be maintained in the FortiCloud.

I would like to see some small access points or signal extenders added to the product line to help with areas that do not have full coverage. 

I have been working with Fortinet wireless for the past seven years, and for fourteen years in total with Fortinet solutions.

In the past seven years that I have been working with this solution, I have not had any issues regarding stability.

This scalability is good.

I have been in contact with technical support a few times, although it was for known product issues that required doing things like installing a new driver. Overall, I would rate them to be good.

We have deployed solutions from D-Link and NETGEAR for certain clients, although they have not needed to have the depth of features that are offered by Fortinet Wireless. These include both security options and the facility for providing a guest network.

The initial setup is easy and user-friendly. The deployment is highly efficient, and it may take 25 minutes to configure if you have a maximum of ten access points. At most, it may take three to four hours.

For indoor access points, there is a one-time cost, upfront, whereas outdoor access points have an annual fee.

Compared to some of the wireless solutions by Cisco, Aruba, and HP, this product is a little bit costly. However, Fortinet has good security and other good features that the customers are interested in.

I would rate this solution an eight out of ten.

We started the utilization in our warehouse to improve the connection for our hand scanner and cameras. 

The Access Points work with two radios (2.4GHz and 5GHz) and it was the best feature because some scanners are new with AC wireless support. The firewall integration was another good feature because is very fast to setup.

The firewall integration is very important for the security of the connection. For each SSID it's possible to create rules to specify connections.

This solution should be easier to set up in a production environment.

We intend to implement this solution in our production area and eventually replace cable connections with wireless service.

I've been doing pre-sales engineering for most Fortinet products. Wireless is one of our main products, where there's a good market. I have been involved in a few of the implementations including the designing. One was a warehouse and there was another one where we helped design a wireless network for a public youth center. The youth center was a fairly big building. There was the basketball court and they had the library, etc. I designed the network around that.

There was another where we did the design for a retail shop. For them, the requirement was high-performance WiFi because there were going to be a lot of customers in the retail shop. They needed a very strong WiFi without having any network drops.

Nowadays, the biggest problem in modern networks is that you have one vendor for wireless and you have another vendor for your SIEM, another vendor for firewall, and an entirely different vendor doing anti-virus. The problem here is that if somebody were to infiltrate your network, you would have to pull information from all these different products. It goes without saying that these different vendors' products don't talk to each other. That means you would have to manually correlate all this information. With the faster threats that we have today, by the time you correlate anything and then come to a conclusion, the damage is already done.

But with the Security Fabric, all these products - let's say you have Fortinet Wireless and you have FortiGate as your firewall and on the endpoints you run FortiClient - they talk to each other, and you have 100 percent visibility across the entire network. If somebody, for example, from the accounting department brought in a USB that they picked up on the road and plugged into their computer, and it had a virus or a botnet, since you have visibility across the entire network, the IT manager would be able to clearly see this and take action.

But for most people, since their anti-virus is just one of their products, it's not going to inform the firewall or the switch or the WiFi that it has a problem. It's only going to be the anti-virus that will, hopefully, will catch it. If it doesn't catch it, that virus or problem can spread throughout the network without anybody noticing.

The two main points of the Security Fabric are the visibility and knowledge-sharing. Given that we have the Security Fabric properly implemented in the network and we have a FortiSandbox in place, if a Zero-day attack comes into your network, nobody will be the wiser. But your computer's anti-virus detects it as a suspicious file. It will load it up into the sandbox and the sandbox will run that program and give a red light when it realizes that it's a bad program. Since most of the products in the Security Fabric can talk to the sandbox, the sandbox will let every other point in the network know that it was a bad file. So from one of those files being uploaded into the sandbox, the entire network security infrastructure will have a new signature for that Zero-day, which doesn't happen in any other cases.

One valuable feature that comes to mind is the Network-In-Control. Usually, when there's WiFi, it's the WiFi client - your phone - that decides which AP to stick to. Your phone will stick with the closest AP, even though there may be another AP that's a bit farther away that has better bandwidth. Since your phone only decides based on the strongest signal, it would stick to the one with the stronger signal, the one that may not have enough bandwidth.

But with Fortinet, there is a feature called Network-In-Control. It's the AP controller that decides what the clients are going to connect to. In this case, the phone doesn't choose which AP you're connecting to, it's the wireless AP controller. Even though your phone sees, let's say, two APs, since the wireless controller has visibility into and access across all the APs, it knows the best AP for the client to connect to. This way, the controller makes sure that none of the APs is over-crowded, and the spectrum is used properly.

Fortinet Wireless has two appliances. The first thing is the wireless controller which does the AP setup and controlling. But it's the Fortinet Wireless Manager that gives you all the visibility, the logging and monitoring, etc.

If you do have a FortiGate Firewall somewhere in the network, you can connect the wireless controller to that. The Fortinet holistic approach is called the Security Fabric. That is the single-pane management for every Fortinet product in a single network. You get 100 percent visibility from a single point, which is, most of the time, the FortiGate. You can see everything that's connected to the FortiGate, whether it's a switch or a wireless AP or a wireless controller or any other Fortinet product. If you connect them through the Security Fabric you can actually see what's happening from end to end. If you're at the perimeter FortiGate and there's a client that's connecting through it, maybe six floors down the line, you can just go and have a look at the client end point from the perimeter FortiGate. And if that end point is compromised you can take it off the network easily.

There are three methods that Fortinet offers wirelessly. The first is industrial, where you have a wireless controller separately and you don't have a FortiGate in the equation. The second is what we call integrated: You get a FortiAP that connects directly to your FortiGate. The third is cloud AP where you just have the AP and you control it through the cloud. On that, they could improve the management side of it. The management side is a bit lacking in its reporting.

One of the main features that I see as lacking in any of the Fortinet products is the reporting. If you want to have proper, end-to-end reporting, you must purchase the FortiAnalyzer which is the dedicated reporting and analyzing tool. For a small customer who has only a few APs, you can't justify asking them to run the FortiAnalyzer because that will incur some amount of cost. If Fortinet could offer some better, built-in reporting, that would be a point of improvement.

The stability is fine on its own, but we can do high-availability where we have multiple wireless controllers, in case one goes down.

Scalability is pretty high. In a large enterprise, the single largest box we have is the Forti FWC-3000 which can hold up to 30,000 clients. That's just one box. If we need more I'm sure we can scale more.

I haven't had the chance to see the Wireless technical support side of the operation. Fortinet Wireless' tech is pretty knowledgeable about what they're doing so I would assume that their tech support caters pretty well. But I can't give a solid answer because I haven't had any experience with them.

I do come in contact with their tech support pretty often when it comes to dealing with FortiGates, and their help is very good.

If it's an industrial setup, it's a bit complex. You need to know what you're doing. An everyday manager wouldn't be able to set it up properly because you need to know how to secure it properly and set all the settings.

For an industrial deployment, if you get engineers who are knowledgeable, it would be pretty easy for them. They could set it up within a day. The integrated WiFi, where you connect the AP to the FortiGate, will take a couple of minutes. The cloud WiFi is actually a zero-touch deployment. You can just ship it to a branch office, have them connect it to the internet, and it will configure itself automatically.

In terms of an implementation strategy for an industrial deployment, the first step would be to do a proper wireless survey by somebody who understands the field. Something that I have seen, where most people go wrong, is that the network engineers or the network administrator in the company think they how to design the network. In the diagram they place the APs where they think would be the optimal placements. Later on, when they've done the purchase and setting up, they figure out it's not optimal. Either they have wasted money by putting in too many APs, or they have not assigned enough APs to power the entire network. When it comes to wireless LAN networks, step number one should be getting a proper WiFi survey done to suit your requirements. After that it's easy.

The survey requires just one person. For a deployment, I'm not sure how many people will be required to set up the APs, because if it's a big conventional hall, for example, then you are going to need some professional people doing the WiFi mounting, etc. After that, configuration-wise, it is a one-person job.

I don't think that any organization will have somebody who is qualified to do a deployment by themselves. This is a niche product. If a company is going to introduce Fortinet Wireless into their network, the IT administrators would not know how to configure it. They would have to get somebody who knows it. After that, they could get training for maintaining it. The administration will then take just one person.

In terms of cost of ownership, as a WiFi solution on its own, I would say it is pretty similar to every other vendor. But, as a holistic approach to a network, it would definitely lower the cost of ownership. If the client chooses to go with the WiFi as well as security from Fortinet, all from the same company - as I explained earlier, with the Security Fabric you get 100 percent visibility and threat intelligence sharing - that would definitely cut down on the cost of ownership.

Regarding ROI, especially for people in the retail business, they can easily cater to their clients, plus they can get analytic data from the clients and make something of that data.
Let's take an example where you have a big mall and the mall management decides to implement FortiWiFi. There is one feature that these guys really like which is the analytic side of it. We can easily show where their customers have been. We can show them a wireless "heat map" of everybody who walks into the mall. With it, we can tell people who own the shops, "This is where the customers mingle the most. These are the favorite parts around the mall." That really helps clients to do something with the data. That would be a good return on investment.

We're not cheap but we can give you better pricing than the competition if it comes to that. Licensing is pretty straightforward. We don't have any hidden licensing when you purchase an appliance. If you purchase one appliance you get the maximum number of clients and every feature in that appliance unlocked for you. You just pay for the entire thing outright.

In looking at Ruckus vs Fortinet Wireless and some other WiFi providers, the others are just doing the WiFi part. With Fortinet, the plus is that you also get a very secure network which is easily adaptable to the security design provided by Fortinet: the FortiGate, FortiAnalyzer, or any other feature in there. That is one of the deciding factors for organizations but, in certain cases, the fact that we can give it at a much more affordable price also helps.

Get a good wireless plan done, get a good survey done. Also, know what you really want. Every vendor comes with 100 different features but you may not end up using all those features yourself. I'm being vendor agnostic here. If you want to do a WiFi implementation: 

1. Get a proper survey done.
2. Know exactly what you want. 
3. Think about security as well.

If those three steps help you zero-in on one product, that's the way to go.

Fortinet has a very strong industrial presence because they acquired Meru Networks a couple of years ago. The industrial strength WiFi, which Fortinet is offering, is what Meru used to have. They have a couple of more technologies which the other vendors don't have.

We've seen a big jump in the market for Fortinet WiFi. We can actually provide it at a much lower cost than the competition. The plus point of our WiFi is that we don't only provide the WiFi, we also provide security with it. This relates to another problem that I see in the market. Let's take a web developer for example. The web developer is a developer who does web pages but doesn't think much about security. No matter how good a webpage is, if that page can be easily breached then it is of no use to the client. If you apply that same analogy to Fortinet, Fortinet understands security as well as wireless LAN solutions. We can easily integrate the access part of wireless with the security part of wireless. That is appreciated very much by our customers. Since they understand that, they are very happy to go with Fortinet WiFi.

I would rate Fortinet Wireless at nine out of ten because of the ROI and the TCO that we discussed, plus the ease of management. These guys they are really up on the deal. They are in the fastest moving technology industry. Whatever changes come, they implement it and do their testing very well. Overall, it's a very good product. The one feature that I am not happy about is the reporting. There's a bit of a way for them to go with that. Once they iron those things out I'm sure they'll get ten from me.

We were looking to upgrade to the latest standard and increase speed. The reason we went with Fortinet is the whole system Fabric, with the FortiGate and Fortinet Wireless product.

One of the big reasons that we kept moving in the Fortinet direction, expanding the Fabric, is that we wanted to tighten security from within our network. The students like to play a lot and we had to protect from the inside, as well as the outside. As people know, the users are becoming more and more of a threat. Having the single pane of glass, by using the Fortinet Security Fabric, allows us to tighten security, and more easily and quickly create additional VLANs to help protect data. Rules in the firewall mean we can protect data and systems so that, should anything go wrong, any security issue is held to an individual device.

Since using the product - and we have security issues like everybody does, all the time - with the Fortinet Security Fabric all the way to the endpoint, we've been able to make sure the security threat is isolated to that device. The FortiClient usually quarantines it and that saves tons of time. Before, when we would have a security breach, we would have to go to a different system and check and trace it. Now, when there's a security breach of any kind, it gets quarantined quickly. And because of the interaction of the Fabric, we're able to see exactly how it was quarantined, and it saves us an incredible amount of time, in reacting to those security issues.

The most valuable feature for us is the way everything is accessible through FortiGate. Having that single pane of glass to see everything makes it really easy to use, to set up and design the SSIDs and the interaction with the VLANs that you create. It just makes it that much easier.

We can deploy a tunnel-based VLAN and SSID, for something that happens at the last minute, in a matter of minutes, because of the interaction between the FortiGate, the FortiSwitches, and the FortiAPs.

The thing we like best about the single pane of glass is that by looking at the screen on the FortiGate, we're able to actually see the status of the access points. It pulls in client data from the access points, so we can see who is connected and the connections that are working. We can follow the connection all the way through the firewall, to the end destination. It really assists in troubleshooting any kind of connection issue or filtering issue we may have.

In terms of the Fortinet Security Fabric, one of the reasons we kept expanding with, and choosing, Fortinet products is because of that Security Fabric. We are continuing to expand on that. Currently, we have, of course, the FortiGate, and that Fabric is extended to the FortiSwitches we use, the FortiAPs, as well as the FortiAnalyzer, which is used to collect logs from all the devices, from both the wireless and the FortiGate.

An example of how that's helpful is, if we're trying to troubleshoot a problem - and being a school, we filter data heavily - it takes a while, sometimes, to track down a problem that users might be having with a website. With it all being tied together, we're able to actually trace it right down to what website might be categorized incorrectly, so we can get that corrected so that the users aren't interrupted.

We also have the FortiAuthenticator which authenticates users seamlessly with the FortiClient that's on their devices. It also polls Active Directory Servers, so we have transparent identification of all of our users. That allows our devices to get on the network, yet they're viewable: We know who it is, what device it is, and we can track it all the way to where they're going, without any interaction from the user. It makes it a lot simpler to manage a large number of people and devices.

We're a reference customer for Fortinet, so I get a lot of calls, usually from other schools or colleges, that are looking at deploying the product. When talking to them, they tell me about some of the things that they're looking at. There are some other companies out there that have a feature that's on the access point that allows them to mimic users.

For example, if you have an access point in an area, and people are complaining about an issue, the feature that I'm being told is on a competitor's device would allow you to connect to that access point, and actually impersonate a connected device. You're able to troubleshoot any issue that an end-user may be reporting, and hopefully duplicate it. To me, that seems like an amazing feature.

I would like to see something like that in the Fortinet solution.

Like with any new solution that you put in, with this kind of complexity, it takes a little bit of time to stabilize. Anything that you do to a network takes a little bit of time for you to get to the point where it stabilizes.

It's been fairly stable right from the start. It's not like we had any major issues or outages. It continues to get more and more stable as they address the bugs. When I talk about bugs, a lot of people might think, "Well, it's got some bugs in it." But when you look at the details of the number of the products that you're using in the Fabric, it is understandable that they do have to work some of that stuff out. None of the bugs cause any operational issues.

Most of the bugs we see are a little inconvenience, where we have to do something in a slightly different way until the fix release. With the next release, it becomes more and more stable.

We knew up front, when we did the deployment, that we were going to have to deal with a few more bugs because we purposely went with the new version. We decided we wanted to work at it until we got stable on the new version. Once we get there, we'll probably step back and wait a little bit until the next version comes out. Right now, we're FortiOS 6.03 and 6.2 is going to be coming out, probably sometime next year. We'll probably move to 6.2 six to nine months, or longer, after it's out, depending on what features we want.

It's extremely scalable. As long as your firewall is big enough to handle your needs, and the connection, the product is extremely scalable. They're very good at supporting products for a decently long amount of time.

When we did the access-point switchover, we upgraded our firewall. The firewall we replaced was six years old. We would have been able to stay on that firewall, but at the same time, because of all the other work we were doing, we wanted to expand it, knowing that we were probably going to keep it for an extended amount of time. 

They're very good at keeping support on the product; updates as far as they can. At the time that we retired our product, it was just about to the point where it was not going to support the next versions of the software. Even though we only had it for six years, we did buy an older model when we bought it because of cost. So the product was actually an eight-year-old product. And it did very well.

Unfortunately, with any product, as detailed as tech products are today, you tend to have use tech support. Even before, with Cisco, we had little tech support issues, because of the way technology and security is blowing up so quickly, and the detail in the all the products. All products have small issues or bugs or may have a little glitch where they don't work.

Fortinet has them, but they're very good about helping you work around them, and then getting a release to fix that bug. We did run into a few of them, but none of them were major bugs that caused a huge interruption. They were minor bugs. 

Tech support is pretty good at analyzing it, and saying, "This is what it is," and coming up with a solution to work around it.

We even have quarterly reviews, where they come onsite and we sit down and we talk. We talk about what's going on, what we like, any issues that we have. They've been really great. They'll say, "Well, what are you doing after this?" They don't take up a ton of our time, just enough to nudge us in the right direction. 

The sales engineer is someone else who, if I have a question or anything, I can shoot an email his way and he'll give me an answer right away.

And if I have a ticket in that might be more major, something that I need a little bit more quickly, if I shoot them the ticket number and ask them to escalate it, they'll get more people involved, to work at getting a workaround, or a solution for it. They're really good about that.

Our previous wireless solution was Cisco. That was our first wireless solution. We used Cisco 3500s and 3700s. We needed to upgrade so we could handle more bandwidth, because the access points that we had were starting to get overloaded, and older.

When we were looking for a solution, that's when we did the tests. We got a few in, in a couple of buildings, and did some tests. We wanted to see how the Fortinet solution worked. That's what really sold us on it: how easily they integrated with everything else - because we had the FortiGate - and the way it just popped into the environment.

As a result, we started looking further into the switches. When we did our upgrade, we upgraded the switches at the same time that we upgraded the FortiAPs. We were able to greatly increase the security on our entire network.

The setup of the FortiAPs is very straightforward and very easy to do. We chose to pre-deploy them, because of how we were going to have to deploy them, so that I had a team put them up and they were already labeled, because of the quantity that we were doing. Pre-deploying them, so the system already had the names on them, made it a little easier. All I had to is have people go hook them up. Once they hooked them up, I could complete the configuration, and it was super-easy, super-fast.

When we did the initial deployment, we did one building in one day, and we monitored that building and watched for any issues, to make sure that we had the settings and configuration correct. Then we turned around and we did the remaining nine buildings in a week. That was a total of 400 APs.

It went really smoothly. The interface and the original setup make it really easy. I was able to have a bunch of people putting them online and, as they did, I could see them come online. The way that the interface is built, being able to assign a profile, and having all that pre-built, it went really quickly.

Our deployment strategy was a staged implementation. Originally, we did a test, just to make sure we were going to be happy with the performance. Then, when we did the one building, that was the model. We had a little bit of time between that building and the rest, so we could tweak the implementation. That really assisted in us being able to do the number that we did in that short amount of time.

When I say it took us a week to do all those buildings, that included not just the AP part of it, but all the things we had to do to the network to allow everything to work. In a school setting, it's a lot more in depth, because that includes filtering which is a great deal more detailed than it is in most enterprises.

The neat thing about Fortinet technology is that it's so intuitive, it's so easy to use, anybody who is a network engineer is able to understand the technology and get it working pretty well. Documentation, cookbooks, and videos are available to help you. If you ever need any help, calling the Support Desk you get right through and they'll point you in the right direction.

Through the whole deployment, I only had two or three calls to them, and they were more about best practices: "We're doing it this way, would it be better if we did it the other way?" In some instances they said, "Well, you probably oughta test it." We did some testing so that we were able to make sure that we had the best solution for our situation.

We started testing about two years ago and deployed it across the entire school corporation about a year ago.

Fortinet's pricing and licensing is very reasonable. There are a few things that are a little bit different.

One of the reasons that we chose it is because we're a school and we're always looking at the bottom line. We've gone with this solution because it's been able to reduce our cost in other areas to get the same results. The amount of money that we save is allowing us to do the rest of the stuff right. Because of the savings, we're able to do some of the security things that, previously, we couldn't do because our hands were tied, due to the extra costs. We have realized somewhere around 30 percent savings. That has allowed us to focus more on the end-user experience, rather than on security and management.

There is one thing that I find extremely strange, and this something that is unique to Fortinet, and it isn't a positive at all. Any time I have an RMA (return merchandise authorization) if it's not considered a "DOA," which is within the first 120 days, even if I have paid support on the device, I have to pay to return the device back. For a customer like us, that's a little bit more difficult because of the way funding works and where we're located. It makes it a very big challenge to get devices back to them.

We just had an issue with an AP that was covered with a three-year extended warranty, and it failed. They sent us one right away, but we had to pay to ship the other one back. That's just not an industry standard at all. I could understand it more if it was a device that I had chosen not to cover, but on a device that you actually are paying premiums for, that's just not the industry standard at all.

We looked at Aruba, we looked at Cisco Meraki, and we also looked at Aerohive. They were all good solutions, but the reason that we chose the FortiAP solution was because of that single pane of glass and that tight integration with FortiGate. It made it so much easier to manage, and so much easier for us to do things if we need to something at the last minute. If we need to create a network for someone at the last minute, we are able to do so very quickly. The other ones just didn't have that. 

I can't stress enough: If a customer already is a FortiGate customer, the cost to go to the FortiAP is incredibly affordable, because they already have the controller. Now, Fortinet does also have a separate Fortinet Wireless controller, and it does add some extra bling features. We are fine without those features. A lot of those extra features are tight integration with the port of presence, which is used to collect email addresses, and for monitoring. It's something that you'd use more in a shopping mall setting or a store.

Make sure that you take the time to do a really good evaluation of the product. Make sure that you're happy with all the aspects of how it's going to fit into your environment. I'm always the type who wants the best solution, whether it be with a different vendor or not. That's one of the things that I was concerned about. I wanted the very best access point I could have.

I was extremely surprised by the single-pane-of-glass management. I couldn't understand all the marketing, how they really push it. It's something that you don't really realize, until you're actually working with it, how powerful it is and how much time it saves you, and how much, in the long run, by going with the Security Fabric, you get increased security cost savings, and a better view of what's going on.

There are two of us who use the solution. I do most of the configuration and setup and my colleague does our one-to-one security in our system networking. He deals more with the filtering, the compliance part, with the desktops. If there's a network issue, or connection issue, I deal more with that.

Our relationship with Fortinet started out with the firewall. At the time we were looking for a solution, we used a product from FatPipe which did load balancing on multiple ISP lines. At the time, we had multiple lines - we had three different internet service providers because that was how we had to do it to get the bandwidth that we needed. We were using FatPipe to allow us to load balance our outgoing traffic over the multiple ISPs, and coming back in.

We worked on coming up with another solution and, at the last minute, CDWG called us and asked us if we would talk to Fortinet because they thought it would be a good fit. We did talk to them and were impressed. We went ahead and got the device in and, not only did it solve the problem we were looking at for less than half the cost of the other solutions, but it also replaced three other devices at the same time.

We just kept expanding, testing out its features. Eventually, we moved our web filtering to it. We installed the switches. We move to the APs and kept expanding on the Fabric. We moved our antivirus/anti-malware to FortiClient, and FortiClient also acts the single sign-on agent. It does the vulnerability assessment, scanning for programs that need patching, security patches, and then it auto-patches them.

It has slowly become a more cost-effective way for us to manage our security and our entire network, at a little bit of a reduced cost, and with a much better view of what's going on.

In terms of increasing the solution, we use the FortiAnalyzer but we're getting ready to switch to the FortiAnalyzer appliance, to increase our logging capabilities. We've finished evaluating the FortiClient EMS for Chromebook portion and we're getting ready to buy some licenses for those. We currently filter Windows and IOS devices using the FortiClient EMS solution, but we're adding support for Chromebooks and we're adding a few Chromebooks, so we're expanding there.

For the FortiClient piece, on the Windows and IOS device side, there's a Telemetry piece. It ties the FortiClient EMS and your FortiGate together. It allows your FortiGate to actually increase compliance for the FortiClient piece, which is the security filtering and single sign-on piece that sits on the client. We are purchasing that.

We're looking at adding the threat detection service, but we're probably going to wait until renewal time. With all the data that you collect, because you have the Fabric, the threat detection that takes a deeper dive. It analyzes and it looks into your systems further, all the way through to the endpoint. It can give you insight into the issues that you may or may not have known that you have. We'll probably add that piece next year.

We purchased through a reseller. We have a really close partnership with CDWG and they were the ones who introduced us to Fortinet. Our experience with CDWG was a positive one because it opened the door to other opportunities within the same product.

We've always had a really good relationship with them. Somehow, I've been dealing with the same salesperson at CDWG for 15 or 20 years now.

We are an internet and telecom service provider, so we are not the final customer. We provide secure wireless LAN solutions to our customers, and for internal services as well.

We show how we can bring many positive results to different businesses.

We merge with the customers' bring-your-own-device solutions. It's easy to manage the WiFi, the customer does not need to buy more equipment, like tablets, for their employees. They can reuse equipment. And employees are definitely comfortable using their own devices and, from the IT and security perspectives, we are bringing security to these employees, with our solution. We innovate the business process. We innovate how employees work in their companies.

Also, in the case of stores, we are bringing new results and new income. We help them to grow their sales. Their customers like to go to their stores because they can access the information they need. They can connect to the wireless LAN, they can compare prices. We are making the business process faster and more secure, and customers like that. They can engage with the retail store.

Using this technology, the stores' loyalty programs are growing because, when customers go into the stores, they can connect with the loyalty programs to receive discounts and special items. This makes their customers more loyal to the stores, who are our customers.

We have some international retail customers, such as H&M, from Sweden, and another one from the U.S. and, in both cases, monthly sales have increased about ten to 15 percent. In these cases, income was one of the benefits that they received in the quarter after we installed the solution. The results were very quick.

In addition, we make the business process, the internal process of distribution and logistics, more efficient and connected. We're reporting, online, how they are distributing all the items to the different stores. And the inventory is connected to the wireless LAN solutions, so they know, online and in a centralized way, what the inventory levels are in the different stores.

Security is the feature we like most from Fortinet. In general, their security architecture is really great, because it involves everything: firewalls, wireless LANs, the user. Everything is really secure. That's a great feature from Fortinet. It's very valuable.

Sometimes we feel that we are buying the top-of-the-line technology and, six months or eight months later, we feel it is already obsolete. New smartphones bring new technology, new ways to connect. Sometimes we have this bad feeling that, even though we are investing tons of money, technology is moving faster than us. So even with this huge amount of investment, one year later we are totally obsolete compared with the new technology.

They need to make it move faster. They need to make it easier to configure, easier to monitor, easier to report.

We have great tech support from Fortinet, here in Mexico. But if we have a big issue, like a big bug, and they need to produce new versions of the software in their R&D departments, this is the slowest part.

It is very stable. In the last 16 to 18 months, there have been no big issues related to the solution.

It is really scalable. That is one of the decisive, key points we consider in all our projects. In the case of Fortinet Wireless, it is really scalable.

We get good response from the tech guys at Fortinet. Our experience with them is absolutely positive.

We used to have some HPE equipment. We switched from those old access points. We use Fortinet as a preferred vendor, but if a customer wants or needs to use equipment from other vendors, we sell equipment from other vendors.

Setting up the solution is really straightforward. The amount of time it takes depends on the customer. If it's a really big customer, the implementation process could take from three months to almost ten months. Once you have all the plans and you start installing, it's really straightforward and it can move fast.

For Mexico, a big customer is the one that has more than 200 retail stores. They are not as big as in the U.S. or in other countries, but for Mexico, a retail store that has 250 stores is a huge company.

The deployment strategy depends on the project manager and his staff. Because we are telecom service providers, we usually start with all the internet connections, and voice and data connection, using fibre. Once we have all that in place, we start building the local area networks.

In terms of deployment and maintenance, on average, I would estimate it's about eight to ten percent of the investment. It depends on the customer and the approach we have with the customer. We usually have two or three engineers, per customer, giving support. But that's not just for the wireless, that's also for the networking. For a huge retail company, we may have between five and ten certified engineers working on daily support for the customer.

ROI depends on the customer but it could be from six months to 12 months, on average. It's a good return on investment. More sales. More savings. It reduces the TCO, but I don't have the numbers. It could be a reduction of, maybe, 15 percent, compared to other solutions.

It's definitely a great solution.

Negotiate with the vendor to activate the licenses at the moment that they install and configure the equipment. If you initially have a big project with a lot of equipment, and you have a six-month plan, licensing will start before you are using all the equipment, and that doesn't make sense.

In terms of how extensively it's being used and whether its usage will grow, it's really organic. People are using the internet and using all kinds of applications on a daily basis. It's growing, more people are connected every day. Usage is changing dramatically, exponentially, really. As more people use the internet and applications on a daily basis, our customers are required to increase services and, obviously, in a secure way.

We use it for a very large K-12 environment servicing 80,000 concurrent users.

Being able to leverage Virtual Cell in our environment has been a major advantage. Creating small cells of APs using Single Channel Architecture has improved roaming of our more mobile clients and provided stable and fast network connections to our stationary clients.

The Fortinet product is intuitive, scalable, stable, and easy to manage. Seamless roaming by leveraging Virtual Cell is a major advantage which reduces roam times and issues related to roaming. Code stability has been excellent and the hardware quality is second to none.

We leverage Fortinet WLM (formerly EzRF) as a single pane of glass to view all controllers and access points. We use WLM to deploy all of our wireless service profiles, collect analytics, deploy upgrades, etc. This is our primary way to manage all of our equipment. This makes it really easy to replace equipment if needed because there is no locally stored configuration (for the most part).

There is very little publicly available information about Virtual Cell and Single Channel Architecture. Promotion of the overall technology is limited as well. Being more vocal about a product that has many advantages would go a long way to eliminating a lot of the confusion and negative perception about Virtual Cell and Single Channel Architecture.

Stability issues are very infrequent. If an issue is encountered, a temporary solution is quickly found while a permanent fix is developed.

With roughly 100 schools and over 6,200 access points servicing 80,000 concurrent users, we have not run into scalability issues. We still primarily use Single Channel Architecture across all of our schools but employ variations of Virtual Cell in special situations.

The technical support is great. I have not had any issues with it. The support staff knows the product well and responds to support requests in a timely manner.

Although I have worked with Fortinet (Meru) for several years, my current employer chose Meru prior to my employment.

The initial setup is straightforward and intuitive. A simple and reliable network can be set up very quickly using Fortinet wireless equipment. Using Fortinet Single Channel Architecture is not a replacement for having solid wireless network fundamentals. Wireless network knowledge is critical for deploying any wireless equipment.

Licensing has become easier. There is no longer a per-AP license needed on the controller.

This is a very viable solution for all verticals. Do not discount the technology based on what was said several years ago. Just like any other wireless solution out there, a wireless network can be set up incorrectly without the proper wireless networking knowledge. Proper wireless network fundamentals are critical for all wireless network solutions. Combining a solid wireless network foundation with Fortinet will provide a very good experience for several years to come.

We use it for wireless at our remote locations.

We're using SD-WAN at all of our locations now, which helps increase and aggregate and lower response time and improve application performance.

Another thing we have seen is increased security awareness.

• UTM (Unified Threat Management)
• Centralized management
• Cost
• Ease of use

Manageability is a key.

The centralized management features could be improved. I think they're good, but I think they could be better.

I can't recall any stability issues.

Scalability is fine.

Their tech support is average. Their response time is average. Their first-level support is okay, but it's not terrific. The few times we've had to open tickets, we've had to escalate to get to an engineer who could help. Usually, when we call, there is something really wrong and the front-liners are not geared toward high-end support.

We switched primarily due to feature functionality and cost. It offered a lot more value.

It was fairly straightforward. With any new product you need training because it's different.  We needed a little bit of training but it wasn't anything that was difficult.

The product's pricing is a good value. 

Licensing is the only area where I think they are below average. They need enterprise licensing, an all-encompassing license to cover all products for a company.

We evaluated a lot of different solutions including Palo Alto, Cisco, SonicWall.

Overall, putting it in place was fairly straightforward. As with anything, I would plan it and test it before implementing. That's for any product, it's not specific to Fortinet.

I give it a nine out of 10. The price performance is unmatched. If they came out with enterprise licensing, I would give it a 10.

The most valuable features are the roaming profile, the mesh, and the performance.

Areas for improvement would be the compatibility with Apple products and cross-platform integration. In the next release, I would like them to include accessibility authentication for user authentication.

I've been using this solution for two and a half years.

The technical support is good.

The initial setup was easy.

I implemented using an in-house team.

Once you install this solution, it just runs properly and gets the job done. I would rate it as ten out of ten.