Cyberoam or Fortinet?


We are going to be purchasing a UTM solution for our organization and we want to know which one is best for a 500 to 800 machine users environment - Cyberoam or Fortinet. We have 30 MBPS ISP bandwidth.

Our major focus:

  • Web Content blocking and filtering
  • HTTPS strong blocking
  • Reporting and Bandwidth management

Please suggest which one is best and the Model number which can support 500 to 800 users.


it_user224244 - PeerSpot reviewer
IT Manager at Knack Systems
  • 42
  • 65
PeerSpot user
48 Answers
Senior Security Engineer at a financial services firm with 1,001-5,000 employees
Real User
Apr 22, 2015

I'm mentioning few options:

1. Fortinet Next-Gen Firewalls 500-300 series. Check this link: http://www.fortinet.com/products/fortigate/next-gen-firewall-mid-range2.html

2. Check Point - they have excellent UTM appliances especially catering to what you're asking. Check this one: 2200 Next Generation Threat Prevention Appliance

3. Cisco ASA with FirePOWER Services for SMB - don't underestimate the Cisco ASA and especially now that it comes with additional checks like Web Content blocking etc. This link has the info: http://www.cisco.com/c/en/us/products/security/asa-5500-series-next-generation-firewalls/eot_sobo.html

Now, I've used all the types of firewalls. You've got good bandwidth so that's not a limiting factor. It comes down to your comfort level about each vendor. Check Point also offer cloud services and take the burden of reporting out of your hands. Its a handy feature if you wish to explore with them; they offer much more. That's not to say either Cisco or Fortinet are far behind. They have come a long way since I first used them 10 years back. For say 800 users you'd have support staff and all 3 firewalls come with a handy Web UI which will help your administrators enable and configure all the features you need. Note, be careful for the features you ask for and ensure you check their price, it will be licensed and you'll get exactly what you pay for.

Good luck with this. I would like you to take this on board and research with your team and select the best solution for your organization.

Product comparison that may be of interest to you
Professioan Services Engineer at A10 Networks
Real User
Aug 23, 2015

My advise always when it come to comparison between different UTN/NGFW vendor is to test the unit and see if meets your needs or not. Every box ( all vendors ) has its own strengths / weaknesses and your bad experience with one vendor does not necessarily apply to someone else

it_user236892 - PeerSpot reviewer
Engineer at a educational organization
May 22, 2015

I deployed a proof of concept CR500iNG-XP Cyberoam and it handled all my difficult users right from the get go. Broke its defences using an app called iodine, which injects your data into DNS packets, but broke fortigate with that too. Enjoyed it so much that I purchased it. Clean build, simple to use, nice reporting. Haven't used Fortigate, called Faultygate by a former colleague. The exorbitant costs on Fortigate was a big decider for me, as well as my first hand experience of the cyberoam performing it's job effectively.

Apr 23, 2015


I strongly suggest Fortigate.
Suitable model is FG500D.

Let me know if you need anymore details.

it_user72054 - PeerSpot reviewer
Business Development Staff at a tech consulting company with 51-200 employees
Apr 22, 2015

My team would need more details to truly make a recommendation, but initial feedback was either a FortiGate 90D or Cyberroam 100iNG would meet the requirements. Cyberroam's after sale assistance has been better in our experience, and that unit also provides UserID. FortiGate is approx $1000 less and also meets the requirements.

it_user231909 - PeerSpot reviewer
Presales Engineer at ThreatMetrix
Aug 23, 2015

If your concern was about routing or VLan management or even VPN, I would suggest a comparison table check.
But talking about the Web filtering, HTTPS checks and bandwidth management there would be not doubt that Cyberoam not only is better than Fortinet, but also is the best in the world!
Fortinet is very strong in infrastructure services check up, but when you come the the network management point, stick to Cyberoam!

Find out what your peers are saying about Fortinet FortiGate vs. Sophos Cyberoam UTM and other solutions. Updated: September 2023.
735,226 professionals have used our research since 2012.
it_user235446 - PeerSpot reviewer
Pre Sales Engineer at a manufacturing company with 501-1,000 employees
May 26, 2015

Hi I am presales engineer from cyberoam from Kolkata managing east. All I can say cyberoam is way ahead in terms of web filtering database and categories, it's anti-spam detection rate is 99.5% where fortigate never publish their detection rate, we are the second company who holds six sigma certified when its come to support. Our box has its inbuilt reporting console called iview.. Shows 1200 different report types including all major compliance report lnbuilt. Our bigger boxes comes with redundant hard disk and flash also.. We keep 3 copies of OS unlike any other vendor. RPS. And many more like our patended layer 8 technology which enable you to control everybody as a single entity...
To answer the question for 500-800 user with 3 year visibility.. The box should be CR750iNG...


Professioan Services Engineer at A10 Networks
Real User
May 26, 2015

I agree with you that Cyberaom offers cost effective solutions compared to Fortinet / Checkpoint and maybe Dell SonicWall but you need to choose the right product based on your customer needs.

I don’t have an experience with Cyberoam but I do have with Fortinet / Dell SonicWall / CheckPoint / Netasq.

I am not sure if Cyberaom comes with a built in reporting module as other UTM vendors as they have their own reporting tool such as FortiAnalyzer for Fortinet and Analyzer / GMS for Dell SonicWall

For iodine, it looks like they missed a signature for this tool which happening all the time.

May 22, 2015

I would suggest you to have a serious look at WatchGuard.

It has great price/performance, but what is even more important, is the quality and performance of their UTM services.
WatchGuard uses Websense Triton for web filtering and their HTTPS inspection is unbeatable.
Logging and reporting is already included at no extra fee - and it is one of the better ones in the industry.

it_user121092 - PeerSpot reviewer
Account Manager Enterprise at a tech services company with 1,001-5,000 employees
Real User
May 5, 2015

Cluster of Fortigate FG500D BUNDLED + Forticloud 500GB for the reporting
and logs container
I don't really know what Cyberoam has got in the stomach, Even though I think
both brandz should do the job properly, my preference would go to Fortinet.
What is important is how you want to manage your network authentication :
with a user ID or from a more classical way (LDAP, AD)



Apr 26, 2015

I'm not an expert in either system although I have been on recent
engineering / sales calls with both vendors. I did not choose either,
having similar needs as the user below.

Fortinet is weak on reporting and a quite complex solution in general. They
are also quite expensive. I had difficulty getting their sales engineers to
give me consise demos on finding individual user / IP activity. Based on
the sales calls I got the impression I would be fighting for myself to get
support in the future when needed. Their solution, while very complete
requires many add-ons to fully operate. They are all Fortinet products
which means they will integrate well. But that adds significantly to the
complexity and price of the total solution.

Cyberroam by comparison has a very easy to use reporting engine. They have
a live demo online which you can take for a spin and see for yourself.
Their system in general is much easier to operate for setting policies.
Their https monitoring and enforcement seem very evenly matched. However I
did not get far enough with Cyberroam to get pricing. For my EDU use case
they were lacking some very specific features which it doesn't sound like
you have need of -- specifically offsite filtering and Google Apps SSO.

If I had to choose between the two I would go for Cyberroam. I was very
impressed by both ease of use and confidence of the engineer I spoke with
in their ongoing development. They have been acquired by Sophos in the past
year but their development is still going strong. And parts of their
feature set are beginning to be implemented into the Sophos UTM product
line. However I cannot speak so highly of the the Sophos product line. They
can be thankful they acquired such a high quality product as Cyberroam. It
would not surprise me if at some point things were flipped and Sophos UTM
were replaced by the Cyberroam series.

I would reach out to their sales for specifics on sizing. I cannot be
helpful on that front.

Hope this helps.

it_user217800 - PeerSpot reviewer
IT Consultant - Network Admin at a financial services firm with 51-200 employees
Apr 24, 2015

Fortinet for sure

it_user192969 - PeerSpot reviewer
KAM with 11-50 employees
Apr 24, 2015

The big problem here is, that from the information provided it is not really possible to say THIS modell and THIS license will be suitable for you. Not from the desk.

it_user223881 - PeerSpot reviewer
Network Analyst at a financial services firm with 1,001-5,000 employees
Apr 24, 2015

My advice is choose the fortinet Vm and source a high availability Vm solution to go with it. That way you are able to get value for money from hardware that you have source with as much or as little resources as you need. You can then also use the same hardware to host other virtualised Vm services bringing down the TCO of other potentially viable Vm capable services that you may need in the future

I'm sure there may be others that disagree, but Vmware has some really good high availability solutions to go with it that mitigate loss of hardware devices whilst maximising value for money

Kindest Regards,

Nathan Tlou

Data Department Manager at BTC Networks
Real User
Apr 24, 2015

I advise you to go with Sophos since Sophos bought Cyberoam

Sophos is easy to manage

Simple for maintenance

You have something called policy test where you can know why some users are opening certain website directly from inside the UTM

It have an advanced reporting tools and it generate reports and send it by mail as pdf attached

You can give even quota per user per group and force google safe search for groups and user

As for the bandwidth management Fortinet have this feature on the network level and so Sophos but not on the web security level

I advise you to take a look to Sophos Next generation firewall (http://demo02.astaro.com:4445/)

Professioan Services Engineer at A10 Networks
Real User
Apr 23, 2015

Unfortunately, I don’t have any experience
with Cyberoam so I might not be able to provide such comparison.

But I can compare Fortinet with SonicWall :

- Web Content blocking and filtering:

Both they do the job but with SonicWall they have a problem “Rate images by
URL”, this feature is not working as expected especially with search
engines. Fortinet they doing great job with this part.

HTTPS strong blocking :

They both block malicious traffic over HTTPS but SonicWall they don’t do
very well with this part. Their DPI is still not mature enough and is not
working as expected. Add to this, since SonicWall is Mutli-Core UTM, they
have some limitation on how many HTTPs connections ( per model ) the
appliance can inspect. On the other hand, with Fortinet, they have a
dedicated ASIC engine to handle this job, so the limitation of connections
/ performance is much better ( I believe same apply for Cyberaom it is also
Multi-Core UTM).

Reporting and Bandwidth management :

Both SonicWall and Foritnet have a dedicated solution for reporting with
extra license. The Analyzer ( SonicWall) is easy to install / manage but
not stable at all and in most cases whenever you open a case with support
they will end up asking you to deploy. Also, backup your audit data is very
difficult. With FortiAnalyzer, this is not the case, the product is stable,
backup / restore process is easy and you have many predefined reports along
with the capability to add many custom reports based on your needs.

Recommended model : FortiGate 200 Series (FortiGate 100 Series might be
enough but with all secutiy services enabled, this will affect the overall
performance with that number of users ).

Note : Cyberaom is cheaper compared to Fortient but I am not a big fan of
Multi-Core UTM.


Hamza Farhan

it_user71988 - PeerSpot reviewer
Sales at Barracuda Networks
Apr 23, 2015

Something nobody mentioned yet, but especially pricewise very interesting: Barracuda Firewall https://www.barracuda.com/products/firewall/models#SUB .You see it on my Environment, satisfied and more than I Need for low Budget.

it_user195018 - PeerSpot reviewer
CEO with 51-200 employees
Apr 23, 2015

I recommend to use fortinet series products. They have wide range of solutions, FortiAnalyzer, Forticloud, Fortitoken, FortiAP (access points).
I recommend to use sizing tool:

it_user216420 - PeerSpot reviewer
Sr network Administrator at a tech services company with 1,001-5,000 employees
Apr 23, 2015

As per my experience, Fortinet is the better UTM device than Cyberoam. If we compare overall UTM functionality, Fortinet is better than cyberoam.
Also it stands 2nd in UTM worldwide ranking but cyberoam stands at 11 position.

The only difference in which cyebroam leads, is firewall management. Cyberoam is easy to manage and configure but fortigate firewalls are little difficult to manage. The one more major difference is reports(logs). In fortinet, the reports of user access logs are better than cyebroam. Report can be generated as per requirement after customizing. But in Cyberoam, this option is not available. 
For your requirement, you can consider the cyberoam 750iNG model. For more detail for specifications, please go through the following linkhttp://www.cyberoam.com/downloads/datasheet/CyberoamCR750iNG-XP.pdf   

For Fortinet, you can consider Fortigate 800 C UTM firewall. For specification, please go through the following link

it_user208356 - PeerSpot reviewer
Security Engineer at a tech services company with 201-500 employees
Real User
Apr 23, 2015

FG500D will be suitable for this requirement with UTM bundle license.
attaching the details fr reference.

it_user200991 - PeerSpot reviewer
dusmanta with 501-1,000 employees
Apr 23, 2015

Fortinet will be better choice with all the required parameters.
Fortigate100D will suffice the requirment.

it_user188070 - PeerSpot reviewer
Security Expert at ADP, Inc
Apr 23, 2015


Without knowing the budget for the proposed solution, I can only base my response on the products I’m familiar with.

I know nothing about Cyberoam except that it is a Sophos offering.

Fortinet is fine for small to medium sized businesses, but support can be an issue.

Why not Cisco ASA with firepower? A 5506-X would offer what you’re looking for and you’d have a much better vendor support model.

My two cents…

--Chris Palkowski

it_user197145 - PeerSpot reviewer
Network and Security Engineer at a financial services firm with 10,001+ employees
Apr 23, 2015


Based on my experience I believe Fortinet is better.

Consultant at a tech services company with 51-200 employees
Apr 22, 2015

My knowledge of firewalls is currently limited to Sophos UTM's, SonicWalls and a little PaloAlto.
My understanding is Cyberoam is now part of Sophos and I believe the next versions of the UTM OS will be incorporating the Cyberoam "Layer 8" application firewall. I'm super keen in seeing that as the other "Layer 8" I have seen is PaloAlto and its extremely impressive if you have the budget for it. Sophos has released iView which I believe is cyberoams reporting technology.

So with that in mind, I would push Sophos UTM. 500 - 800 machines with total protection (Full Guard + EndPoint AV) will require a SG450. You could get away with SG430 if you take some of the modules away from the UTM (EG, EndPoint AV, Email Protection etc). This does not mean you don't use those technologies, you just deploy the enterprise consoles instead.
My assumption about 500-800 machines means they are segregated to different networks and the firewall is what is routing/monitoring the traffic between those networks. If that is not the case (one big flat network and the firewall is just acting as the external gateway), you could totally re-visit the models and go down to a SG310/330 or even a SG230.

I hope that helps.

it_user224256 - PeerSpot reviewer
Senior Technology Consultant Cosmocall/Microsoft at a tech services company
Apr 22, 2015

Unfortunetely I didn't work on those FW (Cyberoam & Fortinet) so i can't give you the best benchmark.
But i'll try with my best to help you.

You need to answer the right questions:

Which One got the best support ?
If you will not or you don't have an inhouse person to maintain the solution, you must detect who's got the best support to achieve your needs

Configuration flexibility
Is the solution enough to provide the focus or not ?

High avalability
Of course, nobody wants to be down when maintaining or when a sinister is happening (overload,crash,etc)

500-800 users
It depends on how users are using the bandwidth & the FW performance (providers can help you with giving the right FW model)

I hope that will help you.

it_user201144 - PeerSpot reviewer
Gerente de Servicios y Proyectos
Apr 22, 2015

Did you think of WatchGuard?
You can try with XTM850
Includes Strong content blocking provided by websense
https blocking by application control and deep packet inspection
reporting using dimension.. try demo.watchguard.com (user: demo / pass: visibility)

it_user83073 - PeerSpot reviewer
Network Engineer at a manufacturing company
Apr 22, 2015

Hi IT Central,

I don't know anything about Cyberoam but I can advise you about the

The Fortinet is very feature in UTM. It can do what you want and much more.

It also has the following capabilities: Routing (static and dynamic), VPN
(S2S and Remote Access), Antivirus protection, web filtering, email
filtering, IPS. It also integrated with Active Directory.

The unit itself is limited in its reporting but you can get the
FortiAnalyzer which stores all the data for the Fortigate device for a
longer time period on a separate server or device.

It is both Web (http/https) and CLI managed using telnet or ssh.


Samuel Mitchell
CCENT, VCA-DCV Certified

it_user210723 - PeerSpot reviewer
Network Architect at JDA Software
Real User
Apr 22, 2015

I would suggest Cisco ASA NG with Firepower Services. It's powerful and effective.

it_user200916 - PeerSpot reviewer
Technical Consultant at a tech services company
Apr 22, 2015

Fortigate is much better
Give me the Internet bandwidth and what are the features u need to activate.

it_user192969 - PeerSpot reviewer
KAM with 11-50 employees
Apr 22, 2015

Hello, here is the problem, different people = different taste.
I did a research among other UTM solutions and the truth is, that if you choose Fortinet, you will probably endup with minimum 2 appliances to purchase for HA + license or appliance for Reporting features as well. The reporting within their UTM is weak/simple, so you will need FortiAnalyzer app + maintenance. If you will need antispam in the future, also features weak/basic function within the UTM, all recommend to use appliance FortiMail - it features better antispam techniques and quarantine. But it costs additional fees ofcourse.
All in all it is not cheap solution, and it is not simple to manage eighter in my opinion. You have to maintain 2-3 admin gui and command line as well. Problem also is, that they have different way how to scan a HTTPS traffic with proxy. If you setup FortiGate to break the https and see the traffic inside, its throughput drops significantly, so beware of cheap models with gigabit throught for Firewall, it is much less powerfull in real world & when scanning http(s) in Proxy mode.
They use also another mode called stream scanning, but then with very limited number of legacy anitivirus signatures, so it can´t really protect against viruses and trojans etc.

Cyberoam is cheap and fast, has very nice features layer 8 (Identity based policy etc). Aquired by Sophos few years back, and some of the features will be soon available within Sophos appliances. Not sure what will happen with Cyberoam´s product line in 3years.

For the size you have mentioned is suitable Sophos SG430 appliance (14k EUR for complete set of 5 security modules is quite attractive bundle) and you won´t need to pay for additional log&reporting tool - it is build inside and you can also use a iVew in VMware - free for up to 100GB storage.

I would recomend Sophos SG, but do a trial/test run, and you will see what suits you best.



it_user125442 - PeerSpot reviewer
Dono at a tech consulting company
Apr 22, 2015


for better comparison we need know a little bit more about your environment to check the right model for Fortinet but even so, using that description I work with Sophos (which acquired Astaro and Cyber Roam) and Fortinet also.

You should keep in mind the company 'targets' since Sophos is more focused on endpoint management and maybe is 'why' they has low position in the 'Leader Quadrant' for 'Unified Threat Management' on the Gartner Magic Quadrant and 'No position' in the 'Gartner Enterprise Firewall Quadrant'. Sophos is recognized in the Gartner MQ for UTM and Enterprise Firewall, but have a lower standing. For example, Sophos is in the Niche Quadrant in the Enterprise Firewall.

Sophos has products only to deal with SMB market, while Fortinet can do up to MSSP/Carriers.
It has a software approach. This means the performance will dramatically drop with real world and small packet traffic, which causes latency and bad user experience. Time sensitive applications like web usage, VoIP, mobile application, and transaction based applications will have poor experience.

Sophos/ Astaro do not have ICSA IPS or NSS Labs NGFW, IPS validation on the performance or ability to protect against the latest exploits.

Sophos doesn´t offer option to create 'GeoIP' object, which means that if you need block traffic coming from China (just for i.e) you should do it for entire unit instead for a specific rule/policy as Fortinet do; the same difficult is to set a Q.O.S object for a specific rule/policy; I´m not sure right know but as I remember they don't offer integration with Active Directory in 'transparent mode', which means that you need to set Proxy in explicit way.

Pls, feel free to stay in touch with me.


Renato P
The Angel of Technology

it_user227532 - PeerSpot reviewer
Senior Network Engineer at a healthcare company with 1,001-5,000 employees
Apr 22, 2015

Ah, can't put special characters in an answer here without getting cut off, at least the less-than sign. As I was saying I would not recommend Fortigates. Their tech support is horrid, laughable even at times. And you will need to contact them eventually. You open a case hoping to get a configuration example and the first thing they say you can do it, but want to do is open a webex session to show you how to do it. Then you find out through the webex that it really can't do it.

They say they have an easy to use GUI, but you cannot do everything with it, you have to drop into the CLI to do some things. The centralized management platform, while good for distributing signatures and such, just adds more confusion into the mix. Nothing like the GUI on the boxes themselves for configuring and still missing the options you need to drop into the CLI for.

They definitely need to enhance their support for third party NMS systems too, we use Solarwinds Orion which is pretty flexible, but Fortigates are difficult to work with and don't give you much.

Apr 22, 2015

The Fortinet is known as the better one of the two.

it_user227532 - PeerSpot reviewer
Senior Network Engineer at a healthcare company with 1,001-5,000 employees
Apr 22, 2015

I work with Fortigate right now and would >not< recommend them. Horrid tech support, configuration is confusing. They say they have an easy to use GUI, but you can't do everything from there, you have to drop into the confusing CLI to get some things done. Their centralized management platform, while good for distributing signatures and such, just makes configuration even more confusing. Doesn't work well with network management systems.

it_user221862 - PeerSpot reviewer
Cloud Engineer at a tech services company with 1,001-5,000 employees
Apr 22, 2015

Never used either. But for personally, this is how I would set it up: pfSense in a virtual environment. I've done this for years pushing bandwidth quite like you're talking about (a little more actually), all while using open source software. I don't have experience with Fortigate or Cyberoam, so I can't comment on those. But if you're looking for flexibility and the ultimate ROI, this is the best route to choose. If you need commercial support, the pfSense team provides that too.

Sounds like to me that you would need pfSense with Squid proxy and SquidGuardian enabled. I would also recommend SNORT, pfblockerNG and a few other bells a whistles. A central logging solution like Graylog wouldn't hurt either. I love pfSense's logs, but they are tabbed. With Graylog, I can make dashboards and categorize everything how I see fit.

it_user219537 - PeerSpot reviewer
System Engineer at a tech services company with 501-1,000 employees
Real User
Apr 22, 2015

the throughput that you need is not high, so for example a
http://www.cyberoamworks.com/Cyberoam-CR50iNG.asp meet al your requirements.
with 1M of concurrent session shouldn't have problem with < 1000 users
A key factor may be if there is to many traffic between the internal
networks and this traffic need to be managed by UTM,
this model is able to manage 3Gbps o firewall section, should be enough but
depends from your needs


it_user200313 - PeerSpot reviewer
Security Consultant at Accenture
Real User
Apr 22, 2015

Go for Fortigate

it_user223011 - PeerSpot reviewer
Systems Engineer II at a tech services company with 51-200 employees
Apr 22, 2015

There are multiple factors to consider when looking at a Firewall solution such as:
Cost Support Performance ROI Ease of management Ease of deployment Available documentation Future proofing Total cost of ownership
Given all of these aspects I would go with the Fortinet 1000-D as this has a proven track record of being deployed in environments similar to what you require.


Daniel Legall

Apr 22, 2015

For small size network probably Fortinet can do the job.

it_user227490 - PeerSpot reviewer
Business Development Manager at Veracomp Europe
Apr 22, 2015

FG 500D with FortiGuard NGFW Service and Web Filtering Service +Forticare will cover your major focus.

it_user105426 - PeerSpot reviewer
Consultant at a non-tech company with 51-200 employees
Apr 22, 2015

It is very risky to respond like that especially as UTM and FW does not offer the same features, capabilities and are not at the same level of investment.
I can answer by conducting a preliminary analysis for this but your client will have to use my services. For my part I have done this type of comparison in the context of a tender for a similar network (appliance perspective for internet access 34meg 600 users) but also internationally (SaaS versus local appliances).
seeking a job, if you client is interested, I can give him assistance.
Best regards,

Apr 22, 2015

Definitely Fortinet, 2014 was the 6 year in Gartner on UTM.

I recommend FG500D and FG1000D on this functionalities(FortiGuard NGFW
Service + FortiGuard Web Filtering Service)

· Web Content blocking and filtering

· HTTPS strong blocking

· Reporting and Bandwidth management( traffic shaping )


it_user167811 - PeerSpot reviewer
User at a tech services company
Apr 22, 2015

Determining the size of an UTM is not only depended to user count or bandwith. I's also depended to user type. Torrent user is not as same as a telnet user. Also you may think the website which you visit the now and 5 years ago; the connection count(concurrent connections) size etc, you can easiliy see that site is at least doubled on work-load. I'm using the requirements x 2 = specs of the UTM formula. You can easly find the scaling guides on Vendor sites.

it_user205449 - PeerSpot reviewer
Regional Sales Manager at a comms service provider
Apr 22, 2015


From my experience I will advise Fortigate FW series



it_user203784 - PeerSpot reviewer
User at a tech company with 51-200 employees
Apr 22, 2015

I think you should go with Cyberoam 200Ing, as all three requisites of yours will be fulfilled and it is quite user friendly and convenient to configure.

Anil Raju SoreESDS Fully Managed Datacentre8806313322

Apr 22, 2015

Hi, I have only experience with Fortinet so I can't compare it with Cyberoam. From my experience I can tell you that Fortinet is satisfying all you requirements and as for the model you can start looking at 100D which is an entry level, but for many users you can use some from the mid range like 800D.
You didn't specify if the users are internal (behind nat) or some of them will use SSL VPN to rich your internal network? If so, I think 800D is fine for your needs.For redundancy you can use 2 FG in cluster acting active/passive or active/active based on needs.

it_user167811 - PeerSpot reviewer
User at a tech services company
Apr 22, 2015

I'm usind Fortigate's, Chekpoints, pfSense, ipCop, untangle, open source software based custom UTM's, Watchguard's and Sophos since 2001 (was Astaro). Cyberoam is obtained by Sophos. Sophos was purhased Astaro. Cyberoam and Sophos (former Astaro) will be united in same device.(IMHO) I'm using and managing over 20 sophos UTM's; thet are Solid, easy to deploy and "what do you set, what do you get". You may try it on a pc, its free to use on home license(50 IP).

it_user200868 - PeerSpot reviewer
Network Administrator at a tech services company
Apr 22, 2015

I probably prefer Cyberoam, because Cyberoam has l8 for authentication. That easy to manage large employee. and about the price.

Related Questions
Cloud Engineer at Inara Technologies
Jun 5, 2023
Hello community,  I am a Cloud Engineer at a small tech services company.  I am currently researching firewalls. Which solution do you prefer: Palo Alto Networks PA-3410 Firewall or FortiGate 601F? What are the pros and cons of each solution? Thank you for your help.
See 1 answer
Luis Apodaca - PeerSpot reviewer
IT Support and Network Admin at Escuela Carlos Pereyra
Jun 5, 2023
Hi Muhammad, You are telling us your company is small, but for choice active equipment you need to know how big the need for your client is, not yours. And also you may discuss if you are the provider of the tech service for management (local or remote), or if you're just going to provide the equipment for some internal IT by your customer.So, there are a few questions before choosing the Router/Gateway, but if you already have an answer for all that, I'll go for Sophos XG Firewall every time, if the customer can afford it or for smaller customer Ubiquiti Edge Infinity Router. Good luck
Commercial Manager - Government at core tecnologia
May 16, 2023
Hello peers,  I am a Commercial Manager at a small tech services company. I am currently researching alternative firewalls for Hillstone. Which FortiGate firewall model can you replace with Hillstone? Thank you for you help.
See 1 answer
Bořivoj Tydlitát - PeerSpot reviewer
Chief Security Officer at The Mama AI
May 16, 2023
There is no simple answer. Like Hillstone, FortiGate firewalls are a line with a huge range of capabilities. Here are some ideas based on our experience: - Think about high availability? How stringent are your requirements? What would device reboot (minutes downtime), tripped circuit breaker (minutes to hours down), or hardware failure (days down or more) mean? Are you operating single or multiple installations? What is the availability of a replacement device? Based on that - are you considering a single device, a single device with a dual power supply, or a HA pair of devices? (We have quite good experience with a HA pair of 60F's.) - What are the Internet and local network connectivity requirements? Is 1Gbit Ethernet enough, or do you need 10Gbit? Will FortiGate serve as a router for multiple segments of your local network? That may mandate 10Gbit interfaces on the LAN side even where your Internet connectivity does not require that bandwidth. - Do you need a hard drive in the unit? Typically, it is used for local logging where remote logging options (FortiCloud, Syslog, etc.) are not practical or possible for technical, financial, or irregular reasons.  - Rackmount - do not worry too much about that - the low-end units (40F, 60F) are not rack-mounted per se, but you can get an original adapter kit or just use a shelf as we do. - Remember that the HW cost is just a fraction of TCO, the subscription being a substantial part. - On the HW capacity scaling - this one is tricky, as it heavily depends on the traffic patterns and on the depth of firewall scrutiny. Think more of the number of transactions (TCP connections, UDP "sessions") than the actual packet or byte rates. In our use case, it looks like the RAM is a more scarce resource than the CPU. FortiGate goes into Conserve Mode when hitting something like 75% RAM use, so it is a good idea to keep the normal usage around 50%. - If you are using a virtualized infrastructure, you may consider a FortiGate VM form factor. Or you can request a free trial VM (feature-restricted) or full-featured evaluation VM (available on request) and use it for evaluation. - Needless to say - FortiGate is a complex device with tons of features, and it has quite a learning curve. Additionally, some of the more advanced features are available in CLI only or have to be explicitly enabled to be visible in GUI. - One more piece of advice - be conservative about FortiOS (FG firmware) major/minor releases. New releases tend to be quite buggy and it is a good idea to avoid anything that ends with a patch level less than about 5-6. On the other hand, do apply security patches diligently, some of them close really critical holes. For example, we are on 7.0.11 firmware, even though 7.2.4 and now also 7.4.0 is out.
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
Aug 21, 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technology products and we want your vote! If there’s a technology solution that’s really impressed you, here’s an opportunity to recognize that. It’s easy: go to the PeerSpot voting site, complete the brief voter registration form, review the list of nominees and vote. Get your colleagues to vote, too! ...
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out what your peers are discussing and join in the conversation. Ask and answer questions on the topics that interest you most! Read and respond to articles or contribute your own! Trending These are the topics your peers are talking about on PeerSpot this week How do I estimate the requir...
See 1 comment
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Thank you to all the community members who share their knowledge with other peers! Also, special thanks to the articles' contributors included in this Community Spotlight: @Janet Staver, @Abhirup Sarkar, @Manoj Narayanan, @Beth Safire and @Shibu Babuchandran.
Director of Community at PeerSpot (formerly IT Central Station)
Jul 5, 2022
Dear PeerSpot community members, This is our latest Community Spotlight for YOU. Here we've summarized and selected the latest posts (professional questions, articles and discussions) contributed by PeerSpot community members.  Check them out! Trending See what your peers are discussing at the moment! What were your main pain points during the SIEM product purchase process? What...
Director of Community at PeerSpot (formerly IT Central Station)
May 30, 2022
Hi peers, This is our new bi-weekly Community Spotlight that includes recent contributions (questions, articles and discussions) by the PeerSpot community members.  Articles Check the top products and solutions below (selected based on peer reviews) or contribute your own article! Top Security Orchestration Automation and Response (SOAR) Solutions Top 8 Data Loss Prevention (DL...
Director of Community at PeerSpot (formerly IT Central Station)
Jul 11, 2022
Hi community members, As usual, this new Community Spotlight shares with you the latest articles, questions and trending discussions from your peers. Trending See what is trending at the moment and chime in to discuss! Top 8 Extended Detection and Response (XDR) Tools 2022 Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons? What is the...
See 2 comments
Performance and Fault-tolerance Architect with 1,001-5,000 employees
May 30, 2022
Good very informative
Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a retailer with 10,001+ employees
Jul 11, 2022
Analyze the wave of product at Gartner Hype Cycle. EDR was good in the past. After that, MDR joined the hype and now, XDR is the trend. Wait for more in a couple of months and (sic) know the ZDR!
Product Comparisons
Related Categories
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
Aug 21, 2022
PeerSpot User's Choice Award 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technol...
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Community Spotlight #20
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out w...
Download Free Report
Download our FREE report comparing Fortinet FortiGate and Sophos Cyberoam UTM based on reviews, features, and more! Updated: September 2023.
735,226 professionals have used our research since 2012.