Fortinet’s Fortigate is a firewall solution we use and are very much satisfied with its performance. We find Fortigate both cost-effective and efficient. One of the features we like most is that Fortigate can secure our infrastructure against known and unknown attacks. Unlike other firewalls we tried, it has a user-friendly interface. It is easy to create policies, and we can define security profiles and rules. Other features include a remote VPN, advanced malware protection, comprehensive logging, and IPS.
Fortigate also has some room for improvement. The command line is not easy, so it requires expertise with CLI commands. Additionally, it is not easy to configure. All told, though, it is a robust firewall and gives value for the price.
Previously we tried pfSense, and although it is a strong solution, it doesn’t combine Fortigate’s advantages. Sure, pfSense is free and open-source. You cannot be more cost-effective than that. But sometimes you get what you pay for. PfSense’s main advantage is its flexibility as a firewall and routing platform. Another advantage you get with pfSense is that it is customizable.
PfSense offers most features basic firewalls offer, like stateful packet inspection. I find it a bit stuck in time, though, with almost none of the features you find in next-generation firewalls. The interface is a bit clumsy, it has lots of bugs, and there seems to be no documentation available.
Conclusions
If you are looking for a basic firewall at a lower possible price, you may go with PfSense. It offers basic features and is easy to configure, and if you don’t mind the bugs, it is an excellent place to start. However, if you are looking for something more powerful with advanced features, I would suggest you consider Fortinet’s Fortigate. It offers advanced firewall functions and is still cost-effective for small businesses. Yes, it has a bit of a learning curve, but in my opinion, it is worth it.
PFSense or Fortinet... That would depend on your used case....
We are using pfSense for the past two years and it does mostly what you would expect of a firewall... Captive portal, site-to-site VPN, TLS based VPN, IPsec VPN, SNORT, Suricata, ACME, port forwarding, NAT, CA, DHCP, DHCP relay, VLANS, Bridges, LAGG, LACP, etc... etc...
Most of all, no paid licenses anywhere as it is open source and free... Support can be purchased but I personally never needed it so far...
The only downside is that you need to be highly technical to get it working as per your needs... Also, a lot of docs in Google/YouTube (though a bit of scouting and navigating through bugs is required) to get things moving assuming you already know firewalls as a concept...
With a Fortinet, in case you have the money to pay and justify the need for it, then it's worth going for because they will support you as long as they keep getting paid... In our case (in our small SMB), I have not yet come across a need to move away from pfSense because it basically does what it is supposed to do...
It has been running with us for almost two years with no reasons for complaints... Again, it's my own personal opinion...
PfSense is the only product that would perform in a Symmetric NAT. Painful but OS-fingerprinting and impossible to do UDP NAT hole punching. Skype, Zoom uses that and even Kerio Operator, but that is all.
It is a very broken product and when you need IPS (the " free one" is 30 days old database) you need to pay Cisco for Snort... I would not use pfSense on its own. Period.
Fortinet is one of the best products. Lots of other things rely on one CPU to do the job. Sophos & pfSense (just to name a few) when you start adding inspection modes it is like having a 3 tonnes car with a 2 cylinder engine. The CPU goes to 90%.
Fortinet has been ultra clever from day number one to have custom chips to do the work in hardware, so throughput with all protection features can happen without suffering speed of service to users, compare to others.
The new OS7 is very good.
So, I would not touch pfSense. It Is like comparing a Toyota Yaris to a Kia K 900 car. Sort to speak.
Hi,
I am a software engineer for a large IT services and consulting company.
Is the SD-WAN feature in FortiGate suitable for small business applications?
Thank you for your help!
Hello community,
I am a Network and Security Engineer at a small tech consulting company.
I am about to import the backup configuration file of my hardware-based FortiGate firewall onto my VM-based FortiGate firewall.
Can you please assist me with the procedure?
Thank you for your help.
Senior IT Consultant at Gateway information networks
Mar 30, 2023
To import hardware from the FortiGate firewall backup configuration file to the FortiGate-VM firewall, you can follow these steps:
Export the backup configuration file from the FortiGate firewall. You can do this by navigating to System > Dashboard > Status and selecting the Download button under the Configuration section.
Save the backup configuration file to your computer.
Log in to the FortiGate-VM firewall and navigate to System > Maintenance > Backup & Restore.
Select the Import button to upload the backup configuration file.
In the Import Configuration dialog box, select the file type as "Full Configuration."
Browse and select the backup configuration file that you saved on your computer.
Select the Import button to start the import process.
Wait for the import process to complete. This may take a few minutes.
Once the import process is complete, the FortiGate-VM firewall will reboot to apply the new configuration.
After the FortiGate-VM firewall has rebooted, you can verify that the hardware configuration has been imported by navigating to System > Dashboard > Status and checking the system information.
It's important to note that the hardware configuration of the FortiGate firewall may not match the hardware configuration of the FortiGate-VM firewall. You may need to make manual adjustments to the configuration to ensure compatibility with the FortiGate-VM hardware. It's recommended to consult the Fortinet documentation or contact Fortinet support for assistance with this process.
Fortinet’s Fortigate is a firewall solution we use and are very much satisfied with its performance. We find Fortigate both cost-effective and efficient. One of the features we like most is that Fortigate can secure our infrastructure against known and unknown attacks. Unlike other firewalls we tried, it has a user-friendly interface. It is easy to create policies, and we can define security profiles and rules. Other features include a remote VPN, advanced malware protection, comprehensive logging, and IPS.
Fortigate also has some room for improvement. The command line is not easy, so it requires expertise with CLI commands. Additionally, it is not easy to configure. All told, though, it is a robust firewall and gives value for the price.
Previously we tried pfSense, and although it is a strong solution, it doesn’t combine Fortigate’s advantages. Sure, pfSense is free and open-source. You cannot be more cost-effective than that. But sometimes you get what you pay for. PfSense’s main advantage is its flexibility as a firewall and routing platform. Another advantage you get with pfSense is that it is customizable.
PfSense offers most features basic firewalls offer, like stateful packet inspection. I find it a bit stuck in time, though, with almost none of the features you find in next-generation firewalls. The interface is a bit clumsy, it has lots of bugs, and there seems to be no documentation available.
Conclusions
If you are looking for a basic firewall at a lower possible price, you may go with PfSense. It offers basic features and is easy to configure, and if you don’t mind the bugs, it is an excellent place to start. However, if you are looking for something more powerful with advanced features, I would suggest you consider Fortinet’s Fortigate. It offers advanced firewall functions and is still cost-effective for small businesses. Yes, it has a bit of a learning curve, but in my opinion, it is worth it.
PFSense or Fortinet... That would depend on your used case....
We are using pfSense for the past two years and it does mostly what you would expect of a firewall... Captive portal, site-to-site VPN, TLS based VPN, IPsec VPN, SNORT, Suricata, ACME, port forwarding, NAT, CA, DHCP, DHCP relay, VLANS, Bridges, LAGG, LACP, etc... etc...
Most of all, no paid licenses anywhere as it is open source and free... Support can be purchased but I personally never needed it so far...
The only downside is that you need to be highly technical to get it working as per your needs... Also, a lot of docs in Google/YouTube (though a bit of scouting and navigating through bugs is required) to get things moving assuming you already know firewalls as a concept...
With a Fortinet, in case you have the money to pay and justify the need for it, then it's worth going for because they will support you as long as they keep getting paid... In our case (in our small SMB), I have not yet come across a need to move away from pfSense because it basically does what it is supposed to do...
It has been running with us for almost two years with no reasons for complaints... Again, it's my own personal opinion...
PfSense is the only product that would perform in a Symmetric NAT. Painful but OS-fingerprinting and impossible to do UDP NAT hole punching. Skype, Zoom uses that and even Kerio Operator, but that is all.
It is a very broken product and when you need IPS (the " free one" is 30 days old database) you need to pay Cisco for Snort... I would not use pfSense on its own. Period.
Fortinet is one of the best products. Lots of other things rely on one CPU to do the job. Sophos & pfSense (just to name a few) when you start adding inspection modes it is like having a 3 tonnes car with a 2 cylinder engine. The CPU goes to 90%.
Fortinet has been ultra clever from day number one to have custom chips to do the work in hardware, so throughput with all protection features can happen without suffering speed of service to users, compare to others.
The new OS7 is very good.
So, I would not touch pfSense. It Is like comparing a Toyota Yaris to a Kia K 900 car. Sort to speak.
I will choose FortIGate. It is a complete hardware and software and integrated solution for IT security and threat management
Many people said that depends on your needs, and I agree.
Fortinet and many other vendors are more than a set of level 2 or level 3 rules. They also have IPS, Antivirus, SSL Inspection, stateful inspection.
If I have to choose between Fortinet and pfSense for my company, I would think twice. Fortinet.