Coming October 25: PeerSpot Awards will be announced! Learn more
2019-06-26T05:25:00Z
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
  • 0
  • 12

What needs improvement with Fortinet FortiOS?

Please share with the community what you think needs improvement with Fortinet FortiOS.

What are its weaknesses? What would you like to see changed in a future version?

40
PeerSpot user
40 Answers
SK
Senior Information Technology Manager at a wellness & fitness company with 5,001-10,000 employees
Real User
2022-08-17T10:25:11Z
17 August 22

SD-WAN configuration could be easier. The support could be better. We'd like to see bandwidth optimization and traffic prioritization capabilities. These are the two things that I'm looking for, especially in SD-WAN.

it_user1258791 - PeerSpot reviewer
Consultant at ZAM Food Industry Pvt Ltd
Real User
2022-08-16T08:54:50Z
16 August 22

It should be controlled in the local environment as well. Its gateway security is more powerful. However, it should also manage the local DSCP network, so the policies, local LAN policies, and other stuff should be there.

YoussefElhaddad - PeerSpot reviewer
IT Manager at ABB Enterprise Software Group
Real User
Top 5
2022-07-24T07:29:03Z
24 July 22

The product needs a feature that allows users to create another site on a VPN.

Gautam Sen - PeerSpot reviewer
General Manager & Head Electronic Network Executive at Blue Dart
Real User
2022-07-17T19:59:30Z
17 July 22

Fortinet FortiOS need to manage its memory and CPU utilization better. It peaks at times, which sometimes can be challenging. In a feature release, if Fortinet FortiOS could have better cloud functionality would be a benefit.

RaynoPowell - PeerSpot reviewer
Senior System Analyst at EOH
Real User
Top 20
2022-07-11T06:10:57Z
11 July 22

We don't really find a lot of issues on it. If I really have to complain about something, and there's not much, is the free VPN solution is a bit limited. Then again, it is a free solution. That's essentially it. Nothing else on the FortiGate or on the Fortinet OS side is really an issue. That's one of the main reasons why we use them: everything works and works well. For what we use, there isn't really any missing feature. In fact, we actually want to get rid of some of the features that they have due to the fact that, for the security model that we need to implement, having more features actually opens up potential risk. We actually would like to have a device that is more focused specifically on OT environments the operational technologies. We would prefer a device that's stripped down, that doesn't have all the other fluff in the more enterprise system. We actually want a feature where we can remove features that are there that we don't use. That is actually a thing that we find. We use it now in an operational technology environment. We use normal IT equipment. However, it's not a normal IT network. It differs significantly from a normal corporate IT environment. In a normal corporate IT environment, you like the fluff, and the additional features, and you can click, click, click, and you're done. However, all of those features you add to a device open up risk for us. And that is something we do differently in the OT environment in operational technology. We prefer to not have the fluff. We prefer to have only what is needed for the device to do what it needs to do. For example, imagine an additional feature for some sort of additional VPN technology has been added. However, it's not really needed for the OT environment, and it's not configured on the device, yet there's some sort of security threat in there. Now, all of a sudden, somebody can hack your system, and he's in there, and he's switching the lights on and off the entire city. And you don't know about it due to the fact that the additional fluff that we added to the system, we weren't aware of that issue was on there. You can enable and disable certain modules in it. However, with disabling, nobody can really tell us if that module is disabled. Is it really disabled? Is it actually unloaded? Is it uninstalling Word from your laptop, or is it just not running Word?

Ali Fauzi - PeerSpot reviewer
Senior Network Security Engineer at Tunas Ridean Tbk PT
Real User
Top 5
2022-06-21T11:49:28Z
21 June 22

I would like to see the features of FortiAnalyzer included in Fortinet FortiOS. Right now, you're required to have an additional license and a different device for features such as processing the log, reporting, and analyzing traffic.

Learn what your peers think about Fortinet FortiOS. Get advice and tips from experienced pros sharing their opinions. Updated: October 2022.
635,513 professionals have used our research since 2012.
CR
Director at REDCO
Reseller
Top 5
2022-06-17T14:56:00Z
17 June 22

I would like to see fewer bugs. If you use the box with its basic features, the solution is straightforward and stable, but you can run into bugs when using newer features or in more complex use cases. They included a DNS filter as a new feature, and I had issues that required raising a ticket with customer support.

SamiEsber - PeerSpot reviewer
Security consultant at Manaai corp.
Real User
Top 5
2022-05-31T13:26:44Z
31 May 22

Some features I have found to be hidden and cannot be accessed through the graphical user interface, you can only access them through the command-line interface(CLI). All the features should be accessible through the graphical user interface.

Ravinder-Singh - PeerSpot reviewer
Junior Manager at Paytm Payments Bank
Real User
2022-05-26T11:01:23Z
26 May 22

The threat time interval lags a little, especially if there's a heavy load on the firewall.

Muhammad Jahangir - PeerSpot reviewer
Manager Devops at emergent
Real User
Top 5
2022-05-03T16:10:00Z
03 May 22

It would be better if AWS instances were available. If I want to upgrade from T2.small to T2.medium, it should be available rather than having a big instance and paying a lot of money for that. The issue is that we had deployed in AWS Cloud, and we were using a very small instance. Recently we wanted to move in-house and deploy it on the big instance because it was struggling with the RAM. If we use T2.small, we cannot upgrade it to the T2.medium. It has predefined instances in the marketplace with a lot of cost differences. If I can increase the RAM, I have to choose the T3.large instance. If I'm paying $270 for the small instance, I have to pay more than double the cost for T3.large. It is about $850, and this is not good. So, it would be better if it was cheaper. I think both AWS and Fortinet should think about that. They should provide it on lower instances as well. If I want to upgrade it from T2.small to T2.medium, it should be available, but it's a problem.

Subbu Madhira - PeerSpot reviewer
CEO at OmniNet Systems
Real User
Top 5Leaderboard
2022-04-11T14:10:53Z
11 April 22

Fortinet FortiOS can improve the GUI and remove the command line interface. All the functionality should be available from the GUI. Day-to-day management can be tough for IT administrators. Additionally, the reporting is not very good.

PA
Systems manager at a educational organization with 51-200 employees
Real User
Top 20
2021-12-24T09:20:00Z
24 December 21

Fortinet FortiOS could improve by having better authentication methods with Microsoft or Google Services. In an upcoming release, they could improve the user interface.

RR
IT Infrastructure at a tech services company with 51-200 employees
Real User
Top 5
2021-12-16T06:59:00Z
16 December 21

There are some features for FortiGate using FortiOS that can only be enabled via a command line. These aren't very advanced features they have been part of FortiOS for quite some time but they still aren't accessible from the graphical user interface. It makes it a little bit harder than it should be for us to manage the solution. That's my main concern with the user interface. Another concern we have is some elements for the user interface, if they're not properly configured, it could lead to hardware and performance degradation. We have had some cases where the entire hardware is at a lockout. This means the CPU is 100% consumed and requires a reboot because of a malfunction with the graphical user interface dashboard widget. This is something that we saw a few years ago. We haven't had any new experience with this same issue. However, I'm not sure if that's because Fortinet fixed them, or because we have mow avoid using those specific regions.

Dago Pacheco - PeerSpot reviewer
Infrastructure and Services Manager at Universidad Arturo Prat
Real User
Top 20
2021-12-16T01:01:00Z
16 December 21

The pricing of the product is too high. They should work to lower it.

GG
System Engineer at a tech services company with 51-200 employees
Real User
2021-12-07T11:12:01Z
07 December 21

There are some issues with the performance. We also had some issues while updating the firmware. The download options can be better. While downloading VPN clients, it is a little bit difficult to get different versions. You need to log on and search. Their support can be better.

AK
Senior Manager (Engineering Department) at a comms service provider with 10,001+ employees
Real User
Top 5
2021-10-28T09:10:18Z
28 October 21

They're using a lot of application-specific IC, so that may be causing some performance issues. And whenever a Fortinet adds new features, it can affect performance. I don't handle implementation, so I have to ask my frontline engineers to implement new features, like software-defined WAN service. But I'm not sure these are stable and acceptable because this project is still in progress. FortiOS and all the other firewall products are adding SD-WAN service, and this kind of service needs a lot of resources from the fabrics, the hardware, and the software. Still, I think we have more confidence deploying this service with FortiOS than using the other brands, like Juniper.

SB
President at a manufacturing company with self employed
Reseller
2021-09-24T23:13:00Z
24 September 21

FortiOS doesn't work well with all browsers. I think they need to do a better job of making it compatible with the various browsers that are out there. I see weird stuff happen sometimes. It doesn't crash the router bin itself, but it typically takes some time. Sometimes I'll have to reboot the router to get it working with a browser again. This is maybe just a problem with older versions. I can't say anything about the recent versions of the FortiOS, but over the years, I've seen weird stuff. This is mainly just a problem with the browser interface. I've never had a problem with the command line.

Vincent Gonzales - PeerSpot reviewer
Senior Network & Security Engineer at a tech services company with 51-200 employees
Real User
Top 5
2021-08-27T14:28:59Z
27 August 21

The solution could improve the log retention and reports.

AA
Manager IT at wintac
Real User
2021-07-27T19:54:49Z
27 July 21

The reporting and monitoring could improve, they have a lot of limitations. The monitoring is not easy compared to the other firewall.

PR
System Administrator at RBDigital
Real User
Top 5
2021-04-16T22:15:42Z
16 April 21

Many things are missing from the interface that necessitates using the CLI, so it needs to be improved. When I migrated to FortiGate, there many things that I wanted to do, but couldn't. With FortiOS, you can use the router in two modes. The first mode is the profile mode, which is the starter mode that most use, but you have another mode that is a policy mode and is required before creating your firewall rule. The problem is that when you switch from one mode to the other, all of your firewall rules will be gone. This means that you have to decide if you want to use the policy mode firewall or a profile mode firewall. With policy mode, you can have granular control on the application on the firewall rule because the firewall rule works with the source destination protocol. With the application, you have multiple rules, one by one. As an example, you can have one for Skype or one for OneDrive, etc. On the source, you can add a group, and add people to the group, and they can have access to Skype and OneDrive along with others added. You can granularly control applications on the firewall rule with the policy mode, but you don't have access to the proxy mode rules. There are also issues with the antivirus, IPS, and you are forced to switch back to the profile mode where you have less granular control on the application. I have problems with the IPS stability and the antivirus in Policy Based Mode. If the file is bigger, then the antivirus doesn't check it. In policy Based Mode, There are many issues. (Firmware =< 6.4)

Sudeep Maydeo - PeerSpot reviewer
Senior Manager IT at Tata International Limited
Real User
2020-08-12T07:01:00Z
12 August 20

It would be great if they can push the Microsoft updates through Fortinet OS and provide a centralized patch management system. They should also include the data loss prevention (DLP) and data leakage prevention features. They could also add network monitoring more effectively.

PeerSpot user
Technical Head at a tech services company with 51-200 employees
Real User
2020-08-11T06:17:33Z
11 August 20

The product really has everything that we need as far as features for this type of solution and our use case. It works fine for us. One thing that can be improved is the pricing model. It is currently subscription-based and I think they should probably try to change that.

JL
Executive - Data & IP at a comms service provider with 1,001-5,000 employees
Real User
2020-08-05T06:59:29Z
05 August 20

Fortinet needs to make this solution even more robust. Sometimes when we get a DDoS attack, the cannot withstand it. We can run out of sessions very easily. That said, I suppose if you want more a robust system, then you could purchase higher-end solutions, which are more expensive. Still, I would like to see more protection from even in the low-end version. The pricing needs to be improved. It's quite pricey. In terms of the CLI, if they could make it more intuitive, and more user friendly, it would make the solution better. I like to work on CLI instead of through the GUI. If you are used to it then you wouldn't mind the way it works right now. However, for those that don't, there's just a sizeable learning curve.

Rafael Riera - PeerSpot reviewer
Pre-sales Engineer at a wholesaler/distributor with 51-200 employees
Reseller
Top 10
2020-06-30T08:17:34Z
30 June 20

The solution's switches are lacking. They need more features added to them to build them out a bit. The switches are very simple if you compare them with other companies like Cisco or Aruba. Those organizations offer their clients much more. Technical support could be better. Some competitors have much more responsive support teams. I know the last version had NAC, network access control, added inside the firewall. It's a process, however. There's still work to do. The next version will be better. Right now, you can't authenticate other devices. You only can authenticate Forti devices and not devices from other companies. This could be the next addition to the solution that will make its performance even better.

AM
Systems Engineer at a tech services company with 11-50 employees
Real User
2020-06-18T05:17:49Z
18 June 20

Right now, it's very trendy to integrate everything into the cloud. This solution would be more effective if they did more integration in that regard.

SoheylNorozi - PeerSpot reviewer
IT Consultant at a tech services company with 51-200 employees
Real User
2019-08-29T08:53:00Z
29 August 19

One thing that should be improved in future versions is an issue we have observed and had problems with a few times. When we try to reinstall a backup for FortiOS, you need to do a factory reset manually or you lose access to a device. I have experienced this situation a few times and it seems like something that should not be required and they should resolve.

BG
Product Manager & System Engineer at a comms service provider with 51-200 employees
Real User
2019-08-29T08:53:00Z
29 August 19

The solution needs to adjust its pricing model. With the way they are structured, everything is very disparate and sold separately, and, depending on the solution, it can get quite pricey. The solution could be more intuitive. Especially when customers have access to it, it's not as simple and straightforward as some of the other devices I've taken a look at.

KevinTafuro - PeerSpot reviewer
IT Manager at Cloudjet
Real User
2019-08-28T09:52:00Z
28 August 19

Docker Container to have a good integration with kubernetes and more throughput as Cisco FP

CM
Principal Cyber Security Architect at a comms service provider with 5,001-10,000 employees
Reseller
2019-08-28T09:52:00Z
28 August 19

In terms of what needs improvement, the pricing could be lower. The price is very steep. I would like to see in the next release that any client, even small ones from a home office, can run on any access point, not just the one that can be used with Fortinet. It should have an appliance that can be used to support and manage other access points. All the products should be uniform and easy to find.

MH
Technical Manager at AL HIBA INFORMATION TECHNOLOGY SERVICES
Reseller
2019-08-28T09:52:00Z
28 August 19

Their technical support needs improvement. All products have pluses and minuses. It will depend on a client's use case.

Chukwunenye Ekwe Jnr. - PeerSpot reviewer
Senior Presale Manager at a tech services company with self employed
Real User
Top 10
2019-08-26T06:42:00Z
26 August 19

The policies and the way that they are applied can be improved. It could be more direct, as it is an issue for some people. Generally, policy management could be made better and simpler to deploy. The GUI could be improved to make it more usable, easier to administer, and easier to configure.

Mohamed  Fouad - PeerSpot reviewer
IT Manager at a pharma/biotech company with 201-500 employees
Real User
2019-08-26T06:42:00Z
26 August 19

I would like to see a drop in the license fees because it is a rather expensive program.

MS
Director Of Hosting Services at a tech services company with 51-200 employees
Reseller
2019-08-25T05:17:00Z
25 August 19

While the product is good and does provide services we need for authenticating and establishing VPN connections, some time ago we had issues with logins. The login event and the performance for this feature were very poor but have improved.

Mohamed Talbi - PeerSpot reviewer
Network and Security Engineer at a tech consulting company with 1,001-5,000 employees
Real User
2019-08-25T05:17:00Z
25 August 19

In terms of what needs improvements, the troubleshooting could use improvement. When we work with other products like Cisco ASA, Palo Alto, and Check Point, we see a big difference in the troubleshooting. It's not easy to find a report. In order to overcome the problem, you have to install FortiAnalyzer to help you find the troubleshooting problem. FortiOS has its limitations.

Khaled Barakat - PeerSpot reviewer
Technical Consultant at ezz elarab
Consultant
2019-08-25T05:17:00Z
25 August 19

For me, it is important to be able to block VPN applications, like Facebook, so I would like to see that included in the next release. With this version, if you want to block or allow a site, you now have to drag all the domains related to this site.

AC
Tech Engineer at a financial services firm with 201-500 employees
Real User
2019-08-19T05:47:00Z
19 August 19

The signature discs, compared to Palo Alto, aren't as good. It takes more time to get the signature updates. The solution should be on the cloud a bit more. There should be a cookie eater.

LF
Head of Infrastructure Network at innovectives
Real User
2019-08-18T07:52:00Z
18 August 19

The solution is good, but they have poor marketing in Nigeria. They need to market their product better. They need to work on their support. Cisco has the best technical support. In comparison, Fortinet's support takes too long. If you are paying for SLAs, you should also get value from your SLAs. Right now, everybody is moving to the cloud. The solution has already worked on that aspect, and they are embedding security to the cloud. However, security can be more enhanced and as long as they continue to offer more protection I'll be happy.

Emmanuel Munisi - PeerSpot reviewer
IT Field Engineer at Double Click Company
Real User
2019-07-28T07:34:00Z
28 July 19

The internet service is not as reliable in East Africa as in other parts of the world, and as such, the bandwidth that is required for updating the Fortinet OS should be reduced. I would like to see smaller and more frequent updates.

LF
Technical Lead at a tech services company with 51-200 employees
Real User
2019-06-27T06:06:00Z
27 June 19

Reporting, having only recently migrated to 6.04 there will be some time to see what improvements have been made, with some of the menu changes and inclusions through the versions.

Bas Bonvanie - PeerSpot reviewer
System Administrator at HeisterkaMP
Real User
2019-06-26T05:25:00Z
26 June 19

The complexity of the VPNs should be improved. Certain versions of the operating system don't function with our current Fortinet unit. For instance, we've got a 60D FortiGate at our branch offices and the 60D FortiGate doesn't support the latest version of the 40 OS. Because of this, certain Wi-Fi access points that depend on those operating systems don't function so well. So that has room for improvement. I'd like to see that happen.

Related Questions
DL
User at KLA
Mar 23, 2021
I work at a large enterprise manufacturing company.  Between Palo Alto and Fortinet firewalls, which one has better features?
2 out of 4 answers
ABHILASH TH - PeerSpot reviewer
Managing Director at FOX DATA
20 March 21
Hi, Both FT and PA have compelling features for large Enterprises. I would like to add a few good points about Fortinetwhich might be helpful ( from my 13 years of engagement with them as Distributor and Partner) Fortinet:  Have higher throughput; which comes with competitive rates Wide range of models to select to meet your requirement, without spending heavliy Outstanding customer support and very active customer care team Easly available skilled resources from the channel for deployment and post-implementation support  Regards Abhilash
Lucas Damien - PeerSpot reviewer
CTO & co-Founder at Anevia
22 March 21
Hi PaloAlto is better when working on app control feature and special virtual wire links. Execpt that specific point, Fortinet is above. Best Regards, Damien
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
Aug 02, 2022
Hi, We all know it's really hard to get good pricing and cost information. Please share what you can so you can help your peers.
2 out of 25 answers
AC
Tech Engineer at a financial services firm with 201-500 employees
19 August 19
Licensing is renewed on a yearly basis.
MS
Director Of Hosting Services at a tech services company with 51-200 employees
25 August 19
As far as choosing the best licensing solution for your organization, do not buy the cheapest solution. Instead, buy the one that fits the traffic for your company with some room for expansion or headroom. Next year, if the business grows — which is usually what you want to do — you could reach a point where there is more traffic and the performance could become an issue.
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Content at PeerSpot (formerly IT Central Station)
Aug 21, 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technology products and we want your vote! If there’s a technology solution that’s really impressed you, here’s an opportunity to recognize that. It’s easy: go to the PeerSpot voting site, complete the brief voter registration form, review the list of nominees and vote. Get your colleagues to vote, too! ...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out what your peers are discussing and join in the conversation. Ask and answer questions on the topics that interest you most! Read and respond to articles or contribute your own! Trending These are the topics your peers are talking about on PeerSpot this week How do I estimate the requir...
See 1 comment
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
17 August 22
Thank you to all the community members who share their knowledge with other peers! Also, special thanks to the articles' contributors included in this Community Spotlight: @Janet Staver, @Abhirup Sarkar, @Manoj Narayanan, @Beth Safire and @Shibu Babuchandran.
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Jul 05, 2022
Dear PeerSpot community members, This is our latest Community Spotlight for YOU. Here we've summarized and selected the latest posts (professional questions, articles and discussions) contributed by PeerSpot community members.  Check them out! Trending See what your peers are discussing at the moment! What were your main pain points during the SIEM product purchase process? What...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
May 30, 2022
Hi peers, This is our new bi-weekly Community Spotlight that includes recent contributions (questions, articles and discussions) by the PeerSpot community members.  Articles Check the top products and solutions below (selected based on peer reviews) or contribute your own article! Top Security Orchestration Automation and Response (SOAR) Solutions Top 8 Data Loss Prevention (DL...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Jul 11, 2022
Hi community members, As usual, this new Community Spotlight shares with you the latest articles, questions and trending discussions from your peers. Trending See what is trending at the moment and chime in to discuss! Top 8 Extended Detection and Response (XDR) Tools 2022 Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons? What is the...
See 2 comments
Ravi Suvvari - PeerSpot reviewer
Performance and Fault-tolerance Architect with 1,001-5,000 employees
30 May 22
Good very informative
Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a financial services firm with 5,001-10,000 employees
11 July 22
Analyze the wave of product at Gartner Hype Cycle. EDR was good in the past. After that, MDR joined the hype and now, XDR is the trend. Wait for more in a couple of months and (sic) know the ZDR!
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Content at PeerSpot (formerly IT Central Station)
Aug 21, 2022
PeerSpot User's Choice Award 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technol...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Community Spotlight #20
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out w...
Download Free Report
Download our free Fortinet FortiOS Report and get advice and tips from experienced pros sharing their opinions. Updated: October 2022.
DOWNLOAD NOW
635,513 professionals have used our research since 2012.