FortiGate Next Generation Firewall (NGFW) Reviews

The solution is used to monitor daily network activities. FortiGate Next Generation Firewall acts as a security layer between public and private networks in our organization.

The solution successfully mitigates all types of advanced attacks by putting our company's production servers behind the firewall using a DDoS attack prevention system and WAF. FortiGate Next Generation Firewall handles our organization's internal network security. The solution is used mainly in IT companies, just like our organization. 

The WAF and DDoS attack prevention system are the solution's most valuable features. FortiGate Next Generation Firewall has IBS/IPS systems, which are vital for handling cyberattacks. 

More SD-WAN features can be integrated into the FortiGate Next Generation Firewall. The vendor can make efforts to make the solution more budget-friendly. 

I have been using FortiGate Next Generation Firewall for seven years. 

I would rate the stability a ten out of ten. 

I would rate the scalability an eight out of ten. For each purpose, there are different products used in our company from the same vendor. For instance, our company has a dedicated subscription plan for log analytics. Fortinet should host bundle pack subscriptions for its products and add-ons. 

There are more than 150 users of the product in our company. Our company is functional on a hybrid model for employees, and thus, there are not more than a hundred users of the solution in the office at any given time.

Due to the aforementioned work setup, our company is exploring more scalable solutions with end-to-end security features, as many employees are working from remote locations. At our company, for end point protection we use Microsoft Defender. 

At our company, we have Fortinet certified experts in-house, so most of the issues are solved without tech support from vendor. But whenever, an issue was escalated to the support team of FortiGate Next Generation Firewall, our company has received a response on time. 

FortiGate Next-Generation Firewall integrates perfectly with our organization's infrastructure. Our organization is using the solution for more than six years without any integration obstacles, even while integrating to Fortinet Access Points. 

The initial setup process is easy for the solution. There are some configurations and policies that will facilitate routing among the varying traffic, dictating what to allow or block. I would rate the initial setup a nine out of ten. The setup duration depends upon the expertise of the deployment engineer, but on average it can be finished within a day. 

Our investment in security through FortiGate Next Generation Firewall is worth it as there are zero complains regarding the effectiveness of it.

It's an expensive solution. At our company, we updated the license every three years. I would rate the pricing a nine out of ten. Presently we are upgrading the hardware in our organization before the next license renewal date. 

In our company, we have used Sophos about six years ago. Compared to other solutions like Sophos, we found FortiGate Next Generation Firewall to be much more expensive for our organization.

But FortiGate Next Generation Firewall has a more robust hardware and stable configuration, so our company prefers the solution over others. But as the license of the the solution is expiring soon in our company, we might explore some other firewall products from Fortinet as well. 

Our company found that in comparison to Microsoft Defender for Endpoint, FortiGate Next Generation Firewall has a limited number of features and requires an ideal Fortinet environment or infrastructure to function. FortiGate Next Generation Firewall should enhance its endpoint capabilities and be less dependent on Fortinet infrastructure. The product should have cloud solution integration capabilities. 

Since implementing FortiGate Next Generation Firewall, we have not experienced any attack or cyber threat on our company's network. With the solution, we have been able to proactively monitor the network and take preventive measures on time. Our company finds the product reliable in mitigating all kinds of threats. 

Our company expects some AI capabilities from Fortinet solutions. I would advise FortiGate Next Generation Firewall to others as a reliable solution. I would also advise other professionals to run tests with the product as per their requirements before adopting it. The solution has excellent security policies. I would overall rate the product a nine out of ten. 

The most valuable features we found are the SD-WAN, FortiGate SD-WAN, and the standard UTM protection, among others.

If someone doesn't have a certified or skilled technician/engineer, certain configurations, like setting up VLANs and SD-WANs, might not be difficult but can be simplified within FortiGate. The areas that might require more expertise are related to setting up VLANs and configuring SD-WANs, among others.

Therefore, the setup process could be made simpler. 

I've been working with FortiGate Next-Generation Firewall for three years. We are currently working with its latest version.

I would rate it as a nine. It is a stable solution.

I would rate the scalability a five out of ten. It is not very scalable because scalability depends on the model. For instance, the FortiEdge, which is the entry-level model (the smallest model), supports up to about 15 users. Then the next model supports up to around 30 to 40 users, and the following one supports a hundred users. The price increases significantly with more users, which can be a concern.

If I make a guesstimate, I'd say about 20 to 30 of our clients, but they all have multiple branches. So, in total, we have about 200 FortiGate firewalls deployed for our customers, spread across 20 to 30 clients.

Most of our clients fall under the medium to enterprise category. We have clients from financial institutions and big corporate organizations. It's not an entry-level solution, as it might be challenging for small businesses to afford.

Based on the support we receive from our supplier, who is a reseller or vendor of FortiGate, I would rate it at about six. Because it takes time to get support from the vendor. So it is not very fast.

Neutral

I rate my experience with the initial setup six on a scale of ten, where one is difficult and ten is easy. The initial setup of the solution is not difficult; if you have an engineer with certification and experience on other firewalls. For them, it's relatively easy. However, someone without certification and experience with other firewalls might find it a bit more challenging to grasp the FortiGate format and its platform layout.

FortiGate is primarily deployed on-premises. We also have a cloud option for certain referrals with tier-three engineers. We have it in our own data center in our cloud, and we also provide it to some of our customers. However, most of the ones I sell are for end customers, and they typically choose the hardware for on-site deployment.

The duration of the deployment can vary depending on different factors. The timeline can involve various stages, such as ordering from overseas, ensuring stock availability, and finally, setting it up for a specific project. As such, the duration can differ based on these factors. 

Eventually, once we have the stock, we can set up the firewall within about an hour.

I would rate the pricing in the middle, around five out of ten. It also depends on how you sell it. If you want to sell it as a one-time purchase, then I'd put it at a seven. But if you amortize it, it can go down to a four because some customers prefer to pay it off over thirty-six months, as the licensing is for that duration.

There are additional costs to the standard license. While the standard licensing fees include UTM and a few other features, for additional features like FortiAnalyzer, FortiManager, and other PCs that you might need, there are additional costs. For features like FortiManager and FortiAnalyzer, the additional costs do add up. So, while getting the entry-level firewall with basic UTM protection and web filtering is not too bad if you want to add features like analyzer reporting, cloud managers, and FortiManager, the costs can become significantly higher.

Overall, I rate the solution an eight out of ten.

We are using the FortiGate Next Generation Firewall, and we are also providing this solution to our customers.

Customer is investing in this solution. We have observed a reduction in order value costs, approximately one lakh rupees per order, which contributes to reducing overall security costs.

In our territory, the most usable features include WAP content filtering, which is more utilized than IDS, sandbox license, and multiple internet connectivity. These are the primary features we are offering as a solution. 

FortiGate's threat detection capability is excellent. Compared to other solutions, FortiGuard Lab has a very high capacity to detect malware and malicious content.

I would like to see improvements in some of the hard drive features on FortiGate so that we can generate reporting within a single box.

We have been working with FortiGate Next Generation Firewall for the last ten years.

It's reliable and works well within our needs.

FortiGate is scalable. That said, you must change the hardware to scale in capacity.

Technical support has improved over the last two or three years, as Fortinet now operates 24/7 support.

Positive

We have also worked with SonicWall. Compared to SonicWall, FortiGate allows us to make a DNS server, which SonicWall cannot do. SonicWall offers the advantage of providing a free reporting solution.

The price is very aggressive in India as India is a rapidly growing market, the original equipment manufacturer offers competitive pricing.

We have evaluated other solutions like SonicWall and Sophos.

For very small companies, with five to ten users and where cost is a concern, I would not recommend going with FortiGate. 

If only cost is a concern, then it would not be recommended. It is a little bit expensive - the entry-level model is the FZ FortiGate. At the same time, Sophos XZ 86 is an entry-level model, which is more suitable for very small networks.

I'd rate the solution eight out of ten.

We use the solution to provide firewall, cybersecurity, VPN access, and SD-WAN connectivity worldwide.

The GUI is reasonably good. The product is easy to configure.

The product runs out of memory. The web process often has a memory leak. The support cost could be improved.

I have been using the solution for ten years.

The solution’s stability is good. I rate stability a nine out of ten.

The scalability is good. I rate the scalability a ten out of ten. Some customers have 20 users, while others have about 5000 users.

Support is good. It's a bit scripted. It takes a while to get to somebody who knows what they're talking about. It'd be nice to talk to someone technical upfront. Sometimes we have to go through a service desk and go through a whole lot of quick repetitive questions before we get to talk to someone knowledgeable.

I've been working with the product for ten years. I find the initial setup quite simple.

I'm currently deploying 50 units around the country. It'll take me about ten minutes each to configure the solution. Once the product is set up, we need about one or two people to maintain it.

The solution’s price has gone up recently, but it's still good value for money compared to the other firewalls we use. Especially for smaller ones, it is good value for money. Our customers pay for licenses annually or once every two to five years. If we have an older version, the support costs get quite high. I rate the support cost a six out of ten.

I work with lots of firewalls. I deploy the product on FortiManager. It'll take me about a day to configure FortiManager. We have lots of customers. I would recommend the solution to others. Overall, I rate the product a nine out of ten.

First, we use the solution as a native firewall. After a native firewall, we use IPS. We also use NGFW features like antivirus, IPS, and shaping, which are very important features for companies. We also manage all of my products with FortiManager or FortiAnalyzer and collect online data. For another feature, we try to use SD-WAN products. The SD-WAN feature on FortiGate was implemented for a company with thirty or fifty branches. We had a good experience with the conversion between Cisco and FortiGate for secure access points because Now I'm a consultant for network administration, and we have a challenge with choosing one of these, and so for example, someone, if I actually choose a Fortinet product, SD-WAN based on Fortinet, sometimes someone chooses SD-WAN based on Cisco, but because my special is Cisco, I prefer SD-WAN based on Cisco.

One of the weaknesses of the solution is something we noticed, especially after comparing the tool with SD-WAN features, since, unfortunately, in a massive scale size environment, the solution is not good. It cannot be recommended for massive scaling in terms of size, especially for businesses with more than 1,000 branches.

Cisco is very stable, especially on the larger scale side, and it's very important for SD-WAN features. If you try Next Generation Firewall for a big company, then it is good to purchase a Cisco product. However, Cisco's price is a little high and more than Fortinet's prices. But for small companies, it is better to choose Fortinet and FortiGate products, which is important.

A company needs a tool for accounting. Unfortunately, now we don't have any accounting, especially for the quarter and control side. We don't have any solution in FortiGate. However, Sophos Firewall has it, so it is good for Fortinet's next version.

I have been using FortiGate Next Generation Firewall (NGFW) for more than eight years. I am just a technical person, so I'm a solution designer, a network architect involved in network security.

In FortiGate, after FortiOS Version 5.6, it is stable, and there is no problem. However, we had many problems with FortiOS Version 5.0.5 in FortiGate. Now, when we use FortiGate's FortiOS Version 7, we don't have any problems. The solution has improved, and it is a good product now. For a larger scale, my recommendation is to choose a Cisco product like Firepower Services because, in a massive-scale business, stability is very important.

When I survey FortiGate and FortiGate products, I see that they have a good performance, especially in terms of next generation firewalls. In the future, improving such features and performance is absolutely better. Juniper has a better performance compared to FortiGate.

Speaking about technical support, I have a good experience with design, especially in terms of security design and security architecture.

In level one support, they connect to customers directly, which is a part of our work, and we should solve customer problems. But I prefer staying in level two, where we develop, implement, and solve huge and complex problems, because I have had a good experience with this for more than ten years. Also, I think I have good behavior when under heavy pressure.

I think price-wise, the solution is totally reasonable since it has many products to serve, starting from small homes to massive scale sites. A company can choose from one of the offerings by the solution company. Also, it's very important to choose a contract support level. Some companies may choose RMA with support twenty-four hours and seven days a week. So, it depends on the contract support, I think. The Fortinet appliance is a reasonable purchase for companies.

Regarding the license costs, when you choose the 100 series, it is completely different from the 1000 series. It's very important, and so when you choose one-year support or five-year support, or seven-year support, the pricing depends on which one you choose.

In Iran, we have a massive sanction, so we don't use direct support. We don't talk about this. But, concerning my country and direct support from Fortinet, I can't speak about this event. So, in Iran, I don't have an idea about the use of support since we don't use direct support, but we do get indirect support.

When planning to choose FortiGate Next Generation Firewall (NGFW), the scope of the company is very important. Also, it is important for a company to consider if they want one gig, ten gigs, or another concurrent pair concurrent session. Totally, a company's scale and size are very important. After that, for example, we use a prototype with a five gigabit per second, including the performance. However, if we compare Cisco, Fortinet, and other things, Firepower is very good because Cisco's Firepower is a big and active solution which is very strong compared to Fortinet. However, it's very important for a company to have a native firewall, so such companies can't choose from Fortinet series. So, it very much depends on the situation of the company. So, before that, we review a company's requirements and survey network. After that, usually, I recommend the solution. Also, it is very important to have a budget. For example, a company can first tell me about its budget, like, one billion dollars or whatever. After that, we choose a guide and recommend choosing one of the solutions.

I rate the overall solution an eight out of ten.

The most valuable feature of FortiGate Next Generation Firewall is its SD-WAN. The way it has been structured makes life easier. We have used it for remote access, especially at the height of COVID. It works very well.

There are times when we would want to set an IP address on a physical interface and then attach secondary IPs or sub-interfaces on that. I'd like to have as many as possible. There's a limitation wherein you can only have about 30 virtual or secondary IPs on a particular interface. I would like that to be expanded to 254 or 256 secondary IPs.

I have been using FortiGate Next Generation Firewall (NGFW) for five years.

I rate FortiGate Next Generation Firewall ten out of ten for stability.

The good part of the solution is that you can have Virtual Domains (VDOMs) that allow you to use it for multiple use cases. Around 20,000 users are using FortiGate Next Generation Firewall in our organization.

I rate FortiGate Next Generation Firewall an eight out of ten for scalability.

Whenever I have a problem and have to call their technical support team, I can email them. In the next few minutes, we'll get on a Zoom or Teams call and exchange notes.

Positive

The solution’s initial setup was easy. I rate FortiGate Next Generation Firewall an eight out of ten for the ease of its initial setup.

The solution's deployment does not take long. If everything goes fine, you will complete the initial configuration in an hour and test afterward. The testing phase is where you face issues. If you are migrating from another device to FortiGate, you would want everything that was running previously to run even on the newer one.

Three people were required for the solution's deployment, including an external person, myself, and a colleague.

I rate FortiGate Next Generation Firewall a five out of ten for pricing.

I learned from some reviews that FortiGate ranks quite highly compared to Palo Alto and Check Point. Considering our budget, we thought we could manage with FortiGate Next Generation Firewall.

I would strongly recommend FortiGate Next Generation Firewall to others because it's a brilliant next-generation device.

Overall, I rate FortiGate Next Generation Firewall a nine out of ten.

The tool's most valuable feature is IPS. In my experience, I haven't encountered any issues with integration. It easily integrates with the FortiGate solution. However, verifying through documentation and assessing their support is necessary.

Its interface user-friendliness is good. When we present this interface to customers, they find it easy to understand and manage.

Support for courses available on the platform

I rate FortiGate's NGFW's stability a ten out of ten. 

The tool's scalability is good and it has helped our company. I rate it a ten out of ten. We have around 3 customers and 500~800 users. 

There has been a delay in support where I had to wait for a day to receive a response. I believe I might not have used the correct procedure, leading to inaccurate information. Consequently, I did not receive the prompt answer that I was expecting.

Positive

The Cisco Firepower is less stable compared to FortiGate NGFW. Cisco Firepower has a complex interface. 

The solution's deployment is easy. 

The tool's pricing is neither cheap nor expensive. Overall, I find it to be competitive in the market.

I recommend FortiGate NGFW because its interface is easy to understand, making firewall deployment and management straightforward. It has a good market reputation and offers information on cybersecurity, including news, threats, etc. I rate it a ten out of ten. 

FortiGate Next Generation Firewall's design is good. Technically, I haven't used many of its features. The primary purpose we use the solution in our organization is for its SNAT and DNAT functionalities. The solution is also used for its vulnerability patching mechanism.

The solution's GUI is not very appealing. When using a tool from another vendor, we found the GUI of that tool to be quite appealing. FortiGate Next Generation Firewall uses a very old type of GUI, which is not very appealing. The GUI can be improved.

I have been using FortiGate Next Generation Firewall (NGFW) for six months. My company is just a customer of the product.

I am very impressed with the product's stability. Stability-wise, I rate the solution an eight and a half out of ten.

Scalability-wise, I rate the solution a six out of ten.

My company has 2,000 users of the product.

I didn't need any support. The support is good. I wouldn't say the support is bad. I rate the support a seven and a half out of ten.

Neutral

My company seeks the help of vendors to do the initial setup of the product. After that, we just work on policies, SNAT, DNAT, and virtual IPs.

The setup phase was neither difficult nor easy. I rate the setup phase as three or four out of ten on a scale where one is difficult, and ten is easy.

The solution is deployed on-premises.

The solution's deployment took two to three weeks.

Two people were required for the deployment of the product.

The solution's vendor executed the setup phase.

The solution's pricing is quite high when compared to other vendors. I rate the pricing an eight and a half on a scale of one to ten, where one is low, and ten is high.

I highly recommend the solution to those planning to use it.

Overall, I rate the solution a nine out of ten.