FortiGate Next Generation Firewall (NGFW) Reviews

The most valuable features we found are the SD-WAN, FortiGate SD-WAN, and the standard UTM protection, among others.

If someone doesn't have a certified or skilled technician/engineer, certain configurations, like setting up VLANs and SD-WANs, might not be difficult but can be simplified within FortiGate. The areas that might require more expertise are related to setting up VLANs and configuring SD-WANs, among others.

Therefore, the setup process could be made simpler. 

I've been working with FortiGate Next-Generation Firewall for three years. We are currently working with its latest version.

I would rate it as a nine. It is a stable solution.

I would rate the scalability a five out of ten. It is not very scalable because scalability depends on the model. For instance, the FortiEdge, which is the entry-level model (the smallest model), supports up to about 15 users. Then the next model supports up to around 30 to 40 users, and the following one supports a hundred users. The price increases significantly with more users, which can be a concern.

If I make a guesstimate, I'd say about 20 to 30 of our clients, but they all have multiple branches. So, in total, we have about 200 FortiGate firewalls deployed for our customers, spread across 20 to 30 clients.

Most of our clients fall under the medium to enterprise category. We have clients from financial institutions and big corporate organizations. It's not an entry-level solution, as it might be challenging for small businesses to afford.

Based on the support we receive from our supplier, who is a reseller or vendor of FortiGate, I would rate it at about six. Because it takes time to get support from the vendor. So it is not very fast.

Neutral

I rate my experience with the initial setup six on a scale of ten, where one is difficult and ten is easy. The initial setup of the solution is not difficult; if you have an engineer with certification and experience on other firewalls. For them, it's relatively easy. However, someone without certification and experience with other firewalls might find it a bit more challenging to grasp the FortiGate format and its platform layout.

FortiGate is primarily deployed on-premises. We also have a cloud option for certain referrals with tier-three engineers. We have it in our own data center in our cloud, and we also provide it to some of our customers. However, most of the ones I sell are for end customers, and they typically choose the hardware for on-site deployment.

The duration of the deployment can vary depending on different factors. The timeline can involve various stages, such as ordering from overseas, ensuring stock availability, and finally, setting it up for a specific project. As such, the duration can differ based on these factors. 

Eventually, once we have the stock, we can set up the firewall within about an hour.

I would rate the pricing in the middle, around five out of ten. It also depends on how you sell it. If you want to sell it as a one-time purchase, then I'd put it at a seven. But if you amortize it, it can go down to a four because some customers prefer to pay it off over thirty-six months, as the licensing is for that duration.

There are additional costs to the standard license. While the standard licensing fees include UTM and a few other features, for additional features like FortiAnalyzer, FortiManager, and other PCs that you might need, there are additional costs. For features like FortiManager and FortiAnalyzer, the additional costs do add up. So, while getting the entry-level firewall with basic UTM protection and web filtering is not too bad if you want to add features like analyzer reporting, cloud managers, and FortiManager, the costs can become significantly higher.

Overall, I rate the solution an eight out of ten.

We are using the FortiGate Next Generation Firewall, and we are also providing this solution to our customers.

Customer is investing in this solution. We have observed a reduction in order value costs, approximately one lakh rupees per order, which contributes to reducing overall security costs.

In our territory, the most usable features include WAP content filtering, which is more utilized than IDS, sandbox license, and multiple internet connectivity. These are the primary features we are offering as a solution. 

FortiGate's threat detection capability is excellent. Compared to other solutions, FortiGuard Lab has a very high capacity to detect malware and malicious content.

I would like to see improvements in some of the hard drive features on FortiGate so that we can generate reporting within a single box.

We have been working with FortiGate Next Generation Firewall for the last ten years.

It's reliable and works well within our needs.

FortiGate is scalable. That said, you must change the hardware to scale in capacity.

Technical support has improved over the last two or three years, as Fortinet now operates 24/7 support.

Positive

We have also worked with SonicWall. Compared to SonicWall, FortiGate allows us to make a DNS server, which SonicWall cannot do. SonicWall offers the advantage of providing a free reporting solution.

The price is very aggressive in India as India is a rapidly growing market, the original equipment manufacturer offers competitive pricing.

We have evaluated other solutions like SonicWall and Sophos.

For very small companies, with five to ten users and where cost is a concern, I would not recommend going with FortiGate. 

If only cost is a concern, then it would not be recommended. It is a little bit expensive - the entry-level model is the FZ FortiGate. At the same time, Sophos XZ 86 is an entry-level model, which is more suitable for very small networks.

I'd rate the solution eight out of ten.

We use the solution to provide firewall, cybersecurity, VPN access, and SD-WAN connectivity worldwide.

The GUI is reasonably good. The product is easy to configure.

The product runs out of memory. The web process often has a memory leak. The support cost could be improved.

I have been using the solution for ten years.

The solution’s stability is good. I rate stability a nine out of ten.

The scalability is good. I rate the scalability a ten out of ten. Some customers have 20 users, while others have about 5000 users.

Support is good. It's a bit scripted. It takes a while to get to somebody who knows what they're talking about. It'd be nice to talk to someone technical upfront. Sometimes we have to go through a service desk and go through a whole lot of quick repetitive questions before we get to talk to someone knowledgeable.

I've been working with the product for ten years. I find the initial setup quite simple.

I'm currently deploying 50 units around the country. It'll take me about ten minutes each to configure the solution. Once the product is set up, we need about one or two people to maintain it.

The solution’s price has gone up recently, but it's still good value for money compared to the other firewalls we use. Especially for smaller ones, it is good value for money. Our customers pay for licenses annually or once every two to five years. If we have an older version, the support costs get quite high. I rate the support cost a six out of ten.

I work with lots of firewalls. I deploy the product on FortiManager. It'll take me about a day to configure FortiManager. We have lots of customers. I would recommend the solution to others. Overall, I rate the product a nine out of ten.

First, we use the solution as a native firewall. After a native firewall, we use IPS. We also use NGFW features like antivirus, IPS, and shaping, which are very important features for companies. We also manage all of my products with FortiManager or FortiAnalyzer and collect online data. For another feature, we try to use SD-WAN products. The SD-WAN feature on FortiGate was implemented for a company with thirty or fifty branches. We had a good experience with the conversion between Cisco and FortiGate for secure access points because Now I'm a consultant for network administration, and we have a challenge with choosing one of these, and so for example, someone, if I actually choose a Fortinet product, SD-WAN based on Fortinet, sometimes someone chooses SD-WAN based on Cisco, but because my special is Cisco, I prefer SD-WAN based on Cisco.

One of the weaknesses of the solution is something we noticed, especially after comparing the tool with SD-WAN features, since, unfortunately, in a massive scale size environment, the solution is not good. It cannot be recommended for massive scaling in terms of size, especially for businesses with more than 1,000 branches.

Cisco is very stable, especially on the larger scale side, and it's very important for SD-WAN features. If you try Next Generation Firewall for a big company, then it is good to purchase a Cisco product. However, Cisco's price is a little high and more than Fortinet's prices. But for small companies, it is better to choose Fortinet and FortiGate products, which is important.

A company needs a tool for accounting. Unfortunately, now we don't have any accounting, especially for the quarter and control side. We don't have any solution in FortiGate. However, Sophos Firewall has it, so it is good for Fortinet's next version.

I have been using FortiGate Next Generation Firewall (NGFW) for more than eight years. I am just a technical person, so I'm a solution designer, a network architect involved in network security.

In FortiGate, after FortiOS Version 5.6, it is stable, and there is no problem. However, we had many problems with FortiOS Version 5.0.5 in FortiGate. Now, when we use FortiGate's FortiOS Version 7, we don't have any problems. The solution has improved, and it is a good product now. For a larger scale, my recommendation is to choose a Cisco product like Firepower Services because, in a massive-scale business, stability is very important.

When I survey FortiGate and FortiGate products, I see that they have a good performance, especially in terms of next generation firewalls. In the future, improving such features and performance is absolutely better. Juniper has a better performance compared to FortiGate.

Speaking about technical support, I have a good experience with design, especially in terms of security design and security architecture.

In level one support, they connect to customers directly, which is a part of our work, and we should solve customer problems. But I prefer staying in level two, where we develop, implement, and solve huge and complex problems, because I have had a good experience with this for more than ten years. Also, I think I have good behavior when under heavy pressure.

I think price-wise, the solution is totally reasonable since it has many products to serve, starting from small homes to massive scale sites. A company can choose from one of the offerings by the solution company. Also, it's very important to choose a contract support level. Some companies may choose RMA with support twenty-four hours and seven days a week. So, it depends on the contract support, I think. The Fortinet appliance is a reasonable purchase for companies.

Regarding the license costs, when you choose the 100 series, it is completely different from the 1000 series. It's very important, and so when you choose one-year support or five-year support, or seven-year support, the pricing depends on which one you choose.

In Iran, we have a massive sanction, so we don't use direct support. We don't talk about this. But, concerning my country and direct support from Fortinet, I can't speak about this event. So, in Iran, I don't have an idea about the use of support since we don't use direct support, but we do get indirect support.

When planning to choose FortiGate Next Generation Firewall (NGFW), the scope of the company is very important. Also, it is important for a company to consider if they want one gig, ten gigs, or another concurrent pair concurrent session. Totally, a company's scale and size are very important. After that, for example, we use a prototype with a five gigabit per second, including the performance. However, if we compare Cisco, Fortinet, and other things, Firepower is very good because Cisco's Firepower is a big and active solution which is very strong compared to Fortinet. However, it's very important for a company to have a native firewall, so such companies can't choose from Fortinet series. So, it very much depends on the situation of the company. So, before that, we review a company's requirements and survey network. After that, usually, I recommend the solution. Also, it is very important to have a budget. For example, a company can first tell me about its budget, like, one billion dollars or whatever. After that, we choose a guide and recommend choosing one of the solutions.

I rate the overall solution an eight out of ten.

The most valuable feature of FortiGate Next Generation Firewall is its SD-WAN. The way it has been structured makes life easier. We have used it for remote access, especially at the height of COVID. It works very well.

There are times when we would want to set an IP address on a physical interface and then attach secondary IPs or sub-interfaces on that. I'd like to have as many as possible. There's a limitation wherein you can only have about 30 virtual or secondary IPs on a particular interface. I would like that to be expanded to 254 or 256 secondary IPs.

I have been using FortiGate Next Generation Firewall (NGFW) for five years.

I rate FortiGate Next Generation Firewall ten out of ten for stability.

The good part of the solution is that you can have Virtual Domains (VDOMs) that allow you to use it for multiple use cases. Around 20,000 users are using FortiGate Next Generation Firewall in our organization.

I rate FortiGate Next Generation Firewall an eight out of ten for scalability.

Whenever I have a problem and have to call their technical support team, I can email them. In the next few minutes, we'll get on a Zoom or Teams call and exchange notes.

Positive

The solution’s initial setup was easy. I rate FortiGate Next Generation Firewall an eight out of ten for the ease of its initial setup.

The solution's deployment does not take long. If everything goes fine, you will complete the initial configuration in an hour and test afterward. The testing phase is where you face issues. If you are migrating from another device to FortiGate, you would want everything that was running previously to run even on the newer one.

Three people were required for the solution's deployment, including an external person, myself, and a colleague.

I rate FortiGate Next Generation Firewall a five out of ten for pricing.

I learned from some reviews that FortiGate ranks quite highly compared to Palo Alto and Check Point. Considering our budget, we thought we could manage with FortiGate Next Generation Firewall.

I would strongly recommend FortiGate Next Generation Firewall to others because it's a brilliant next-generation device.

Overall, I rate FortiGate Next Generation Firewall a nine out of ten.

The tool's most valuable feature is IPS. In my experience, I haven't encountered any issues with integration. It easily integrates with the FortiGate solution. However, verifying through documentation and assessing their support is necessary.

Its interface user-friendliness is good. When we present this interface to customers, they find it easy to understand and manage.

Support for courses available on the platform

I rate FortiGate's NGFW's stability a ten out of ten. 

The tool's scalability is good and it has helped our company. I rate it a ten out of ten. We have around 3 customers and 500~800 users. 

There has been a delay in support where I had to wait for a day to receive a response. I believe I might not have used the correct procedure, leading to inaccurate information. Consequently, I did not receive the prompt answer that I was expecting.

Positive

The Cisco Firepower is less stable compared to FortiGate NGFW. Cisco Firepower has a complex interface. 

The solution's deployment is easy. 

The tool's pricing is neither cheap nor expensive. Overall, I find it to be competitive in the market.

I recommend FortiGate NGFW because its interface is easy to understand, making firewall deployment and management straightforward. It has a good market reputation and offers information on cybersecurity, including news, threats, etc. I rate it a ten out of ten. 

FortiGate is a popular firewall in Turkey due to its widespread use and strong performance. Technical experts can easily be found for FortiGate, which is very important. Almost every company uses FortiGate internally. FortiGate is user-friendly and reliable, offering good performance at a reasonable cost.

You can integrate certain other services with FortiGate and use additional threat intelligence services because they allow you to combine various solutions, enhancing your overall security.

FortiGate may include AI capabilities and integrate external threat intelligence. However, version management and backup/restore operations could be improved.

I have been using FortiGate Next-Generation Firewall as a reseller for 15 years.

With high availability, this FortiGate allows one device to take over for another seamlessly in case of failure.

I rate the solution’s stability an eight out of ten.

FortiGate is scalable because it supports various models that can accommodate different dimensions. It is suitable for all types of businesses.

I rate the solution’s scalability a nine out of ten.

The initial setup is easy. The firewall setup involves more than just physical installation and basic configurations. It includes customizing specific policies and configurations tailored to the customer's needs, which can take up to two or three days for a single firewall. This process is resource-intensive both in terms of cost and time.

I rate the initial setup a nine out of ten, where one is difficult, and ten is easy.

The product is cheap.

FortiGate Firewall offers advanced threat intelligence capabilities. It allows integration with various threat services, such as Cisco Talos. If you are a customer of both FortiGate and Cisco for threat intelligence, you can integrate Cisco Talos with FortiGate, which enhances security effectiveness through Intelligence.

I recommend FortiGate for every company. It's a highly effective solution that can significantly enhance firewall security. You can easily find technical guides to help you understand its capabilities. FortiGate is known for its reliability and robust features.

Overall, I rate the solution an eight out of ten.

I’ve worked with network and security information since 1999. My use cases for FortiGate are in the telecom environment. In my experience, we have used Fortinet to connect sites. I’m working with an SMB in São Paulo, and we work with small equipment. I have a project to define a model from the end products, and to do that I’m working with a local network to deploy our services. After defining this product, I wire the product through my team so they can make configurations. Sometimes, I work directly with configuration, with third level support.

FortiGate’s connectivity and the SD-WAN is perfect. Likewise, the WiFi ports from Fortinet are very strong.

FortiGate's connectivity for small businesses is not as strong as it can be. If Fortinet includes more information and marketing to small businesses, their presence will be improved.

I have 15 years of experience with Fortinet.

The solution is very stable and doesn’t have any problems.

They are very good and they are quick at solving problems. I have had no problems with them.

Positive

I work with a distributor in Brazil, and their people have a lot of experience with the technology and they are good to work with.

The cost depends on the equipment required. The cost is okay.

Compared with Sophos, for example, Fortinet is similar but simpler to access and the licenses are easier and start using the solution. Sophos’ technology is very similar, but Fortinet has a stronger name and better technology for our technicians.

In Brazil, there is no doubt that Fortinet is the leader when it comes to security solutions. Fortinet works better in a scenario with more of one presented from the same customer. There are many options from other brands for the same customer. When users need one solution to stay securely connected to many sites, Fortinet works well. 40% of all purchases are Fortinet, while another 30% are Sophos and another 30% are Cisco.

I rate FortiGate NGFW a nine out of ten.