FortiGate Next Generation Firewall (NGFW) Reviews

The use cases of the solution depend on what the customer wants from the tool. If a customer is looking for a core firewall, I provide them with FortiGate Next Generation Firewall (NGFW). Suppose a customer is looking for a tool from a patch connectivity perspective with multiple branches and wants those branches to be connected to the data center. In that case, we can suggest FortiGate Next Generation Firewall's features to them.

Routing and reporting are two areas where the product has an added advantage compared to any other product.

Vulnerabilities owing to viruses in the OS need to be reduced in FortiGate Next Generation Firewall from an improvement perspective.

Some vulnerabilities get added to the system every two months, which may be code execution or backend and backdoor issues.

In the future, the product should be able to tackle vulnerabilities. Research and development to increase the product's security capabilities is needed.

I have been using FortiGate Next Generation Firewall for a year now. My company has a partnership with Fortinet.

From a stability perspective considering OS and if the vulnerabilities are present, I rate the stability a seven out of ten since it creates a lot of issues in general.

We suggest FortiGate Next Generation Firewall to small and medium businesses.

When it comes to enterprise-level businesses, and considering the need for two-layer security, consider a perimeter firewall, while I can suggest FortiGate only at a level of a core firewall. Suppose an enterprise customer has multiple branches and more branch networks. In that case, they need SD-WAN connectivity with security, for which I suggest they go for FortiGate's SD-WAN feature.

In general, it will not be enough for enterprise companies to have only Next Generation Firewall alone.

I am not familiar with the technical support team because my support team works with them. The solution's technical support is good. We do not face many issues when dealing with the solution's technical support team.

Previously, we were using Check Point in our company.

Compared to Check Point, FortiGate Next Generation Firewall needs to look at how to improve the way it deals with the vulnerabilities which are not there at Check Point and the security effectiveness provided by Check Point.

It is easy to use and implement since anyone can do its configuration part, but there is some requirement for someone with proper technical skills to implement it properly. I can implement anything in any way, but that doesn't mean I can implement any product properly. The implementation requires certain technical expertise.

The implementation of the solution can take two days.

One person is required for the implementation phase.

The solution's pricing is competitive.

The usefulness of the product is an aspect that depends on the customers using the tool. We cannot even compare two products and say one is good for the customer and the other is bad. If a customer asks me to be an architect for their data center, I would say that for a perimeter firewall, they need to go for Check Point. Coming to a core firewall, if a customer says that they need two layers of security and two different vendors, it should be Check Point on the perimeter level. At the core level, a customer can go for Fortinet. Certain customers prefer the SD-WAN feature from Fortinet if they have branch firewalls and want an SD-WAN feature too. FortiGate has an added advantage because they have an SD-WAN feature with security that we can provide to their branch devices.

I don't have any suggestions for those planning to use the solution since we are pretty new to the solution, and we need to devote time to be able to comment on the solution.

I rate the overall product an eight out of ten.

There are many features that we can use. We can see all the logs. Additionally, we can connect with other devices like the FortiManager. We also have a new feature.

We mainly use the Next Generation Firewall for enhancing security. It has powerful capabilities compared to traditional firewalls, especially when dealing with current threats like those in Azure. The Next Generation Firewall can handle more effectively.

The FortiGate Next-Generation Firewall is always updating. For example, if there is a big attack, they fix it in their firmware. They release new firmware with the necessary patches to address the vulnerabilities.

Mainly, we are more secure than with the traditional firewall. The Next Generation Firewall helps a lot in defending against various types of attacks.

In terms of solutions, for now, we don't have any SD-WAN. Yeah. We are planning to implement SD-WAN due to some failures we experienced last year. For our high availability design, this would be beneficial.

So I would like to have SD-WAN as a part of the Next Generation Firewall. It would enhance high availability.

I work with the FortiGate Next-Generation Firewall. We started using FortiGate about five to six years ago. We have been using various versions and migrated to newer ones over time.

It's stable, quite stable. We also have it set up as a firewall with high availability. We were also talking about SD-WAN for our future plans for our stores, mainly for the internal lines, because this SD-WAN technology is something we would like to implement.

It is a scalable solution. We can connect it to any network or with other brands, not only Fortinet. For instance, we can configure it with Cisco or any other brand for connectivity.

In our company, it protects around 500 endpoints.

Customer service and support have different levels of support—level one, level two, level three—based on the severity of the issue. They can also provide scheduled delivery. We usually never face any significant problems with their support.

I am satisfied with the support. They have good knowledge. 

The first setup process was easy to do. It was not difficult at all. 

We set it up ourselves. We created policies, firewall rules, IPsec VPN configurations, and everything was handled by our team.

The deployment took around five days, and the process was quite easy. The setup was straightforward. If we encountered any issues, we could contact Fortinet support. They were helpful and provided support through the hotline in urgent issues.

Maintenance is quite easy. I did it myself. It's user-friendly. We can use the GUI, or we can use the command line, but the GUI is more user-friendly. So it's good.

The price is not very expensive compared to Cisco or Palo Alto. Like Palo Alto, which is the most expensive product.

We have always been using Fortinet. It has been quite stable for us.

I would recommend it to other users. Overall, I would rate the solution a nine out of ten. It is a good solution.

We use FortiGate NGFW to secure our network gateways. These devices, functioning as UTM solutions, were impressive in fending off various threats. FortiGate excelled with its anti-spam, antivirus, and firewall features at the network level. Beyond security, it is seamlessly integrated with networking tools like Zendesk.

The most valuable aspects of FortiGate NGFW are its top-notch reputation in peer reviews, user-friendly interface, and excellent support. It stood out during external penetration tests, proving its effectiveness compared to our previous firewall. The seamless integration with other tools and thorough testing set FortiGate apart. Replacing our old firewall with Fortinet was a game-changer, especially as it helped us improve our performance in subsequent penetration tests.

FortiGate has been solid for us, but I see room to explore its integration with Secure Service Automation for a more comprehensive security view. The initial migration had some challenges, but they were manageable. Now, my focus is on automating responses to alerts, especially during nighttime attacks. I want to investigate how FortiGate can connect with other solutions, like SIEM, to enhance our security measures while offline.

I have been using FortiGate NGFW for a year.

It is quite stable.

FortiGate is scalable, and we currently use it for approximately 300 internal users, with additional offshore teams connecting via VPN. The total user count, including the offshore teams from different countries and continents, is around 400 to 500 people.

We contacted Fortinet's technical support during a firmware upgrade issue. They guided the upgrade process, and their support was capable and helpful. I would rate them as a ten out of ten.

Positive

In comparing FortiGate with other solutions like Cyberoam, I have found Fortinet to excel in various aspects. For instance, its intrusion detection capabilities stand out, providing instant alerts compared to some firewalls that take up to 24 hours. While I can't quantify percentages, Fortinet's performance, especially in areas like responsiveness, has been notably better in my experience.

Setting up FortiGate NGFW was straightforward, with some considerations during the migration process. Migrating from an old firewall required meticulous rule review and manual configuration. Ensuring adherence to best practices and testing in a beta environment were crucial steps. We also coordinated with our ISP to clear the ARP cache for a smooth transition. Despite a minor misconfiguration leading to an issue, we swiftly addressed it over a weekend with minimal impact. Regular backups and failover tests added an extra layer of assurance. A team of three people deployed it. The deployment and migration from the old firewall to FortiGate took approximately one month. To ensure a smooth transition for our 24/7 operations, we invested extra time for thorough testing and rule validation.

The pricing and licensing costs for FortiGate are quite reasonable, especially for an SMB like ours. While solutions like Check Point and Palo Alto are excellent, Fortinet's affordability played a significant role in our decision-making process.

FortiGate for SMBs impressively covers most features, and in my experience with Cisco, Symantec, SonicWall, and others, FortiGate stands out. It has exceeded my expectations. While I haven't explored Check Point due to budget constraints, FortiGate's pricing makes it a top choice. Palo Alto and Check Point are excellent but would likely have been my preference if pricing aligned. Overall, FortiGate has been a standout performer in terms of features and value.

For those starting with FortiGate NGFW, my advice is to thoroughly explore its features. I recently recommended it to a healthcare entity due to its effectiveness and user-friendly interface. The fact that they already had Fortinet in another enterprise speaks volumes about its reliability and performance. Overall, I would rate it as an eight out of ten.

The tool's most valuable feature is IPS. In my experience, I haven't encountered any issues with integration. It easily integrates with the FortiGate solution. However, verifying through documentation and assessing their support is necessary.

Its interface user-friendliness is good. When we present this interface to customers, they find it easy to understand and manage.

Support for courses available on the platform

I rate FortiGate's NGFW's stability a ten out of ten. 

The tool's scalability is good and it has helped our company. I rate it a ten out of ten. We have around 3 customers and 500~800 users. 

There has been a delay in support where I had to wait for a day to receive a response. I believe I might not have used the correct procedure, leading to inaccurate information. Consequently, I did not receive the prompt answer that I was expecting.

Positive

The Cisco Firepower is less stable compared to FortiGate NGFW. Cisco Firepower has a complex interface. 

The solution's deployment is easy. 

The tool's pricing is neither cheap nor expensive. Overall, I find it to be competitive in the market.

I recommend FortiGate NGFW because its interface is easy to understand, making firewall deployment and management straightforward. It has a good market reputation and offers information on cybersecurity, including news, threats, etc. I rate it a ten out of ten. 

The solution is used in my company since its management is very comfortable. If we compare Fortinet and Cisco, Fortinet's web interface is more user-friendly and offers speed.

We use the solution's URL filtering, IPS, SSL, and, specifically, SSL encryption. In general, the tool offers a user-friendly interface and pleasant management.

I cannot say anything about the product's price, and the tool does not need any customizations.

A firewall has different levels of productivity that its customers can use in their official branches, which can be small offices, big offices, or enterprise-sized organizations. The vendors offer models with different levels of productivity of the product to its users, which is not possible in FortiGate Next Generation Firewall (NGFW). It lacks integration options. I would like the tool to offer its users more integration options. Most of the vendors of NGFW offer integrations open with different solutions. FortiGate is able to integrate with Cisco or Microsoft. FortiGate has a lot of possibilities in terms of integration with other vendors, so the integration capabilities of the tool need improvement. FortiGate Next Generation Firewall (NGFW) has OpenAPI, which gives customers an option to integrate the tool into their custom software.

I have been using FortiGate Next Generation Firewall (NGFW) for seven to nine months. I use the solution's latest version. My company has a partnership with Fortinet.

Stability-wise, I rate the solution a nine out of ten.

Scalability-wise, I rate the solution an eight out of ten.

Around 3,000 or more use the solution in our company. We have three appliances in total, each having a thousand users.

I rate the technical support a seven out of ten.

The support does open a case when an issue is raised, but since it is the USA, despite the support hearing our problems, they do get late to respond. We only have issues with the support of low priority. I never open high-priority cases with the support team.

Neutral

On a scale of one to ten, where one is difficult and ten is easy, I rate the initial setup an eight or nine. It is easy to install since it can be done with small configuration steps.

The solution is deployed on the cloud. Most of the firewall devices are deployed on the cloud, especially since NGFW of different vendors work on the cloud.

The deployment can be done in just a week since we need to find answers to some questions from our management and our security department. We need to get certain approvals in terms of the security policies before proceeding with the deployment phase.

One or two people are enough for the deployment process.

To those planning to use it, I would suggest that they opt for a pilot offering from FortiGate and try to use it to understand and figure out its advantages and disadvantages.

I like FortiGate Next Generation Firewall (NGFW) more than Cisco, even though I have worked more with the latter tool than the former.

Overall, I rate the solution a nine out of ten.

I work for an integrator in Nigeria, and we implement all these solutions for our clients. I've done a lot of deployments on Fortinet, deploying all from FortiAP to FortiSwitch. I integrated it with FortiGate, FortiManager, SD-WAN, deployment, security, and the like.

I found the upgrades valuable. Normally, when you want to upgrade an enterprise firewall, the customer always requests a box swap, whereby we look at the new firmware and compare it to know if there will be any configuration changes. These are the parts where we have to bring in the OEM to do it. But with the new FortiGate firmware, it helps do that by providing reporting and helps you to give the customer the comfort of saying you can upgrade the firewall and describe what changes and issues you would expect. Basically, out-of-the-box management.

One area for improvement is the IPS engine, which is something that needs to be improved on. I've had so many issues whereby I have high CPU usage, and when I check, I see it's being consumed by the IPS engine. I have to upgrade the IPS engine firmware and all that. That has been the main pain point with FortiGate. Likewise, customer support could improve.

I've been working on FortiGate for about five years now, and I'm working with the latest version.

The solution is stable apart from the IPS engine issue, so I rate stability a seven out of ten. Stability depends on the operational team. If you have a good operational team that knows what you are doing, you always gain stability with most of your solutions. But if you have an operational team that is not so strong, you will always have issues with that solution because they will keep making human errors that will keep disrupting the services you offer. For example, in 2021, I was working as the cyber delivery manager for MTN, and I was managing the FortiGate infrastructure. In that one year, I never had any incident on FortiGate. But after I left, they started having frequent issues because of human errors. From a management perspective, if I were the CTO during that period, I would assume that FortiGate Firewall is not a good firewall. But that is not the case. It is the person who handles it that determines the stability. If you know how to do your health check properly and how to output the firewall properly, I'm sure FortiGate will be stable. I'm rating the stability as seven just to be in the middle. If it's being handled by a less experienced operational team, I'm sure you will have issues because they always perform changes, they don't know when to perform the kind of change they are performing, and that might disrupt the services. But if I rate FortiGate based on myself, I give it a nine out of ten.

I rate FortiGate's scalability a nine out of ten. Out of every ten enterprises in Africa, six currently use FortiGate. MTN is one of our major customers, and we helped them migrate from Cisco and Juniper to FortiGate.

The ease with the initial setup depends on the deployment. I've deployed FortiGate for different use cases. I've deployed it using internal segmentation. I've deployed it using it as a data center firewall, doing east and west. I've deployed FortiGate on the perimeter edge, whereby we have the SSL VPN and site-to-site VPN. But overall, I rate the initial setup an eight out of ten because it's always been very easy.

There are timelines with projects, so the time taken to deploy the solution depends on the scale of the project. If it's just a perimeter firewall where I have to migrate from one firewall, like the Cisco firewall, to the Fortinet firewall, it takes me nothing less than a week. It takes a day using the FortiConverter to convert the configuration from Cisco to Fortinet and maybe another two days to look at the configuration properly on my FortiGate before I'm confident enough to tell the customer to schedule maintenance for us to migrate the services. It depends on the customer, so in a nutshell, from kickoff to the close date is not always an exact amount, but generally no more than a month.

The deployment time taken depends on the customer's availability and their response because it's not totally dependent on me being the technical engineer. It depends on how fast they provide me with all the information I need to complete the deployments and determines how fast I can close the project. If the customer is very responsive, it takes us about three weeks to close the project.

FortiGate is much cheaper than other OEMs such as Cisco, Palo Alto, and Check Point. I'll rate FortiGate's pricing a five out of ten since it is moderately priced.

Currently, we are pushing all our clients to adopt the Fortinet cloud firewall instead of using the native solutions found on the different cloud environments they use, like Azure and Google, because they are not really effective.

FortiGate is a very good firewall that has a lot of features, and it's a firewall that gives the same stability as enterprise ones, and it gives you scalability in terms of deployment and operational management. I rate FortiGate NGFW a nine out of ten.

We are using the FortiGate Next Generation Firewall, and we are also providing this solution to our customers.

Customer is investing in this solution. We have observed a reduction in order value costs, approximately one lakh rupees per order, which contributes to reducing overall security costs.

In our territory, the most usable features include WAP content filtering, which is more utilized than IDS, sandbox license, and multiple internet connectivity. These are the primary features we are offering as a solution. 

FortiGate's threat detection capability is excellent. Compared to other solutions, FortiGuard Lab has a very high capacity to detect malware and malicious content.

I would like to see improvements in some of the hard drive features on FortiGate so that we can generate reporting within a single box.

We have been working with FortiGate Next Generation Firewall for the last ten years.

It's reliable and works well within our needs.

FortiGate is scalable. That said, you must change the hardware to scale in capacity.

Technical support has improved over the last two or three years, as Fortinet now operates 24/7 support.

Positive

We have also worked with SonicWall. Compared to SonicWall, FortiGate allows us to make a DNS server, which SonicWall cannot do. SonicWall offers the advantage of providing a free reporting solution.

The price is very aggressive in India as India is a rapidly growing market, the original equipment manufacturer offers competitive pricing.

We have evaluated other solutions like SonicWall and Sophos.

For very small companies, with five to ten users and where cost is a concern, I would not recommend going with FortiGate. 

If only cost is a concern, then it would not be recommended. It is a little bit expensive - the entry-level model is the FZ FortiGate. At the same time, Sophos XZ 86 is an entry-level model, which is more suitable for very small networks.

I'd rate the solution eight out of ten.

We use the solution in our network.

IPsec is valuable. Internet filters are valuable features. The solution is secure. The VPN is good.

The performance can be improved.

The tool is stable.

We have around 90 users.

We contacted support while we worked with IPsec. The support team helped us.

Positive

The deployment of IPsec took around 5 hours for 90 users.

The security provided by the product is our return on investment.

The tool is moderately priced. We pay $500 per year for the license.

Overall, I rate the product a ten out of ten.