FortiGate Next Generation Firewall (NGFW) Reviews

First, we use the solution as a native firewall. After a native firewall, we use IPS. We also use NGFW features like antivirus, IPS, and shaping, which are very important features for companies. We also manage all of my products with FortiManager or FortiAnalyzer and collect online data. For another feature, we try to use SD-WAN products. The SD-WAN feature on FortiGate was implemented for a company with thirty or fifty branches. We had a good experience with the conversion between Cisco and FortiGate for secure access points because Now I'm a consultant for network administration, and we have a challenge with choosing one of these, and so for example, someone, if I actually choose a Fortinet product, SD-WAN based on Fortinet, sometimes someone chooses SD-WAN based on Cisco, but because my special is Cisco, I prefer SD-WAN based on Cisco.

One of the weaknesses of the solution is something we noticed, especially after comparing the tool with SD-WAN features, since, unfortunately, in a massive scale size environment, the solution is not good. It cannot be recommended for massive scaling in terms of size, especially for businesses with more than 1,000 branches.

Cisco is very stable, especially on the larger scale side, and it's very important for SD-WAN features. If you try Next Generation Firewall for a big company, then it is good to purchase a Cisco product. However, Cisco's price is a little high and more than Fortinet's prices. But for small companies, it is better to choose Fortinet and FortiGate products, which is important.

A company needs a tool for accounting. Unfortunately, now we don't have any accounting, especially for the quarter and control side. We don't have any solution in FortiGate. However, Sophos Firewall has it, so it is good for Fortinet's next version.

I have been using FortiGate Next Generation Firewall (NGFW) for more than eight years. I am just a technical person, so I'm a solution designer, a network architect involved in network security.

In FortiGate, after FortiOS Version 5.6, it is stable, and there is no problem. However, we had many problems with FortiOS Version 5.0.5 in FortiGate. Now, when we use FortiGate's FortiOS Version 7, we don't have any problems. The solution has improved, and it is a good product now. For a larger scale, my recommendation is to choose a Cisco product like Firepower Services because, in a massive-scale business, stability is very important.

When I survey FortiGate and FortiGate products, I see that they have a good performance, especially in terms of next generation firewalls. In the future, improving such features and performance is absolutely better. Juniper has a better performance compared to FortiGate.

Speaking about technical support, I have a good experience with design, especially in terms of security design and security architecture.

In level one support, they connect to customers directly, which is a part of our work, and we should solve customer problems. But I prefer staying in level two, where we develop, implement, and solve huge and complex problems, because I have had a good experience with this for more than ten years. Also, I think I have good behavior when under heavy pressure.

I think price-wise, the solution is totally reasonable since it has many products to serve, starting from small homes to massive scale sites. A company can choose from one of the offerings by the solution company. Also, it's very important to choose a contract support level. Some companies may choose RMA with support twenty-four hours and seven days a week. So, it depends on the contract support, I think. The Fortinet appliance is a reasonable purchase for companies.

Regarding the license costs, when you choose the 100 series, it is completely different from the 1000 series. It's very important, and so when you choose one-year support or five-year support, or seven-year support, the pricing depends on which one you choose.

In Iran, we have a massive sanction, so we don't use direct support. We don't talk about this. But, concerning my country and direct support from Fortinet, I can't speak about this event. So, in Iran, I don't have an idea about the use of support since we don't use direct support, but we do get indirect support.

When planning to choose FortiGate Next Generation Firewall (NGFW), the scope of the company is very important. Also, it is important for a company to consider if they want one gig, ten gigs, or another concurrent pair concurrent session. Totally, a company's scale and size are very important. After that, for example, we use a prototype with a five gigabit per second, including the performance. However, if we compare Cisco, Fortinet, and other things, Firepower is very good because Cisco's Firepower is a big and active solution which is very strong compared to Fortinet. However, it's very important for a company to have a native firewall, so such companies can't choose from Fortinet series. So, it very much depends on the situation of the company. So, before that, we review a company's requirements and survey network. After that, usually, I recommend the solution. Also, it is very important to have a budget. For example, a company can first tell me about its budget, like, one billion dollars or whatever. After that, we choose a guide and recommend choosing one of the solutions.

I rate the overall solution an eight out of ten.

The solution is used in my company since its management is very comfortable. If we compare Fortinet and Cisco, Fortinet's web interface is more user-friendly and offers speed.

We use the solution's URL filtering, IPS, SSL, and, specifically, SSL encryption. In general, the tool offers a user-friendly interface and pleasant management.

I cannot say anything about the product's price, and the tool does not need any customizations.

A firewall has different levels of productivity that its customers can use in their official branches, which can be small offices, big offices, or enterprise-sized organizations. The vendors offer models with different levels of productivity of the product to its users, which is not possible in FortiGate Next Generation Firewall (NGFW). It lacks integration options. I would like the tool to offer its users more integration options. Most of the vendors of NGFW offer integrations open with different solutions. FortiGate is able to integrate with Cisco or Microsoft. FortiGate has a lot of possibilities in terms of integration with other vendors, so the integration capabilities of the tool need improvement. FortiGate Next Generation Firewall (NGFW) has OpenAPI, which gives customers an option to integrate the tool into their custom software.

I have been using FortiGate Next Generation Firewall (NGFW) for seven to nine months. I use the solution's latest version. My company has a partnership with Fortinet.

Stability-wise, I rate the solution a nine out of ten.

Scalability-wise, I rate the solution an eight out of ten.

Around 3,000 or more use the solution in our company. We have three appliances in total, each having a thousand users.

I rate the technical support a seven out of ten.

The support does open a case when an issue is raised, but since it is the USA, despite the support hearing our problems, they do get late to respond. We only have issues with the support of low priority. I never open high-priority cases with the support team.

Neutral

On a scale of one to ten, where one is difficult and ten is easy, I rate the initial setup an eight or nine. It is easy to install since it can be done with small configuration steps.

The solution is deployed on the cloud. Most of the firewall devices are deployed on the cloud, especially since NGFW of different vendors work on the cloud.

The deployment can be done in just a week since we need to find answers to some questions from our management and our security department. We need to get certain approvals in terms of the security policies before proceeding with the deployment phase.

One or two people are enough for the deployment process.

To those planning to use it, I would suggest that they opt for a pilot offering from FortiGate and try to use it to understand and figure out its advantages and disadvantages.

I like FortiGate Next Generation Firewall (NGFW) more than Cisco, even though I have worked more with the latter tool than the former.

Overall, I rate the solution a nine out of ten.

In order to make it even better in the future, improved integration with other vendors' solutions could be beneficial.

FortiGate is compatible enough with other infrastructures, but I encountered difficulties when attempting integration with other infrastructures. So, better compatibility could be an area for improvement.

Another area of improvement could be in terms of changing passwords. For instance, when using FortiGate firewall, you can have the option to set up SSL VPN, allowing users to connect to the network externally. It's like using FortiClient software. But here's the thing, when you have a local account on FortiGate, and you use it to access the network, there is no option to change your password, and that becomes a problem. Especially when you are not using Active Directory and instead relying on the local FortiGate database to create accounts. 

The admin creates the account for you with credentials and a password. But when you try to access using the VPN client software, you have the ability to change your password, and that's not ideal. It's quite challenging. So, if you need to change your password, you have to contact the administrator to change it on the equipment, and that's not convenient, especially in large environments. So, that could be the only solution.

In terms of personal experience, I've been using the product for about seven years. In my current company, it has been three years.

I'm using version 7 for the majority of my equipment, and for some products, it's version 6.6 or something similar.

The product is stable. It offers good stability.

It is a scalable solution. 

The customer service and support have been satisfactory so far.

Positive

FortiGate Next Generation Firewall (NGFW) is easy to deploy. The deployment process is smooth and straightforward.

In my experience, the ROI has been positive.

The price of FortiGate Next Generation Firewall (NGFW) is affordable. I believe it offers reasonable value for the features it provides.

If you're using the IPS version, particularly for ATP, the price is higher due to the IP functionality. However, for other features like web filtering, the price is reasonable. For a year, the license cost for ATP is around $8000. 

So far, I haven't had to pay separately for maintenance or support. It's usually included in the support package, including software support.

Overall, I am satisfied with the product. I would rate it a nine out of ten. 

If you are using it in a small environment, you can go for the FortiGate product. However, if you are implementing it in a very large environment or have specific needs, it's recommended to couple FortiGate with another vendor's solution, like Cisco or Palo Alto. 

FortiGate Next Generation Firewall's design is good. Technically, I haven't used many of its features. The primary purpose we use the solution in our organization is for its SNAT and DNAT functionalities. The solution is also used for its vulnerability patching mechanism.

The solution's GUI is not very appealing. When using a tool from another vendor, we found the GUI of that tool to be quite appealing. FortiGate Next Generation Firewall uses a very old type of GUI, which is not very appealing. The GUI can be improved.

I have been using FortiGate Next Generation Firewall (NGFW) for six months. My company is just a customer of the product.

I am very impressed with the product's stability. Stability-wise, I rate the solution an eight and a half out of ten.

Scalability-wise, I rate the solution a six out of ten.

My company has 2,000 users of the product.

I didn't need any support. The support is good. I wouldn't say the support is bad. I rate the support a seven and a half out of ten.

Neutral

My company seeks the help of vendors to do the initial setup of the product. After that, we just work on policies, SNAT, DNAT, and virtual IPs.

The setup phase was neither difficult nor easy. I rate the setup phase as three or four out of ten on a scale where one is difficult, and ten is easy.

The solution is deployed on-premises.

The solution's deployment took two to three weeks.

Two people were required for the deployment of the product.

The solution's vendor executed the setup phase.

The solution's pricing is quite high when compared to other vendors. I rate the pricing an eight and a half on a scale of one to ten, where one is low, and ten is high.

I highly recommend the solution to those planning to use it.

Overall, I rate the solution a nine out of ten.

The company uses FortiGate to offer protection for clients transitioning from MPLS to Internet, ensuring security for this new type of connection. In Brazil, clients typically seek protection, and FortiGate is used to offer such solutions. We start with this new kind of connection, explaining and training clients about the product.

With the FortiGate solutions, I see a benefit in controlling the bandwidth and managing users' access. It's important for leading the market and helping IT managers use the solution.

The common valuable feature for FortiGate is its UTM functionality, which includes various features under a license that is commonly implemented. FortiGate is widely used across fifty percent of the solutions in Brazil, making it a prevalent choice for many clients. It's beneficial because it allows the orchestration of networks with multiple vendors like Huawei, Cisco, and Juniper.

Improvements could be made when companies expand and need better equipment and more licenses. Additionally, a way to upgrade equipment when increasing Internet bandwidth is necessary. Companies often have to quickly close negotiations due to exchange rate changes affecting budgets.

I have had about five years of experience with FortiGate.

FortiGate offers good support, especially for telcos that have engineers inside the SOC to provide solutions to problems.

Positive

Previously, I worked with FortiGate. Now, I am studying to use Huawei. My current company has various solutions, though their firewall is not as developed. FortiGate is known for its firewall solutions, however, with Huawei, it’s a hard work to establish the offering.

The initial setup for FortiGate is straightforward and easy. The company frequently conducts meetings to present their solutions in Brazil, helping to streamline the process.

Using FortiGate has enabled us to increase security, control user access, manage bandwidth, and enhance the ability to provide a variety of operations solutions to clients.

We work with a price list that changes every three or six months, however, we purchase in dollars. The exchange rate between the local currency and dollars affects the budget of our clients, so we need to quickly close negotiations.

The clients in Brazil often use Fortinet, given its familiarity and integration with existing networks comprising vendors such as Huawei, Cisco, and sometimes Juniper.

It’s crucial to understand the client’s necessity first and implement only the solutions needed initially, expanding later with more solutions as required.

I'd rate the solution nine out of ten.

I work for an integrator in Nigeria, and we implement all these solutions for our clients. I've done a lot of deployments on Fortinet, deploying all from FortiAP to FortiSwitch. I integrated it with FortiGate, FortiManager, SD-WAN, deployment, security, and the like.

I found the upgrades valuable. Normally, when you want to upgrade an enterprise firewall, the customer always requests a box swap, whereby we look at the new firmware and compare it to know if there will be any configuration changes. These are the parts where we have to bring in the OEM to do it. But with the new FortiGate firmware, it helps do that by providing reporting and helps you to give the customer the comfort of saying you can upgrade the firewall and describe what changes and issues you would expect. Basically, out-of-the-box management.

One area for improvement is the IPS engine, which is something that needs to be improved on. I've had so many issues whereby I have high CPU usage, and when I check, I see it's being consumed by the IPS engine. I have to upgrade the IPS engine firmware and all that. That has been the main pain point with FortiGate. Likewise, customer support could improve.

I've been working on FortiGate for about five years now, and I'm working with the latest version.

The solution is stable apart from the IPS engine issue, so I rate stability a seven out of ten. Stability depends on the operational team. If you have a good operational team that knows what you are doing, you always gain stability with most of your solutions. But if you have an operational team that is not so strong, you will always have issues with that solution because they will keep making human errors that will keep disrupting the services you offer. For example, in 2021, I was working as the cyber delivery manager for MTN, and I was managing the FortiGate infrastructure. In that one year, I never had any incident on FortiGate. But after I left, they started having frequent issues because of human errors. From a management perspective, if I were the CTO during that period, I would assume that FortiGate Firewall is not a good firewall. But that is not the case. It is the person who handles it that determines the stability. If you know how to do your health check properly and how to output the firewall properly, I'm sure FortiGate will be stable. I'm rating the stability as seven just to be in the middle. If it's being handled by a less experienced operational team, I'm sure you will have issues because they always perform changes, they don't know when to perform the kind of change they are performing, and that might disrupt the services. But if I rate FortiGate based on myself, I give it a nine out of ten.

I rate FortiGate's scalability a nine out of ten. Out of every ten enterprises in Africa, six currently use FortiGate. MTN is one of our major customers, and we helped them migrate from Cisco and Juniper to FortiGate.

The ease with the initial setup depends on the deployment. I've deployed FortiGate for different use cases. I've deployed it using internal segmentation. I've deployed it using it as a data center firewall, doing east and west. I've deployed FortiGate on the perimeter edge, whereby we have the SSL VPN and site-to-site VPN. But overall, I rate the initial setup an eight out of ten because it's always been very easy.

There are timelines with projects, so the time taken to deploy the solution depends on the scale of the project. If it's just a perimeter firewall where I have to migrate from one firewall, like the Cisco firewall, to the Fortinet firewall, it takes me nothing less than a week. It takes a day using the FortiConverter to convert the configuration from Cisco to Fortinet and maybe another two days to look at the configuration properly on my FortiGate before I'm confident enough to tell the customer to schedule maintenance for us to migrate the services. It depends on the customer, so in a nutshell, from kickoff to the close date is not always an exact amount, but generally no more than a month.

The deployment time taken depends on the customer's availability and their response because it's not totally dependent on me being the technical engineer. It depends on how fast they provide me with all the information I need to complete the deployments and determines how fast I can close the project. If the customer is very responsive, it takes us about three weeks to close the project.

FortiGate is much cheaper than other OEMs such as Cisco, Palo Alto, and Check Point. I'll rate FortiGate's pricing a five out of ten since it is moderately priced.

Currently, we are pushing all our clients to adopt the Fortinet cloud firewall instead of using the native solutions found on the different cloud environments they use, like Azure and Google, because they are not really effective.

FortiGate is a very good firewall that has a lot of features, and it's a firewall that gives the same stability as enterprise ones, and it gives you scalability in terms of deployment and operational management. I rate FortiGate NGFW a nine out of ten.

As for us, the IPS and the application control feature are the most valuable.

Maybe the room for improvement is to have more flexibility on the virtual machines of their next-generation platforms. 

So far, FortiGate is really pricey and comes with some restrictions. FortiGate NGFW can enhances that to make it easier to be deployed.

I have been using the latest version of FortiGate Next Generation Firewall (NGFW) for eight to ten years.

As for the stability of the FortiGate Next Generation Firewall (NGFW), I would rate it a nine out of ten.

The scalability of the FortiGate Next Generation Firewall (NGFW) is good. In our organization, we have our data centers having FortiGate, and our customers are selling FortiGate. So the number of users, you can say 100 in my organization.

I would rate the scalability an eight out of ten.

I don't have premium support or something from their side, but I would like basic support.

Neutral

The deployment depends on the architecture, but simple deployment can take up to five to ten minutes, and you are done. It's an easy deployment when you know what you need, actually. It requires one person to deploy it.

I would rate the initial setup an eight out of ten.

I would rate the pricing of appliances. So, outside appliances are maybe four, but the virtual machine is, like, eight. It is too expensive for virtual licenses.

We evaluated Sophos and WatchGuard in the past. Fortunately, definitely and technically, for the supposed deployments using the platform is much easier and much more efficient.

My advice would be just go for it. It is a really nice solution, scalable and stable, most importantly. It is easy to use, and all the security features are available. Also, it is very flexible for all sorts of deployments. I would recommend it certainly compared to any other firewall providers.

Overall, I would rate the solution a nine out of ten. 

There are numerous features and benefits depending on the specific use case. Fortinet offers comprehensive security solutions for various purposes. I can deploy different solutions and more. 

There is room for improvement in pricing. 

I have almost five years of experience with FortiGate NGFW. I work with the firewall for small businesses and enterprises. Currently, I'm using the enterprise version.

As for the models, I mainly use FortiGate 6800, T, 100C, 200S, and 200P.

I haven't experienced any stability issues with this product so far. It handles everything it needs to, including server requirements, client services, and computing, without any problems. I have deployed numerous firewalls, and until now, they have been incredibly stable. There haven't been any issues related to version compatibility either. So, I would say it's stable for me.

I would rate the scalability a ten out of ten. 

Customer service and support are good. Every time I have reached out to them, they have been responsive and helpful. In fact, I have even shared news and deployment information on my LinkedIn to showcase their excellent support.

The initial setup was easy. There were no issues during the setup.

The time taken for deployment depends on various factors. For example, if I deploy it today, I might install it the following day. However, if there are any issues with the network architecture provided by the IT vendor, it may take more time to resolve those issues before completing the deployment. But in terms of deployment alone, without considering logistics, it can be done in a day or a few hours.

In our market, the pricing is a little expensive. While we can acquire a smaller package of Fortinet, it still comes at a high cost. So, I would say the pricing is on the higher side. However, when comparing it with other vendors, it's still more reasonable.

Overall, I would rate the solution an eight out of ten. A rating of ten would require even more efficient reporting and swift resolution of any breakout or resilience attack. If they can provide faster fixes and proactive responses, it would be perfect.