FortiGate Next Generation Firewall (NGFW) Reviews

We use the product for security and filtering purposes.

The product helps block multiple ports during ransomware attacks.

FortiGate Next Generation Firewall (NGFW) 's most valuable features are reporting and filtering.

The product's data guard feature should support a USB port when the internet connection is unavailable.

We have been using FortiGate Next Generation Firewall (NGFW) for three years.

I rate the platform's stability a ten out of ten.

Our organization has 500 FortiGate Next Generation Firewall (NGFW) users. We utilize the platform 24/7. I rate its scalability a ten out of ten.

The platform's initial setup process is easy. I rate the process a ten out of ten. It takes a couple of days. The deployment involves integrating it with SSO in FortiGate. It helps with filtering access to user accounts through Active Directory. One executive is required for deployment. Additionally, one executive is needed to take care of packet updates for maintenance.

We implemented the product with the help of our in-house team.

I rate FortiGate Next Generation Firewall (NGFW) an eight out of ten.

I work for an integrator in Nigeria, and we implement all these solutions for our clients. I've done a lot of deployments on Fortinet, deploying all from FortiAP to FortiSwitch. I integrated it with FortiGate, FortiManager, SD-WAN, deployment, security, and the like.

I found the upgrades valuable. Normally, when you want to upgrade an enterprise firewall, the customer always requests a box swap, whereby we look at the new firmware and compare it to know if there will be any configuration changes. These are the parts where we have to bring in the OEM to do it. But with the new FortiGate firmware, it helps do that by providing reporting and helps you to give the customer the comfort of saying you can upgrade the firewall and describe what changes and issues you would expect. Basically, out-of-the-box management.

One area for improvement is the IPS engine, which is something that needs to be improved on. I've had so many issues whereby I have high CPU usage, and when I check, I see it's being consumed by the IPS engine. I have to upgrade the IPS engine firmware and all that. That has been the main pain point with FortiGate. Likewise, customer support could improve.

I've been working on FortiGate for about five years now, and I'm working with the latest version.

The solution is stable apart from the IPS engine issue, so I rate stability a seven out of ten. Stability depends on the operational team. If you have a good operational team that knows what you are doing, you always gain stability with most of your solutions. But if you have an operational team that is not so strong, you will always have issues with that solution because they will keep making human errors that will keep disrupting the services you offer. For example, in 2021, I was working as the cyber delivery manager for MTN, and I was managing the FortiGate infrastructure. In that one year, I never had any incident on FortiGate. But after I left, they started having frequent issues because of human errors. From a management perspective, if I were the CTO during that period, I would assume that FortiGate Firewall is not a good firewall. But that is not the case. It is the person who handles it that determines the stability. If you know how to do your health check properly and how to output the firewall properly, I'm sure FortiGate will be stable. I'm rating the stability as seven just to be in the middle. If it's being handled by a less experienced operational team, I'm sure you will have issues because they always perform changes, they don't know when to perform the kind of change they are performing, and that might disrupt the services. But if I rate FortiGate based on myself, I give it a nine out of ten.

I rate FortiGate's scalability a nine out of ten. Out of every ten enterprises in Africa, six currently use FortiGate. MTN is one of our major customers, and we helped them migrate from Cisco and Juniper to FortiGate.

The ease with the initial setup depends on the deployment. I've deployed FortiGate for different use cases. I've deployed it using internal segmentation. I've deployed it using it as a data center firewall, doing east and west. I've deployed FortiGate on the perimeter edge, whereby we have the SSL VPN and site-to-site VPN. But overall, I rate the initial setup an eight out of ten because it's always been very easy.

There are timelines with projects, so the time taken to deploy the solution depends on the scale of the project. If it's just a perimeter firewall where I have to migrate from one firewall, like the Cisco firewall, to the Fortinet firewall, it takes me nothing less than a week. It takes a day using the FortiConverter to convert the configuration from Cisco to Fortinet and maybe another two days to look at the configuration properly on my FortiGate before I'm confident enough to tell the customer to schedule maintenance for us to migrate the services. It depends on the customer, so in a nutshell, from kickoff to the close date is not always an exact amount, but generally no more than a month.

The deployment time taken depends on the customer's availability and their response because it's not totally dependent on me being the technical engineer. It depends on how fast they provide me with all the information I need to complete the deployments and determines how fast I can close the project. If the customer is very responsive, it takes us about three weeks to close the project.

FortiGate is much cheaper than other OEMs such as Cisco, Palo Alto, and Check Point. I'll rate FortiGate's pricing a five out of ten since it is moderately priced.

Currently, we are pushing all our clients to adopt the Fortinet cloud firewall instead of using the native solutions found on the different cloud environments they use, like Azure and Google, because they are not really effective.

FortiGate is a very good firewall that has a lot of features, and it's a firewall that gives the same stability as enterprise ones, and it gives you scalability in terms of deployment and operational management. I rate FortiGate NGFW a nine out of ten.

Organizations with about 50 to 100 employees use the solution for VPN, ZTNA, and remote connectivity between branch offices and site-to-site VPN. The solution acts as a gateway-level firewall that secures the office infrastructure against threats in mid-size enterprise organizations.

FortiGate Next Generation Firewall is a good solution because it has a range of options and a clear ecosystem. It has good availability of solutions that complement the next-generation firewall. For example, it has a good range of switches and access points. The solution also has a good ecosystem where cloud services like FortiMail complement the whole solution. The solution has a better ecosystem for community support.

FortiGate Next Generation Firewall could be made a little less expensive.

I have been working with FortiGate Next Generation Firewall (NGFW) for around three years.

Bugs appear whenever a new firmware or operating system is uploaded into the device for certain modules. These bugs might cause certain services not to work, which has been the case in the past. There have been certain things that were resolved with the new firmware update. FortiGate Next Generation Firewall comes with a six version or a seven version.

The 6.1, 6.2, and 6.3 versions would have bugs, but the 6.4 version would be pretty stable and precise without any issues. Hence, I generally prefer to go ahead with the later version of a particular generation. For example, instead of going with the first version of the sixth generation, I would go in for a third or a fourth version. These things are there in most vendors, but I've noticed these, particularly in FortiGate Next Generation Firewall.

FortiGate Next Generation Firewall is a pretty scalable solution, and mostly, small and medium companies use the solution.

Although FortiGate Next Generation Firewall's customer support is spontaneous in responding, their actual responses are a little slow. They take time. When I say spontaneous, I mean the case ticket gets logged immediately, but the response from Fortinet doesn't come so fast. You have to follow up and then get things done.

Neutral

FortiGate Next Generation Firewall’s initial setup is straightforward.

The solution’s deployment takes one hour. Two to three engineers are required for the deployment of the solution. One or two people maintain the solution by monitoring and fixing breakdowns, which rarely happens.

FortiGate Next Generation Firewall is an expensive solution. I rate FortiGate Next Generation Firewall an eight out of ten for pricing. The solution has a yearly license, and you have to pay additionally for the deployment and partner-led services.

FortiGate Next Generation Firewall charges additionally for migration. Suppose you're upgrading from an older appliance to a newer appliance. In that case, the partner has to buy a FortiConverter Service or a FortiConverter tool on a per-incident basis, which is charged. On the other hand, partners can use the tools available in SonicWall. Compared to FortiGate Next Generation Firewall, SonicWall is better in terms of support and pricing.

We work with the latest version of FortiGate Next Generation Firewall.

Overall, I rate FortiGate Next Generation Firewall a nine and a half or ten out of ten.

We use the solution to provide firewall, cybersecurity, VPN access, and SD-WAN connectivity worldwide.

The GUI is reasonably good. The product is easy to configure.

The product runs out of memory. The web process often has a memory leak. The support cost could be improved.

I have been using the solution for ten years.

The solution’s stability is good. I rate stability a nine out of ten.

The scalability is good. I rate the scalability a ten out of ten. Some customers have 20 users, while others have about 5000 users.

Support is good. It's a bit scripted. It takes a while to get to somebody who knows what they're talking about. It'd be nice to talk to someone technical upfront. Sometimes we have to go through a service desk and go through a whole lot of quick repetitive questions before we get to talk to someone knowledgeable.

I've been working with the product for ten years. I find the initial setup quite simple.

I'm currently deploying 50 units around the country. It'll take me about ten minutes each to configure the solution. Once the product is set up, we need about one or two people to maintain it.

The solution’s price has gone up recently, but it's still good value for money compared to the other firewalls we use. Especially for smaller ones, it is good value for money. Our customers pay for licenses annually or once every two to five years. If we have an older version, the support costs get quite high. I rate the support cost a six out of ten.

I work with lots of firewalls. I deploy the product on FortiManager. It'll take me about a day to configure FortiManager. We have lots of customers. I would recommend the solution to others. Overall, I rate the product a nine out of ten.

First, we use the solution as a native firewall. After a native firewall, we use IPS. We also use NGFW features like antivirus, IPS, and shaping, which are very important features for companies. We also manage all of my products with FortiManager or FortiAnalyzer and collect online data. For another feature, we try to use SD-WAN products. The SD-WAN feature on FortiGate was implemented for a company with thirty or fifty branches. We had a good experience with the conversion between Cisco and FortiGate for secure access points because Now I'm a consultant for network administration, and we have a challenge with choosing one of these, and so for example, someone, if I actually choose a Fortinet product, SD-WAN based on Fortinet, sometimes someone chooses SD-WAN based on Cisco, but because my special is Cisco, I prefer SD-WAN based on Cisco.

One of the weaknesses of the solution is something we noticed, especially after comparing the tool with SD-WAN features, since, unfortunately, in a massive scale size environment, the solution is not good. It cannot be recommended for massive scaling in terms of size, especially for businesses with more than 1,000 branches.

Cisco is very stable, especially on the larger scale side, and it's very important for SD-WAN features. If you try Next Generation Firewall for a big company, then it is good to purchase a Cisco product. However, Cisco's price is a little high and more than Fortinet's prices. But for small companies, it is better to choose Fortinet and FortiGate products, which is important.

A company needs a tool for accounting. Unfortunately, now we don't have any accounting, especially for the quarter and control side. We don't have any solution in FortiGate. However, Sophos Firewall has it, so it is good for Fortinet's next version.

I have been using FortiGate Next Generation Firewall (NGFW) for more than eight years. I am just a technical person, so I'm a solution designer, a network architect involved in network security.

In FortiGate, after FortiOS Version 5.6, it is stable, and there is no problem. However, we had many problems with FortiOS Version 5.0.5 in FortiGate. Now, when we use FortiGate's FortiOS Version 7, we don't have any problems. The solution has improved, and it is a good product now. For a larger scale, my recommendation is to choose a Cisco product like Firepower Services because, in a massive-scale business, stability is very important.

When I survey FortiGate and FortiGate products, I see that they have a good performance, especially in terms of next generation firewalls. In the future, improving such features and performance is absolutely better. Juniper has a better performance compared to FortiGate.

Speaking about technical support, I have a good experience with design, especially in terms of security design and security architecture.

In level one support, they connect to customers directly, which is a part of our work, and we should solve customer problems. But I prefer staying in level two, where we develop, implement, and solve huge and complex problems, because I have had a good experience with this for more than ten years. Also, I think I have good behavior when under heavy pressure.

I think price-wise, the solution is totally reasonable since it has many products to serve, starting from small homes to massive scale sites. A company can choose from one of the offerings by the solution company. Also, it's very important to choose a contract support level. Some companies may choose RMA with support twenty-four hours and seven days a week. So, it depends on the contract support, I think. The Fortinet appliance is a reasonable purchase for companies.

Regarding the license costs, when you choose the 100 series, it is completely different from the 1000 series. It's very important, and so when you choose one-year support or five-year support, or seven-year support, the pricing depends on which one you choose.

In Iran, we have a massive sanction, so we don't use direct support. We don't talk about this. But, concerning my country and direct support from Fortinet, I can't speak about this event. So, in Iran, I don't have an idea about the use of support since we don't use direct support, but we do get indirect support.

When planning to choose FortiGate Next Generation Firewall (NGFW), the scope of the company is very important. Also, it is important for a company to consider if they want one gig, ten gigs, or another concurrent pair concurrent session. Totally, a company's scale and size are very important. After that, for example, we use a prototype with a five gigabit per second, including the performance. However, if we compare Cisco, Fortinet, and other things, Firepower is very good because Cisco's Firepower is a big and active solution which is very strong compared to Fortinet. However, it's very important for a company to have a native firewall, so such companies can't choose from Fortinet series. So, it very much depends on the situation of the company. So, before that, we review a company's requirements and survey network. After that, usually, I recommend the solution. Also, it is very important to have a budget. For example, a company can first tell me about its budget, like, one billion dollars or whatever. After that, we choose a guide and recommend choosing one of the solutions.

I rate the overall solution an eight out of ten.

We use FortiGate Next Generation Firewall first and foremost for the main site's security, remote sites, and establishing the connection between the firewalls they use. More recently, we have been using it when implementing SD-WAN.

The total ownership of equipment has several benefits when using one platform for administration. Training is then more focus-oriented to technology like Fabric. From the operations point of view, we have better savings by using this solution.

I like the common administration and the possibility of adding Fortinet defense systems.

I see problems with the licensing. If I have to add a new feature, we need to add a license. There may then be extra costs for our maintenance budget.

I have been using the solution for the past five years.

Fortigate is very stable.

FortiGate is a very scalable solution.

We used SonicWall. We switched to FortiGate looking for better security technology, and better fabric technology based on security. In this approach, FortiGate is still better than SonicWall.

With the initial setup, it's important to sit with the team to establish the application and the main issues to get the best possible script to implement in Fortinet equipment. We had to spend some time to implement it better.

Deployment could take one week, depending on the site, or even three weeks to implement the solution. Around four people were involved in the deployment.

We contacted an external company to provide some professional services through engineers who have better experience in certain kinds of implementations.

The pricing is better compared to other solutions like Check Point, Arista, or Cisco.

To anyone who plans on supporting this solution, refer to training resources in the Fortinet training center. There are people who have some experience that could provide some guidelines to people who start with basic issues and basic tasks, to then grow with experience by implementing some maintenance windows. I rate FortiGate Next Generation Firewall a nine out of ten.

I use FortiGate Next Generation Firewall for network protection using its DMZ network.

The solution has helped our network security.

There are multiple features I have found to be valuable, such as encryption and integrated security features.

The management consoles can be improved. I have used them before, and they are not so good.

I have been using FortiGate Next Generation Firewall for over two years.

I would rate the solution eight out of ten points for stability.

I rate the solution eight out of ten points for scalability. Over 200 people use it, some of whom are in IT.

I used Palo Alto more than a year ago at my previous job.

The initial setup was easy, I rate it a nine out of ten. Deployment took several days, involving one or two people. The steps involved in the process are design, configuration and implementation, testing and implementation, and also some fine-tuning.

I would rate pricing to be about four or five out of ten, it is reasonable.

I recommend this solution because the price is reasonable and the performance is quite good. Overall I rate the solution an eight out of ten.

Our primary use case is for protection. We have general use cases.

It is a very user-friendly solution. Moreover, Foritgate offers good performance, where it outperforms Cisco Firepower in various ways.

The solution doesn't cover all aspects of protection. There should be better customization in the IPS. The Intrusion Prevention System (IPS) and FortiGuard could benefit from enhancement. 

So, in future releases, I want to see improvements in IPS, particularly in terms of customization.

I have been using this solution for ten years. 

The firewall is very stable and reliable.

I would rate the stability a nine out of ten. There's always room for improvement.

We have around three to four customers using this solution.

I can't use the technical support because of some sanctions in Iran. 

The setup process is easy and very fast. The setup process is very fast, typically taking only one to two days.

The purchasing process is straightforward, and then the normal deployment process. 

Moreover, a single person can handle the deployment and maintenance tasks.

There is a licensing fee; it is on a yearly basis. The pricing iss actually quite normally priced. 

I have used Cisco. I find impressive about Cisco is its powerful enterprise-grade solution, comparable to Fortinet firewall. FortiGate is not superior to Cisco, but it stands out for its user-friendly interface.

Overall, I would rate the solution an eight out of ten. It is a suitable solution for medium-range companies due to its well-designed user interface.