Our primary use case of this solution is for bandwidth. We are very satisfied with this program.
Head of Service at MPM
Has a useful dashboard and good scalability
Pros and Cons
- "The feature I find most useful is the handy dashboard."
- "I would like to see an improvement in the technical support. Stronger authentication will also be a plus."
What is our primary use case?
What is most valuable?
The feature I find most useful is the handy dashboard.
What needs improvement?
I would like to see an improvement in the technical support. Stronger authentication will also be a plus.
In the next version, I would like to have authentication for 40 tokens.
For how long have I used the solution?
I have been using Fortinet FortiAnalyzer for a month now on private cloud.
Buyer's Guide
Fortinet FortiAnalyzer
April 2025

Learn what your peers think about Fortinet FortiAnalyzer. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
849,190 professionals have used our research since 2012.
What do I think about the scalability of the solution?
We have between 20 and 25 users and we plan to increase this number, so I believe the program is scalable.
How are customer service and support?
We are very satisfied with the customer service.
How was the initial setup?
The initial setup was straightforward and deployment took us about eight months. The reason for this is that we installed other programs during this time too, like Fireworks Data Center, Switch Data Center, Cisco Nexus Data Center, and Forcepoint. We use Stitch as our local manager.
What's my experience with pricing, setup cost, and licensing?
All Fortinet programs come at a good price.
What other advice do I have?
I will definitely recommend this solution to others. My rating is a ten out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Network and Security Engineer at RaytonCOrp
Provides detailed reporting, customizable dashboards, and an easy deployment
Pros and Cons
- "The most valuable feature is the capability to create a customized dashboard."
- "The integration between specific tenants and FortiAnalyzer can be simplified when utilizing a multi-tenant EMS for our FortiClient."
What is our primary use case?
Fortinet FortiAnalyzer is primarily utilized to generate quarterly reports showcasing blocked attacks and vulnerabilities. It employs features like WAV porting triggers and DNS triggers to effectively demonstrate to the client the security of their environment.
How has it helped my organization?
Fortinet FortiAnalyzer assists in showcasing the value of Fortinet and facilitates the upselling of additional Fortinet products to our customers.
What is most valuable?
The most valuable feature is the capability to create a customized dashboard. We can subsequently input our EMS, FortiClient, and FortiGate data into it and generate reports.
What needs improvement?
The integration between specific tenants and FortiAnalyzer can be simplified when utilizing a multi-tenant EMS for our FortiClient.
For how long have I used the solution?
I have been using Fortinet FortiAnalyzer for three months.
What do I think about the stability of the solution?
Fortinet FortiAnalyzer is stable.
What do I think about the scalability of the solution?
Fortinet FortiAnalyzer is scalable.
How are customer service and support?
I utilized the technical support services once, and I received a prompt response.
How was the initial setup?
The initial setup is straightforward. The deployment was an easy and smooth process. The deployment took one day and I did it myself.
What other advice do I have?
I would rate Fortinet FortiAnalyzer a nine out of ten.
Fortinet FortiAnalyzer does not require maintenance after the initial report setup. We simply have to remove and add FortiGate as needed for each report.
Before utilizing Fortinet FortiAnalyzer, individuals should determine the type of reporting they require. Additionally, they ought to be acquainted with FortiGate before endeavoring to use FortiAnalyzer.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
Buyer's Guide
Fortinet FortiAnalyzer
April 2025

Learn what your peers think about Fortinet FortiAnalyzer. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
849,190 professionals have used our research since 2012.
Information security officer at a financial services firm with 1-10 employees
Good value for money, works well with other Fortinet solutions, and has helpful support
Pros and Cons
- "The log events are quite useful for us."
- "We'd like to see more embedded features."
What is our primary use case?
The solution is used for grabbing logs. It is designed for log aggregation of all Fortigate firewalls and to give visibility of traffic and usage.
What is most valuable?
The log events are quite useful for us. The events aggregation from various Fortigate products makes it very helpful.
Technical support is helpful.
The stability is excellent.
This is a highly scalable product.
The setup is straightforward.
What needs improvement?
We'd like to see more embedded features.
We'd like to see more SIEM capabilities. I'd love to see this merged with FortiSIEM for example.
For how long have I used the solution?
I've been using the solution for around 20 years.
What do I think about the stability of the solution?
The stability is great. I'd rate it ten out of ten for reliability. We rarely have any issues.
What do I think about the scalability of the solution?
You pay compared to the volume of logs you collect. It is very scalable. It's highly expandable. On a scale from one to ten, I'd rate the scalability ten out of ten.
We have less than five network engineers using the product.
How are customer service and support?
I've dealt with support in the past and found them helpful and responsive.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We use a variety of Fortigate products.
We did not use a different vendor previously. There is no other real option. We did try to use the free version of Splunk. We moved to Fortianalyzer as it works better in Fortinet products. Splunk is harder to fit into other Fortinet products.
How was the initial setup?
The installation process only takes a couple of hours. It is easy to install.
The maintenance is very minimal. One person can handle maintenance tasks.
What about the implementation team?
We do use specialized consultants occasionally. However, I have been able to do it by myself as well in the past.
What's my experience with pricing, setup cost, and licensing?
I cannot speak of the exact price. Someone else manages the contract. However, you do get good value for your money. It's not overly expensive.
As it is on-premises, you do need some on-prem resources. You need a traditional hypervisor and need the ability to host the solution on your premises.
What other advice do I have?
We're customers and end-users.
We are using the latest version of the solution typically.
I'd recommend the solution to other users.
I would rate the solution ten out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Project Manager at a tech services company with 51-200 employees
Enriches visibility for security solutions
Pros and Cons
- "FortiAnalyzer's best feature is centralized log analysis. It's based on SQL database, so I can fully customize my report, chart-wise and log-wise, and can create as many reports as I want without any limit."
- "FortiAnalyzer's price could be lower."
What is our primary use case?
I mainly use FortiAnalyzer to centralize logs from multiple devices and generate local reports. It can work in two operation modes: as a collector only or an analyzer.
How has it helped my organization?
FortiAnalyzer has enriched the visibility for all our security solutions.
What is most valuable?
FortiAnalyzer's best feature is centralized log analysis. It's based on SQL database, so I can fully customize my report, chart-wise and log-wise, and can create as many reports as I want without any limit. It also has an important feature called Indicators of Compromise, an artificial intelligence feature that detects and alerts you when there is a breach in your entity.
For how long have I used the solution?
I've been using FortiAnalyzer for ten years.
What do I think about the stability of the solution?
FortiAnalyzer is a very mature and stable product.
What do I think about the scalability of the solution?
FortiAnalyzer is scalable. When my organization expands in any way, I can implement a FortiAnalyzer as a collector only, it will collect the log, and I can send this to the main analyzer. If I use the virtual alert mode, this is a stackable license, so I can expand the log size or the internal hard-disc log size by purchasing a license. There is also a workaround solution, to automatically upload the old log file to shared storage and delete the old one, which gives more space in the hard drive.
How are customer service and support?
FortiAnalyzer's technical support is helpful.
How would you rate customer service and support?
Positive
How was the initial setup?
FortiAnalyzer is straightforward to implement and integrate, but a little experience is needed to generate a technical level.
What was our ROI?
We get good ROI from FortiAnalyzer.
What's my experience with pricing, setup cost, and licensing?
FortiAnalyzer's price could be lower, but it is cheaper than competitors like Palo Alto, Forcepoint, or Sophos. The basic license is available on a yearly basis, but some other licenses can be for three, six, or nine months as required. There are no hidden costs associated with this product.
What other advice do I have?
Don't just depend on the basic reports, you can get much more out of FortiAnalyzer if you know how to create customized reports from the SQL queries. I would give FortiAnalyzer a rating of eight out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Information Security Specialist at Ministry of Heritage and Culture
Good network protection and web filtering capabilities with responsive technical support
Pros and Cons
- "The IBS (Intent Based Segmentation) and application web filtering are the most valuable aspects of the solution."
- "The solution could use more graphics and be more specific in the dashboard. This way, I'm able to understand everything and effectively understand what's going on, including what's incoming and outgoing. Right now, I have to look up everything. I need a dashboard so that I can see specific items right there in one place."
What is our primary use case?
We primarily use the solution to protect the network and to control how the users access and use the internet.
What is most valuable?
The IBS (Intent Based Segmentation) and application web filtering are the most valuable aspects of the solution.
What needs improvement?
The solution is quite expensive.
The solution could use more graphics and be more specific in the dashboard. This way, I'm able to understand everything and effectively understand what's going on, including what's incoming and outgoing. Right now, I have to look up everything. I need a dashboard so that I can see specific items right there in one place.
For how long have I used the solution?
I've been using the solution for three years.
What do I think about the scalability of the solution?
We have 600 users and do plan to increase usage in the future.
How are customer service and technical support?
Technical support is good. We've talked with them a few times. We have third-party support here in Oman.
Which solution did I use previously and why did I switch?
I didn't previously use another solution.
What about the implementation team?
A third party vendor assisted us with the implementation.
What's my experience with pricing, setup cost, and licensing?
We have around 12 devices and yearly we spend approximately $14,000.
What other advice do I have?
We are using the private cloud deployment model.
I would rate the solution nine out of ten. I don't have much to compare it to, but it's been fairly good.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Fraud Risk Analyst at a university with 1,001-5,000 employees
Provides analyzing tools, monitoring tools, and log management
Pros and Cons
- "From my perspective, we need to see the traffic in a good way so we can know what has happened in our network. The analyzing tools and the monitoring tools and the logs are the important part in the network."
- "The traffic monitoring could be better, and stability could be improved."
What is our primary use case?
The primary use cases are log management and the reporting fraud forum. It provides a vision of the network.
What is most valuable?
From my perspective, we need to see the traffic in a good way so we can know what has happened in our network. The analyzing tools and the monitoring tools and the logs are the important part in the network.
What needs improvement?
The traffic monitoring could be better, and stability could be improved.
For how long have I used the solution?
I have been using this solution for about two years.
What do I think about the stability of the solution?
The solution should be more stable.
What do I think about the scalability of the solution?
For the cloud version, you can expand it as you need it.
How are customer service and support?
I haven't contacted technical support.
How was the initial setup?
The solution is easy to install.
What's my experience with pricing, setup cost, and licensing?
FortiAnalyzer was in the product itself, but two years ago they split it from Fortinet. We paid the license two years ago.
What other advice do I have?
I would rate this solution 9 out of 10.
I can recommend this solution for other users.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Systems Architect at ZENTIUS
Great UI, good performance, and never crashes
Pros and Cons
- "Log collection is the most valuable. The UI looks great. It has a very good look and feel. We don't have the need to use solid state drives. We use mechanic drives, and we don't see any performance issues, so basically, it is doing fine."
- "It will be better if behavior or indicators of compromise were on the same licensing schema. Currently, it is an advanced feature that you have to purchase as an add-on. This is the reason we're trying to do the ELK so that we can integrate them and create those rules by using open-source software. It will also be better if it has some more integration with IT service management tools so that we can do endpoint protection and response based on those indicators of compromise or those behavior analysis rules that create events that can automatically flow. We can inject that data into a service incident ticket on our IT service management tool, and that way we can assign the ticket to the proper teams and respond right away. Currently, we only have integration with ServiceNow."
What is our primary use case?
We mostly use the FortiAnalyzer VM. We sell the license for this solution and also the professional service to have it.
There are different types of business needs of our clients because they're in different business areas. We have firewalls on them. Some of them are on the perimeter network, and some of them are being used as the core network solution. We collect all the logs from their FortiGates.
In some cases, we also use FortiWeb, which is a web application firewall. We also use FortiMail, which is an email protection solution or email security solution. We gather all the logs on FortiAnalyzer, and we try to do some flat counting and identify behavior or do behavior analysis from those logs and see what is interesting. Our team analyzes those events so that we can prevent any disruption of service because of the security, vulnerability, or issue.
What is most valuable?
Log collection is the most valuable. The UI looks great. It has a very good look and feel. We don't have the need to use solid state drives. We use mechanic drives, and we don't see any performance issues, so basically, it is doing fine.
What needs improvement?
It will be better if behavior or indicators of compromise were on the same licensing schema. Currently, it is an advanced feature that you have to purchase as an add-on. This is the reason we're trying to do the ELK so that we can integrate them and create those rules by using open-source software.
It will also be better if it has some more integration with IT service management tools so that we can do endpoint protection and response based on those indicators of compromise or those behavior analysis rules that create events that can automatically flow. We can inject that data into a service incident ticket on our IT service management tool, and that way we can assign the ticket to the proper teams and respond right away. Currently, we only have integration with ServiceNow.
For how long have I used the solution?
I have been using this solution for five years.
What do I think about the stability of the solution?
We have the box or the VM running for more than a couple of years now. We do upgrade so that we can add new features that Fortinet is releasing, but it is pretty stable. It never crashes.
What do I think about the scalability of the solution?
It is a little complex in terms of scalability and mostly because we're using a kind of high-end systems. For scaling, you have to order a different licensing and move more power and computing into a new architecture. It doesn't have that much scalability.
Our clients are SMB or small and medium businesses, but we also have plenty of customers on the campus wide area network.
How are customer service and technical support?
I would rate them a five out of ten. They will have to move their base locations to a different city. I'm not a native speaker of English, and sometimes, when we're trying, there is a language barrier. They're located in India or some Middle East city. They can do really better. Sometimes their response is not as adequate as other vendors.
How was the initial setup?
It was very straightforward. The deployment could take a couple of days to fine-tune all the rules for log management.
What other advice do I have?
There are plenty of solutions. Fortinet FortiAnalyzer is very helpful if you are really into FortiGate devices. We handle other firewalls, but 80% to 85% of them are Fortinet, so it is a very good solution because it has native integration with everything, but I wouldn't recommend it if you have less than 50% of Fortinet firewalls. If you have agnostic technology, you can integrate all of them into the same solution. FortiAnalyzer is only for FortiGates right now.
I would rate Fortinet FortiAnalyzer a nine out of ten. It just needs more integration with IT service management tools for endpoint detection and response, which is the main objective.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Senior Network Engineer at Dejpaad
Easy to set up with good performance and reliability
Pros and Cons
- "It's easy to set up the product."
- "The solution costs too much."
What is our primary use case?
We use the solution for just one company for the analysis of the FortiGate switch.
What is most valuable?
The solution is scalable.
The performance is good.
It's easy to set up the product.
What needs improvement?
The solution costs too much.
For how long have I used the solution?
I've used the solution for about three years.
What do I think about the stability of the solution?
The solution has been stable and reliable. There are no bugs or glitches, and it doesn't crash or freeze.
What do I think about the scalability of the solution?
It's a scalable product and expands well.
Only admins use the solution. There are three to four people with direct access to the product.
How are customer service and support?
I do not have access to technical support. In Iran, we have sanctions, and so we cannot get support.
How was the initial setup?
The initial setup is pretty straightforward and simple. It's not overly complex or difficult to manage. We can deploy it in about two hours. You only need one person to handle the deployment and maintenance tasks as it is very simple.
What was our ROI?
We have witnessed a bit of an ROI and find the product to be worth the cost.
What's my experience with pricing, setup cost, and licensing?
We do need to pay for a license, and the payment is made yearly. There are no extra costs associated with the product beyond the main licensing fee.
It is an expensive solution.
Which other solutions did I evaluate?
We did not evaluate other solutions before choosing this product.
What other advice do I have?
Overall, I'd rate the product eight out of ten in terms of its functionality. I have been pleased with its capabilities so far. I'd recommend the solution to others.
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Buyer's Guide
Download our free Fortinet FortiAnalyzer Report and get advice and tips from experienced pros
sharing their opinions.
Updated: April 2025
Product Categories
Log ManagementPopular Comparisons
Dynatrace
Splunk Enterprise Security
IBM Security QRadar
Elastic Security
Elastic Observability
Grafana Loki
Security Onion
LogRhythm SIEM
Elastic Stack
syslog-ng
Amazon CloudWatch
Sumo Logic Security
Buyer's Guide
Download our free Fortinet FortiAnalyzer Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- When evaluating Log Management tools and software, what aspect do you think is the most important to look for?
- Datadog vs ELK: which one is good in terms of performance, cost and efficiency?
- Which Windows event log monitoring tool do you recommend?
- What is the difference between log management and SIEM?
- Splunk vs. Elastic Stack
- How can Cloudtrail logs be used effectively to improve log monitoring?
- Why hot data and cold data differences in SIEM solutions are not discussed sufficiently?
- When evaluating Log Management solutions, what aspect do you think is the most important to look for?
- When evaluating Log Management solutions, what aspects do you think are the most important to look for?
- Why are Log Management tools important for companies?