Fortinet FortiGate IPS Reviews

Our infrastructure includes both FortiGate (81E series) and Cisco Meraki appliances, and we have fully integrated FortiGate IPS with these devices. Essentially, whenever I secure the WAN and LAN and enhance them with security profiles, I will use the IPS's Web Filtering and Application Control features.

The most useful feature of FortiGate IPS for me is Application Control.

FortGate's IPS reporting could be made better by giving more details regarding the source and destination of network traffic when it comes to the overview section. This would allow me to more easily follow the flow of traffic based on IP addresses, without having to integrate the IPS with other products that perform more sophisticated traffic analysis.

Another improvement, that may only tangentially relate to the IPS, would be to include more functionality and details regarding SD-WAN (such as the ISDB), in order to make it more secure.

I've been using Fortinet FortiGate IPS for about seven years. 

The stability is fine, but it would be even better if we were to deploy another appliance for higher availability of access, such that there is no downtime at all.

The scalability of the IPS fits my current needs well. If we were to take on more users, however, we would likely have to change both our appliance and the license.

The support is good because, although the response time for tickets may occasionally take some time, at the end of the day they have always solved the issue at hand. What is also nice is that they can connect with you remotely and help support you at any point.

Positive

The setup was easy for me because I deploy appliances off all kinds and sizes, large and small. I would give the setup a 4/5 in terms of ease.

I pay €1,200 per year for the license along with Fortinet's 81E firewall appliance. I would rate this pricing as 3/5 stars, and I believe the price is reasonably similar to its competitors in the market, being somewhere in the middle.

Given my experience and the fact that FortiGate are a leader in the market, I would rate FortiGate IPS a nine out of ten.

We use the FortiGate IPS solution to analyze malware. When we receive attacks, we analyze the IPs.

The product has an inbuilt IPS software. We can configure it to block specific anonymous attacks that are happening.

They should provide us with a CSV number for patch updates. It will help us block specific signatures as well.

I have been using Fortinet FortiGate IPS for four years. We are using the latest version.

The product is stable, but we need to monitor IPs as new patches are released daily. Attackers will use these new patches to develop new attack methods and signatures. We need to ensure that our FortiGate IPS is up-to-date with the latest patches. We can get the logs and see if anything we have detected is suspicious. It includes programs, applications, files, or anything else. We investigate suspicious activity and act appropriately, such as blocking IP addresses or updating policy analytics.

The product is scalable. I sometimes have enterprise clients, but my client base is mostly small businesses. We have to implement the entire setup for them. In addition to the endpoint solution and firewall, we need to create IP addresses for users and define their services. Then, we can protect these resources from FortiGate by enabling the IPS upgrade.

There is a customer support portal number. We can create a case there and upload our details. They provide support services instantly.

Neutral

The initial setup is easy. The default CSV is already updated so that we can block those threats. We have to update the block list from the policy settings.

The product is expensive. I rate its pricing a six out of ten.

Enterprises use Fortinet FortiGate IPS because it protects government or critical infrastructure networks. For small businesses, IPS may be sufficient. Overall, I rate it a six out of ten.

We use FortiGate to restrict access from internal, external, and some applications from publishing to the internet. This solution helps us achieve our purpose.

The solution is user-friendly. Fortinet FortiGate IPS has a feature called SPVen. The solution is easy to configure, the activation is perfect, the tech support is good, and the back-end database is good.

Price is a major competitor in the market for solutions. When we compare solutions, it's important to consider the pricing. To stay ahead of the competition Fortinet FortiGate IPS needs to think about how to adjust pricing. Most people prefer to use Apollo setpoint.

I have been using the solution for over eight years.

I give the stability a nine out of ten.

I give the scalability a nine out of ten.

We have around 500 people including IT engineers and developers using the solution.

I have previously used Check Point IPS and switched to Fortinet FortiGate IPS because of the cost and because Check Point IPS requires separate licensing.

The initial setup is straightforward. We can do the basic steps in as little as 30 minutes. If we need to do more detailed work and fine-tuning, it may take longer. But the basics can be done quickly.

We completed the implementation in-house.

I give the pricing of the solution a six out of ten.

I give the solution a nine out of ten.

The solution's maintenance can be completed by one person.

I recommend the solution to other users.

Fortinet FortiGate is used as an inline intrusion prevention tool to detect and scan ongoing connections and data. It will take action, either by blocking or intimating in real-time.

Fortinet FortiGate's most valuable features are the UTM package which provides internet blocking restrictions and load balancing. Additionally, the solution is easy to use and the security reporting is good. The security fabric which they have launched Fortinet FortiGate IPS, it's very good in terms of giving details.

Fortinet FortiGate can improve performance. There was a huge challenge in terms of CPU and memory where the IPS engine would keep triggering. There were random spikes of overutilization in the CPU and memory resources. They have to work on CPU and memory stability considering these IPS engines. A few versions were very unstable.

The current Fortinet FortiGate IPS package has only standard options. If they could work around optimizing those packages for different needs it would be better. There might be a media company, or banking organization, which needs a different set of signatures and different bundles on priority. If they could segregate that in terms of organization and needs, or at least institutional-wise segregation, that could be great. 

I have used Fortinet FortiGate within the past 12 months.

Fortinet FortiGate could improve the stability, we used different versions and they were unstable over time which caused an overall device error.

The scalability of Fortinet FortiGate is a challenge. However, the cloud version is easy.

I have had to use the support a number of times when we had overutilization of resources.

I rate the support from Fortinet FortiGate a six out of ten.

Neutral

The initial setup of Fortinet FortiGate was easy. This is a common feature across Fortinet devices.

There is a license required to use Fortinet FortiGate with all the features. It has to be updated with the threats on an ongoing basis for the signatures to prevent threats and a license is needed to receive those security updates.

The price of the solution is worth it for the features.

My advice to others would be to have Fortinet FortiGate optimized. It is a good tool to be switched on and used in a live production environment. It is important to optimize rather than directly use the pro package, the full IPS package provided by the vendor. 

Fine-tuning the solution according to the organization's needs will help in optimizing the utilization of CPU and memory because the whole bundle has too many features which might not be needed for the organization. Enabling the solutions and running it on the first default mode and then optimizing it using the customized package, would help a lot in stabilizing the device.

I rate Fortinet FortiGate an eight out of ten.

We have to use Fortinet for the data center. We filter all the entries and all the requests towards servers in the data center, so we've set up Fortinet to receive all the requests and check them before sending them to the servers.

The fact that Fortinet FortiGate IPS can prevent and log malicious intrusions, tries, and attempts is great. We can replace them and check the logs to see what happened.

The speed of the detection could be improved. The prevention mechanisms and implementation are not easy and could be better. In addition, filtering and IDS could be added.

We have used this solution at my organization for over ten years. The biggest version we have is the 500E. But we have 60E and a lot of mid-range SMB firewalls, including DC ones using 500E. It is deployed on-premises.

We have no issues with stability.

It is scalable. 

We escalated a lot of technical issues during the deployment. I rate the technical support a seven out of ten.

Neutral

We completed the deployment by ourselves, and it took a lot of time to deal with the main data centres. The deployment took us more than nine months. We have 100 people using Fortinet FortiGate IPS in our organization, and our clients have more than 5000 users. It does not require a lot of maintenance.

We went with Fortinet FortiGate IPS because they're the best according to Gartner.

I rate this solution an eight out of ten. Regarding advice, prepare and ensure that the Fortinet product you choose is suitable for your situation and use case.

We have a Cisco ASA firewall. We have it at the border of the network in front of the internet. With FortiGate, we put it in the middle, then it works behind our server farm to protect our server farm from attacks, from viruses.

It is a strong firewall. 

The product offers many features. 

There has been no attack on our servers after we configured the FortiGate IPS. No more attacks are coming. We are very secure.

The initial setup is very easy.

I have found the solution to be stable. 

It's possible to scale the solution. 

So far, everything has been good for us. We haven't had any issues. 

While the security is good, we'd always prefer if it was even better to ensure protection.

I have three years of experience with the solution. 

It is a very stable product. There are no bugs or glitches. It doesn't crash or freeze. It's reliable.

The solution can scale well. 

We have five engineers using the solution. 

A lot of medium and even small companies use the solution in our country.

I'd rate the solution eight out of ten.

If we run into issues, we can contact support. They are helpful and responsive. 

Positive

We used Cisco ASA IPS as our old IPS. It was old, and we needed a newer product. We also liked the FortiGate support of the UTM feature. It allows for the inspection of Layer 7 in a more effective way than Cisco ASA. It is advanced. FortiGate is very, very advanced.

The initial setup is very simple and straightforward. It is not a complex process. 

The deployment is quick. It only takes a couple of minutes.

We have two people that can handle any maintenance tasks. 

We search for details and watch videos and are able to handle the process by ourselves. It's a solution that's easy to learn.

We bought the solution three years ago, and it came with five days of training from the local company. It cost us around $73,000 for three years. 

It's expensive, however, compared to Cisco, it's not too expensive. 

I'm an end-user.

We are using the latest version of the solution. 

I'd recommend the product to others. 

We use Fortinet FortiGate IPS to filter intrusions from the internet as the Edge firewall and to protect our server farm.

We like signature-based anomaly detection and zero-day protection features. For zero-day protection, we use Cloud Sandboxing, so whenever the zero-day threat occurs, it automatically sends it to its Cloud Sandbox. After getting information from Cloud Sandbox, then the intrusion is defined.

Fortinet can add some Machine Learning and AI to improve its accuracy and give it an edge on IPS detection and protection. They have some machine language learning but can still improve using AI.

We have been using this solution for almost eight years.

It is stable, as it can be verified from Gartner's report and previously on NSS lab test reports. I rate the stability an eight out of ten.

It is scalable, and I rate the scalability a seven out of ten.

For level 1 and 2 support, our technical team can handle these cases in-house. But for higher-priority cases, we use Fortinet technical support. They have a technical assistance center in India and escalate to France for complex or higher-priority problems. I rate the technical support in India a six out of ten.

There is a lot of documentation from the vendor side for the setup, which is good, and we have some hands-on experience with the product. So with help from their technical assistance center and their system engineer, the setup is good.

The setup can be done in-house, but we have partners and colleagues with eight years of experience using the product, so we are comfortable with it.

The setup depends on customer requirements and the scope of the work. We rate the setup as difficult because it depends on the variety of servers. The more platforms there are the more signatures or IPS rules that need to be customized. So based on the requirements, we see the full list of servers and full features they want to protect, calculate the expertise level required and what needs to be deployed on the system to set it up. A mid-level consultant can deploy it, which can be completed within two to three days if the customer is clear on their requirements.

It has a competitive price. I rate the price an eight out of ten compared to other IPS solutions. Fortinet is a bit higher in terms of price.

I rate the solution a seven out of ten. 

At the moment, we are moving things around.

We were using the solution as a firewall, and for VPN access as well. We could do user creation on it and just allow users access.

It's very easy to manage things like the IPs or the URLs we need to whitelist. 

In terms of the user, we need to create one or just provide access. We have separate groups, which is useful.

The UI is also very familiar. It makes the solution easy to access and we find it easy to do the things we need to do thanks to the user interface.

It is easy to set up. 

Whitelisting could be better. We'd like to be able to automate more so we can whitelist in bulk. It would be ideal to have the ability in this tool or to have a tool that could plug in and allow us to do whitelisting in batches. 

I've been using the solution for more than a year. 

The solution is mature. It's been in the market for a long time. There are no bugs or glitches. The performance is good. It doesn't crash or freeze. It's quite reliable. 

I've only used technical support once or twice to deal with a few issues. They were helpful and responsive. Support typically answers very quickly, with results in minutes. 

Positive

We're in the process of moving to Palo Alto.

The solution is very straightforward to set up. The deployment took a maximum of one week. After that, we had everything up and running. 

I'm not aware of the exact cost involved in relation to licensing. 

I'm a customer and end-user. 

I've used the solution across two or three companies. 

Before choosing this solution, I'd advise users to ensure its capabilities match with the company's needs. 

I'd rate the solution eight out of ten. The UI is good, the solution is easy to implement, and it fits in with various environments. It's a good product.