Fortinet FortiGate IPS Reviews

We have FortiGate with all the licenses - antivirus, IPS, and advanced threat protection. It's a combination of protection in the perimeter. We have configured some rules for IPS protection in the FortiGate perimeter.

We use it as part of a combination of protections because we have the DMT virus, the IPS, and WOFF option. We protect our services like Apache, our website and the internet.

We configure the rules for the Windows server, the Linux server, and Apache and AIS.

The feature that I find most valuable is its protection of the websites.

I would like to be able to generate reports about the protections that we have. I would like a report feature.

For example, I would like to see that in VPN and FortiGate, that the equipment that connects to the network is evaluated. Right now, FortiGate validates the users in the active directory and the users have the right permissions to connect. I would also add the user and the computers that are allowed in the active directory. It evaluates the actual active directory, and some computers are allowed but not all. Only the computers that are in the active directory. Right now, when you connect to the VPN, FortiGate checks the active directory. They have the check feature but it should be improved.

This solution has records but I would like to see that in IPS you could define your rules - we have almost 10 or 15 rules, and see if these rules provided protections over the month. For example, to track a specific rule across the IPS solution.

I have been using Fortinet FortiGate IPS for five years and Cisco for about eight years.

Yes, it is stable. The solution protects us from attack. We have heard that other companies are being attacked, but we are not since we installed FortiGate.

The way the configuration was supplied was correct and we don't have any events. But we heard about other, similar companies, that do have events, but we don't.

Fortinet FortiGate IPS is scalable.

In our case, we are a company of 100 employees and we selected a solution for 250, so we didn't have the need to scale because we designed it from the beginning for more people. We are still using it after five years. We have to change the equipment because they don't allow us to migrate to a new version. In the renewable licenses, they offered me a trade-in and I returned the last FortiGate and they gave me the new FortiGate. I have the FortiGate 600D model. After five years we had to change the equipment. With Cisco, for example, you can keep going. I have the same model with Cisco for eight years and I didn't have to change it. But in FortiGate, after five years, I had to trade it in.

The technical support is excellent. I prefer to open a case directly to FortiGate because I can have a session with a technical contact, and we can review the case directly with the support. We also have some protocols, like BGP in the perimeter, and in two cases, I needed the support person to connect me to another person for technical support to help me with our special protocol.

The support is 24 hours.

The initial setup us is easy and friendly.

It took almost a month. In a month, we deployed all the FortiGate with the features and the rules.

My advice to anyone considering Fortinet FortiGate IPS is that it is important to set the right rules and set all the configurations to make them preferred for a partner. The partner makes all the rules that the company needs because if you stay the course, although it's easy and friendly in the beginning, some configurations need a common line and require you to design how it works right around the network. So it is important that you take a partner who has experience with designs and can implement the correct solution for your company.

On a scale of one to ten, I would give Fortinet FortiGate IPS a nine

Our company uses the solution to prevent traffic that is not supposed to be traveling through our firewalls. When we find log issues, we easily fine tune the IPS to block that traffic so it cannot penetrate our environment. 

We have 300 users in a hospital-to-hospital environment where traffic is transmitted through the firewall and intercepted by the IPS for monitoring. 

The solution effectively blocks unwanted traffic. 

It would be helpful to have a better tool for migrating all policy rules using an automatic script. The current tool does not place entire configurations in their desired locations. It takes time to manually configure for compatibility across different platforms or vendors. 

I have been using the solution for five years. 

The solution is very stable. 

I have not needed technical support. 

We migrated from Cisco to the solution. 

The setup is simple and straightforward. Knowledge-based documents are available and useful for setups. 

We implemented the solution in-house. We migrated from Cisco to the solution so it was more of a deployment situation. 

We had some deployment challenges but managed to overcome them. It took an entire day to get the environment running because we could not use the scripting tool for naturals so had to do them manually. 

There is no ongoing maintenance because the solution is not a device, but rather  a software blade provided as a checkpoint within FortiGate. 

The pricing is based on a licensing model for each IPS in your environment. The solution is included as part of the IPS license and automatically updates to the latest version when firewalls are updated. We are currently on a three-year licensing model. 

The solution is a good tool to have in place. Most vendors provide a software blade with their firewalls but it is disabled because it uses too much CP or memory. It is important to enable the tool every time to prevent environments from being intruded by attackers or threats. 

I rate the solution an eight out of ten.  

Our infrastructure includes both FortiGate (81E series) and Cisco Meraki appliances, and we have fully integrated FortiGate IPS with these devices. Essentially, whenever I secure the WAN and LAN and enhance them with security profiles, I will use the IPS's Web Filtering and Application Control features.

The most useful feature of FortiGate IPS for me is Application Control.

FortGate's IPS reporting could be made better by giving more details regarding the source and destination of network traffic when it comes to the overview section. This would allow me to more easily follow the flow of traffic based on IP addresses, without having to integrate the IPS with other products that perform more sophisticated traffic analysis.

Another improvement, that may only tangentially relate to the IPS, would be to include more functionality and details regarding SD-WAN (such as the ISDB), in order to make it more secure.

I've been using Fortinet FortiGate IPS for about seven years. 

The stability is fine, but it would be even better if we were to deploy another appliance for higher availability of access, such that there is no downtime at all.

The scalability of the IPS fits my current needs well. If we were to take on more users, however, we would likely have to change both our appliance and the license.

The support is good because, although the response time for tickets may occasionally take some time, at the end of the day they have always solved the issue at hand. What is also nice is that they can connect with you remotely and help support you at any point.

Positive

The setup was easy for me because I deploy appliances off all kinds and sizes, large and small. I would give the setup a 4/5 in terms of ease.

I pay €1,200 per year for the license along with Fortinet's 81E firewall appliance. I would rate this pricing as 3/5 stars, and I believe the price is reasonably similar to its competitors in the market, being somewhere in the middle.

Given my experience and the fact that FortiGate are a leader in the market, I would rate FortiGate IPS a nine out of ten.

We use the FortiGate IPS solution to analyze malware. When we receive attacks, we analyze the IPs.

The product has an inbuilt IPS software. We can configure it to block specific anonymous attacks that are happening.

They should provide us with a CSV number for patch updates. It will help us block specific signatures as well.

I have been using Fortinet FortiGate IPS for four years. We are using the latest version.

The product is stable, but we need to monitor IPs as new patches are released daily. Attackers will use these new patches to develop new attack methods and signatures. We need to ensure that our FortiGate IPS is up-to-date with the latest patches. We can get the logs and see if anything we have detected is suspicious. It includes programs, applications, files, or anything else. We investigate suspicious activity and act appropriately, such as blocking IP addresses or updating policy analytics.

The product is scalable. I sometimes have enterprise clients, but my client base is mostly small businesses. We have to implement the entire setup for them. In addition to the endpoint solution and firewall, we need to create IP addresses for users and define their services. Then, we can protect these resources from FortiGate by enabling the IPS upgrade.

There is a customer support portal number. We can create a case there and upload our details. They provide support services instantly.

Neutral

The initial setup is easy. The default CSV is already updated so that we can block those threats. We have to update the block list from the policy settings.

The product is expensive. I rate its pricing a six out of ten.

Enterprises use Fortinet FortiGate IPS because it protects government or critical infrastructure networks. For small businesses, IPS may be sufficient. Overall, I rate it a six out of ten.

Fortinet FortiGate is used as an inline intrusion prevention tool to detect and scan ongoing connections and data. It will take action, either by blocking or intimating in real-time.

Fortinet FortiGate's most valuable features are the UTM package which provides internet blocking restrictions and load balancing. Additionally, the solution is easy to use and the security reporting is good. The security fabric which they have launched Fortinet FortiGate IPS, it's very good in terms of giving details.

Fortinet FortiGate can improve performance. There was a huge challenge in terms of CPU and memory where the IPS engine would keep triggering. There were random spikes of overutilization in the CPU and memory resources. They have to work on CPU and memory stability considering these IPS engines. A few versions were very unstable.

The current Fortinet FortiGate IPS package has only standard options. If they could work around optimizing those packages for different needs it would be better. There might be a media company, or banking organization, which needs a different set of signatures and different bundles on priority. If they could segregate that in terms of organization and needs, or at least institutional-wise segregation, that could be great. 

I have used Fortinet FortiGate within the past 12 months.

Fortinet FortiGate could improve the stability, we used different versions and they were unstable over time which caused an overall device error.

The scalability of Fortinet FortiGate is a challenge. However, the cloud version is easy.

I have had to use the support a number of times when we had overutilization of resources.

I rate the support from Fortinet FortiGate a six out of ten.

Neutral

The initial setup of Fortinet FortiGate was easy. This is a common feature across Fortinet devices.

There is a license required to use Fortinet FortiGate with all the features. It has to be updated with the threats on an ongoing basis for the signatures to prevent threats and a license is needed to receive those security updates.

The price of the solution is worth it for the features.

My advice to others would be to have Fortinet FortiGate optimized. It is a good tool to be switched on and used in a live production environment. It is important to optimize rather than directly use the pro package, the full IPS package provided by the vendor. 

Fine-tuning the solution according to the organization's needs will help in optimizing the utilization of CPU and memory because the whole bundle has too many features which might not be needed for the organization. Enabling the solutions and running it on the first default mode and then optimizing it using the customized package, would help a lot in stabilizing the device.

I rate Fortinet FortiGate an eight out of ten.

Our company's technical team handles the reselling part of the tool. I haven't heard of any problems related to the product.

My company's clients use the solution. The tool is not majorly used to monitor the network traffic or intrusion, so it is purely for protecting the network.

The tool is expensive for small businesses, making it an area where the tool can improve the product by making it available at a cheaper rate.

I have experience with Fortinet FortiGate IPS. My company operates as a reseller. Sometimes, we purchase products to help our company's clients who need to renew the licenses of certain solutions.

My company never had any complaints about the tool in terms of performance or stability.

My company's clients are usually small businesses, so they don't spend too much time on security and protection, meaning they use the tool to meet their bare minimum needs.

Though I have never contacted the solution's technical support, I feel that the tool offers good support since I have never heard any complaints about the product's technical team from my company's team members.

I rate the technical support an eight out of ten.

Positive

I think that my company has been using Fortinet FortiGate IPS for at least four to five years. My company has not been using the rest of the products in the market, so it is not possible for me to compare Fortinet FortiGate IPS with other solutions. So far, my company has been happy with Fortinet FortiGate IPS.

The product's initial setup phase was pretty easy because my company is familiar with the product.

The solution is deployed on an on-premises model.

The solution can be deployed in an hour.

The tool is a bit pricey for small businesses, but it is still bearable in terms of cost.

Fortinet FortiGate IPS is used alone, so there is no need for any integrations.

The tool is not majorly used to monitor traffic or intrusions, so it doesn't provide much visibility in such areas. I am not sure whether Fortinet FortiGate IPS can be used easily for monitoring, considering that our company has many firewall tools over different networks. I am not sure whether it is possible to use the tool to log in or sign in individually.

I rate the overall tool an eight out of ten.

We have to use Fortinet for the data center. We filter all the entries and all the requests towards servers in the data center, so we've set up Fortinet to receive all the requests and check them before sending them to the servers.

The fact that Fortinet FortiGate IPS can prevent and log malicious intrusions, tries, and attempts is great. We can replace them and check the logs to see what happened.

The speed of the detection could be improved. The prevention mechanisms and implementation are not easy and could be better. In addition, filtering and IDS could be added.

We have used this solution at my organization for over ten years. The biggest version we have is the 500E. But we have 60E and a lot of mid-range SMB firewalls, including DC ones using 500E. It is deployed on-premises.

We have no issues with stability.

It is scalable. 

We escalated a lot of technical issues during the deployment. I rate the technical support a seven out of ten.

Neutral

We completed the deployment by ourselves, and it took a lot of time to deal with the main data centres. The deployment took us more than nine months. We have 100 people using Fortinet FortiGate IPS in our organization, and our clients have more than 5000 users. It does not require a lot of maintenance.

We went with Fortinet FortiGate IPS because they're the best according to Gartner.

I rate this solution an eight out of ten. Regarding advice, prepare and ensure that the Fortinet product you choose is suitable for your situation and use case.

We have a Cisco ASA firewall. We have it at the border of the network in front of the internet. With FortiGate, we put it in the middle, then it works behind our server farm to protect our server farm from attacks, from viruses.

It is a strong firewall. 

The product offers many features. 

There has been no attack on our servers after we configured the FortiGate IPS. No more attacks are coming. We are very secure.

The initial setup is very easy.

I have found the solution to be stable. 

It's possible to scale the solution. 

So far, everything has been good for us. We haven't had any issues. 

While the security is good, we'd always prefer if it was even better to ensure protection.

I have three years of experience with the solution. 

It is a very stable product. There are no bugs or glitches. It doesn't crash or freeze. It's reliable.

The solution can scale well. 

We have five engineers using the solution. 

A lot of medium and even small companies use the solution in our country.

I'd rate the solution eight out of ten.

If we run into issues, we can contact support. They are helpful and responsive. 

Positive

We used Cisco ASA IPS as our old IPS. It was old, and we needed a newer product. We also liked the FortiGate support of the UTM feature. It allows for the inspection of Layer 7 in a more effective way than Cisco ASA. It is advanced. FortiGate is very, very advanced.

The initial setup is very simple and straightforward. It is not a complex process. 

The deployment is quick. It only takes a couple of minutes.

We have two people that can handle any maintenance tasks. 

We search for details and watch videos and are able to handle the process by ourselves. It's a solution that's easy to learn.

We bought the solution three years ago, and it came with five days of training from the local company. It cost us around $73,000 for three years. 

It's expensive, however, compared to Cisco, it's not too expensive. 

I'm an end-user.

We are using the latest version of the solution. 

I'd recommend the product to others.