Try our new research platform with insights from 80,000+ expert users
Director at a integrator with 11-50 employees
User
Don't underestimate FortiAnalyzer. It can give you a better understanding of what is going on in your network.
Pros and Cons
  • "Advanced routing (RIP, OSPF, BGP, PBR). It gives you a seamless and simple integration into a large network."
  • "I think there could be more QoS features"

What is our primary use case?

We used FG-90D as UTM device to protect some users and servers, and also to enable inter-vlan routing with advanced security policies inside our lab zone. Also used FG-500D in transparent mode in front of Cisco ASA for advanced and high performance protection by applying IPS, AV, AntiSpam, App.Control and DoS-protection profiles.

How has it helped my organization?

We have better manageability: opening and closing ports/services, adding addresses is done very quickly (can be done in single page of the web GUI).

It offers outstanding reporting tools when coupled with FortiAnalyzer (Fortinet's log collector and reporting tool) help meet compliance (there are PCIDSS, HIPAA and many more report types).

Better security posture: safe web surfing, less spam and viruses in incoming email messages, very granular AppControl, blocking vulnerability exploitation attempts and traffic anomalies by IPS, preventing DoS attacks by DoS policies.

What is most valuable?

Good VPN, both IPSEC and SSL (web-mode, tunnel-mode). An engineer/network administrator has tools to debug VPN issues that can occur during tunnel setup with other vendors' equipment.

SD-WAN feature at no cost. This is really great feature for remote locations (branch offices) and HQ, application steering between many ISP links becomes a simple task. Steering can be done dynamically by measuring link quality (latency, jitter, packet loss, available bandwidth).

Wi-Fi and Switch controller at no cost. FortiSwitch and FortiAP can become a kind of port extender of the firewall, all its ports can be referenced in firewall policies. When you have such management plane consolidation it gives you a simpler way to operate.

Security Fabric Framework is helping in analyzing sudden and rapid changes in whole infrastructure, and gives the ability to simplify daily operations (e.g. address objects synchronization between all firewalls in Fabric, estimating overall security rating, single-sign-on for admin access and many more)

Single Sign On support with deep LDAP integration (several variants for environments with different scales), RADIUS authentication.

Can work as transparent and explicit web-proxy, the last option supports Kerberos authentication which requires no agents installed on any windows server.

Human readable firewall policies with editable security policies and
addresses in single page. This is very useful and time saving feature.

Firmware upgrade process is very simple, even for cluster configurations it is fully automated by default.

Straightforward SNAT and DNAT; you may work in two ways: with Central NAT rules configuration and by applying translation directly inside firewall policies.

Bulk CLI commands are uploaded via gui in script file (portions of config file).

VDOMs are very useful when you need to grant admin role to clients separately. VDOMs in FortiGate can be represented in FortiAnalyzer's ADOMs (administrative domain), which can have different log storage policies, event handling and alerting configurations. You can create one VDOM working in NAT/Route mode, and another VDOM working in Transparent mode.

If you don't want to create and use second VDOM you can still transparently inspect traffic at layer 2 level while having only one VDOM in NAT/Route mode. This is achived by configuring Virtual Wire Pair ports that work like a separate bridge.

Ability to capture packets going through any interface of device (and VM too). You can set number of packets, filter out packets by IP and port number for particular troubleshooting purposes, then download a .pcap file from web gui and analyze it in your favorite programm.

Advanced routing (RIP, OSPF, BGP, PBR). It gives you a seamless and simple integration into a large network.

IPS, AV, Web Filter, AppControl profiles are working very well.

SSL Inspection and CASI (Cloud Access Security Inspection) profiles.

Rich logging options allow you troubleshoot most problems.

Straightforward HA with different redundancy schemas.

IPv6 support.

What needs improvement?

I think there could be more QoS features in GUI. FortiGate has Traffic Shaping feature that is enough in most cases when shaping egressing packets, but sometimes I just need 802.1p prioritizing (Class of Service) of incoming packets and manual ingress queue assignment. This is what would be nice to have, but I realize that such a job is more efficiently done by L4 switch standing before firewall. Fortinet has a FortiSwitch that can do it, and it also can be controlled by FortiGate via FortiLink protocol.

[Firmware version FortiOS 6.2 update]: There are a lot of improved and newly added things, so it is very hard to imagine any additional features.

Buyer's Guide
Fortinet FortiGate
December 2024
Learn what your peers think about Fortinet FortiGate. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.

For how long have I used the solution?

Four years.

What do I think about the stability of the solution?

Small models (up to FG-90) are build on SoC (System on a Chip), so they need to be mounted in places with enough airflow and right temperature, otherwise they could hang, slow down traffic processing, but more often you just can't log in to the device's web-interface (reboot won't help you until it cools down). Actually, that's not an issue. It is a technical requirement for operating environment to be 5-40 degrees (but at 35 degrees with poor airflow there may be issues mentioned above).

What do I think about the scalability of the solution?

For large scale deployment I would suggest to look at FortiManager, a central management point for large amount of FortiGates. I have tested the solution and found it quite useful. I could download configuration from any device and install edited list of policies to several devices simultaneously through a couple of clicks. Also I liked functionality of clearing out Address objects list from unused entries. It can be configured to be a central repository of firmware and updates, and a local rating server (url and antispam rating services) which can improve rating lookup latency value.

How are customer service and support?

Technical support is good (in average).

Which solution did I use previously and why did I switch?

We used an old IPS from Cisco. We switched because of End-of-Support on that device.

How was the initial setup?

Initial setup in plain networks is very straightforward. For large environment you should prepare beforehand, because FortiGate is a highly-tunable and feature rich product, so you must have a plan with many considered details.

What about the implementation team?

We did not engage a vendor team. Documentation is good enough to implement with an in-house team.

What's my experience with pricing, setup cost, and licensing?

Setup cost may be not so low, as you expect, because it depends on different factors, but TCO for 5 years may pleasantly surprise you.

Which other solutions did I evaluate?

Palo Alto, Cisco ASA, CheckPoint

What other advice do I have?

Many interesting things are hidden in CLI, they can help you in different situations. Web-interface (GUI) is primarily intended for day-to-day routine.

Don't underestimate FortiAnalyzer. It can give you a better understanding of what is going on in your network. When FortiGate sends logs to FortiAnalyzer, FortiAnalyzer inserts received log data into database. Predefined and customizable data queries, charts and reports can significantly help you by visualizing problem points, so you can thoroughly investigate security events and traffic behavior anomalies.

FortiGate is a constantly evolving product, so pay attention to FortiOS version it runs.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior System & Security Administrator at a legal firm with 51-200 employees
Real User
Offers side-to-Side VPN Support for Secure Networking
Pros and Cons
  • "Our project needs to link two sides through the internet. One of these was in Cairo and the other in another city. We used FortiGate as the integrating solution between the two locations, i.e. the Fortinet 30E & 100E."
  • "Fortinet needs more memory to save the log files. We need it to save the logs on the hardware and not in the cloud. I know this feature is available in FortiCloud, but if we need this log locally, it is not available."

What is our primary use case?

We use Fortinet FortiGate 100E for a VPN. We also use the solution for word filtering. These are our primary business requirements.

How has it helped my organization?

We were not fully operational previously. Our project needs to link two sides through the internet. One of these was in Cairo and the other in another city. 

In Egypt, to make this possible, we built connections for everything between the two sides through the internet using the VPN side-to-side with Fortinet. 

We used FortiGate as the integrating solution between the two locations, i.e. the Fortinet 30E & 100E.

What is most valuable?

The main feature that Fortinet FortiGate has that is very useful for me, is that I can connect two sides of the network to each other with Fortinet. 

I can make two VPNs run side-to-side. VPN is very simple and so easy with FortiGate.

What needs improvement?

Fortinet needs more memory to save the log files (like in the 101E, the old product). We need it to save the logs on the hardware and not in the cloud. 

I know this feature is available in FortiCloud, but if we need to log locally, it is not available. Also, the log only records a little time and needs to be longer.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

Fortinet FortiGate offers good stability. I have been using it for around two years.

What do I think about the scalability of the solution?

FortiGate is a very scalable tool. They have an app to manage the access points, switches, and other solutions. 

For our project, now we're over a hundred users at the headquarters. The other branch supports about 20 persons.

How are customer service and technical support?

Fortinet tech support is very helpful. I have not faced any trouble with their technical support. 

Which solution did I use previously and why did I switch?

The other product I was previously using was ForgeRock but did not have the experience of integrating it with Fortinet FortiGate.

How was the initial setup?

For the Fortinet installation, our initial setup was for word filtering. It was very easy and did not take a lot of time. The deployment took about three days. 

FortiGate is very easy. The entire solution setup processes took about three days. I can make many of the rules for most users as we need it configured easily.

What about the implementation team?

I am the integrator for Fortinet FortiGate solutions at our company.

What's my experience with pricing, setup cost, and licensing?

The licensing price for the Fortinet products is approximately a thousand of dollars per year for the FortiGate 100E and $200 per year for the FortiGate 50E. 

I don't use additional licensing, just the yearly subscription.

Which other solutions did I evaluate?

We did not evaluate any other options for this purchase.

What other advice do I have?

If anyone asks me for my experience with Fortinet solutions, I would recommend FortiGate, especially if they need to use it for security. 

I would recommend the FortiGate series for integration with any hardware or software product. I am very satisfied with Fortinet. I would rate it a 9 out of 10 overall.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Fortinet FortiGate
December 2024
Learn what your peers think about Fortinet FortiGate. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
administ2171925 - PeerSpot reviewer
IT Engineer at a aerospace/defense firm with 1,001-5,000 employees
Real User
Top 20
Helps reduce our cybersecurity risks, enhances security, and performs well
Pros and Cons
  • "The email protection and VPN features are the most valuable."
  • "The process of configuring firewall rules appears excessively complex."

What is our primary use case?

We utilize the Fortinet FortiGate firewall to safeguard our network and provide secure VPN access from external locations.

We implemented FortiGate because we needed a firewall to protect our data.

How has it helped my organization?

FortiGate helped us meet our ISO requirements.

In the time we have been using FortiGate, we have not had any security breaches. 

FortiGate has reduced the risk of cyberattacks that can disrupt our production. Since implementing FortiGate we have not dealt with any such attacks.

I'm unsure whether centralized FortiGate management enhances efficiency, but our experience with it has been exceptional. We haven't encountered any issues, and the operational aspects have been seamless. Additionally, there was no downtime, which is crucial for our operations.

Our Fortinet security fabric has enhanced security across our industrial control system. By safeguarding our production environment and ensuring the security of VPN access granted to individuals, we have achieved comprehensive data protection. We have not experienced any incidents that would have occurred if our firewall was inadequate.

FortiGate does a lot of research, and the product is regularly updated, especially in the ransomware area. I know of a couple of other companies around us that had some ransomware incidents, but we never have. From that perspective, FortiGate has helped mature our approach to cybersecurity a lot.

What is most valuable?

The email protection and VPN features are the most valuable.

What needs improvement?

The process of configuring firewall rules appears excessively complex. While FortiGate offers greater functionality than other firewall solutions, its user interface could benefit from simplification.

I would like the log viewing process to be improved to provide a clearer understanding of the logs.

For how long have I used the solution?

I have been using Fortinet FortiGate for five years.

What do I think about the stability of the solution?

I would rate the stability of FortiGate ten out of ten. We have never had any issues.

What do I think about the scalability of the solution?

We used the limit of our FotiGate firewall which was around 150 users and we never noticed any performance issues. 

I would rate the scalability of FortiGate eight out of ten.

How are customer service and support?

The technical support is good.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Our decision to switch from FortiGate to Sophos was solely driven by the seamless integration with our existing Sophos antivirus system. Had this integration not been an advantage, we would have maintained our FortiGate system.

How was the initial setup?

The initial deployment was straightforward due to our understanding of the product and its operation. It was completed in one day by a team of two.

What's my experience with pricing, setup cost, and licensing?

The price of FortiGate is comparable to that of most other firewall solutions and is more affordable than Cisco.

What other advice do I have?

I would rate Fortinet FortiGate eight out of ten.

Except for the firmware updates we have to do now and then, there is no other maintenance required for FortiGate.

We had FortiGate deployed in one location in a big server room. We have 150 users.

I would recommend FortiGate to anyone. FortiGate is an out-of-the-box firewall with good pricing and excellent features.      

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Luis Teran - PeerSpot reviewer
Engineer at Cyber Sea
Real User
Is affordable and easy to deploy, and has good license management features
Pros and Cons
  • "The license management is very valuable. You can get a new license each year, or you can enroll every two to four years. You can get the logs, and you will get the information on the risk in your network and the entire organization. With this information, you can take action on your actives, computers, or devices. You can bring your own device as an SSE."
  • "The firmware needs improvement because there are bugs when a new release comes through. Sometimes, the configuration changes, and it's a bit harder to see where the fail is. The first time that you have the firmware, it tends to have some issues, and it's better to wait a bit to update the equipment."

What is our primary use case?

The use case for this product has to do with security and visibility. When you are inside the business and when there are different departments and branches, it is used for the visibility of some packets. It can also be used for SSL inspections, to check if the SSL is right and that it is not phishing.

What is most valuable?

The license management is very valuable. You can get a new license each year, or you can enroll every two to four years. You can get the logs, and you will get the information on the risk in your network and the entire organization. With this information, you can take action on your actives, computers, or devices. You can bring your own device as an SSE.

The simplicity of the deployment and the digitization of risk are other valuable features that Fortinet provides.

The cost is low.

What needs improvement?

The firmware needs improvement because there are bugs when a new release comes through. Sometimes, the configuration changes, and it's a bit harder to see where the fail is. The first time that you have the firmware, it tends to have some issues, and it's better to wait a bit to update the equipment.

All the development of the firmware should be fixed before the update at the page level.

API tokens need to be improved, particularly with regard to integration with other cloud solutions. In other words, proxy flow and API integration need improvement.

For how long have I used the solution?

.

What do I think about the stability of the solution?

I haven't had any problem with the stability of the product.

What do I think about the scalability of the solution?

The scalability is good. You can merge other Fortinet products well with this solution.

How are customer service and support?

Technical support has been good.

How was the initial setup?

The initial setup is easy.

The deployment and maintenance can be done by one person.

What about the implementation team?

I did it myself. To create all the policies and configurations needed by the customers, it usually takes me two days or a week at the most if the project is harder.

What's my experience with pricing, setup cost, and licensing?

The price is really low. It's cheap in comparison to the cost of Cisco or CheckPoint, for example.

What other advice do I have?

If you want to get this product, first you must evaluate the number of people who will use it, and then choose the product that will best fit your needs.

I would rate this solution at eight on a scale from one to ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Rehan Rauf - PeerSpot reviewer
Network Engineer at Nayatel Pvt. Ltd
Real User
Great URL filtering with a next-generation firewall that can do internet routing
Pros and Cons
  • "Offers good security and filtering."
  • "Lacks training for new features."

What is our primary use case?

We use this solution for mid to large enterprise companies with around 500,000 users. We are resellers of this solution based in Pakistan and we have a partnership with Fortinet. 

What is most valuable?

I like the security that Fortigate offers; it has great URL filtering with a next-generation firewall that can do internet routing, plus give us advanced layer seven application control. It offers good features. 

What needs improvement?

I'd like to see training provided for new features and upgrades, it's not currently available. They really need to work on their support. There's a huge market for enterprise business right now and Pakistan is focusing on network security. Fortinet lacks local premium support.

For how long have I used the solution?

We've been using this solution for six months. 

What do I think about the stability of the solution?

This is a good, stable solution. 

What do I think about the scalability of the solution?

The solution is scalable for enterprise companies. 

How was the initial setup?

We have two or three local engineers that help us with deployment. 

What other advice do I have?

My one piece of advice would be to spend time planning, rather than just purchasing a product and proceeding to deployment. It's important to research the features, read their community postings regarding bugs because it's something that might hit them in the future. 

I rate this solution eight out of 10. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Assistant Manager - Network & Security at a financial services firm with 5,001-10,000 employees
Real User
Simple initial setup, mature features, and responsive support
Pros and Cons
  • "The most valuable features of Fortinet FortiGate are it is one of the most mature firewalls in the UTM bundle."
  • "Fortinet FortiGate could improve by adding enhancements to FortiMail, FortiSOAR, and FortiDeceptor."

What is our primary use case?

Fortinet FortiGate is used to secure internet gateways.

What is most valuable?

The most valuable features of Fortinet FortiGate are it is one of the most mature firewalls in the UTM bundle.

What needs improvement?

Fortinet FortiGate could improve by adding enhancements to FortiMail, FortiSOAR, and FortiDeceptor. 

For how long have I used the solution?

I have been using Fortinet FortiGate for approximately seven years.

What do I think about the stability of the solution?

Fortinet FortiGate is a stable solutions. Other solutions, such as Palo Alto, Cisco, and Forcepoint are less stable.

What do I think about the scalability of the solution?

For scalability, you must define your needs before implementing Fortinet FortiGate. You must know specifications, such as throughput, the number of sessions, and the SSL. Overall it is not scalable.

How are customer service and support?

We had some simple questions for the support and they were able to respond within a few hours. I was satisfied.

I rate the support from Fortinet FortiGate a four out of five.

How was the initial setup?

The initial setup is extremely simple. Customers that have never used it can manage it with ease after a few days.

What's my experience with pricing, setup cost, and licensing?

Fortinet FortiGate gives you most of the features in one license.

The activation of the license and support could improve. When I order Fortinet products, I have one year to activate my license and support. If this year passed without activating this license and support, I will lose it. If I ordered three years, I will lose all of the years. I must reorder them again, which is not reasonable.  For example, if I have to activate my license in six months but didn't activate it during the six months, they should activate automatically. They should not remove the license. They should activate automatically after the grace period.

What other advice do I have?

I rate Fortinet FortiGate an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Information Technology Solutions Manager at UBG
Real User
Beneficial user interface, provides multiple engines, and high availability
Pros and Cons
  • "The most useful functionality of Fortinet FortiGate is the user interface, multiple engines, and their cloud with the latest integrations. Additionally, the Security Fabric tool is very good."
  • "Fortinet FortiGate can improve by integrating the web application firewall and the DDoS protection part of the solution. Having a WAF feature, web application firewall, and proxy together would be a good benefit."

What is our primary use case?

Fortinet FortiGate can be deployed on the cloud, hybrid, and on-premise. We use a combination of private and hybrid for the deployment.

We are using Fortinet FortiGate for parameter security, network isolation, and web filtering. 

What is most valuable?

The most useful functionality of Fortinet FortiGate is the user interface, multiple engines, and their cloud with the latest integrations. Additionally, the Security Fabric tool is very good.

What needs improvement?

Fortinet FortiGate can improve by integrating the web application firewall and the DDoS protection part of the solution. Having a WAF feature, web application firewall, and proxy together would be a good benefit.

For how long have I used the solution?

I have been using Fortinet FortiGate for approximately five years.

What do I think about the stability of the solution?

Fortinet FortiGate is highly stable. It has high availability.

What do I think about the scalability of the solution?

The scalability of Fortinet FortiGate is very good.

We have customers with 1,000 users using this solution and others with 100.

Engineers use this solution and all the end-users are connected to it. The whole organization is using the solution.

How are customer service and support?

The technical support is very helpful. We had a very good experience with them.

How was the initial setup?

The initial installation is straightforward, and the full process takes one to two days.

What about the implementation team?

We have our own team that does the implementation of the solution.

What's my experience with pricing, setup cost, and licensing?

The support subscription for the solution is annual. You are paying for support and there are two levels of support, professional and advanced.

What other advice do I have?

I rate Fortinet FortiGate a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1249359 - PeerSpot reviewer
Executive at a computer software company with 10,001+ employees
Real User
Easy to use with a nice console but needs to offer container security
Pros and Cons
  • "The solution is very user-friendly."
  • "I'm not sure if it's something that they already have or are developing something, however, we need some dedicated features for container security."

What is our primary use case?

We mainly use the solution as a firewall. 

What is most valuable?

The solution is very user-friendly.

The collection of the integration of multiple nodes makes everything very easy. The fact that you can push, directly, one element, and you can leverage the distribution of the policy very well has been great. 

Honestly, the console is done very well. It's easy to use.

From a strategic point of view, I've seen, in recent years, a big challenge from Fortinet to recover some kinds of space with respect to the other two biggest players, Check Point and Palo Alto. That has happened much more since the beginning of the next generation file. I found Fortinet recovered much market space in the last year.

What needs improvement?

I'm not sure if it's something that they already have or are developing something, however, we need some dedicated features for container security. Other vendors have developed some kind of specific product to protection. Containers now are very common, especially in the cloud. It's an area that needs to be addressed.

For how long have I used the solution?

I've worked with the product for three or four years, more or less. 

What do I think about the stability of the solution?

The stability has been great. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. 

What do I think about the scalability of the solution?

We have more than 10,000 people o the solution. The scalability capabilities are enough. We haven't had a problem at all. 

How are customer service and support?

It would be hard to rate technical support due to the fact that, up until now, we've never had to deal with them.

That said, from talking with colleagues, my understanding is that they are good, and they offer standard levels of support in line with other competitors. 

Which solution did I use previously and why did I switch?

We've also used Palo Alto and Check Point.

How was the initial setup?

The initial setup is straightforward, however, we have knowledgeable teams. We also use Fortinet to check the configurations and make sure everything is supported during implementation. 

It's pretty standard to deploy. We're also familiar with Palo Alto and Check Point and there is not much of a difference between the three.

What about the implementation team?

We managed, with my team, the setup. We also engaged with Fortinet in terms of professional services in order to check the installation and offer some support.

That said, we have many people on our team certified with the biggest firewalls and security infrastructure vendors.

What's my experience with pricing, setup cost, and licensing?

It's very difficult to discuss pricing as we have generally, in terms of pricing, at the end of the day, we have leveraged deals the existing contracts the client had in place. The client uses various technology vendors. I can't say that one is cheaper than the other. It's all in the same ballpark when you are speaking about comparable products.

What other advice do I have?

We are partners with many vendors, including Fortinet.

Likely our engineers would know what version of the solution we are on. I don't follow those details. 

I'd rate the solution at a seven out of ten. It's stable, easy to set up, and easy to use. However, I have yet to see all of the features in play.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Fortinet FortiGate Report and get advice and tips from experienced pros sharing their opinions.
Updated: December 2024
Buyer's Guide
Download our free Fortinet FortiGate Report and get advice and tips from experienced pros sharing their opinions.