Fortinet FortiGate Reviews

The purpose of this solution is to provide intrusion protection and more robust endpoint security for small offices. We are providing an enterprise solution for a small business by adding endpoint protection coupled with Intrusion Detection and Protection.  For small offices needing HIPAA compliance, we need to make sure we are providing robust protection instead of the default modem gateway provided by the ISP.

The Fortinet product provides enterprise capabilities in a small footprint at a price point that is more attainable for a small business. The product meets the IPS/IDS/Endpoint protection that small organizations need for their HIPAA and PCI compliance.  While the end user may not understand the true capabilities, the managed service provider can more easily deploy and maintain this small footprint product.

The main reason why I purchased the particular unit was based on other reviews and leadership in this space. Being able to have a VPN solution as well as integrated access points is a plus. For me, it's all about simplicity. When you look at my particular model for a managed service provider, it's basically to help simplify, protect, and remain compliant. When you're trying to implement something, it's about making sure it is simplified. This seems to fit the bill.

The product has enterprise capabilities, which means there are a ton of configurations possible.  What I'd like to see in the product is more of a branch in the box wizard deployment for those that are not as well versed in firewall and routing.  For a small business, the firewall should be able to self-configure for a Unified Threat Management configuration with 2 SSIDs for protected wireless network for internal gear and a guest wireless network for employee cell phones and guests.  I'd like to open the box, plug in the router behind the cable modem, and check a few boxes, and the rest is done automatically.  I don't want to have to build a configure VLANs, SSIDs, security protocols for each port, and try to figure out and understand all the layers in an effort to deploy a solution.  It's great to have those capabilities in case you need them, but for most of the offices I am trying to deploy these into--it should be a branch in a box.

I've only been using the solution for a few weeks. It's very new for us.

Stability has been fine. I've had no questions about the stability of it. It seems so far it is staying up. I haven't had any issues to speak of.

I haven't really pushed this product from a scalability perspective. Certainly, if you look at the performance metrics, the F series appears to have really expanded the capacity and capabilities beyond past models. If you look at 40E versus 40F, there's a fairly substantial difference. For a small office, it's going to be just fine.

I haven't reached out to technical support and therefore can't speak to their level of responsiveness.

N/A

The initial setup is complex for me due to my lack of experience with the Fortinet FortiGate product. The complexity can be a good thing, however, as there's a lot of really good features associated with it. Where it could be simplified is in having that easy deployment option, and then you can start going down and trying to get into the nitty-gritty and figure out when do you need the extra features.

Right now, I'm just in a test environment getting all the firmware up and tested. Then, once I have it tested, I'll take it to the client location and yank out their WiFi mechanism, their WiFi router, and put this in.

I'm currently handling the implementation for a client.

ROI is somewhat difficult to measure when you are mostly talking about deploying a product for endpoint security.  If your environment stays protected, then it was a good return on investment.

When you look at these endpoint security systems and firewalls, these products a few years were way too expensive for a small business. Now we have enterprise level security in a footprint that is less than $1,000.  For offices that have 10-25 computers needing protection, this is a better solution.

The good news is that Fortinet does have a good support network as well as their education academy to help someone get up to speed on their product.

We used FG-90D as UTM device to protect some users and servers, and also to enable inter-vlan routing with advanced security policies inside our lab zone. Also used FG-500D in transparent mode in front of Cisco ASA for advanced and high performance protection by applying IPS, AV, AntiSpam, App.Control and DoS-protection profiles.

We have better manageability: opening and closing ports/services, adding addresses is done very quickly (can be done in single page of the web GUI).

It offers outstanding reporting tools when coupled with FortiAnalyzer (Fortinet's log collector and reporting tool) help meet compliance (there are PCIDSS, HIPAA and many more report types).

Better security posture: safe web surfing, less spam and viruses in incoming email messages, very granular AppControl, blocking vulnerability exploitation attempts and traffic anomalies by IPS, preventing DoS attacks by DoS policies.

Good VPN, both IPSEC and SSL (web-mode, tunnel-mode). An engineer/network administrator has tools to debug VPN issues that can occur during tunnel setup with other vendors' equipment.

SD-WAN feature at no cost. This is really great feature for remote locations (branch offices) and HQ, application steering between many ISP links becomes a simple task. Steering can be done dynamically by measuring link quality (latency, jitter, packet loss, available bandwidth).

Wi-Fi and Switch controller at no cost. FortiSwitch and FortiAP can become a kind of port extender of the firewall, all its ports can be referenced in firewall policies. When you have such management plane consolidation it gives you a simpler way to operate.

Security Fabric Framework is helping in analyzing sudden and rapid changes in whole infrastructure, and gives the ability to simplify daily operations (e.g. address objects synchronization between all firewalls in Fabric, estimating overall security rating, single-sign-on for admin access and many more)

Single Sign On support with deep LDAP integration (several variants for environments with different scales), RADIUS authentication.

Can work as transparent and explicit web-proxy, the last option supports Kerberos authentication which requires no agents installed on any windows server.

Human readable firewall policies with editable security policies and
addresses in single page. This is very useful and time saving feature.

Firmware upgrade process is very simple, even for cluster configurations it is fully automated by default.

Straightforward SNAT and DNAT; you may work in two ways: with Central NAT rules configuration and by applying translation directly inside firewall policies.

Bulk CLI commands are uploaded via gui in script file (portions of config file).

VDOMs are very useful when you need to grant admin role to clients separately. VDOMs in FortiGate can be represented in FortiAnalyzer's ADOMs (administrative domain), which can have different log storage policies, event handling and alerting configurations. You can create one VDOM working in NAT/Route mode, and another VDOM working in Transparent mode.

If you don't want to create and use second VDOM you can still transparently inspect traffic at layer 2 level while having only one VDOM in NAT/Route mode. This is achived by configuring Virtual Wire Pair ports that work like a separate bridge.

Ability to capture packets going through any interface of device (and VM too). You can set number of packets, filter out packets by IP and port number for particular troubleshooting purposes, then download a .pcap file from web gui and analyze it in your favorite programm.

Advanced routing (RIP, OSPF, BGP, PBR). It gives you a seamless and simple integration into a large network.

IPS, AV, Web Filter, AppControl profiles are working very well.

SSL Inspection and CASI (Cloud Access Security Inspection) profiles.

Rich logging options allow you troubleshoot most problems.

Straightforward HA with different redundancy schemas.

IPv6 support.

I think there could be more QoS features in GUI. FortiGate has Traffic Shaping feature that is enough in most cases when shaping egressing packets, but sometimes I just need 802.1p prioritizing (Class of Service) of incoming packets and manual ingress queue assignment. This is what would be nice to have, but I realize that such a job is more efficiently done by L4 switch standing before firewall. Fortinet has a FortiSwitch that can do it, and it also can be controlled by FortiGate via FortiLink protocol.

[Firmware version FortiOS 6.2 update]: There are a lot of improved and newly added things, so it is very hard to imagine any additional features.

Four years.

Small models (up to FG-90) are build on SoC (System on a Chip), so they need to be mounted in places with enough airflow and right temperature, otherwise they could hang, slow down traffic processing, but more often you just can't log in to the device's web-interface (reboot won't help you until it cools down). Actually, that's not an issue. It is a technical requirement for operating environment to be 5-40 degrees (but at 35 degrees with poor airflow there may be issues mentioned above).

For large scale deployment I would suggest to look at FortiManager, a central management point for large amount of FortiGates. I have tested the solution and found it quite useful. I could download configuration from any device and install edited list of policies to several devices simultaneously through a couple of clicks. Also I liked functionality of clearing out Address objects list from unused entries. It can be configured to be a central repository of firmware and updates, and a local rating server (url and antispam rating services) which can improve rating lookup latency value.

Technical support is good (in average).

We used an old IPS from Cisco. We switched because of End-of-Support on that device.

Initial setup in plain networks is very straightforward. For large environment you should prepare beforehand, because FortiGate is a highly-tunable and feature rich product, so you must have a plan with many considered details.

We did not engage a vendor team. Documentation is good enough to implement with an in-house team.

Setup cost may be not so low, as you expect, because it depends on different factors, but TCO for 5 years may pleasantly surprise you.

Palo Alto, Cisco ASA, CheckPoint

Many interesting things are hidden in CLI, they can help you in different situations. Web-interface (GUI) is primarily intended for day-to-day routine.

Don't underestimate FortiAnalyzer. It can give you a better understanding of what is going on in your network. When FortiGate sends logs to FortiAnalyzer, FortiAnalyzer inserts received log data into database. Predefined and customizable data queries, charts and reports can significantly help you by visualizing problem points, so you can thoroughly investigate security events and traffic behavior anomalies.

FortiGate is a constantly evolving product, so pay attention to FortiOS version it runs.

We use Fortinet FortiGate 100E for a VPN. We also use the solution for word filtering. These are our primary business requirements.

We were not fully operational previously. Our project needs to link two sides through the internet. One of these was in Cairo and the other in another city. 

In Egypt, to make this possible, we built connections for everything between the two sides through the internet using the VPN side-to-side with Fortinet. 

We used FortiGate as the integrating solution between the two locations, i.e. the Fortinet 30E & 100E.

The main feature that Fortinet FortiGate has that is very useful for me, is that I can connect two sides of the network to each other with Fortinet. 

I can make two VPNs run side-to-side. VPN is very simple and so easy with FortiGate.

Fortinet needs more memory to save the log files (like in the 101E, the old product). We need it to save the logs on the hardware and not in the cloud. 

I know this feature is available in FortiCloud, but if we need to log locally, it is not available. Also, the log only records a little time and needs to be longer.

Fortinet FortiGate offers good stability. I have been using it for around two years.

FortiGate is a very scalable tool. They have an app to manage the access points, switches, and other solutions. 

For our project, now we're over a hundred users at the headquarters. The other branch supports about 20 persons.

Fortinet tech support is very helpful. I have not faced any trouble with their technical support. 

The other product I was previously using was ForgeRock but did not have the experience of integrating it with Fortinet FortiGate.

For the Fortinet installation, our initial setup was for word filtering. It was very easy and did not take a lot of time. The deployment took about three days. 

FortiGate is very easy. The entire solution setup processes took about three days. I can make many of the rules for most users as we need it configured easily.

I am the integrator for Fortinet FortiGate solutions at our company.

The licensing price for the Fortinet products is approximately a thousand of dollars per year for the FortiGate 100E and $200 per year for the FortiGate 50E. 

I don't use additional licensing, just the yearly subscription.

We did not evaluate any other options for this purchase.

If anyone asks me for my experience with Fortinet solutions, I would recommend FortiGate, especially if they need to use it for security. 

I would recommend the FortiGate series for integration with any hardware or software product. I am very satisfied with Fortinet. I would rate it a 9 out of 10 overall.

The use case for this product has to do with security and visibility. When you are inside the business and when there are different departments and branches, it is used for the visibility of some packets. It can also be used for SSL inspections, to check if the SSL is right and that it is not phishing.

The license management is very valuable. You can get a new license each year, or you can enroll every two to four years. You can get the logs, and you will get the information on the risk in your network and the entire organization. With this information, you can take action on your actives, computers, or devices. You can bring your own device as an SSE.

The simplicity of the deployment and the digitization of risk are other valuable features that Fortinet provides.

The cost is low.

The firmware needs improvement because there are bugs when a new release comes through. Sometimes, the configuration changes, and it's a bit harder to see where the fail is. The first time that you have the firmware, it tends to have some issues, and it's better to wait a bit to update the equipment.

All the development of the firmware should be fixed before the update at the page level.

API tokens need to be improved, particularly with regard to integration with other cloud solutions. In other words, proxy flow and API integration need improvement.

.

I haven't had any problem with the stability of the product.

The scalability is good. You can merge other Fortinet products well with this solution.

Technical support has been good.

The initial setup is easy.

The deployment and maintenance can be done by one person.

I did it myself. To create all the policies and configurations needed by the customers, it usually takes me two days or a week at the most if the project is harder.

The price is really low. It's cheap in comparison to the cost of Cisco or CheckPoint, for example.

If you want to get this product, first you must evaluate the number of people who will use it, and then choose the product that will best fit your needs.

I would rate this solution at eight on a scale from one to ten.

We use this solution for mid to large enterprise companies with around 500,000 users. We are resellers of this solution based in Pakistan and we have a partnership with Fortinet. 

I like the security that Fortigate offers; it has great URL filtering with a next-generation firewall that can do internet routing, plus give us advanced layer seven application control. It offers good features. 

I'd like to see training provided for new features and upgrades, it's not currently available. They really need to work on their support. There's a huge market for enterprise business right now and Pakistan is focusing on network security. Fortinet lacks local premium support.

We've been using this solution for six months. 

This is a good, stable solution. 

The solution is scalable for enterprise companies. 

We have two or three local engineers that help us with deployment. 

My one piece of advice would be to spend time planning, rather than just purchasing a product and proceeding to deployment. It's important to research the features, read their community postings regarding bugs because it's something that might hit them in the future. 

I rate this solution eight out of 10. 

Fortinet FortiGate is used to secure internet gateways.

The most valuable features of Fortinet FortiGate are it is one of the most mature firewalls in the UTM bundle.

Fortinet FortiGate could improve by adding enhancements to FortiMail, FortiSOAR, and FortiDeceptor. 

I have been using Fortinet FortiGate for approximately seven years.

Fortinet FortiGate is a stable solutions. Other solutions, such as Palo Alto, Cisco, and Forcepoint are less stable.

For scalability, you must define your needs before implementing Fortinet FortiGate. You must know specifications, such as throughput, the number of sessions, and the SSL. Overall it is not scalable.

We had some simple questions for the support and they were able to respond within a few hours. I was satisfied.

I rate the support from Fortinet FortiGate a four out of five.

The initial setup is extremely simple. Customers that have never used it can manage it with ease after a few days.

Fortinet FortiGate gives you most of the features in one license.

The activation of the license and support could improve. When I order Fortinet products, I have one year to activate my license and support. If this year passed without activating this license and support, I will lose it. If I ordered three years, I will lose all of the years. I must reorder them again, which is not reasonable.  For example, if I have to activate my license in six months but didn't activate it during the six months, they should activate automatically. They should not remove the license. They should activate automatically after the grace period.

I rate Fortinet FortiGate an eight out of ten.

Fortinet FortiGate can be deployed on the cloud, hybrid, and on-premise. We use a combination of private and hybrid for the deployment.

We are using Fortinet FortiGate for parameter security, network isolation, and web filtering. 

The most useful functionality of Fortinet FortiGate is the user interface, multiple engines, and their cloud with the latest integrations. Additionally, the Security Fabric tool is very good.

Fortinet FortiGate can improve by integrating the web application firewall and the DDoS protection part of the solution. Having a WAF feature, web application firewall, and proxy together would be a good benefit.

I have been using Fortinet FortiGate for approximately five years.

Fortinet FortiGate is highly stable. It has high availability.

The scalability of Fortinet FortiGate is very good.

We have customers with 1,000 users using this solution and others with 100.

Engineers use this solution and all the end-users are connected to it. The whole organization is using the solution.

The technical support is very helpful. We had a very good experience with them.

The initial installation is straightforward, and the full process takes one to two days.

We have our own team that does the implementation of the solution.

The support subscription for the solution is annual. You are paying for support and there are two levels of support, professional and advanced.

I rate Fortinet FortiGate a nine out of ten.

We mainly use the solution as a firewall. 

The solution is very user-friendly.

The collection of the integration of multiple nodes makes everything very easy. The fact that you can push, directly, one element, and you can leverage the distribution of the policy very well has been great. 

Honestly, the console is done very well. It's easy to use.

From a strategic point of view, I've seen, in recent years, a big challenge from Fortinet to recover some kinds of space with respect to the other two biggest players, Check Point and Palo Alto. That has happened much more since the beginning of the next generation file. I found Fortinet recovered much market space in the last year.

I'm not sure if it's something that they already have or are developing something, however, we need some dedicated features for container security. Other vendors have developed some kind of specific product to protection. Containers now are very common, especially in the cloud. It's an area that needs to be addressed.

I've worked with the product for three or four years, more or less. 

The stability has been great. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. 

We have more than 10,000 people o the solution. The scalability capabilities are enough. We haven't had a problem at all. 

It would be hard to rate technical support due to the fact that, up until now, we've never had to deal with them.

That said, from talking with colleagues, my understanding is that they are good, and they offer standard levels of support in line with other competitors. 

We've also used Palo Alto and Check Point.

The initial setup is straightforward, however, we have knowledgeable teams. We also use Fortinet to check the configurations and make sure everything is supported during implementation. 

It's pretty standard to deploy. We're also familiar with Palo Alto and Check Point and there is not much of a difference between the three.

We managed, with my team, the setup. We also engaged with Fortinet in terms of professional services in order to check the installation and offer some support.

That said, we have many people on our team certified with the biggest firewalls and security infrastructure vendors.

It's very difficult to discuss pricing as we have generally, in terms of pricing, at the end of the day, we have leveraged deals the existing contracts the client had in place. The client uses various technology vendors. I can't say that one is cheaper than the other. It's all in the same ballpark when you are speaking about comparable products.

We are partners with many vendors, including Fortinet.

Likely our engineers would know what version of the solution we are on. I don't follow those details. 

I'd rate the solution at a seven out of ten. It's stable, easy to set up, and easy to use. However, I have yet to see all of the features in play.