Fortinet FortiGate Reviews

We use this solution for different reasons.

We use it for the firewall with SDWAN functionality

We use it in some use cases as a VPN Server.

 We use it as a Wi-Fi controller on some sites.

We use if for internal network segregation and routing

Fortinet FortiGate has improved the way our organization functions.

Versatile with a lot of controls and expert level customizations for advanced users

NGFW features seems to be effective are relatively easy to implement. 

Fortigate DC Agent is a useful free feature to automatically detect logged on users and implement user based access policy

Basic VPN is included without extra charges

The Wi-Fi controller feature needs a lot of improvement. The function itself is not as stable as it should be in our use case which might be a problem in either the APs or the controller.

Would like to see more wizards and automation for more features such as virtual servers, SSL VPN, and others where policies, rules entries are created automatically form wizard input.

Some of the features related to load-balancing and traffic shaping are not as straightforward as they need to be. 

The VPN functionality needs low-level debugging get what really going on. Log level is too detailed and requires someone who is quite experienced to analyze and solve those issues. 

Zero-trust base features are lagging behind the other competition, based on what I have read. Would like to see those features in a clearly in the UI.

I have been using Fortinet FortiGate for four years.

We are not using the latest version, but close to it.

There are some stability issues when move to a newer version. It's always good to be a couple of steps behind when you upgrade as usually the latest major releases are a not stable. We are quite cautious to update.

The stability of VPN connection phase is can be enhanced

Wifi AP/Controller stability is an issue for us

It's quite scalable. The scalability and the migration are okay as well. Licensing model is also stright forword and certain features such as basic SSL VPN requires no to min additional cost per user.

Their technical service is quite good. The application notes and the help on the web are quite good.

I would rate technical support an eight out of ten.

By the time I joined a Fortigate was selected against pfsense.

The initial setup is intermediate in complexity but support and online documentation covers for it.

If you're a small-medium size business:

- Size your use case carefully as licensing price jumps significantly with HW changes. 

- Customizable Forticilent SW can be downloaded for free with FNDN membership

- If you have multi sites and require Fortigate based 2FA then consider getting a dedicated fortiauthenticator (VM) with fortiokens acting a central RADIUS server which can be cheaper than cloud tokens an with additional authentication flexibilities.

pfsense; was decided against based required features (mainly VPN which is based in OpenVPN)

Paloalto; is a more expensive with comparable security features based on a recent NSS LABs report

Follow the instructions on the application manual carefully. Otherwise, certain features would not be running quite as they need them to without clear errors reported. 

Contact technical support, they're responsive and have solutions for most of the problems.

Chose/size the HW carefully based on your use case as certain features are HW accelerated  in higher variants but takes a huge toll on CPU/ memory when running on lower variants.

Consider using Fortigate DC Agent which is  useful free feature to automatically detect logged on users and implement user based access policy

Consider segregating functions on different units instead of having all features on a Fortigate (i.e avoid having wifi controller + firewall + VPN on a single unit specially for lower variants)

Because of the flexibility, the advanced user features, the high level of security controls, and the tweaks that are available for the user, I would rate this solution an eight out of ten.

We primarily use the solution as a hardware firewall. In China, there's a lot of content that would be available in the West that isn't allowed here. We're able to block certain content from getting through filters.

The solution offers a very good package for all kinds of virtual appliances, subscriptions, and so on. It's a reasonable price. It's not too much.

The services on offer are just superb. 

The way it can block certain content is very useful for us. It gives you a good heads up as to what streams are being blocked from the network, which helps with visibility.

The simplicity of the product is great. It's very easy to use, which is a compliment we get all the time in terms of feedback.

There seems to be good reporting features. 

The scalability is there. If you need to expand the product, you can.

The menu structure is more logical than, for example, Cisco or SonicWall. I find that the Fortinet is easier to understand in terms of the installation process and setup. 

The only problem that we have here in China is that the whole subscription process on Fortinet is a little bit difficult if you are doing it from China. China has kind of a firewall around the country, and we sometimes have complications due to that aspect.

As a whole, I don't think that the product is actually missing any features.

You do need some IT knowledge in order to effectively work with the solution.

I've been working with the solution since about 2016. It's been a few years at this point.

The solution is very stable. There aren't issues with bugs or glitches. It doesn't crash or freeze. It's very reliable.

The scalability is good. You can expand it as needed and add on extra apps to add in extra functionality if you want to.

We mostly deal with mid-range companies. 

I only talk with people here in China that are the Chinese sellers or distributors from Fortinet. They are Chinese and I don't speak or understand one single character Chinese. So for me, it's very difficult to communicate with technical support. Most of the time, I let them talk with one of the people who I know who is fluent in English and Chinese. That's what I do. 

Most of the time, I can do all the research on the internet to see what kind of device I need and then I get a translator and we figure it out.

We only use Fortinet's FortiGate for our hardware firewall protection.

However, if our clients need extra security, we may add other brands and security layers. We also work with SonicWall, Checkpoint, and Barracuda, for example.

I've also worked with pfSense, which is free, however, it has much more of a do-it-yourself approach. It's also quite different from other solutions. If you have Cisco experience, you'll be able to navigate Fortinet, whereas pfSense requires much more in-depth study. It has its own language, basically. That's one of the reasons you won't find too many of its configurations in China.

The initial setup, for me, at least, is very straightforward. It's just a few clicks and you're set up. It may be a bit more complex for someone else who may not be as familiar with the product.

I have partners that assist with the initial setup and I have network engineers who are doing the job for me. They are working for me as they are my employees. As their boss, of course, I have to know a little bit about how to handle it as well. We handle the implementation process for our clients. We implement it according to ISO and Chinese security standards.

The solution is pretty affordable. It's not overly expensive. It's not like Cisco where you pay an awful lot of money mostly for the name.

There are extra apps you can add to the product, however, those come with an extra price tag as well. That said, it allows you to do more things and expands its capabilities.

I like to use Fortinet due to the fact that with the device you can do so much more, it's not only web filtering. If you decide to use it for something else, you just pay some money to Fortinet for another package and you are good to go. It makes it a little bit easier for small or large companies as it's so flexible in its offering. 

In China, due to business constraints, licensing is quite complicated here.

I'm a service provider in China. Basically, I'm connecting companies, foreign companies or Chinese companies, or even foreign public services to business VPNs or business cross border interconnections.

Whether we use the latest version of the solution or not depends on the client, their needs, and the environment. If a client needs more security, we may even layer in other brands to help with that.

We tend to keep deployments on-premises as you can run into issues with using the cloud in China. We prefer to have it on-premises and then bring lines in to hook everything up. It's simpler and there are fewer issues.

In general, I would rate the solution at a ten out of ten. We've just been pleased with the product and the ease of use.

We primarily use the solution just for internal segmentation and connection of some ranges using IPSec.

Currently, the solution is saving costs for us and blocks applications effectively using layer seven.

The solution's most valuable aspect is the IPS for potential mitigation from the cloud inside our network. 

The VPN SSL is important for us. 

The web filter is very good. 

The GUI is okay.

The initial setup is straightforward.

The documentation provided is okay, I find that sometimes, with other startups, it's hard to find a good amount of documentation in order to assist you with the product. In this case, the solution offers a good amount of detail.

The solution offers good analyzing capabilities.

I'm not sure if the solution is really lacking anything major. For us, it works okay.

They seem to have made a lot of improvements since the last release.

Technical support could be better. You don't always get the level of help you need right away.

We've been using the solution for about ten years at this point. As it's been about a decade, I'd say we have quite a bit of experience with it.

For the most part, the memory and the CPU are good. It's generally stable. We don't face any issues with this aspect of the solution.

The scalability is fine. If a company needs to expand it, they should be able to do so without any issues.

We only have about 40 users on the product currently. It's not a big company.

For now, the product is good as it is and we don't have plans to increase usage in the future.

By and large, technical support is good. It's okay. It's not bad. It could be better, however, they do answer our questions when we have them. We're mostly satisfied with the level of service they provide. Of course, it could always be a bit better.

Sometimes the first contact is useful, and sometimes you don't get the kind of help you need right away. It would be nice if it was more consistent.

We also use Sophos. We use both solutions at the same time.

We didn't face any complexity when handling the initial implementation. The process is quite straightforward.

The implementation itself can sometimes take less than a week. On average, you should expect it to be about a week in total.

I didn't need the assistance of a reseller or integrator. I handled the implementation myself.

We're charged a licensing fee on a yearly basis. I'm unsure of the exact cost to the company, however. I'm not sure if there are other costs over and above the standard licensing fee.

We also looked at Juniper when we evaluated FortiGate. FortiGate is much easier to use in comparison which is why we chose it. The documentation was also better. That, and there was no integration for SSL in Juniper.

We're just a customer. We don't have a business relationship with the company.

Overall, I would recommend the product. It comes with a very good set of features.

I would rate the solution ten out of ten. We've been quite happy with it.

We have some that are doing IPS, and we have some that are for AV. That's basically their main role. We are using one version below the current release.

I only deal with it from a security analyst's point of view. I don't really get into the features of the actual FortiGate. From the security point of view, it works, and it does its job. 

If I had any criticism that I would give FortiGate, it would be that they need to stop changing their logging format. Every time we do a firmware upgrade, it is a massive issue on the SIM. Parsers have to be rebuilt. Even the FortiGate guys came in and said that they don't play well in the sandbox.

I have been using this solution for probably 20 years.

They are pretty stable. We never had any real issues with them.

Their scalability is pretty good. We have upgraded and changed them, and we have been running them for 20 years. They run for a long time. We are not replacing them every couple of years, and we have scaled up a lot. We have over 10,000 users behind it. We have three people for maintenance and deployment. 

I never had to deal with technical support directly, but I've never heard the guys complain about it.

I never set them up.

We are using FortiGate, but we are switching to Palo Alto. We are just moving over to the new next-gen and do an extra layer or higher layer filtering. Being a government organization, it was RFP, and basically, Palo Alto won the RFP. I wasn't part of the RFP review, so I can't tell which features pushed Palo Alto over the edge or not. For all I know, it could just be price.

I would rate Fortinet FortiGate an eight out of ten. I would also rate Palo Alto the same.

We primarily use the solution as a firewall.

We use the firewall to enforce our company ideologies and principles and policies. The solution has built-in features for web filtering that are great. It categorizes it nicely for you. 

The interface itself is nice to work with. It's a lot better than the initial interface that they used to have around version four. I used to work for FortiGate some time back, and the earlier interfaces were not as good as these latest ones. 

I like that once you open it up, you have a dashboard that can give you a holistic overview of what is happening. You can see, for example, how your resources are doing on your firewall or if you still have disc space for logs and so forth.

The solution gives you an immediate view of what's happening on the hardware itself. What we have done with FortiGate is we have put up a FortiAnalyzer, a FortiGate reporting hardware. We are using it in conjunction with FortiGate. 

The solution offers good reporting. We get our reports from there. We have the opportunity to get real-time reports. 

There are great templates, so you don't have to customize them if you don't want to. You do have the option to custom create some folders and some reports, however, with what is there, you don't really need to go through extra effort, as they already give you a lot of predefined views of reports and so forth.

We have access to quite a few features. The web filter and application control are primarily what we are using. Then we also have a VPN feature, which allows for our remote users to connect and get through the firewall. 

The commercial side of things can be improved a bit. They have such a good product, and when you disable some features, it has to be commercialized for you to enjoy those features. Therefore, you are actually buying half a product. You have hardware there, and yet, your features are not enabled. The primary things, such as the antivirus, web filter, DNS filter, application intrusion, file filter, and email filter come with the general license. There are other things that you want to also enjoy in this system and you can't. 

There are SD-WAN network monitoring, SD-WAN features, Industrial Databases, Internet of Things, Detection, etc., however, we do have not licenses for those features. We thought that if you bought a product, you should have all of the features it offers. Why should you need to make so many extra purchases to enable features? They should have one price for the entire offering. That's one of the drawbacks they could look at. 

Sometimes the firmware automatically updates itself. Then it corrupts the configuration and you have to roll back or you have to do amendments to the configurations. That, however, has happened only once with us. We have put in controls for automatic updates to stop them and now we do manual allowance or we allow the manual update.

Most of the features are good. They give you pricing and you get a VPN for about 10 users where you can test it. For us, we feel that we need to buy extra licenses due to COVID, as people are working from home. Under the current conditions, we are not getting the best out of the firewall. 

They could just maybe put better graphics or better reporting into the solution. I want to know who is the user and what is the exact website they're visiting. Something like that would help. They should do more like what the GFI is doing.

We've been using the solution for a bit over a year now.

6.4.2 is our current version. The latest is 6.4.3. It's available like I say, however, we have not installed it. We'll wait until around December, then we will then install that one. We like to wait to witness its stability. Once we know it is bug-free, then we allow it to run as the latest platform.

We have a cluster and we have configured it with high availability. What we have done is we have put one primary and one secondary in case it breaks or it gets damaged. We have a third one at our DR site as well, which works in conjunction with Plateau. We have employed the same rules and some stricter rules on the DR site, just to allow traffic between these machines.

We allow certain times for updates on the infrastructure we have at the DR. We are planning some more, however, we don't enjoy all the features yet. We want to bring in an SD-WAN. Maybe that can also help us with scaling our network at different angles and from the cloud or being from an LD device or so forth. We're still working on that.

We have a partner that we work with. We have support at another level and I'm the primary person that looks after the firewall. If I have an issue that is urgent and I don't have the time to do the knowledge base to actually turn it around, we usually engage our partner, which has engineers that have the knowledge necessary to deal with it and who are certified in FortiGate. 

We have what is called FortiCare. We have FortiCare support as well for firmware and general updates and all those other things. I normally do updates and so forth myself. It's very little intervention from outside technical support.

Having background knowledge, the initial implementation was not really complex for me. You just need to know your environment and what is needed as well as what is allowed. 

The business input was the only item outstanding as there were issues such as who needs to have social media access at what time and who needs to have full access. Those were business decisions, however, but from the technical side, it was fairly easy.

They have almost all the features embedded in the solution. It's just that some features are not available because you have to pay for it. There are lots of add-ons available, and you need to pay extra for them, so pricing can add up.

We are strictly a government entity. We are a customer.

The model that we are using is the 500E, which is for small and medium enterprises. We are not a big institution. We do not have the latest version. We like to wait about three months before we apply anything new to make sure the early releases aren't flawed. After three months, after we've got a good review, then we will say, "Okay, let's upgrade to that version."

Even though we feel that sometimes they create a new version to take care of a vulnerability or threat, we like to be safe and avoid bugs. The version that we are fitting currently is 6.4.2, which is fairly stable.

Apart from the fact that they should just include everything in their offering, everything else works fine for me. There's a whole lot of Fortinet products that work together, FortiSwitches, FortiAP's, etc. Overall, I would give it eight of ten. 

We primarily use this solution as a firewall.

It's our main firewall, but we're planning to replace it with a pfSense for reasons I will discuss.

It's super reliable. I don't think I've ever had a reliability issue with it. Within the four years that I've been using it, maybe two or three times, resetting the firewall was what solved the problem. It's been super, super solid. I never have to think twice. If I ever experience a problem, the firewall is the last thing I think about. I never need to check it because it's never the problem. It's just super solid. It's also pretty robust. I know that there are more robust solutions out there, but not by a lot.

In the enterprise proprietary world, Fortinet, in my experience, considering its cost and reliability (maybe they could bring the price down or maybe they could make more plans), I honestly don't think that there is much room for improvement. I think it's a pretty good solution for anyone who is looking for a proprietary solution. I wouldn't look anywhere else.

Cisco, for example, is probably way overpriced. Fortinet on the other hand, one of their strong sides is that they have an all-encompassing solution with a very reasonable price point. Cisco and other brands are a little bit more modular — to get everything you'd have to buy a lot of different packages.

An automated guide feature or templates that you could pick and choose would be a nice addition.

It's definitely not as easy to look at traffic as I would like. Sometimes when I'm trying to see what traffic has been blocked or what traffic has been passed, it's not as easy as I would like to filter it out or to monitor bandwidth.

The monitoring is not as good as it could be. It could be a lot easier to understand. For example, I was trying to figure out, in a given timeframe, how much was downloaded off of a certain interface and I didn't really understand how I could get that information or if it was even available. I was searching the documentation online and I couldn't even figure it out. Monitoring and reporting could be better; It's very good, but there's definitely a lot of ways to improve it.

I have been using Fortinet FortiGate for four years.

Fortinet FortiGate is super stable, one hundred percent. Just works 24/7 without any issues like you would expect from an enterprise product.

I know that it's scalable, but I don't actually have any experience regarding scalability. It's probably not as scalable as pfSense because pfSense is based on open hardware platforms. I definitely know that proprietary platforms usually tend to be less scalable because they're more constrained with licensing. The scalability in my opinion would be decent, satisfactory, but I believe pfSense is probably more scalable. I know that there are a lot of big corporations like Google and others that use pfSense. I don't know the details. I'm just giving my educated guess.

I personally prefer pfSense as it's open-source and you only have to pay a minimal fee for support. But for people who want that platform, I think it's a great solution. If I wasn't using pfSense, I would definitely go with FortiGate.

The two products are completely different. If you're using pfSense, you're basically using the entire open-source world — so you're based on FreeBSD, you're using Snorts, everything is open-source. It's very easy to make modifications and to figure out what's going on. You're not dependent on your single company's documentation, there's a huge user base. It's very easy to modify and extend. You can see what's going on — it's very transparent in that sense. It's probably a little bit more manual. With pfSense, You have to put in a little bit more effort to get things done, but, in the end (aside from the huge cost savings), you get all the features that are available in an enterprise firewall for just the price of support, which is also very minimal.

If you need to make any tweaks, you can do it all yourself. If you need to tweak ciphers for SSL for compliance (for PCI, for security compliance) it's not a difficult thing to do; it's a fairly trivial task.

I didn't set it up initially, but I did set up a lot of things from scratch. I think it could be more simple. When you're looking at a proprietary solution, usually it's aimed for end-users and they just want to do point and click. I believe in certain aspects, pfSense was simpler. I think there's maybe just a bit of a learning curve, but I guess you would experience that with any platform.

I think that the pricing is fair.

On a scale from one to ten, I would give Fortinet FortiGate a rating of nine.

Other than the price and the lack of extensibility and transparency (which is inherent in any proprietary platform); if you're going to compare it to pfSense, then I would not give it a nine. I would give it an eight, and I would give pfSense a 10. pfSense has its drawbacks, but not that many, in my opinion. 

Take the time to learn the platform and you won't run into trouble later. That's my advice.

Other than that, it's super solid, super reliable. It does the job.

We have both on-premises as well as virtual firewall servers. We have quite a few FortiGate firewalls as part of our infrastructure. We are using Check Point more from the perimeter perspective. It is only there on the perimeter.

The virtual firewall feature is the most valuable. We have around 1,500 firewalls. We did not buy individual hardware, and the virtual firewalls made sense because we don't have to keep on buying the hardware. 

FortiGate is easier to use as compared to Checkpoint devices. It is user friendly and has a good UI. You don't need much expertise to work on this firewall. You don't need to worry much about DCLA, commands, and things like that.

FortiGate is really good. We have been using it for quite some time. Initially, when we started off, we had around 70 plus devices of FortiGate, but then Check Point and Palo Alto took over the place. From the product perspective, there are no issues, but from the account perspective, we have had issues. 

Fortinet's presence in our company is very less. I don't see any Fortinet account managers talking to us, and their presence has diluted in the last two and a half or three years. We have close to 1,500 firewalls. Out of these, 60% of firewalls are from Palo Alto, and a few firewalls are from Check Point. FortiGate firewalls are very less now. It is not because of the product; it is because of the relationship. I don't think they had a good relationship with us, and there was some kind of disconnect for a very long time. The relationship between their accounts team and my leadership team seems to be the reason for phasing out FortiGate.

I have been using FortiGate for the last four to five years.

It is stable.

I currently have about 36 to 40 devices that are being used. We use a certain number of devices from business to business.

We were not getting proper support from Fortinet. That's the reason we had to phase out FortiGate.

We implemented it on our own. It took around one hour. We have one or two engineers for its deployment and maintenance. 

We installed FortiGate four or five years ago. We are just phasing out FortiGate and not doing new installations of FortiGate. Whichever model is getting end of life, we're just replacing it with a Palo Alto device. We can use it in the future, but I don't see any presence of Fortinet in my company at this time. I see a lot of push from Palo Alto, Check Point, and other vendors, but I don't see Fortinet around at all.

With the current COVID situation, I don't know how FortiGate behaves when working from home, which is an entirely different concept. In other firewalls, we create HIP profiles and similar stuff, but I am not sure how FortiGate works in such an environment.

I would definitely recommend this solution, but I think Fortinet has to first create a presence. That is more important. Nobody says anything bad about the product. The product is still widely being used.

I would rate Fortinet FortiGate an eight out of ten.

Our primary use case for this solution is to manage bandwidth for our customers. This is done by setting the appropriate firewall rules and policies.

This solution made it very easy to manage our bandwidth. It is important because we do not have to buy additional bandwidth from our ISPs. The rules and policies are set such that our users are happy, and we can maintain our current cost of bandwidth.

One of the most valuable features for us is that it is easy to configure. It is also very easy to manage. One of the things we were looking at was a product that is user friendly, and this helps us to generate and analyze the reports we need.

I recently saw the new updates that are coming, such as the ability to quarantine a user's machine. Once done, you have the ability to connect to it from the FortiManager Console and you can bring it back online, out of quarantine. This is all very good news.

One of the areas that I feel need improvement is on the DLP (Data Leak Prevention) side of things. Compared to some other products, the DLP is not at par for the moment.

Also, if in the next few years this solution can be made to support HE between models, it would be better.

I feel that improvements can be made on the security side. Sometimes the product does a good job, but sometimes not.

The scalability is good, although I see that some brands are now coming up with an important advancement. Currently, when you want to do HE (High-end), you have to have the same model or a similar model. Some competing solutions are now able to do HE between mixed models.

I hardly ever use their technical support, but when I do they are pretty good.

Previously we were using SonicWall, and we had no trouble after switching to FortiGate. One of the reasons that we switched is because we needed something that is easy to configure and manage.

One of the problems we had is that we could not get SonicWall to print out a comment. The documentation says that it should be able to, but it was not printing. The currently solution meets this requirement.

The initial setup is straightforward and it is easy to configure.

In terms of pricing, the cost of the product is important because we do not want to pay for something that is too expensive. At the same time, however, pricing is not as important as manageability and support. I would say that all things considered, the pricing is pretty good.

After switching from SonicWall, we did not evaluate options other than the current solution.

We look for a couple of things when selecting a vendor or product. First, we look at the user interface and figure out whether it is easy to manage. We also consider the price because we do not want to overpay. That said, price is not our number one priority; user manageability is. 

We have been using a pretty wide range of products. We have used models such as the Fortinet FortiGate-30E, 51E, 90D, and 200D. They are all pretty good at doing the job that they are configured for. Obviously, the firewall sizing has to be done right, but if the product sizing is done correctly then they will never go wrong.

I have not yet used the cloud access capability, but we do plan on testing it.

After we purchased FortiGate we grew by forty percent, and it was able to continue to perform as it had before.

Overall it is user-friendly, easy to configure, easy to manage, the support is pretty good, they are priced low, and they do the job that you require.

I would rate this solution nine out of ten.