Fortinet FortiGate Reviews

We primarily use the solution just for internal segmentation and connection of some ranges using IPSec.

Currently, the solution is saving costs for us and blocks applications effectively using layer seven.

The solution's most valuable aspect is the IPS for potential mitigation from the cloud inside our network. 

The VPN SSL is important for us. 

The web filter is very good. 

The GUI is okay.

The initial setup is straightforward.

The documentation provided is okay, I find that sometimes, with other startups, it's hard to find a good amount of documentation in order to assist you with the product. In this case, the solution offers a good amount of detail.

The solution offers good analyzing capabilities.

I'm not sure if the solution is really lacking anything major. For us, it works okay.

They seem to have made a lot of improvements since the last release.

Technical support could be better. You don't always get the level of help you need right away.

We've been using the solution for about ten years at this point. As it's been about a decade, I'd say we have quite a bit of experience with it.

For the most part, the memory and the CPU are good. It's generally stable. We don't face any issues with this aspect of the solution.

The scalability is fine. If a company needs to expand it, they should be able to do so without any issues.

We only have about 40 users on the product currently. It's not a big company.

For now, the product is good as it is and we don't have plans to increase usage in the future.

By and large, technical support is good. It's okay. It's not bad. It could be better, however, they do answer our questions when we have them. We're mostly satisfied with the level of service they provide. Of course, it could always be a bit better.

Sometimes the first contact is useful, and sometimes you don't get the kind of help you need right away. It would be nice if it was more consistent.

We also use Sophos. We use both solutions at the same time.

We didn't face any complexity when handling the initial implementation. The process is quite straightforward.

The implementation itself can sometimes take less than a week. On average, you should expect it to be about a week in total.

I didn't need the assistance of a reseller or integrator. I handled the implementation myself.

We're charged a licensing fee on a yearly basis. I'm unsure of the exact cost to the company, however. I'm not sure if there are other costs over and above the standard licensing fee.

We also looked at Juniper when we evaluated FortiGate. FortiGate is much easier to use in comparison which is why we chose it. The documentation was also better. That, and there was no integration for SSL in Juniper.

We're just a customer. We don't have a business relationship with the company.

Overall, I would recommend the product. It comes with a very good set of features.

I would rate the solution ten out of ten. We've been quite happy with it.

We have some that are doing IPS, and we have some that are for AV. That's basically their main role. We are using one version below the current release.

I only deal with it from a security analyst's point of view. I don't really get into the features of the actual FortiGate. From the security point of view, it works, and it does its job. 

If I had any criticism that I would give FortiGate, it would be that they need to stop changing their logging format. Every time we do a firmware upgrade, it is a massive issue on the SIM. Parsers have to be rebuilt. Even the FortiGate guys came in and said that they don't play well in the sandbox.

I have been using this solution for probably 20 years.

They are pretty stable. We never had any real issues with them.

Their scalability is pretty good. We have upgraded and changed them, and we have been running them for 20 years. They run for a long time. We are not replacing them every couple of years, and we have scaled up a lot. We have over 10,000 users behind it. We have three people for maintenance and deployment. 

I never had to deal with technical support directly, but I've never heard the guys complain about it.

I never set them up.

We are using FortiGate, but we are switching to Palo Alto. We are just moving over to the new next-gen and do an extra layer or higher layer filtering. Being a government organization, it was RFP, and basically, Palo Alto won the RFP. I wasn't part of the RFP review, so I can't tell which features pushed Palo Alto over the edge or not. For all I know, it could just be price.

I would rate Fortinet FortiGate an eight out of ten. I would also rate Palo Alto the same.

We primarily use the solution as a firewall.

We use the firewall to enforce our company ideologies and principles and policies. The solution has built-in features for web filtering that are great. It categorizes it nicely for you. 

The interface itself is nice to work with. It's a lot better than the initial interface that they used to have around version four. I used to work for FortiGate some time back, and the earlier interfaces were not as good as these latest ones. 

I like that once you open it up, you have a dashboard that can give you a holistic overview of what is happening. You can see, for example, how your resources are doing on your firewall or if you still have disc space for logs and so forth.

The solution gives you an immediate view of what's happening on the hardware itself. What we have done with FortiGate is we have put up a FortiAnalyzer, a FortiGate reporting hardware. We are using it in conjunction with FortiGate. 

The solution offers good reporting. We get our reports from there. We have the opportunity to get real-time reports. 

There are great templates, so you don't have to customize them if you don't want to. You do have the option to custom create some folders and some reports, however, with what is there, you don't really need to go through extra effort, as they already give you a lot of predefined views of reports and so forth.

We have access to quite a few features. The web filter and application control are primarily what we are using. Then we also have a VPN feature, which allows for our remote users to connect and get through the firewall. 

The commercial side of things can be improved a bit. They have such a good product, and when you disable some features, it has to be commercialized for you to enjoy those features. Therefore, you are actually buying half a product. You have hardware there, and yet, your features are not enabled. The primary things, such as the antivirus, web filter, DNS filter, application intrusion, file filter, and email filter come with the general license. There are other things that you want to also enjoy in this system and you can't. 

There are SD-WAN network monitoring, SD-WAN features, Industrial Databases, Internet of Things, Detection, etc., however, we do have not licenses for those features. We thought that if you bought a product, you should have all of the features it offers. Why should you need to make so many extra purchases to enable features? They should have one price for the entire offering. That's one of the drawbacks they could look at. 

Sometimes the firmware automatically updates itself. Then it corrupts the configuration and you have to roll back or you have to do amendments to the configurations. That, however, has happened only once with us. We have put in controls for automatic updates to stop them and now we do manual allowance or we allow the manual update.

Most of the features are good. They give you pricing and you get a VPN for about 10 users where you can test it. For us, we feel that we need to buy extra licenses due to COVID, as people are working from home. Under the current conditions, we are not getting the best out of the firewall. 

They could just maybe put better graphics or better reporting into the solution. I want to know who is the user and what is the exact website they're visiting. Something like that would help. They should do more like what the GFI is doing.

We've been using the solution for a bit over a year now.

6.4.2 is our current version. The latest is 6.4.3. It's available like I say, however, we have not installed it. We'll wait until around December, then we will then install that one. We like to wait to witness its stability. Once we know it is bug-free, then we allow it to run as the latest platform.

We have a cluster and we have configured it with high availability. What we have done is we have put one primary and one secondary in case it breaks or it gets damaged. We have a third one at our DR site as well, which works in conjunction with Plateau. We have employed the same rules and some stricter rules on the DR site, just to allow traffic between these machines.

We allow certain times for updates on the infrastructure we have at the DR. We are planning some more, however, we don't enjoy all the features yet. We want to bring in an SD-WAN. Maybe that can also help us with scaling our network at different angles and from the cloud or being from an LD device or so forth. We're still working on that.

We have a partner that we work with. We have support at another level and I'm the primary person that looks after the firewall. If I have an issue that is urgent and I don't have the time to do the knowledge base to actually turn it around, we usually engage our partner, which has engineers that have the knowledge necessary to deal with it and who are certified in FortiGate. 

We have what is called FortiCare. We have FortiCare support as well for firmware and general updates and all those other things. I normally do updates and so forth myself. It's very little intervention from outside technical support.

Having background knowledge, the initial implementation was not really complex for me. You just need to know your environment and what is needed as well as what is allowed. 

The business input was the only item outstanding as there were issues such as who needs to have social media access at what time and who needs to have full access. Those were business decisions, however, but from the technical side, it was fairly easy.

They have almost all the features embedded in the solution. It's just that some features are not available because you have to pay for it. There are lots of add-ons available, and you need to pay extra for them, so pricing can add up.

We are strictly a government entity. We are a customer.

The model that we are using is the 500E, which is for small and medium enterprises. We are not a big institution. We do not have the latest version. We like to wait about three months before we apply anything new to make sure the early releases aren't flawed. After three months, after we've got a good review, then we will say, "Okay, let's upgrade to that version."

Even though we feel that sometimes they create a new version to take care of a vulnerability or threat, we like to be safe and avoid bugs. The version that we are fitting currently is 6.4.2, which is fairly stable.

Apart from the fact that they should just include everything in their offering, everything else works fine for me. There's a whole lot of Fortinet products that work together, FortiSwitches, FortiAP's, etc. Overall, I would give it eight of ten. 

We primarily use this solution as a firewall.

It's our main firewall, but we're planning to replace it with a pfSense for reasons I will discuss.

It's super reliable. I don't think I've ever had a reliability issue with it. Within the four years that I've been using it, maybe two or three times, resetting the firewall was what solved the problem. It's been super, super solid. I never have to think twice. If I ever experience a problem, the firewall is the last thing I think about. I never need to check it because it's never the problem. It's just super solid. It's also pretty robust. I know that there are more robust solutions out there, but not by a lot.

In the enterprise proprietary world, Fortinet, in my experience, considering its cost and reliability (maybe they could bring the price down or maybe they could make more plans), I honestly don't think that there is much room for improvement. I think it's a pretty good solution for anyone who is looking for a proprietary solution. I wouldn't look anywhere else.

Cisco, for example, is probably way overpriced. Fortinet on the other hand, one of their strong sides is that they have an all-encompassing solution with a very reasonable price point. Cisco and other brands are a little bit more modular — to get everything you'd have to buy a lot of different packages.

An automated guide feature or templates that you could pick and choose would be a nice addition.

It's definitely not as easy to look at traffic as I would like. Sometimes when I'm trying to see what traffic has been blocked or what traffic has been passed, it's not as easy as I would like to filter it out or to monitor bandwidth.

The monitoring is not as good as it could be. It could be a lot easier to understand. For example, I was trying to figure out, in a given timeframe, how much was downloaded off of a certain interface and I didn't really understand how I could get that information or if it was even available. I was searching the documentation online and I couldn't even figure it out. Monitoring and reporting could be better; It's very good, but there's definitely a lot of ways to improve it.

I have been using Fortinet FortiGate for four years.

Fortinet FortiGate is super stable, one hundred percent. Just works 24/7 without any issues like you would expect from an enterprise product.

I know that it's scalable, but I don't actually have any experience regarding scalability. It's probably not as scalable as pfSense because pfSense is based on open hardware platforms. I definitely know that proprietary platforms usually tend to be less scalable because they're more constrained with licensing. The scalability in my opinion would be decent, satisfactory, but I believe pfSense is probably more scalable. I know that there are a lot of big corporations like Google and others that use pfSense. I don't know the details. I'm just giving my educated guess.

I personally prefer pfSense as it's open-source and you only have to pay a minimal fee for support. But for people who want that platform, I think it's a great solution. If I wasn't using pfSense, I would definitely go with FortiGate.

The two products are completely different. If you're using pfSense, you're basically using the entire open-source world — so you're based on FreeBSD, you're using Snorts, everything is open-source. It's very easy to make modifications and to figure out what's going on. You're not dependent on your single company's documentation, there's a huge user base. It's very easy to modify and extend. You can see what's going on — it's very transparent in that sense. It's probably a little bit more manual. With pfSense, You have to put in a little bit more effort to get things done, but, in the end (aside from the huge cost savings), you get all the features that are available in an enterprise firewall for just the price of support, which is also very minimal.

If you need to make any tweaks, you can do it all yourself. If you need to tweak ciphers for SSL for compliance (for PCI, for security compliance) it's not a difficult thing to do; it's a fairly trivial task.

I didn't set it up initially, but I did set up a lot of things from scratch. I think it could be more simple. When you're looking at a proprietary solution, usually it's aimed for end-users and they just want to do point and click. I believe in certain aspects, pfSense was simpler. I think there's maybe just a bit of a learning curve, but I guess you would experience that with any platform.

I think that the pricing is fair.

On a scale from one to ten, I would give Fortinet FortiGate a rating of nine.

Other than the price and the lack of extensibility and transparency (which is inherent in any proprietary platform); if you're going to compare it to pfSense, then I would not give it a nine. I would give it an eight, and I would give pfSense a 10. pfSense has its drawbacks, but not that many, in my opinion. 

Take the time to learn the platform and you won't run into trouble later. That's my advice.

Other than that, it's super solid, super reliable. It does the job.

We have both on-premises as well as virtual firewall servers. We have quite a few FortiGate firewalls as part of our infrastructure. We are using Check Point more from the perimeter perspective. It is only there on the perimeter.

The virtual firewall feature is the most valuable. We have around 1,500 firewalls. We did not buy individual hardware, and the virtual firewalls made sense because we don't have to keep on buying the hardware. 

FortiGate is easier to use as compared to Checkpoint devices. It is user friendly and has a good UI. You don't need much expertise to work on this firewall. You don't need to worry much about DCLA, commands, and things like that.

FortiGate is really good. We have been using it for quite some time. Initially, when we started off, we had around 70 plus devices of FortiGate, but then Check Point and Palo Alto took over the place. From the product perspective, there are no issues, but from the account perspective, we have had issues. 

Fortinet's presence in our company is very less. I don't see any Fortinet account managers talking to us, and their presence has diluted in the last two and a half or three years. We have close to 1,500 firewalls. Out of these, 60% of firewalls are from Palo Alto, and a few firewalls are from Check Point. FortiGate firewalls are very less now. It is not because of the product; it is because of the relationship. I don't think they had a good relationship with us, and there was some kind of disconnect for a very long time. The relationship between their accounts team and my leadership team seems to be the reason for phasing out FortiGate.

I have been using FortiGate for the last four to five years.

It is stable.

I currently have about 36 to 40 devices that are being used. We use a certain number of devices from business to business.

We were not getting proper support from Fortinet. That's the reason we had to phase out FortiGate.

We implemented it on our own. It took around one hour. We have one or two engineers for its deployment and maintenance. 

We installed FortiGate four or five years ago. We are just phasing out FortiGate and not doing new installations of FortiGate. Whichever model is getting end of life, we're just replacing it with a Palo Alto device. We can use it in the future, but I don't see any presence of Fortinet in my company at this time. I see a lot of push from Palo Alto, Check Point, and other vendors, but I don't see Fortinet around at all.

With the current COVID situation, I don't know how FortiGate behaves when working from home, which is an entirely different concept. In other firewalls, we create HIP profiles and similar stuff, but I am not sure how FortiGate works in such an environment.

I would definitely recommend this solution, but I think Fortinet has to first create a presence. That is more important. Nobody says anything bad about the product. The product is still widely being used.

I would rate Fortinet FortiGate an eight out of ten.

Our primary use case for this solution is to manage bandwidth for our customers. This is done by setting the appropriate firewall rules and policies.

This solution made it very easy to manage our bandwidth. It is important because we do not have to buy additional bandwidth from our ISPs. The rules and policies are set such that our users are happy, and we can maintain our current cost of bandwidth.

One of the most valuable features for us is that it is easy to configure. It is also very easy to manage. One of the things we were looking at was a product that is user friendly, and this helps us to generate and analyze the reports we need.

I recently saw the new updates that are coming, such as the ability to quarantine a user's machine. Once done, you have the ability to connect to it from the FortiManager Console and you can bring it back online, out of quarantine. This is all very good news.

One of the areas that I feel need improvement is on the DLP (Data Leak Prevention) side of things. Compared to some other products, the DLP is not at par for the moment.

Also, if in the next few years this solution can be made to support HE between models, it would be better.

I feel that improvements can be made on the security side. Sometimes the product does a good job, but sometimes not.

The scalability is good, although I see that some brands are now coming up with an important advancement. Currently, when you want to do HE (High-end), you have to have the same model or a similar model. Some competing solutions are now able to do HE between mixed models.

I hardly ever use their technical support, but when I do they are pretty good.

Previously we were using SonicWall, and we had no trouble after switching to FortiGate. One of the reasons that we switched is because we needed something that is easy to configure and manage.

One of the problems we had is that we could not get SonicWall to print out a comment. The documentation says that it should be able to, but it was not printing. The currently solution meets this requirement.

The initial setup is straightforward and it is easy to configure.

In terms of pricing, the cost of the product is important because we do not want to pay for something that is too expensive. At the same time, however, pricing is not as important as manageability and support. I would say that all things considered, the pricing is pretty good.

After switching from SonicWall, we did not evaluate options other than the current solution.

We look for a couple of things when selecting a vendor or product. First, we look at the user interface and figure out whether it is easy to manage. We also consider the price because we do not want to overpay. That said, price is not our number one priority; user manageability is. 

We have been using a pretty wide range of products. We have used models such as the Fortinet FortiGate-30E, 51E, 90D, and 200D. They are all pretty good at doing the job that they are configured for. Obviously, the firewall sizing has to be done right, but if the product sizing is done correctly then they will never go wrong.

I have not yet used the cloud access capability, but we do plan on testing it.

After we purchased FortiGate we grew by forty percent, and it was able to continue to perform as it had before.

Overall it is user-friendly, easy to configure, easy to manage, the support is pretty good, they are priced low, and they do the job that you require.

I would rate this solution nine out of ten.

• Complete and cost-effective next-generation firewall features with app identification, and IPS and URL filtering with SSL inspection.

• Better manageability
• Straightforward deployments
• Streamlined and reliable upgrades

Customers have more time to focus on security because maintaining the firewalls is completely hassle-free.

Grouping/tabbing (not only by interface) in the policy table of the web GUI would be a great addition.

I have used it for two years.

We have not encountered any deployment issues.

We have not encountered any stability issues. Stability has dramatically improved over the previous main version branch of FortiOS; 5.2.x and 5.4.x are stable enough for critical environments.

We have not encountered any scalability issues; proven that you properly sized the FortiGate model that fits your environment.

Customer service is sufficient.

The tech support is not excellent; this is where Fortinet saves money compared to others... But plenty of free, clear and public documentation is available and this compensates for the most part the tech support shortcomings.

We previously used Cisco ASA. We switched because the old ASA has no next-generation features.

IMHO It is the most straightforward enterprise-level next generation firewall.

All implementations were done in-house.

ROI is very high, it has hands-down the best price/performance/features ratio in the market...

The licensing model is straightforward, easy to understand and purchase; prices are fairly low compared to other vendors.

Before choosing this product, we also evaluated Check Point and Palo Alto Networks.

In version 5.4, they added a WAF feature that is absolutely unique for this kind of product; no other NGFW product can also be a WAF and this is a great added value...

Fortigate's threat intelligence service has improved how our organization functions.

Fortigate's most valuable feature is that it doesn't need a push policy when writing rules.

Fortigate's hardware capacities could be improved. In the next release, Fortigate should include SSL decryption.

I've been using FortiGate for almost seven years.

Fortigate's stability is good.

The initial setup was easy and took around half a day.

Fortigate's pricing is competitive.

I would give Fortigate a rating of eight out of ten.