Fortinet FortiGate Reviews

We utilize Fortinet FortiGate appliances at six branch offices, one data center, and one DLP site. Our network is driven by SD-WAN, and we employ FortiGate as our firewall, FortiEDR for endpoint protection, and FortiSwitch for alerting on all layers of the network.

For me, the best practice is to deploy on-premises for data centers. However, for small branch offices with over ten to twenty staff members, I can deploy the devices remotely. We can provision our cloud and push the configuration to those devices from the cloud.

The visibility that FortiGate provides into our devices is crucial for network segmentation. I want to see the output in a specific way. The traditional approach has shifted slightly, as I'm accustomed to Cisco networking equipment. Typically, we have a call feature, but I'm currently using all the call features for internal routing. However, with FortiGate, most security subnets are segmented and protected behind the firewall. This allows me to lock down or secure sensitive subnets, such as HR or departmental information. I can log in from there, and all other subnets for client users require centralized access. This means that all traffic must go through the firewall, enhancing security.

FortiGate enabled us to achieve compliance with governance requirements. The FortiGate, along with fabric security and checkpoints, essentially act as regulatory checkers, reviewing our security practices against industry best practices and guidelines. If they identify any discrepancies, they alert us, allowing us to develop and implement mitigation plans to address the issues. For instance, if our SSH configurations don't meet security standards, such as algorithm or cipher requirements, FortiGate will notify us, enabling us to take corrective action and regain compliance.

We utilize API calls for FortiGate, including those related to our PRTG monitoring system. Additionally, we employ HVAC calls and leverage another MDR solution from Arctic Wolf to trigger specific events on the FortGate. This API functionality enables us to generate API keys and seamlessly integrate with API features across various platforms.

Integrating FortiGate into our environment is straightforward. Our transition from Palo Alto to FortiGate was seamless, utilizing our existing policies and migration tools. FortiGate also provides provisioning capabilities for defining branch office configurations. As long as branch office devices can access the internet to communicate with Fortinet Cloud, we can remotely implement provisioning for these devices, offering greater convenience for small branch offices.

The built-in APIs streamline integrations with other vendors, reducing deployment time. They effortlessly generate API keys upon logging into the Fortinet network, facilitating the deployment of our PRTT monitor tools. These tools seamlessly integrate with each other, fostering rapid deployment. Most platforms, including Cisco Meraki, Palo Alto, and Check Point, now adhere to industry standards and support API calls.

FortiGate has been instrumental in mitigating the risk of cyberattacks that could potentially disrupt our production operations. I am particularly impressed with Fortinet's cloud-based FortiGuard service, which continuously updates our systems with the latest zero-day attack protection, significantly reducing the threat landscape within our industry. Given the energy industry's heightened vulnerability to cyberattacks, we have implemented measures to restrict access to our network based on geolocation IP addresses. This includes restricting access from countries such as Russia and China, further safeguarding our environment from potential threats. Additionally, FortiGuard's regularly updated list of malicious websites provides an invaluable layer of protection for our industry.

In the event of a production-disrupting attack, we can utilize FortiManager to remotely isolate and mitigate the threat by shutting down specific subnets or networks. We can easily navigate through the unpacked data, and upon detecting a suspicious event, we can initiate automation or SOAR processes to notify the Cloud Service Provider team with whom we have been collaborating. Additionally, we can establish traffic alerts. For instance, since not all users access the AD server simultaneously each month, if we observe such suspicious behavior, we can remotely shut down that network, thereby minimizing our risk exposure.

FortiGate provides us with actionable insights to guide our decision-making regarding the appropriate actions to take. We generate 20 gigabytes of log data daily, which we utilize to establish a baseline for network traffic on our servers and compare it to our generated report. This approach allows us to set a threshold for the read volume of 20 gigabytes of FortiGate data attempting to reach a server from an external source. If this threshold is exceeded, an alert is triggered, prompting us to take corrective action. The centralized monitoring of our environment provides significant value.

Security is not a single, isolated element. It encompasses the entire network infrastructure, including firewalls, routers, switches, endpoints, and even mobile devices. The Fortinet Security Fabric seamlessly integrates these components to provide comprehensive protection. It generates detailed logs, including those from access points linked to FortiSwitch. The FortiSwitch, fully integrated with the FortiGate Fabric, relays security alerts to the FortiViewer in the SOC. This centralized view provides complete visibility into the network, including SSIDs, wireless networks, subnets, and devices protected by FortiClient. The Fortinet Security Fabric tracks individual devices connected to the network, including compromised laptops. FortiClient triggers alerts and sends them to FortiCloud, which also receives logs from the EMS server and the firewall. These logs are consolidated in the FortiAnalyzer and forwarded to the cloud-based log server for analysis. This comprehensive approach to security ensures that all potential threats are identified and addressed promptly.

FortiGate has contributed to a reduction in our operational expenses. Prior to adopting Fortinet, we utilized Palo Alto for firewalls and Cisco for call switches. However, as we began using Fortinet, we gradually transitioned to their products. Currently, we employ FortiGate for our firewall, FortiSuite, and FortiAP Access Points, phasing them in one at a time. This approach has effectively minimized downtime and lightened our workload by enabling centralized management through a single pane of glass.

FortiGate has significantly reduced our time to remediation. We can now check logs from servers, firewalls, switches, access points, clouds, and even devices from different brands, all from a single centralized location. This has greatly reduced the time required for threat hunting and security event investigation.

Fortinet has been instrumental in enhancing our cybersecurity approach to safeguard our industrial machinery. We rely on some heavy equipment that is critical to our industry's operations. To protect this equipment, we have isolated it on a single subnet and implemented strict access controls, allowing only authorized users and MAC addresses to access the network. This ensures that only internal staff can operate the equipment unless authorized maintenance personnel are present. The high level of security we have implemented is essential because our industry's operations are closely tied to the core applications of our industry. We are committed to safeguarding our equipment and preventing any potential risks.

I appreciate FortiGate's flexibility, which allows for centralized management through FortiManager. Additionally, its integration with FortiAnalyzer, which can be deployed in the cloud, enables centralized monitoring of all firewall logs.

Fortinet needs to overhaul its documentation. Our current reliance on outdated documentation has resulted in significant time wastage. While we can locate the necessary documentation, the constant daily revisions necessitate meticulous identification of the relevant documents to prevent the use of outdated information that could jeopardize our environment. At the very least, Fortinet should classify its documentation to clearly indicate the applicable version, as our attempts to do so manually are becoming increasingly tedious.

I have been using Fortinet FortiGate for over three years.

Fortinet FortiGate is stable. I have not encountered any performance issues.

Fortinet FortiGate is scalable. 

The speed of Fortinet's technical support is significantly faster compared to Palo Alto. I recall an instance where I experienced an issue with Palo Alto, and it took an hour to connect with a real technician from Palo Alto. However, when I call Fortinet, it takes a maximum of two minutes to get a knowledgeable individual to address my concerns. Considering the stark contrast in service levels, imagine having a network issue with Palo Alto and having to wait an hour for support. Conversely, with Fortinet, we can receive proper assistance within two minutes. The difference is immense. This is the one aspect I find lacking in Palo Alto.

The reason I don't give Fortinet's support a perfect score is that I've worked in this field for many years and have come to expect a certain level of expertise. Even when we call Palo Alto, Cisco, Check Point, or any other support service, our experience can vary depending on who we get on the phone. If we're lucky, we'll get a highly experienced expert who can quickly resolve our issue. However, we may also get someone who is new to the team or to their role, and they may take a long time to understand our problem. While Fortinet's support is generally excellent, I have had a couple of experiences where I felt like the person on the other end was inexperienced and asked me irrelevant questions. Despite these occasional issues, I am still very satisfied with Fortinet's support overall, but I wouldn't give it a perfect score.

Positive

We previously used Palo Alto for five years and switched to Fortinet FortiGate. Palo Alto is expensive.

The initial deployment is simple. We need to determine which interface is the WAN interface and which is the internal interface.

With Fortinet, we should prioritize a centralized approach to ensure synchronization and consistency across the network. This centralized management strategy will streamline the implementation of SD-WAN, as it allows for the deployment of standardized templates and traffic configurations. Centralized management also simplifies future modifications, as minor changes can be pushed down without requiring complete redesigns. Conversely, deploying SD-WAN without prior centralized management can lead to complexities and potential disruptions. For instance, if WAN interfaces are configured independently of SD-WAN, integrating SD-WAN later will necessitate removing and reconfiguring existing data, policies, firewall policies, and rules. This process can be time-consuming and error-prone.

For medium and enterprise organizations, FortiGate is more affordable. We can choose from a variety of bundles to find the right license for our needs. The software is reliable and easy to install, and it will run smoothly on our systems. FortiGate is priced lower than Palo Alto.

I would rate Fortinet FortiGate nine out of ten.

I compared SD-WAN solutions offered by companies like Cisco Meraki, and Palo Alto. I'm impressed with SD-WAN solutions in general, but I recommend considering purchasing Fortinet's SD-WAN solution, as it could lead to significant cost savings. However, proper planning and design are crucial before deployment to avoid incurring additional expenses due to rework. That's my suggestion.

We use Fortinet FortiGate as our security and routing solution.

We implemented Fortinet FortiGate to enhance our security posture by blocking and restricting access to certain websites and securing our VPN traffic. 

Fortinet FortiGate offers enhanced visibility and segmentation for our industrial devices, a crucial process when some machines utilize systems demanding high-level security.

We have implemented Fortinet Security Fabric on our VM infrastructure, and it has provided great service in helping us meet regulations, governance, and compliance requirements. This is important to us because Fortinet Security Fabric connects to our sandbox, allowing us to scan shares across all clusters and enabling FortiGate to resolve any online issues.

Fortinet FortiGate has enhanced our organization's security by enabling secure VPN access and restricting access to social media sites, thus ensuring that employees can focus on their work. We saw the benefits of FortiGate within weeks of the deployment.

FortiGate helps reduce the risk of cyberattacks that could disrupt our production by isolating the affected traffic and creating a log for us.

It also helps to centralize the management of our network and security operations.

The centralized management allows us to access all of our firewalls and policies using a single interface.

Fortinet provides actionable data to help us make informed decisions about the actions to take. For example, if one of our firewalls goes down, the solution helps us rectify the issue by providing details on the problem and how to address it.

By consolidating the numerous individually connected batches, FortiGate helped us reduce operational expenses associated with the extra costs they incurred.

Fortinet FortiGate has helped us mature our approach to cybersecurity for protecting our industrial equipment. Their knowledge and daily webinars on email security and virus prevention have empowered us to stop attacks and maximize our efficiency.

The most valuable features are SD-WAN, application control, IPS control, and FortiSandbox. These features help reduce our downtime, manage the ISPs, and deploy SLAs for all the website traffic.

The graphical user interface of Fortinet's FortiGate product does not function well with text-based interfaces. This functionality should be improved.

I have been using Fortinet FortiGate for seven years.

I would rate the stability of Fortinet FortiGate a ten out of ten.

While Fortinet FortiGate firewalls are scalable, upgrading to a new version or adding hardware requires purchasing a new license to migrate the old backup to the new firewall. 

While the technical support team is knowledgeable, their response time to support tickets is concerning. It typically takes them 48-72 hours to respond, which significantly disrupts my work.

Neutral

While we previously used the open-source PSS firewall, it lacked the layered security architecture offered by Fortinet FortiGate.

We migrated to Fortinet FortiGate for its superior control, in-depth scanning, and ability to minimize cybersecurity risks, features not offered by other firewall solutions.

The initial deployment is easy. The solution can be installed by following the on-screen prompts, and the policies can be implemented through the interface dashboard.

Deploying the system takes one full business day. We begin by gathering user requirements from each department, as they have varying policies. The policies are implemented department-first, followed by branches. Finally, VPNs are generated for remote users. Two people are required for the deployment.

The implementation was completed in-house.

Since implementing Fortinet FortiGate, we have observed an increase in user productivity, which translates to a positive return on investment.

While Fortinet FortiGate has a higher price point compared to Sophos XG, its user-friendly interface justifies the cost. Additionally, its fixed pricing structure eliminates concerns about surprise fees.

After evaluating Sophos XG and finding its interface overly complex for our needs, we opted for the user-friendly interface of Fortinet FortiGate.

I would rate Fortinet FortiGate an eight out of ten.

We have one person that deals with maintaining Fortinet FortiGate.

We have 1,100 users in multiple cities and departments using FortiGate.

The Fortinet FortiGate 60F is a good choice for organizations to begin evaluating firewalls.

Our organization utilizes Fortinet FortiGate for SD-WAN. All business units within our organization connect to the SD-WAN, which is constructed using Fortinet devices.

The primary reason we implemented Fortinet FortiGate was to enhance connectivity. Our previous reliance on MPLS resulted in low bandwidth and high costs. By transitioning to SD-WAN devices and leveraging common ISP connections, we have achieved two significant goals: substantial cost savings and increased flexibility in configuring device communications across our various plants.

FortiGate offers us the capability to provide visibility into and segmentation of our industrial devices. We are currently implementing this for the LAN, and we are migrating firewalls to Fortinet FortiGate devices. In this process, we are separating the operational network from the IT network.

Knowing that some of Fortinet's devices can be used in harsh environments that's nice to have. But that's something that is not needed right now just because we are only using them in very few places. These devices are specifically used to prevent intrusions in harsh environments. 

These devices help to control network traffic with OT-specific protocols. The LAN firewalls we have implemented are purchased with the functionality of network-specific modules to enable the management of network traffic with OT-specific protocols.

The approved offerings help us achieve our budgetary goals. We are adapting the budget to align with the devices provided by Fortinet. We are doing this because we can utilize Fortinet. Therefore, all of our budgets should take this into account as well.

The decision to utilize Fortinet stems from its ability to integrate with our preferred vendors. We have plans to implement both ClearPass and Nozomi as part of our OT cybersecurity strategy, both of which offer API-based interfaces for connecting to FortiGate devices. This interoperability is crucial for our organization.

The combination of FortiGate and FortiManager provides a comprehensive overview of all the firewalls we manage. It is very convenient to have everything centralized in one place.

FortiGate has helped reduce the risk of cyberattacks that could disrupt our production, which is one of our primary goals.

We were not affected by any cybersecurity attacks that would have impacted our production operations. However, we have a comprehensive plan in place to address such incidents. FortiManager enables us to block essential protocols and implement security measures across all business units if we detect a security breach in one area. This centralized approach ensures that the security measures we implement are consistently applied throughout the organization.

FortiGate has aided in centralizing the management of our network and security operations. The impact of this on the operational efficiency of our industrial network depends on how we organize it. Centralized management has significantly simplified management tasks. However, we require a dedicated team capable of addressing the diverse needs of different plants and business units, implementing necessary changes, and resolving any issues that arise. A single point of contact facilitates this process. In this regard, we have not only improved operational efficiency but also consolidated our management structure, reducing the need for multiple teams scattered across different countries.

FortiGate provides us with actionable data that helps us make informed decisions about the appropriate actions to take. Additionally, we utilize FortiAnalyzer to analyze the type of traffic we are experiencing, potential issues, and other relevant information. Furthermore, we monitor CPU memory, bandwidth, and other metrics associated with various IP connections using Fortinet devices. This monitoring is conducted across multiple firewalls. By employing these tools, we can ensure that any changes we make are the correct ones and are made for the right reasons.

The implementation of Fortinet's Security Fabric has significantly enhanced the security of our industrial control system. Previous solutions were unable to effectively manage the diverse protocols employed in this environment, resulting in operational and technological limitations. However, with the introduction of the new security fabric, we are now able to address these challenges and achieve a more robust security posture.

The Fortinet Security Fabric helps us reduce our mean time to remediation. With all its tools and centralized management, it's much easier to identify and resolve issues, leading to improved overall security posture.

Fortinet helped mature our approach to cybersecurity for protecting our industrial equipment.

The flexibility and ease of configuration are the most valuable features.

Overall, we are satisfied with the product. However, we encounter occasional capacity issues. The FortiAnalyzer, being a hardware appliance, has limited expansion capabilities. As our organization has grown, we've outpaced the FortiAnalyzer's performance. The inability to scale the FortiAnalyzer to match our growth necessitates the purchase of new hardware. This is an area that could be improved. If we anticipate reaching the size of six countries within the next five years, investing in a solution that can accommodate such growth would be more cost-effective than repeatedly purchasing new hardware. The ability to scale the FortiAnalyzer in tandem with our growth would be a significant improvement.

I have been using Fortinet FortiGate for over three years.

FortiGate is now stable. We experienced some difficulties in the beginning, possibly due to some bugs we encountered. However, for approximately the past six months, we have been closely monitoring various ratings for FortiOS versions. As a result, we are currently running only on mature versions. Since then, we have observed that the device is significantly more stable than before.

The scalability for the FortiManger and the devices themselves is a nine out of ten but for the FortiAnalyzer it is a six out of ten.

On the few occasions that we have needed to use technical support, we have found them to be responsive.

Positive

We used different solutions such as Cisco, Watchguard and Sophos in different countries, and one of the reasons we switched to FortiGate was to standardize what we used in all the countries.

The FortiManager is one of the biggest advantages they have. From a single management point, we can manage all the devices connected to the support manager. This is something I haven't seen before. So, in that sense, I would say that the most important difference between FortiGate and other vendors is the FortiManager.

Due to the extensive network, the deployment spanned several months; however, on a site-by-site basis, each deployment was completed within a few hours. We had a minimum of two people per country involved in the deployment with 1-2 people from Central IT.

It was a mixed team vendor - in-house. The vendor expertise was really good and I would rate it on a 9 out of 10.

FortiGate's pricing falls within the mid-range when compared to other leading firewall solutions. While it's more expensive than Sophos, it's more affordable than Palo Alto.

I would rate Fortinet FortiGate eight out of ten.

We have FortiGate deployed across multiple locations with 120 firewalls.

I suggest testing FortiGate. For organizations looking for an affordable solution, with good management and initial management, Fortinet FortiGate is the right choice.

I primarily administrate the solution as a firewall. It's a perimeter solution. We filter content in order to ensure protection. We use it to publish services on-premises.

The GUI is good.

It's a basic firewall and it's a simple configuration. It can be ported very easily to our unit.

All of the licenses are included. We don't need to buy more licenses per pack of users. It is cost-effective. 

We'd like to see what they will do when AI attacks are generated. They will need to ensure their prevention continues to be exceptional. 

The solution isn't missing any features. Maybe they could make some features more accessible, such as a way to translate directions between two networks that share the same subnets.

I've been using the solution for ten years. 

The solution is very stable. It is a robust unit.

It's scalable. You can grow as you need. If you need more, you can use a model to upgrade to the next model. 

We don't have users per se; I provide the service to clients. 

I very rarely contact technical support. If I need to scale, they have very knowledgeable sources and solid workbooks. The resources they offer ensure I always have a solution. 

I've worked with SonicWall and Cisco. Fortinet offers a good license model. It's also very clean in terms of configuration. It offers high performance. It is a bit more expensive compared to SonicWall, however, if you take everything into consideration, the pricing is quite reasonable. 

We have a FortiGate appliance. We are using the 2000F version of FortiGate and running the license for FortiOS. 

First, we design our network, then we update policies. 

Fortinet makes the process very easy. I try to make it more efficient by replicating policies using the GUI. 

How long it takes to deploy depends on the complexity. I have 20 or so subnets and some services and I can manage the deployment in two to three hours. 

It is not difficult to maintain the solution. 

I'm able to handle the deployment myself. 

The licensing model is very good. It's less expensive than Check Point. 

I'm an independent consultant. 

Users have to understand the size of the network. That would dictate the model you need. You also need a qualified technician to configure the unit. 

I'd rate the solution nine out of ten. It's very easy to use.

Fortinet FortiGate needs to improve the logging and reporting. Additionally, the next-generation application's policies should be improved. When they were released they had bugs.

I have been using Fortinet FortiGate for approximately 12 years.

Whenever we install a new release of an OS we should expect lots of bugs on the system that could break the system. Something that is working fine in the previous system, if we upgrade it, it could break it. Fortinet should work a lot on this to remediate it before releasing any OS. This includes any update and upgrade of FortiOS because I have seen issues when I upgraded, such as the memory and CPU jumping to 100 percent, and some or all functions were not operational. These bugs should be fixed in the firmware.

If there is a need for some upgrade or update on an existing system then I will plan ahead, but if it is not stable I will not do it. We have new releases being tested now and once they are rated stable I will upgrade.

I have found the support from Fortinet FortiGate very poor. I do not use them anymore because they are not very good. This is based on the support I have received from South Africa and India. However, the support from France I have heard was excellent. I only open support tickets for bugs.

I would rate the support from Fortinet FortiGate a two out of five.

I have previously used SonicWall, Sophos, Juniper, and Cisco Meraki.

The initial setup of Fortinet FortiGate was straightforward.

The time it takes to implement a firewall a large and small firewall is the same. It does not matter the size of the firewall. The complexity comes from the network and the scope of work that we need to do for the customer on the network.

If it is a large network, it will take us more time to deploy it, because there is more to configure. If it is a small network, it will take less time, but configuration-wise, it's likely the same.

I have deployed Fortinet FortiGate on my own. I have never needed help from any third-party consultant, or integrator. I work as a consultant and integrator for other companies. I provide my service as a consultant.

Fortinet FortiGate doesn't require a lot of maintenance if you deploy the system correctly, it will run well. However, you do need to have some security checks, auditing, and cleanup of the system, every month. It depends on the company policies. 

If you already deployed the solution correctly you should not have an issue. Maintenance is required, we do have some customers that are doing morning checks on memory and CPU, it does not take much time.

The license for Fortinet FortiGate is affordable in my country.

I rate Fortinet FortiGate an eight out of ten.

We use Fortinet FortiGate to safeguard our online users, who are primarily students, around the clock.

Over the past seven years, we've utilized Fortinet FortiGate to address a wide range of security challenges. Initially, we implemented a firewall to secure our network perimeter. Subsequently, we sought to protect internal network segments. Next, we implemented application-level security measures. And most recently, we've implemented selective service controls to manage access to applications like Google services, WhatsApp, and video conferencing platforms. These measures have addressed evolving security needs over time. Currently, we're focused on enhancing authentication and remote access security. To achieve this, we're implementing security tokens to verify user identities and ensure authorized access.

Fortinet FortiGate enables us to comply with regulatory governance and compliance requirements.

FortiGate is one of the security solutions we have implemented to enhance and protect our network infrastructure, including devices, across the campus for all users. Specifically, FortiGate has shielded us from Internet security threats, application threats, and unwanted websites or access to unauthorized web services. For instance, access to classified websites is restricted based on user permissions. This has resulted in a cleaner network environment, not just from a security standpoint but also in terms of overall network performance. Secondly, FortiGate has significantly alleviated the burden on network administrators and server managers. The product has proven to be highly reliable.

It has effectively reduced our risk of cyberattacks. We have experienced a very small number of incidents, primarily due to configuration loopholes. However, FortiGate has been successful in preventing intrusions from the Internet. It has effectively thwarted hacking attempts, making it a valuable tool for our computer and network security.

We operate in an educational setting and do not rely solely on online connectivity. Therefore, an internet outage would only impact academic activities. While some internet services are utilized within our campus primarily for business purposes, they are not entirely internet-dependent. Consequently, the impact of equipment failure is minimal. In the event of equipment malfunction, we have established contingency plans and alternative facilitating services in place. Additionally, our devices are designed for high availability, with two devices functioning as a backup in case one fails. We have not experienced any device failures to date.

It has streamlined the management of our network and security operations. While the machine itself doesn't provide an out-of-the-box solution, its effectiveness hinges on the expertise and security knowledge of its users. Therefore, engineering and security proficiency are paramount to maximizing the benefits of FortiGate.

FortiGate offers a lot of reporting logs and reports. By continuously monitoring these resources, we can gather sufficient information to take immediate action and implement necessary changes. However, the effectiveness of this approach hinges on having dedicated personnel to review and respond to the provided insights. The device itself cannot act autonomously without human intervention and analysis.

FortiGate has helped us reduce our mean time to remediation by 60 percent. Its user-friendly interface facilitates rapid issue resolution.

Fortinet FortiGate is an extremely user-friendly product. In terms of security, we have not experienced any security flaws or loopholes, and it has proven to be quite stable. Additionally, we have not experienced any downtime, which is of utmost importance.

The log analyzer, for instance, is a product being developed as a common solution for multiple FortiGate devices. Consequently, the log analyzer's functionalities are not fully integrated into the individual FortiGate products. I would prefer to have more detailed logs within the FortiGate products themselves rather than relying on a separate tool.

While Fortinet claims to offer a comprehensive network solution, it falls short in addressing computer application issues, particularly server security. Fortinet's capabilities are primarily focused on network security.

I have been using Fortinet FortiGate for over seven years.

I rate the stability of Fortinet FortiGate ten out of ten.

Fortinet FortiGate is a fixed configuration that depends on the number of nodes and devices.

The support from Fortinet and its vendors is good.

Positive

The initial deployment can be completed in a few days. Two to three people are involved in the deployment.

In the Asian economy in which we operate, FortiGate is expensive.

I would rate Fortinet FortiGate eight out of ten.

I'm not involved in the operation of industrial devices. We do, however, have devices that are part of laboratories, and they may be flagged during searches because we belong to the education sector. In any case, FortiGate provides protection, and I wouldn't know the extent of visibility there because it's primarily concerned with providing security for those devices. If they are connected to the network, alright.

We have around 1,500 users and over 3,000 devices that utilize FortiGate.

We are using Fortinet for administration over local users that need to connect with our wireless. We have users that come from different domains, and there are certain limits and restrictions that need to be implemented.

There is not much visible improvement, but it's a stable and reliable environment. We did not see anything critical in the production environment.

Reliability is the best feature. We faced some issues when we were setting it up, but the service, portal, and administration are good.

There is some development gap. We had experienced bugs in their operating system. When we were planning to upgrade it, there was no patch available for a bug, and the support team was saying that they need to work on that. That's the part they should work on.

There are some complex administration tasks in their administration portal. That needs to be improved.

It has been around two years since we set it up.

It's stable.

It's scalable. We have 1,500 to 2,000 people across the world. We have multiple regions and multiple sites.

We contacted them for a few cases. I would rate them a seven out of ten. They could be better at finding solutions.

Neutral

This was the first option, but we'll try Cisco as well for our Wi-Fi setup for the next one to two years. 

It was a management call to go for this. They know what is best for their business.

I was not exactly involved in its initial setup, but at a later stage, I had to jump into that. I was more into Cisco setup.

Overall, the setup was easy. There was a portal, and most of the things were similar to other hardware we use, such as Palo Alto. We found some bugs during the setup, and there was not much support available from the Fortinet support team

In terms of maintenance, there are upgrades available roughly every quarter.

It's worth the money.

The price range is quite acceptable and normal.

It's excellent. The services, administration, and reliability are up to the mark. They just need to improve it a bit. 

I would recommend it if you want to set it up for your business. Overall, I would rate it a nine out of ten.

There are various use cases for Fortinet FortiGate, including firewall protection for internet access, data centers, branches, and SD-WAN. We use the firewall in multiple locations throughout our network, taking advantage of its many features, such as the promising CDR feature and security profiles like the WAF filter and application DNS security. We deploy these features in different parts of the network. Additionally, some customers use Fortinet FortiGate in the cloud to safeguard their cloud servers within platforms like Microsoft tenants.

Our customers are using Secure SD-WAN for connecting different branches. For example, oil and gas companies have different branches all over Egypt, which are not in the main city, so they need a secure connection and stability for certain protocols, such as voice and things like that. They also need visibility. They need to understand which applications are consuming SD-WAN. 

Some of the customers are also using SD-WAN for load balancing. For SD-WAN, you need at least two internet connections, so some of the customers are using it as a load-balancing technique. Overall, there are a lot of features for which customers are using SD-WAN.

For our customers, Secure SD-WAN is very useful for giving the right priority to the applications and controlling the proper use of the application.

Secure SD-WAN's interoperability with other systems and applications in the environment is very good. The integrated application protection provided by Secure SD-WAN is also good. There is a very good integration with all the applications and portfolios. We don't integrate the firewall with the application itself, but it does what is needed to control and reroute the traffic.

Secure SD-WAN has a lot of benefits. There is a calculator on Fortinet's website. When you feed the right information to that calculator, it tells you how much money you will save by acquiring SD-WAN. The first benefit is that you're going to save money. Instead of buying multiple ISP connections, MPLS, and other such things, you can use the normal internet and apply SD-WAN on it, so you can save a lot of money. You also don't need to increase the bandwidth. SD-WAN helps with the routing of your traffic and the optimum use of your links. It's efficient and secure, and it saves you a lot of money, and of course, there is the security of the firewall that's applied on SD-WAN. If we're comparing it with other vendors like Cisco, you are not getting the firewall features.

It's very efficient. There is a lot of visibility. It reduces the number of incidents. If there is any problem, you can immediately log in to the firewall, and you will know if there is a notification about bandwidth consumption or any other issue, or if there is any drop in connectivity. It makes the operation very easy. It makes it easy for the teams to respond to incidents and manage issues. SD-WAN helps to remediate threats more quickly and efficiently because, with SD-WAN, there are a lot of applications going through different links, so if you can know which link an application is using and what's on the link, you can make the right decision in a very fast way to fix it. It provides both visibility and efficiency.

It reduces your mean time to detect (MTTD). In the new version, which is version 7.x, of the FortiGate firewall, through the main dashboard, you can know what is going on. If you've done the dashboard and you're putting these statistics in front of you on a screen, once you look at it, you'll know what's going on and what's the problem. It, of course, will give you the tools and the right information to reduce the time to solve.

It's hard to say whether it has reduced help desk tickets because it's more on the operational side, but it helps them a lot. The operations team is not handling the firewall. It's either the network team or the network security team. Generally, once it's up and running, it just works. It's different from having an antivirus or something else that can be changed from day-to-day activities. With this one, once you turn it on, the service will be stable unless you have a problem with your internet. It doesn't cause a lot of problems.

In terms of helping to future-proof business, from a partner perspective, it gives you a lot of flexibility to enhance the customer network. It opens a lot of doors for sales, for a new business, and for new potential. That's from the partner side. From the customer side, you can save money and solve a lot of problems. If you need to connect with a few branches all over the country, it's efficient. You don't need to travel for five to ten hours to reach the second branch. If you have proper SD-WAN technology and it's connected in a good way with good vendors, you can save a lot of time, effort, and money. You can have proper connectivity between branches as if the guy you are talking to is next door. So, SD-WAN gives a lot of benefits at the vendor level, partner level, and customer level.

Fortinet FortiGate is user-friendly and affordable.

When it comes to Secure SD-WAN, ease of use is valuable. The visibility and reporting are also valuable. A cool thing is that SD-WAN is free of charge with the Fortinet firewall. You can just use it just by using the Fortinet appliances that you already have in the branches. You cannot have appliances from different vendors. Fortinet customers can use the feature in a very easy way. It takes one click to integrate with the firewalls. It's very very easy to deploy. You don't need to build anything.

In the past, NSS Labs was utilized to test files and verify the numbers and datasheets. It would be beneficial to have an organization or testing lab that can verify the numbers in our datasheets since changes are frequently made, which can be inconvenient for review. For instance, when comparing different competitors such as Forcepoint, Palo Alto, and Check Point, the throughput or numbers in the datasheet may be lower than the actual numbers. Conversely, Fortinet typically reports very high numbers, but they cannot be replicated in the real world. Therefore, it would be advantageous for them to partner with a neutral testing organization such as NSS Labs to validate these numbers, thus providing more credibility and comfort to everyone regarding the accuracy of the datasheets.

For the migration, everyone has a firewall in use and I am selling Fortinet. Typically, I am replacing another firewall. Previously, there was a tool available to convert configurations from one firewall, such as Palo Alto, to Fortinet, but this tool is no longer free. If it could be made free again, it would be very beneficial. This tool shows a lot of promise and is very good. Making it free would help many companies deliver their products in a more efficient and integrated way. It would also be more valuable to include the tool with the firewall package or license instead of having to pay extra for it. Paying extra puts more pressure on small companies to deliver the firewall and complete the configuration, especially if they have hundreds or thousands of policies. It's very painful to move through these policies line by line.

The stability has room for improvement.

When it comes to Secure SD-WAN, everything is fine. They are going the right way. SD-WAN is very promising. They can provide the SD-WAN solution separately, but they will not take this approach because even the smallest firewall can support the features, so there is no need to have a separate service or appliance. They are following the right steps, and there is nothing to be improved. Feature-wise, I'm really satisfied with the new release, and the features they have added. For now, it's fine.

I have been using Fortinet FortiGate for seven years, and I have been using Secure SD-WAN for two years.

Secure SD-WAN is stable, but when it comes to the firewall, sometimes there are issues with the throughput and related factors. Improper handling of these can lead to a memory surge, a well-known bug that can cause the entire system to freeze. When this happens, the system appears to be running but no traffic is processed, causing disruptions to applications, users, and overall internet connectivity. This can be confusing because the firewall appears to be functioning correctly. Typically, the solution is to restart the firewall. However, when we contact support, they require logs before restarting, which can be challenging in urgent situations. As a result, we prioritize quick resolution over troubleshooting. This is a common drawback of the operating system.

I'd rate Fortinet FortiGate's scalability an eight out of ten.

While the technical support offered online and on-site is generally effective, there may be occasions when we need to escalate an issue to a higher level due to its complexity. 

I initially sought assistance from level-one support, but they were unable to resolve my issue. Eventually, they informed me that the problem would be addressed in a future patch. However, within a day or two, a level three engineer intervened and provided me with an update to resolve the issue. He explained that it required a command line configuration, as it couldn't be done through the graphical user interface. I was impressed with the level-three engineer's expertise and problem-solving skills. It taught me that if we persist and communicate our needs, we can achieve our desired outcomes.

Positive

The initial setup is straightforward. We need to determine whether the firewall will be positioned in an active-standby or active-active configuration. Based on this decision, we will choose the appropriate license. If the firewall is intended for use with the Internet, we will need to include features such as a full DNS filter. However, if it's being used in a data center, these features may not be necessary. Additionally, we need to consider the speed of the interface, 1G or 10G, and the expected amount of network traffic to properly size the firewall model and ensure proper throughput. This is the initial phase of the process. Once the firewall has been deployed, it's a matter of connecting it and configuring policies. 

When it comes to the deployment model of SD-WAN, my customers usually buy the appliance. They already have FortiGates, so we're just connecting firewalls to each other. In Kuwait and Egypt, there are mostly on-prem deployments. It's rare to have someone deploying a firewall on the cloud, and if it's deployed on the cloud, it's for a certain reason. It's not for SD-WAN because you're not loading balancing or you don't need SD-WAN for cloud access. In the countries where I was responsible for its implementation, there was only on-prem deployment.

There is one single challenge with the deployment of SD-WAN, but it's not from the FortiGate side. It's from the customer side. You need to understand your traffic so you can get the best out of SD-WAN. For some organizations, it's huge because they don't know which application is doing what and which is more important than the other. Especially during the COVID years, a lot of applications popped up. Companies used to release an application every few weeks. To do a proper implementation, you need to understand your network, understand your application, and set your priorities. Once you do this, the implementation will be a piece of cake. If you have all the information, it will take a day or two days.

We implement the solution for our clients. One person can easily deploy multiple Fortinet products through the firewall including FortiAnalyzer for the logs, FortiManager, and FortiMail.

For SD-WAN also, one senior security engineer can do everything for a customer. The maintenance is easy. We haven't faced any critical problems with it.

We have experienced a positive return on investment by utilizing Fortinet's products. For instance, their website features a calculator for SDR, which enables us to measure the actual ROI in dollar amounts. We input our current expenses, the products we intend to purchase, and our connectivity plans, along with a few other details. At the end of the process, we receive data that indicates the amount of money we will save, such as two hundred thousand, for example. This provides us with clear and precise figures on our savings, making it an excellent tool.

Our customers have seen time to value with Secure SD-WAN. Its time to value is seen within weeks of implementation.

The price for the Fortinet FortiGate is reasonable. Secure SD-WAN is free of charge. If you have their firewall, it's free of charge. It's very tempting. Other vendors, such as Palo Alto, will charge you to have an SD-WAN license, whereas, with Fortinet, it's free of charge.

When purchasing a firewall, stability is non-negotiable. For small to medium businesses, Fortinet's affordability and ease of deployment make it a suitable option. However, for enterprise-level businesses, Palo Alto or Check Point would be preferred for their robust clients and immediate updates, despite the higher cost.

When comparing the pros and cons of Secure SD-WAN with other solutions, the challenge is not with SD-WAN. It's with the appliance that's offering SD-WAN, which is the firewall. So, the first comparison would be between the FortiGate firewall and other firewalls, and if the other firewalls are already offering the same service, the comparison will be between different levels, not just SD-WAN. There could be other firewalls that are more efficient or lower in cost or even more familiar to customers than Fortinet. So, the challenge is not with SD-WAN. The main reason I use SD-WAN on FortiGate is to get the benefit of the security profiles or security features of the firewall on top of the SD-WAN. Otherwise, I can use my internet router, the basic load balancing protocols, and the basic IP tunneling, and send some traffic here and some traffic there, and I'll save the cost. 

I'd rate Fortinet FortiGate an eight out of ten.