Try our new research platform with insights from 80,000+ expert users
Irshad Ali - PeerSpot reviewer
Presales Manager at a tech services company with 201-500 employees
Real User
Top 10
Good licensing, saves costs, and provides good security and visibility
Pros and Cons
  • "The security features that they have are quite good. On top of that, their licensing model is quite nice where they don't charge you anything for the SD-WAN functionality for the firewall."
  • "Tunnel flapping was one of the major things I had seen wherein your internet link remains but your VPN tunnel is down. However, since I got a fix from the TAC team, I have not noticed it, but the customer complained a few times that they couldn't access the internet because of this problem."

What is our primary use case?

I used this solution while working with my last organization. I handled plain firewall deployment as well as SD-WAN deployment. 

How has it helped my organization?

I was providing consulting services to various Telco customers. It helped customers save on the cost of highly expensive MPLS links. With the help of Secure SD-WAN, they were able to utilize broadband or even LTE connectivity, which saves costs. That's the flexibility that Secure SD-WAN gives to various customers. In addition to saving costs, they are also able to utilize active-active load balancing, where you can have two parallel links: primary and secondary. The secondary one used to sit idle in traditional scenarios, whereas now, the solution gives you the flexibility to configure both links as active-active, so you can prioritize critical traffic from link one and other traffic from link two. At the same time, you also have the option to maintain redundancy.

Secure SD-WAN is a great way to manage your entire organization network, especially the WAN network. Customers don't have to hop to multiple places. Fortinet has a solution called FortiManager. With the help of that, you can monitor, configure, and maintain your entire organization's network. It's a very convenient option. It's a single pane of glass from a customer's point of view. They don't have to log in to individual devices, and they can see the real traffic. They can see what's coming into the network, what sort of alerts or logs are there, and what sort of applications are being consumed.

Secure SD-WAN doesn't help with tool consolidation, but it's a secure way or mechanism they provide so that if branch users are accessing the internet, they can directly break out from the branch location rather than coming back to the data center. In that way, it improves the user experience while also giving security at the highest level.

I have not interacted much with Secure SD-WAN in terms of API integration or third-party integrations. However, they have pretty good integration with the RADIUS, LDAP, and AD servers. In that way, they have everything in-built. You can make the firewall a DNS server or some sort of DHCP server. Such features are included there. From a security standpoint, they have open API integration with their own SIEM or SOAR solutions. Third-party API integration is also possible, but the API details that are exposed are very limited.

The integrated application protection provided by Secure SD-WAN is a cool feature. They have real-time scanning of the application with the help of SSL inspection. You get to see the real-time traffic of applications, and you can protect your network from harmful websites. They have a signature database for that. This data also gets refreshed. It's a direct feed that the device takes from the central intelligence.

When you have Secure SD-WAN in place, you are more secure from the outside internet. They have a flavor of SASE, but I have not worked on it.

When you have a granular view of your entire network including users and security features being enabled, you get more visibility into your network. You get to know what's coming in and going out. If an administrator sees that some traffic is being hit repetitively from a particular location, functionality is available to block a region, country, or even an IP or domain.

In terms of Secure SD-WAN reducing our mean time to resolve, in the case of issues specific to SD-WAN, I've seen instances where customers can look into the dashboard and inform the support team that this is the issue they are facing. This helps them to have some visibility into these firewalls and isolate the entire issue from the technology perspective; for example, when a wireless client is facing some sort of challenge accessing the internet, whereas some of the wired users are able to access the internet. The testing tools given in the FortiGate GUI dashboard come in handy during troubleshooting. With the very user-friendly interface, it becomes very obvious and easy for any IT guy to simply follow the workflow to resolve any day-to-day operational issues.

What is most valuable?

The security features that they have are quite good. On top of that, their licensing model is quite nice where they don't charge you anything for the SD-WAN functionality for the firewall. The routing and firewall features are also good.

The unified view that they have built into this firewall is good. Within the same dashboard, you get to see the security profiles, the type of traffic that's passing through, the top applications that are being consumed, etc.

It's also very easy to use.

What needs improvement?

I was not looking after the operations part, but sometimes, I did get engaged in some critical activities related to operations. There are some caveats in every product. Tunnel flapping was one of the major things I had seen wherein your internet link remains but your VPN tunnel is down. However, since I got a fix from the TAC team, I have not noticed it, but the customer complained a few times that they couldn't access the internet because of this problem. There were tunnel issues where there was already established connectivity, but at the kernel level, there were some issues. For example, there's a feature for auto-site connectivity wherein whenever it automatically creates a new tunnel, at the kernel level, it also creates an interface. Sometimes, that interface crashes and a new interface could not be created, which results in connectivity loss. 

Fortinet has established itself in the SMB market segment. It's doing pretty well in that space, but when it comes to the enterprise segment, they are lagging a little bit. It all boils down to the performance of the hardware. If I enable all of the security features available on my device, the throughput degrades quite a lot. If I have put 10 GBPS of throughput on a firewall and I enable all of these features available, such as IPS or UTM functionalities, the throughput comes down to 1 GBPS.

Buyer's Guide
Fortinet FortiGate
March 2025
Learn what your peers think about Fortinet FortiGate. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
844,944 professionals have used our research since 2012.

For how long have I used the solution?

I used Fortinet FortiGate for seven months. I last used it in February of this year.

What do I think about the stability of the solution?

I'd rate it a seven out of ten in terms of stability.

What do I think about the scalability of the solution?

The solution offers the option of deploying VMs or virtual machines to any public cloud, such as AWS or Azure. It provides such flexibility. If you have any application hosted in the cloud space, you can have a VM spin of the FortiGate over there and have a site-to-site tunnel established, so the scalability is there. Otherwise, at the site level, it's mostly hardware-based work. If you size it properly, then you have the option to expand. You might have chosen a low-end model because of the tight budget. In that case, it's not scalable on a specific site. However, if you have a certain number of sites, for example, if you have 400 of them and you want to expand to 500 or 1,000, there is simply a license that goes at the FortiManager level to support additional devices. FortiManager provides a single pane of management. 

I'd rate it a seven out of ten in terms of scalability.

How are customer service and support?

My experience was not that rewarding. It took me around three hours in total to get a simple issue identified and fixed. I escalated it to their L3 engineer, and after that, I was able to resolve the issue. The entire process took around three hours. First, their initial level person was troubleshooting, then it went to the next level, and then it went to the highest level.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

From the security perspective, I have not used any other solution, but I did have a glance at Cisco's portfolio. Cisco Meraki is one of the solutions that you can compare it with. Others were more specific to the routing and switching domain. I know the concepts and theory of Cisco SD-WAN, but I have not used it in a real environment for any customer.

How was the initial setup?

For one of the clients, it was deployed on the Azure public cloud. Initially, it was not easy. It was complex. Every product and technology requires a certain type of prerequisite, and when you have anything hosted on a public cloud, it becomes a tedious job to get things done quickly because multiple stakeholders are involved in that.

I have deployed Secure SD-WAN specifically for many customers. I find it easy, but you need one person to be at the site for remote connectivity. That person just needs to do the basic configuration. Once the device has IP reachability, you can easily discover it from FortiManager, which is the central controller. So, once you have the device on FortiManager, it takes a few clicks to onboard the device because you already would have a template in place.

The deployment duration depends on the number of sites. For a customer with ten sites, it would take a week's time because there are a lot of dependencies. It also depends on the customer's readiness and availability, but a week's time would be enough for the deployment of ten sites. If there is proper planning in place, you can also deploy 50 sites in a week, but that's something you cannot control from your side because there are a lot of dependencies on the customer and the service provider. If you have to integrate it into a customer's existing network, it becomes quite challenging to make them understand your prerequisites. There are instances where nobody is available from the customer side from the technical standpoint to help you. Those are the roadblocks, but from the solution perspective, it's quite easy to onboard devices.

What about the implementation team?

The deployment can be done by one person if that person is dedicated to a single project, but if more projects are running in parallel, you would require a few more people.

It does require maintenance, which includes upgrading the operating system and installing patches. Two to three people would be enough for around 500 site maintenance but not in the 24/7 case. If it's 24/7, then nine people would be required for that.

What's my experience with pricing, setup cost, and licensing?

By default, they give SD-WAN along with the firewall. They don't have separate licensing for the SD-WAN functionality. However, they have security licenses that are sold separately on a subscription basis. Customers can consume these security features to protect their users from internet traffic.

What other advice do I have?

To those evaluating this solution, I'd advise doing a PoC of different vendors who are meeting their requirements. They can then decide for themselves after seeing the demo.

Overall, I'd rate it an eight out of ten. It's user-friendly. It's also good features-wise, but their support is weak, and on the architecture front, it's not true SD-WAN. It's not decoupling the control chain functionality from the device to the controller. 

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Network admin at Penobscot Valley Hospital
Real User
An easy-to-use product that does a lot for you and allows you to be independent
Pros and Cons
  • "It does a lot for you for intrusion protection and as an antivirus. The threat management bundle is worth the money. You don't need another company to monitor your web traffic for you. You can do everything yourself on the firewall. You restrict your own black list for people on the firewall. You don't need to pay some other company for another product to do that for you. The firewall can do that for you. So, it's an easy-to-use product for people to be independent. They don't need to rely on other vendors to do what the firewall can do. They can do everything."
  • "I don't really have anything negative to say as far as Fortinet firewalls are concerned. If anything, they can support a user a little bit better. They can stop being so time-sensitive about how much time the support call has taken, and they can help you do it yourself."

What is most valuable?

It does a lot for you for intrusion protection and as an antivirus. The threat management bundle is worth the money. You don't need another company to monitor your web traffic for you. You can do everything yourself on the firewall. You restrict your own black list for people on the firewall. You don't need to pay some other company for another product to do that for you. The firewall can do that for you. So, it's an easy-to-use product for people to be independent. They don't need to rely on other vendors to do what the firewall can do. They can do everything.

The GUI is good. I'm really happy with the ease of use of the firewall. Fortinet's support is also great.  

What needs improvement?

I don't really have anything negative to say as far as Fortinet firewalls are concerned. If anything, they can support a user a little bit better. They can stop being so time-sensitive about how much time the support call has taken, and they can help you do it yourself.

For how long have I used the solution?

I've had different models of Fortinet since 2009. They all are physical appliances. I had 300As, and now I'm on 300Ds. I've got a remote site with a different model, which probably is 60F. They are great little firewalls, and for bigger size places, they have 300 models.

I don't have virtual appliances. I don't have a virtual infrastructure. I have an older virtual environment with Hyper-V, and the servers are not up-to-date. It was a money thing. So, it was better to go with the appliance itself.

What do I think about the stability of the solution?

I'm happy with what they got. It is a great product. Sometimes, you're going to get a lemon—the way it initially happened with FortiAuthenticator 300F—but that doesn't happen very often.

If there is a problem, the next business day, they send it and get the replacement, and they help me configure it.

What do I think about the scalability of the solution?

In terms of its users, everybody uses the firewall because they're going out. That's our egress point. So, there are about 20 users for that. We have a dozen IPsec tunnels with which we connect to different companies. So, security is a big part of it. I also have a remote location with about 10 users who use a different firewall.

We probably won't be increasing its usage. Now that I got Authenticator, it nicely compliments the Fortinet firewall. The size of the company isn't going to grow any more than what it is. So, we're good.

How are customer service and support?

Their support is great, but it also depends on who you get for support. From the support perspective, they can help you do it yourself, which is always more beneficial to both parties. They can stop being so time-sensitive about the call duration and let a user help himself a little bit more.

It takes time to study this stuff, and I don't always have time to do it. So, I'm looking for a quick answer because I get interrupted all the time during work. I don't always have the time to study something and figure it out. So, I have to call them, but I don't always get somebody who really knows what they are doing. They don't know deep enough to help you. They're troubleshooting with you, and that's the difference between Level 1 and Level 2 support.

Which solution did I use previously and why did I switch?

When I first got here in this job in 2007, they had Cisco ASA Firewall, but it was too cryptic. You had to enter all these CLI commands for a configuration. It also didn't do everything that Fortinet could do. It was very limited, and it wasn't easy to use. I know what I want to do, and I don't have to learn a special language in order to do it. I just want to be able to use some basic programming code that they have put into the firewall and use the GUI interface with it to actually visualize what I am looking at. Some of the Cisco products are not visual enough. That was one of the reasons I stayed away from it. Cisco is also very high-priced. They price themselves out of business a lot of times for equipment, but Fortinet is just great.

I've also used SonicWall before. It was okay, but it is better for bigger places. I was looking for a midrange-size firewall for a couple of hundred users, and I felt Fortinet was the right fit.

How was the initial setup?

Its deployment and maintenance are easy. 

What about the implementation team?

I pretty much used the support from Fortinet to do it. They're good about their support. I did it myself by being a nuisance to Fortinet. I kept calling them to ask questions. They had to remote on to it and see you do something you don't know how to do.

What's my experience with pricing, setup cost, and licensing?

It was probably about $2,500 per firewall. It was all included. It included support, services, threat management software, and 24/7 FortiCare on it. Cisco products are more expensive.

What other advice do I have?

Fortinet has got great firewalls. They do everything. They do FortiTokens for two-factor. They do the IPsec VPNs, SSL VPNs. They have a great GUI for you to know, but you still got to know the CLI commands. 

I would rate it a 10 out of 10. It does its job, and it is easy to use. The support is great.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Fortinet FortiGate
March 2025
Learn what your peers think about Fortinet FortiGate. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
844,944 professionals have used our research since 2012.
IT Security Analyst at a energy/utilities company with 51-200 employees
Real User
Top 20
Reduces our remediation time and our operational expenses
Pros and Cons
  • "I appreciate FortiGate's flexibility, which allows for centralized management through FortiManager."
  • "Fortinet needs to overhaul its documentation."

What is our primary use case?

We utilize Fortinet FortiGate appliances at six branch offices, one data center, and one DLP site. Our network is driven by SD-WAN, and we employ FortiGate as our firewall, FortiEDR for endpoint protection, and FortiSwitch for alerting on all layers of the network.

For me, the best practice is to deploy on-premises for data centers. However, for small branch offices with over ten to twenty staff members, I can deploy the devices remotely. We can provision our cloud and push the configuration to those devices from the cloud.

How has it helped my organization?

The visibility that FortiGate provides into our devices is crucial for network segmentation. I want to see the output in a specific way. The traditional approach has shifted slightly, as I'm accustomed to Cisco networking equipment. Typically, we have a call feature, but I'm currently using all the call features for internal routing. However, with FortiGate, most security subnets are segmented and protected behind the firewall. This allows me to lock down or secure sensitive subnets, such as HR or departmental information. I can log in from there, and all other subnets for client users require centralized access. This means that all traffic must go through the firewall, enhancing security.

FortiGate enabled us to achieve compliance with governance requirements. The FortiGate, along with fabric security and checkpoints, essentially act as regulatory checkers, reviewing our security practices against industry best practices and guidelines. If they identify any discrepancies, they alert us, allowing us to develop and implement mitigation plans to address the issues. For instance, if our SSH configurations don't meet security standards, such as algorithm or cipher requirements, FortiGate will notify us, enabling us to take corrective action and regain compliance.

We utilize API calls for FortiGate, including those related to our PRTG monitoring system. Additionally, we employ HVAC calls and leverage another MDR solution from Arctic Wolf to trigger specific events on the FortGate. This API functionality enables us to generate API keys and seamlessly integrate with API features across various platforms.

Integrating FortiGate into our environment is straightforward. Our transition from Palo Alto to FortiGate was seamless, utilizing our existing policies and migration tools. FortiGate also provides provisioning capabilities for defining branch office configurations. As long as branch office devices can access the internet to communicate with Fortinet Cloud, we can remotely implement provisioning for these devices, offering greater convenience for small branch offices.

The built-in APIs streamline integrations with other vendors, reducing deployment time. They effortlessly generate API keys upon logging into the Fortinet network, facilitating the deployment of our PRTT monitor tools. These tools seamlessly integrate with each other, fostering rapid deployment. Most platforms, including Cisco Meraki, Palo Alto, and Check Point, now adhere to industry standards and support API calls.

FortiGate has been instrumental in mitigating the risk of cyberattacks that could potentially disrupt our production operations. I am particularly impressed with Fortinet's cloud-based FortiGuard service, which continuously updates our systems with the latest zero-day attack protection, significantly reducing the threat landscape within our industry. Given the energy industry's heightened vulnerability to cyberattacks, we have implemented measures to restrict access to our network based on geolocation IP addresses. This includes restricting access from countries such as Russia and China, further safeguarding our environment from potential threats. Additionally, FortiGuard's regularly updated list of malicious websites provides an invaluable layer of protection for our industry.

In the event of a production-disrupting attack, we can utilize FortiManager to remotely isolate and mitigate the threat by shutting down specific subnets or networks. We can easily navigate through the unpacked data, and upon detecting a suspicious event, we can initiate automation or SOAR processes to notify the Cloud Service Provider team with whom we have been collaborating. Additionally, we can establish traffic alerts. For instance, since not all users access the AD server simultaneously each month, if we observe such suspicious behavior, we can remotely shut down that network, thereby minimizing our risk exposure.

FortiGate provides us with actionable insights to guide our decision-making regarding the appropriate actions to take. We generate 20 gigabytes of log data daily, which we utilize to establish a baseline for network traffic on our servers and compare it to our generated report. This approach allows us to set a threshold for the read volume of 20 gigabytes of FortiGate data attempting to reach a server from an external source. If this threshold is exceeded, an alert is triggered, prompting us to take corrective action. The centralized monitoring of our environment provides significant value.

Security is not a single, isolated element. It encompasses the entire network infrastructure, including firewalls, routers, switches, endpoints, and even mobile devices. The Fortinet Security Fabric seamlessly integrates these components to provide comprehensive protection. It generates detailed logs, including those from access points linked to FortiSwitch. The FortiSwitch, fully integrated with the FortiGate Fabric, relays security alerts to the FortiViewer in the SOC. This centralized view provides complete visibility into the network, including SSIDs, wireless networks, subnets, and devices protected by FortiClient. The Fortinet Security Fabric tracks individual devices connected to the network, including compromised laptops. FortiClient triggers alerts and sends them to FortiCloud, which also receives logs from the EMS server and the firewall. These logs are consolidated in the FortiAnalyzer and forwarded to the cloud-based log server for analysis. This comprehensive approach to security ensures that all potential threats are identified and addressed promptly.

FortiGate has contributed to a reduction in our operational expenses. Prior to adopting Fortinet, we utilized Palo Alto for firewalls and Cisco for call switches. However, as we began using Fortinet, we gradually transitioned to their products. Currently, we employ FortiGate for our firewall, FortiSuite, and FortiAP Access Points, phasing them in one at a time. This approach has effectively minimized downtime and lightened our workload by enabling centralized management through a single pane of glass.

FortiGate has significantly reduced our time to remediation. We can now check logs from servers, firewalls, switches, access points, clouds, and even devices from different brands, all from a single centralized location. This has greatly reduced the time required for threat hunting and security event investigation.

Fortinet has been instrumental in enhancing our cybersecurity approach to safeguard our industrial machinery. We rely on some heavy equipment that is critical to our industry's operations. To protect this equipment, we have isolated it on a single subnet and implemented strict access controls, allowing only authorized users and MAC addresses to access the network. This ensures that only internal staff can operate the equipment unless authorized maintenance personnel are present. The high level of security we have implemented is essential because our industry's operations are closely tied to the core applications of our industry. We are committed to safeguarding our equipment and preventing any potential risks.

What is most valuable?

I appreciate FortiGate's flexibility, which allows for centralized management through FortiManager. Additionally, its integration with FortiAnalyzer, which can be deployed in the cloud, enables centralized monitoring of all firewall logs.

What needs improvement?

Fortinet needs to overhaul its documentation. Our current reliance on outdated documentation has resulted in significant time wastage. While we can locate the necessary documentation, the constant daily revisions necessitate meticulous identification of the relevant documents to prevent the use of outdated information that could jeopardize our environment. At the very least, Fortinet should classify its documentation to clearly indicate the applicable version, as our attempts to do so manually are becoming increasingly tedious.

For how long have I used the solution?

I have been using Fortinet FortiGate for over three years.

What do I think about the stability of the solution?

Fortinet FortiGate is stable. I have not encountered any performance issues.

What do I think about the scalability of the solution?

Fortinet FortiGate is scalable. 

How are customer service and support?

The speed of Fortinet's technical support is significantly faster compared to Palo Alto. I recall an instance where I experienced an issue with Palo Alto, and it took an hour to connect with a real technician from Palo Alto. However, when I call Fortinet, it takes a maximum of two minutes to get a knowledgeable individual to address my concerns. Considering the stark contrast in service levels, imagine having a network issue with Palo Alto and having to wait an hour for support. Conversely, with Fortinet, we can receive proper assistance within two minutes. The difference is immense. This is the one aspect I find lacking in Palo Alto.

The reason I don't give Fortinet's support a perfect score is that I've worked in this field for many years and have come to expect a certain level of expertise. Even when we call Palo Alto, Cisco, Check Point, or any other support service, our experience can vary depending on who we get on the phone. If we're lucky, we'll get a highly experienced expert who can quickly resolve our issue. However, we may also get someone who is new to the team or to their role, and they may take a long time to understand our problem. While Fortinet's support is generally excellent, I have had a couple of experiences where I felt like the person on the other end was inexperienced and asked me irrelevant questions. Despite these occasional issues, I am still very satisfied with Fortinet's support overall, but I wouldn't give it a perfect score.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We previously used Palo Alto for five years and switched to Fortinet FortiGate. Palo Alto is expensive.

How was the initial setup?

The initial deployment is simple. We need to determine which interface is the WAN interface and which is the internal interface.

With Fortinet, we should prioritize a centralized approach to ensure synchronization and consistency across the network. This centralized management strategy will streamline the implementation of SD-WAN, as it allows for the deployment of standardized templates and traffic configurations. Centralized management also simplifies future modifications, as minor changes can be pushed down without requiring complete redesigns. Conversely, deploying SD-WAN without prior centralized management can lead to complexities and potential disruptions. For instance, if WAN interfaces are configured independently of SD-WAN, integrating SD-WAN later will necessitate removing and reconfiguring existing data, policies, firewall policies, and rules. This process can be time-consuming and error-prone.

What's my experience with pricing, setup cost, and licensing?

For medium and enterprise organizations, FortiGate is more affordable. We can choose from a variety of bundles to find the right license for our needs. The software is reliable and easy to install, and it will run smoothly on our systems. FortiGate is priced lower than Palo Alto.

What other advice do I have?

I would rate Fortinet FortiGate nine out of ten.

I compared SD-WAN solutions offered by companies like Cisco Meraki, and Palo Alto. I'm impressed with SD-WAN solutions in general, but I recommend considering purchasing Fortinet's SD-WAN solution, as it could lead to significant cost savings. However, proper planning and design are crucial before deployment to avoid incurring additional expenses due to rework. That's my suggestion.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1289523 - PeerSpot reviewer
Network Engineer at a retailer with 10,001+ employees
Real User
Scalable, extremely reliable, and has a good user interface
Pros and Cons
  • "The solution is extremely reliable."
  • "The pricing could be a bit better, especially when you consider how they have the most basic offering priced."

What is our primary use case?

In most cases, we use the solution as a firewall to access the internet. For example, we use Cisco Wireless for our clients to have access to the network and we use within the same solution the FortiGate Firewall for them to access the internet as well.

What is most valuable?

The solution offers very easy usability. 

The product can scale well.

The solution is extremely reliable.

The pricing and licensing models are pretty good. 

The user interface, both the web and CLI versions, are very good.

What needs improvement?

The solution overall is quite good. It works how we need it to. I can't recall seeing any features that are lacking.

We haven't had any breaches in our organization, however, I have read in journals that there have been some issues.

There may have been some bugs after an update, however, that has since been resolved. We saw a few bugs in the web field and when we ran an update it was resolved in the new version. 

Some resources must be accessed via web fields. We were not able to access them at first. However, it was a simple task to fix it and that has since been resolved.

The pricing could be a bit better, especially when you consider how they have the most basic offering priced.

For how long have I used the solution?

I've been using the solution since I started at my current company. I began my employment here about a year ago or so.

What do I think about the stability of the solution?

The solution is quite stable. It doesn't give us issues. There are no bugs or glitches. It doesn't crash on us. It doesn't freeze. It's reliable. Fortinet has created a really reliable solution.

What do I think about the scalability of the solution?

We've found the scalability of the solution to be very good. If a company needs to expand on this solution, it can do so with ease.

We have between 2,000 and 3,000 users on the solution currently.

We do plan to continue to use the solution going forward. We have no plans to change anything.

How are customer service and technical support?

I've never contacted technical support. Having never dealt with them, I can't speak to their responsiveness or knowledgeability. I don't know enough about them from any kind of personal experience.

Which solution did I use previously and why did I switch?

I also use Cisco wireless solutions. Our company uses both simultaneously.

How was the initial setup?

While I did not participate in the main part of the installation, I've discovered from deploying small FortiGates such as FortWiFi 60E, that it's good. It's not too complex of a process. It's pretty straightforward. It's easy.

What's my experience with pricing, setup cost, and licensing?

We've found the pricing to be fair and the licensing model is quite good. It's a reasonable cost. It's not too expensive.

That said, I do feel they could work on the pricing policy a bit.

Right now a license to use some of the simpler features like web filtering or antivirus, you have to pay about 80% of the hardware price to have a license for a year. That's a bit too much for such basic features.

What other advice do I have?

We use a variety of Fortinet products. We are using mostly FortiGate 200E and we have some of FortiGate 100E and the FortiWiFi 60E.

We are not using the latest version of the solution at this time. We have version 6.0 and it completely meets our requirements. When we will have to update it we will do so. However, that is not so necessary right now. We will not update it until we need to.

I'd recommend the solution to other organizations. It's been a positive experience overall.

I would rate the solution at a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Solutions Engineer/Consultant at a tech services company with 11-50 employees
Real User
A reliable and consistent solution that allows us to manage the entire network from one interface and supports on-premises and cloud deployments
Pros and Cons
  • "One of the nice things about FortiGate is that it can be deployed on the cloud or on-premises. You can actually do both. That's the biggest reason why I stick with this solution as opposed to something like Cisco Meraki. Another nice thing is that I can log directly into a FortiGate or get to it through their FortiCloud access products. They're pretty reliable and consistent. One of the reasons why I started using the product was their single pane of management. I can deploy their line of firewalls in conjunction with their switching and access points, and I can manage the entire network from one interface. I don't have to log into one interface for the firewall, another one for the access points, and another one for the switches. These firewalls have access point controller functionality built right into the system, so I don't even have to purchase additional devices to manage them."
  • "FortiLink is the interface on the firewall that allows you to extend switch management across all of your switches in the network. The problem with it is that you can't use multiple interfaces unless you set them up in a lag. Only then you can run them. So, it forces you to use a core type of switch to propagate that management out to the rest of the switches, and then it is running the case at 200. It leaves you with 18 ports on the firewall because it is also a layer-three router that could also be used as a switch, but as soon as you do that, you can't really use them. They could do a little bit more clean up in the way the stacking interface works. Some use cases and the documentation on the FortiLink checking interface are a little outdated. I can find stuff on version 5 or more, but it is hard to find information on some of the newer firmware. The biggest thing I would like to see is some improvement in the switch management feature. I would like to be able to relegate some of the ports, which are on the firewall itself, to act as a switch to take advantage of those ports. Some of these firewalls have clarity ports on them. If I can use those, it would mean that I need to buy two less switches, which saves time. I get why they don't, but I would still like to see it because it would save a little bit of space in the server rack."

What is our primary use case?

We are a managed services company, and we are also a partner with Fortinet and Cisco Meraki. The firmware that I just started using is 6.4.4. Most of the FortiGates that I sell are 60E and 60F. For some of our larger customers, I have got a handful of FortiGate 80, 100, and 200.

Fundamentally, its primary purpose is security at the edge of the network. I have got some clients who are starting to use the SD-WAN feature for a multi-location setup. I have got other clients who are using a lot of IPSec tunnels. I also have some clients who, with the increase in remote workers, are taking advantage of the FortiClient product that ties in. They are using that for remote VPN connections. 

How has it helped my organization?

We are a managed services provider, and I would say that it has improved the way our client's organization functions. I would also hope that it is seamless for them. They don't even know it. The biggest improvement for us is that it allows us to do more with a smaller staff.

What is most valuable?

One of the nice things about FortiGate is that it can be deployed on the cloud or on-premises. You can actually do both. That's the biggest reason why I stick with this solution as opposed to something like Cisco Meraki. Another nice thing is that I can log directly into a FortiGate or get to it through their FortiCloud access products. They're pretty reliable and consistent.

One of the reasons why I started using the product was their single pane of management. I can deploy their line of firewalls in conjunction with their switching and access points, and I can manage the entire network from one interface. I don't have to log into one interface for the firewall, another one for the access points, and another one for the switches. These firewalls have access point controller functionality built right into the system, so I don't even have to purchase additional devices to manage them.

What needs improvement?

FortiLink is the interface on the firewall that allows you to extend switch management across all of your switches in the network. The problem with it is that you can't use multiple interfaces unless you set them up in a lag. Only then you can run them. So, it forces you to use a core type of switch to propagate that management out to the rest of the switches, and then it is running the case at 200. It leaves you with 18 ports on the firewall because it is also a layer-three router that could also be used as a switch, but as soon as you do that, you can't really use them. They could do a little bit more clean up in the way the stacking interface works.

Some use cases and the documentation on the FortiLink checking interface are a little outdated. I can find stuff on version 5 or more, but it is hard to find information on some of the newer firmware.

The biggest thing I would like to see is some improvement in the switch management feature. I would like to be able to relegate some of the ports, which are on the firewall itself, to act as a switch to take advantage of those ports. Some of these firewalls have clarity ports on them. If I can use those, it would mean that I need to buy two less switches, which saves time. I get why they don't, but I would still like to see it because it would save a little bit of space in the server rack.

For how long have I used the solution?

I have been using this solution since 2007.

What do I think about the stability of the solution?

If you have the firmware version 6.4.3 and are using FortiLink in VLAN, it has trouble with tunneling networks for a wireless network. It won't give it a route to the internet. I found it just last week. There was a version back in 6.2 where it required 12 characters for the password of a wireless network on Web 2.0 as opposed to the traditional eight characters. The problem came when you wanted to edit it. If you upgraded to that firmware from a previous version, it wouldn't let you save any changes without changing the password, making it a requirement. That was kind of problematic for a while, but for the most part, it has been pretty stable and responsive.

What do I think about the scalability of the solution?

It is easy to scale as long as you start with the right firewall. Our clients are of different sizes. We have clients with the home office with two or three employees. One of the clients has about 26 locations in all four time zones and about 400 employees.

How are customer service and technical support?

I haven't used their official tech support, which is actually a good thing. The reason I haven't used their official tech support is that they have a support mechanism in place. I have direct access to a local sales engineer, and when I have problems, I call him up on the cell phone. Based on that, they definitely support their partners 100%. They are definitely channel driven, and it shows.

Which solution did I use previously and why did I switch?

I have deployed SonicWall, WatchGuard, Cisco ASA, Rockies, and Palo Alto. The biggest reason I went with Fortinet is that it felt like it has got Palo Alto type of functionality at a much more reasonable price point.

I spent seven years working at the state level education, and budgets were tough. We had SonicWall subscription services. I could replace them with the brand new FortiGate with a three-year subscription for the same cost. That really changed things. The single pane of management that they have was just the frosting on the cake.

How was the initial setup?

It is pretty simple. For example, I just set up a new network with a 100E, and I have got four stackable switches. It will run a network with 23 access points. I set up all the VLANs, routing, rules, and other things. It won't take more than four hours of work. I am getting ready to box up and ship it out. It will be plug and play once it gets to the site.

What other advice do I have?

Take the training. They've got free training that is available online, and there are different levels for technical training. It is crucial. If you sign up as a partner, which doesn't cost you anything, the training is free. If you want to go for the test and get certified, you got to pay for the test, but the actual training materials are available to every partner for free. I would say that definitely take advantage of those. When you have new employees as network engineers, make this training a part of the routine.

I would rate Fortinet FortiGate an eight out of ten. I have been using it for years, and I do try to evaluate it on a regular basis and continue to stick with them. I just don't have a lot of bad things to say about them. Aside from their product, I'm a also fan of their company and how they do business, which makes it easier to do business with them. I don't necessarily appreciate the business practices of some of their competitors. It is nice not to have to worry about that.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
IT Consultant at Escuela de Comunicación Mónica Herrera
Real User
Top 5
Nice GUI, easy to configure, and has a reasonably priced licensing model
Pros and Cons
  • "The GUI is good."
  • "Maybe they could make some features more accessible, such as a way to translate directions between two networks that share the same subnets."

What is our primary use case?

I primarily administrate the solution as a firewall. It's a perimeter solution. We filter content in order to ensure protection. We use it to publish services on-premises.

What is most valuable?

The GUI is good.

It's a basic firewall and it's a simple configuration. It can be ported very easily to our unit.

All of the licenses are included. We don't need to buy more licenses per pack of users. It is cost-effective. 

What needs improvement?

We'd like to see what they will do when AI attacks are generated. They will need to ensure their prevention continues to be exceptional. 

The solution isn't missing any features. Maybe they could make some features more accessible, such as a way to translate directions between two networks that share the same subnets.

For how long have I used the solution?

I've been using the solution for ten years. 

What do I think about the stability of the solution?

The solution is very stable. It is a robust unit.

What do I think about the scalability of the solution?

It's scalable. You can grow as you need. If you need more, you can use a model to upgrade to the next model. 

We don't have users per se; I provide the service to clients. 

How are customer service and support?

I very rarely contact technical support. If I need to scale, they have very knowledgeable sources and solid workbooks. The resources they offer ensure I always have a solution. 

Which solution did I use previously and why did I switch?

I've worked with SonicWall and Cisco. Fortinet offers a good license model. It's also very clean in terms of configuration. It offers high performance. It is a bit more expensive compared to SonicWall, however, if you take everything into consideration, the pricing is quite reasonable. 

How was the initial setup?

We have a FortiGate appliance. We are using the 2000F version of FortiGate and running the license for FortiOS. 

First, we design our network, then we update policies. 

Fortinet makes the process very easy. I try to make it more efficient by replicating policies using the GUI. 

How long it takes to deploy depends on the complexity. I have 20 or so subnets and some services and I can manage the deployment in two to three hours. 

It is not difficult to maintain the solution. 

What about the implementation team?

I'm able to handle the deployment myself. 

What's my experience with pricing, setup cost, and licensing?

The licensing model is very good. It's less expensive than Check Point. 

What other advice do I have?

I'm an independent consultant. 

Users have to understand the size of the network. That would dictate the model you need. You also need a qualified technician to configure the unit. 

I'd rate the solution nine out of ten. It's very easy to use.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
PeerSpot user
William Nogueira - PeerSpot reviewer
IT Security Specialist at a agriculture with 1,001-5,000 employees
Real User
Top 20
Helps reduce our mean time to remediate and our security risk, and provides good visibility into our environment
Pros and Cons
  • "The Intrusion Prevention System and the web filtering are both working well."
  • "The debugging and troubleshooting has room for improvement."

What is our primary use case?

Fortinet FortiGate is our primary security solution for network communication. It enforces segregation between the IT and OT networks. All communication, integrations, and other traffic between IT and OT must pass through the FortiGate, which inspects and controls it.

FortiGate also serves as our VPN concentrator. Both internal users and partners connect their VPNs to FortiGate. We manage the entire VPN process, including access control and security policies.

All web traffic within the organization flows through the FortiGate for inspection and security controls. We leverage FortiGate's UTM capabilities, including web filtering, intrusion prevention, and application control.

While we have several websites running behind FortiGate, they are primarily static content sites with limited business activity. Therefore, we utilize the basic WAF functionality within FortiGate instead of a dedicated WAF device. This approach has proven effective for our needs due to the low volume of transactions and sensitive data on these websites.

FortiGate also manages communication between our internal IT units. With five units in operation, efficient inter-unit communication is critical. FortiGate ensures secure and controlled data exchange between these units.

How has it helped my organization?

FortiGate provides us with both visibility and segmentation for our industrial devices. This allows us to achieve good segmentation and also gain a clear view of the assets that reside behind them. Now, if I need to find a specific asset within our industrial environment, I can simply access Fortinet and check the assets listed there. Additionally, FortiGate utilizes sensing technology that identifies the type of each device, further enhancing our overall visibility.

FortiGate helps a lot to reduce the risk of cyberattacks that could disrupt our production.

FortiGate enables centralized management of our organization's network and security operations, providing comprehensive visibility into our environment for proactive threat detection and mitigation.

The effectiveness of our response to a production disruption depends on the affected environment. Some environments have sufficient redundancy to continue operating without the system, while others require immediate intervention. To address this variability, we utilize a strategically deployed FortiGate across all environments. This firewall enforces pre-defined rules to manage traffic and data flow effectively, ensuring that disruptions are minimized and operations continue smoothly.

FortiGate provides us with actionable data, enabling us to make informed decisions. The visibility it grants into the devices operating within our environment empowers us to take timely action and safeguard them.

All our OT traffic traversing to and from our IT environment passes through our Fortinet FortiGate firewall, which helps to reduce our operational expenses.

The security fabric helps reduce our mean time to remediation.

Fortinet has helped us take a more serious approach to cybersecurity. 

What is most valuable?

The Intrusion Prevention System and the web filtering are both working well. The Deep Packet Inspection is also functioning properly, allowing us to see all network traffic, including encrypted data. I find the DPI to be a valuable and user-friendly feature. Additionally, the logs are clear and easy to understand. Having worked with Cisco and Check Point in the past, I can confidently say that these logs are on par with those of other leading security solutions. They greatly aid in troubleshooting, investigations, and general network monitoring. Overall, I am impressed with this solution's web filtering capabilities and robust IPS functionality. It is both easy to manage and deploy, making it a valuable tool for our network security.

What needs improvement?

While FortiGate offers a wide range of security features, I sometimes feel that the platform could benefit from more extensive improvements. Given the multitude of functions it provides, I wonder if the developers have enough time to adequately refine each aspect. However, for our specific needs, FortiGate currently performs adequately.

The debugging and troubleshooting has room for improvement.

I would like to see greater integration with third-party solutions. For instance, one example would be integrating Endpoint Protection with FortiGate, such that if an issue arises with Endpoint Protection, an action could be automatically triggered on FortiGate.

I am concerned about Fortinet's ability to help us meet regulatory compliance because its optimal functionality requires deploying all solutions within the mesh as Fortinet products. This raises questions about the compatibility and integration of non-Fortinet technologies within the Fortinet Security Fabric. 

For how long have I used the solution?

I have been using Fortinet FortiGate for two years.

What do I think about the stability of the solution?

I would rate the stability of Fortinet FortiGate an eight out of ten. 

What do I think about the scalability of the solution?

I would rate the scalability of Fortinet FortiGate an eight out of ten.

How are customer service and support?

The technical support responds quickly.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I have worked with Cisco, Check Point, and Palo Alto. I worked with Cisco for ten years and I find Fortinet FortiGate to be a better solution.

What's my experience with pricing, setup cost, and licensing?

The price is fair for what we get with FortiGate.

What other advice do I have?

I would rate Fortinet FortiGate a nine out of ten.

Although we currently don't use any Fortinet devices designed for extreme environments, we are planning to test a few Fortinet switches in such conditions. This initial experiment aims to assess their performance and suitability for our harsh environment. If the switches perform well, we may consider switching our current supplier. While we don't frequently change our OT networks, prioritizing long-term stability has been our main objective, and we've achieved that so far. However, since Fortinet is our network supplier, testing their switches and confirming their reliability is a prudent step for when we need to update our switches.

Potential users should understand their needs before purchasing the solution.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Reviewer:734513 - PeerSpot reviewer
Network Security & DataCenter Architect at a government with 5,001-10,000 employees
Real User
Top 20
Offers superior control and visibility, is affordable, and scalable
Pros and Cons
  • "The technical support in our region is excellent."
  • "I would suggest that Fortinet add sandboxing to their solution."

What is our primary use case?

In our current data center, we use eight Fortinet firewalls. These firewalls serve multiple tiers of the network, including internet users, server farms, and DMZ ports. This gives us multiple approaches to our system and network. As a result, we are able to receive all reports before the analyzer.

In 2011, we were using a Cisco ASA 5540 fixed firewall. We moved to Fortinet because their UTM appliance was a next-generation firewall that offered more than one solution in a single box. This meant that we could handle the network, server, and client parts of our infrastructure with a single device. We also chose Fortinet because of the ease of its GUI and its ease of implementation in multiple locations. Currently, I have three data centers. We are using a consolidated console with a broader view of the network traffic. This is why we moved to Fortinet. We had previously used Juniper and Cisco, but we found that Fortinet offered a better solution for our needs.

We deployed the solution on-premises because, while the private sector in Kuwait has begun to move to the cloud, government entities are not permitted to do so.

How has it helped my organization?

I started with the firewall module, and we were using multiple boxes for multiple functions. I was using a Juniper SSL VPN. They came to us with a single-box solution that included SSL VPN, so we moved to that. Then they came up with client endpoint security, and we moved to that as well. They also introduced web filtering in Fortinet, so we moved to that as well. All of the technology that we were using previously on separate consoles is now consolidated into a single console. I can see the beauty of this product in that it has a single console that manages all of the facilities on one web page.

What is most valuable?

The firewall is top-notch. We are using SSL VPN.

What needs improvement?

When we first started, Fortinet was using a single appliance with a firewall module in the region. They later came up with many different solutions. I have also used FortiDB, but it has been discontinued. We have since removed it. We are looking forward to Fortinet considering a sandboxing solution. This would allow us to secure our database at that layer. I see the database area as being weaker. I would suggest that Fortinet add sandboxing to their solution.

For how long have I used the solution?

I have been using Fortinet FortiGate for 12 years.

What do I think about the stability of the solution?

Fortinet FortiGate is stable which is why we have stuck with it for almost 12 years.

What do I think about the scalability of the solution?

The scalability is good. In 2016, we scaled our system to ensure that we would have enough capacity for the next five to seven years. We are currently only utilizing 25 percent of the hardware processing.

We have around 900 users on our networks per second with a total active directory of 7,000.

How are customer service and support?

The technical support in our region is excellent. There are three levels of support. I remember one time when my problem was not resolved by level one or level two, so it was escalated to level three which was awesome. The level three technician was able to understand the issue quickly by reviewing the chain of email logs and the available information.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We previously used Juniper and Cisco firewalls before switching to Fortinet FortiGate. We were drawn to Fortinet because of its superior control and visibility, as well as its high availability, throughput, and durability. Fortinet's FortiGate firewalls are ASIC-based, which makes them more reliable and efficient than other solutions. As a result, we were able to handle more traffic with Fortinet than with any other vendor.

How was the initial setup?

The initial deployment was complex. We started with a low-level design, discussing with the vendor that we had a certain number of firewalls and concurrent sessions available on the network, and that we had remote sites. We began by implementing the boxes in the data center, then the main data center headquarters, and then the campus network, which has its own data center with a firewall module. We later installed it in one of our accessory branches in their data center. The installation was done in phases.

When the high-level design was in place, we began migrating the configuration. We used a migration tool from Cisco and Juniper, which was very smooth because it was intelligent enough to take all the network IDs, policies, and source destinations, forward based. This meant that we had fewer challenges when we started the migration.

However, we did encounter some challenges during the migration. These were not due to Fortinet, but rather to the configuration that had been migrated from the other vendor. We resolved these challenges by manually checking each policy one by one, and the issue was rectified within a couple of days.

A total of four people were involved in the deployment. Two people from our organization, one from the vendor, and one from the partner. We have to go through our partner to access the vendor.

What about the implementation team?

The implementation was completed by the vendor.

What was our ROI?

Fortinet FortiGate's features and price have provided a return on investment for our organization.

What's my experience with pricing, setup cost, and licensing?

The pricing is a bit more expensive than the others but Fortinet is the best in the region. They have a good hold on the market because they are everywhere.

We pay for support and licensing fees.

I give the pricing a nine out of ten.

Which other solutions did I evaluate?

We evaluated Palo Alto Networks, but they did not have a presence in our region, so we did not move forward with them. We also evaluated Check Point, but it is not a government-approved solution in our region.

What other advice do I have?

I give Fortinet FortiGate a nine out of ten. 

Fortinet FortiGate has good regional support. One of the best things about this solution is that Fortinet doesn't disappear after the sale. They keep engaging us with new technologies. For example, they recently engaged us with a SIEM and SOAR solution that allows me to have a single console for all of my security needs. I have a plan to move to this solution and consolidate all of my firewalls into a single FortiManager. This will allow me to have a more secure and efficient network.

Fortinet is not as focused on cybersecurity as some other companies, but they are very strong in network security. They are constantly coming up with new and innovative solutions that help us to protect our networks. I am very happy with Fortinet FortiGate and I would recommend it to anyone looking for a reliable and secure network solution.

We have deployed the solution in multiple locations.

Our partner is involved in maintenance, especially when a new FortiOS is released. We engage the vendor to understand the maintenance requirements, such as stability and any potential risks. We follow the vendor's recommendations and perform maintenance accordingly. We also use FortiAnalyzer to manage our logs. We delete old logs in accordance with government policy, which requires six months of data to be kept. We take care to ensure that maintenance does not affect these logs.

Fortinet FortiGate is one of the best and most affordable solutions with top-notch technology on the market. We get something that is both cheaper and of good quality with Fortinet FortiGate. Fortinet submitted the lowest-priced bid and met all of our technical requirements.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
Download our free Fortinet FortiGate Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2025
Buyer's Guide
Download our free Fortinet FortiGate Report and get advice and tips from experienced pros sharing their opinions.