Try our new research platform with insights from 80,000+ expert users
it_user545559 - PeerSpot reviewer
Owner at a tech services company
Real User
I am able to save hours of planning and implementation time because the documentation is so helpful
Pros and Cons
  • "Their reliability and their policy of pre-shipping replacements when a unit has failed."

    What is most valuable?

    1. The prompt and knowledgeable support behind them. 
    2. Their reliability and their policy of pre-shipping replacements when a unit has failed.
    3. The simplicity and clarity of their user interface and documentation.
    4. Their 'cookbooks' that walk you through the most common installation scenarios.

    How has it helped my organization?

    I am a one-man show, so there is not much that can be done to improve the way that I function. However, these products provide best-in-class security at reasonable prices. 

    One of the most helpful features is their VPN, the client could not be any simpler to set up and use.

    What needs improvement?

    I can't think of too much which they can improve upon. I just have not come across any situation where they have fallen short of expectations.

    For how long have I used the solution?

    I am a consultant who supports these units for my clients who use them. I have had over 10 years of experience with Fortinet products.

    Buyer's Guide
    Fortinet FortiGate
    December 2024
    Learn what your peers think about Fortinet FortiGate. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
    824,067 professionals have used our research since 2012.

    What do I think about the stability of the solution?

    The products are extremely stable. I have only had one instance where a unit did not function as expected, and Fortinet replaced the unit, despite the fact that it was still operational.

    What do I think about the scalability of the solution?

    Scalability is the one area where there is room for some improvement. Currently, customers need to purchase more powerful units as their network traffic and requirements grow. Fortinet will occasionally offer trade-in credits in such situations, but this is not always the case. Their product line allows customers to scale from SoHo through enterprise-level requirements, which is what I like about them so much.

    How are customer service and support?

    Their tech support is outstanding.

    Which solution did I use previously and why did I switch?

    I have sold and supported other solutions in the past. Fortinet is not always the least-cost solution available, but from a value standpoint, I find them hard to beat.

    How was the initial setup?

    Initial setup complexity will vary with the complexity of the installation. It is relatively straightforward and simple to set up basic configurations. More complex requirements entail reading through a lot of documentation in order to complete the firewall configuration because of the myriad of features and options that are available in their O/S. The 'cookbooks' are a big help in these instances.

    What's my experience with pricing, setup cost, and licensing?

    Pricing and licensing have to be taken in context with value. Fortinet is usually not the least expensive alternative when considering an upfront investment, but if you take into account the support costs over several years, they are often as cost-effective as the 'cheaper' solutions.

    Which other solutions did I evaluate?

    In this particular instance, Fortinet was evaluated against an equivalent solution sourced from D-Link. I also evaluated a solution from Xirrus (now Riverbed) which promised better signal strength. However, when I ran the various WiFi planning tools from each supplier, the coverage differences did not merit the more expensive Xirrus solution.

    What other advice do I have?

    Anyone evaluating this product should consult the documentation available and plan out their solution before making a decision. From personal experience, I find that I am able to save hours of planning and implementation time because Fortinet's documentation is so helpful.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    PeerSpot user
    ICT Manager at a aerospace/defense firm
    Real User
    Virtual domains are treated as separate firewall instances
    Pros and Cons
    • "You can create multiple Virtual Domains (VDOMs), which are treated as separate firewall instances."
    • "The reporting you receive out of this appliance is excellent. You will not need an external management system."
    • "The user interface is relatively easy. The devices are easy to deploy and figure out when you have experience with other security appliances."
    • "I could not configure sFlow from the FortiGate graphical user interface. I realized that the sFlow configuration is available only from the CLI, and discovered that sFlow is not supported on virtual interfaces, such as VDOM links, IPsec, or GRE."
    • "There is one big configuration file with no separations for the unique VDOMs. Maybe they could separate individual VDOM configuration files with the root VDOM configuration file referencing the individual VDOM config files.​"

    How has it helped my organization?

    There is no need to buy physical firewall hardware when you host multiple customers requiring individual secure access to their FW. You just create virtual domains (VDOMs).

    What is most valuable?

    You can create multiple Virtual Domains (VDOMs), which are treated as separate firewall instances. The reporting you receive out of this appliance is excellent. You will not need an external management system.

    What needs improvement?

    1. sFlow and NetFlow

    I could not configure sFlow from the FortiGate graphical user interface. I realized that the sFlow configuration is available only from the CLI, and discovered that sFlow is not supported on virtual interfaces, such as VDOM links, IPsec, or GRE.

    NetFlow is a network protocol developed by Cisco for collecting IP traffic information and monitoring network traffic. It is not supported on FortiGate for those who have a NetFlow analyzer/collector already setup in their network.

    2. Policies

    To control traffic in a firewall, you need to create and apply policies to the FW interfaces. By default, policies are sorted by FW interfaces and this makes FW interfaces an integral part of the policies. Zones provide the option to logically group multiple virtual and physical FortiGate firewall interfaces. Then, you apply security policies to those zones (logical groups of interfaces) to control traffic flow on those interfaces.

    In a FortiGate unit with a lot of interfaces (including virtual interfaces), there is a high probability of having duplication of policies.

    For how long have I used the solution?

    Three to five years.

    What do I think about the stability of the solution?

    These devices are very stable.

    What do I think about the scalability of the solution?

    They are easily scalable with multiple built-in interfaces. It supports a minimum of 10 VDOMs. VDOM supports all dynamic routing protocols like RIP, OSPF, BGP, and IS-IS. You do not need to reboot after enabling the VDOMs.

    Area for improvement - there is one big configuration file with no separations for the unique VDOMs. Maybe they could separate individual VDOM configuration files with the root VDOM configuration file referencing the individual VDOM config files.

    How are customer service and technical support?

    Customer Service:

    Customer service is great, an eight out 10.

    Technical Support:

    I will give technical support an eight out 10.

    Which solution did I use previously and why did I switch?

    We previously used different solutions as well. We did not switch, we have different requirements for different customers.

    How was the initial setup?

    The user interface is relatively easy. The devices are easy to deploy and figure out if you have experience with other security appliances.

    What about the implementation team?

    It was an in-house installation.

    What was our ROI?

    The ROI is great. These boxes are not that expensive compared to what they can do, their functionality, and the reporting you receive.

    What's my experience with pricing, setup cost, and licensing?

    Fortinet licensing is straightforward and less confusing compared to Cisco. Fortinet has one or two license types, and the VPN numbers are only limited by the hardware chassis make.

    Which other solutions did I evaluate?

    I already have experience with Cisco ASA, so it was simply a customer preference and well within the budget.

    What other advice do I have?

    Great appliances, and it is affordable.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Simon Chaba - PeerSpot reviewer
    Simon ChabaICT Manager at a aerospace/defense firm
    Real User

    Hi Becky. I chose Fortigate mainly because it provides the capabilities to provide logical separate firewall instances to multiple customers. These logical firewall are know as VDOMs. I have the partitions the physical fw devices to multiple logical units thus saving costs.

    See all 4 comments
    Buyer's Guide
    Fortinet FortiGate
    December 2024
    Learn what your peers think about Fortinet FortiGate. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
    824,067 professionals have used our research since 2012.
    PeerSpot user
    Security Consultant at Webernetz.net - Network Security Consulting
    Consultant
    Cisco ASA vs. Fortinet FortiGate vs. Palo Alto vs. Juniper SSG

    Since IPv6 gets more and more important, I am using it by default on all my test firewalls, which of course support IPv6. However, when comparing the different functions and administration capabilities, they vary significantly.

    Here comes my short evaluation of the IPv6 functions on the following four firewalls: Cisco ASA, Fortinet FortiGate, Juniper SSG, and Palo Alto.

    Criteria

    I was merely interested in the basic IPv6 usage and not in the typical firewall categories:

    • Interface: IPv6 address and link-local address configurable?
    • Router Advertisement and DHCPv6: Whether the firewalls support nothing (–), only RA (-), DHCPv6 relay (ο), stateless DHCPv6 (+), or stateful DHCPv6 (++). The existence of stateless DHCPv6 is vital for delivering the DNS server IPv6 addresses to the clients. (The “IPv6 Router Advertisement Options for DNS Configuration”, RFC 6106, is not supported by any of these devices.)
    • Security Policy: Whether IPv4 and IPv6 addresses can be used in the same policy and whether address groups can have objects from both protocols.
    • Administration: How easy are the IPv6 functions to manage? Only via the CLI (–), fifty-fifty (ο), GUI but complicated (+) , or fully via the GUI (++).

    Results

    These are the results. They range from — via ο to ++.


    Cisco ASA
    Fortinet FortiGate
     Juniper ScreenOS
    Palo Alto
    Version
    9.2(3)
    5.2.2
    6.3.0r18.0
    6.1.3
    Interface
    ++
    +
    ++
    ++
    RA, DHCPv6
    -
    ++
    +
    0
    Security Policy
    ++
    -
    -
    ++
    Administration + - + ++

    Details

    Cisco ASA

    The Cisco ASA has no DHCPv6 instance running. That is: there is no way to run an IPv6-only network because clients won’t get the DNS server. The security policy is capable of both protocols. Everything is configurable via the GUI, which is not the best at all.

    Fortinet FortiGate

    The FortiGate is the only firewall with a stateful DHCPv6 server. Great. However, two distinct security policies must be used and nothing of the IPv6 settings are configurable via the GUI. WHAT???

    Juniper SSG (ScreenOS)

    ScreenOS is dead. However, most of the IPv6 functions are working quite good, except the protocol dependent security policies. Everything is accessible via the GUI, but sometimes on confusing positions.

    Palo Alto

    Palo Alto did a good job on the IPv6 interfaces and security policies. The GUI is quite intuitive and the policy accepts both protocols at the same time. Unluckily, there is no DHCPv6 server which makes it impossible to operate an IPv6-only client network behind a Palo Alto (without further servers).

    Conclusion

    It’s interesting to see the differences between those firewalls. While the Fortinet und Juniper firewalls support the whole SLAAC process incl. DNS servers, they have no single security policy for both protocols and are horrable to configure.

    The Palo Alto is quite good to configure but lacks the DHCPv6 server. Same for the Cisco.

    In summary, all firewalls position in the middle of my scale. From an IPv6-only view, I cannot say which one is the best. It depends….

    Originally published on blog.webernetz.net

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    PeerSpot user
    Network Manager at a educational organization with 1,001-5,000 employees
    Vendor
    Fortigate is Hard to Beat for the Money

    Fortinet has been a darling of the stock market ever since its IPO in 2009 as its stock price has accelerated over recent years. Its stock performance has mirrored the adoration that its line of security devices consistently receive. Fortinet is the current UTM market leader, boasting a 20% market share. Fortinet is now expanding out of its core SMB strength and into the large enterprise market where the increasing performance of its solutions are making it attractively priced.

    In Gartner’s latest Unified Threat Management Magic Quadrant (UTM) Fortinet is listed at the top of the leader quadrant. Says Gartner, “We believe attributes that contributed to the leadership position include Fortinet’s high awareness in the industry, in Gartner client’s short-lists and in competitive situations; Fortinet’s aggressive price/performance.”

    A UTM or Unified Threat Management device is a firewall that includes other features as well. The Fortinet UTM package includes gateway firewall, anti-virus, web filter, intrusion protection, application control, VPN, email filtering and WAN optimization. Think of it as the “Everything Box.”

    There line of UTM security appliances is called the Fortigate series. It offers an appliance to meet every type of network, from the home office to large enterprise networks, as well as Managed Security Service providers. Its smallest unit, the Fortigate-20C, also serves as a wireless router and offers four internal switch port in addition to a WAN port. At the top of the food chain is its new 5000 Series chassis based network appliance. It supports two, six, or fourteen FortiGate-5000 series network security blades, and allow you to scale security and customize your unique environment. These large units are ideal for virtual infrastructures as they can control up to 3,000 virtual domains.

    The admin console for the Fortigate is browser based. Sometimes, browser based can have a cheesy rudimentary look but not with the Fortigate. Navigating the Fortigate is simple with its expandable menu. The admin console opens up to a Dashboard which displays a series of widgets that the administrator can populate according to their needs. It also comes with a command line interface which can be accessed through the admin console itself or through Putty.

    Like all UTM appliances, the Fortigate units do some things better than others. Its web filtering is certainly more than suitable for most environments but if you are looking for super high granularity with a complicated array of user based filtering and exceptions, you probably would be better suited with a dedicated filtering appliance. The same probably holds true for its email filtering as well.

    With this in mind though, what IT professionals are looking for first and foremost in a UTM device is security, and this is what Fortinet does best. Configuring the firewall of the Fortigate is a breeze. Simply create your firewall objects, consolidate them into groups if possible, and then create your policy rules. You can right click on any of your policies to view a separate context menu that will allow you to do things such as delete, move or edit the policies.

    Integrating the other core components with your firewall policies is a snap. Simply apply the various UTM services you desire to the designated policies. For example, you would enable email filtering only to the rule configured for email traffic. You would then configure web filtering for the rule regarding your HTTP and HTTPS traffic while you would apply anti-virus to both rules.

    Backing up and restoring your Fortigate configurations is as simple as clicking a single link and can be completed in less than a minute. Fortinet is continually releasing new builds and updates for all of its models. Simply download these firmware upgrades to any local device and click the update link and browse to the downloaded updates. You can revert back to an older firmware release at any time. Some of the more robust Fortigate models can be clustered into active-active or active-passive configuration.

    Fortinet recently released version 5 which among other things includes Mobility Management. This feature does not include an additional license and is ideal for those organizations who allow BYOD devices.

    If you browse some of the UTM discussion boards out there, you will find the phrase, “can’t beat it for the price” when discussing the Fortigate. The combination of its strong UTM features with a very affordable price point should certainly put Fortinet on the short list for any organization shopping for a new UTM appliance.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    it_user3483 - PeerSpot reviewer
    it_user3483Senior Consultant at Unify Square
    Real User

    Great review Brad.
    Only for the part related to upgrades from one version to another, I think you are a bit too optimistic :-)

    Sometimes the update (and rollback) are not devoid of hassles (including parts of the configuration that not always work "as they are" in the new firmware).

    Sales project manager at Saraha
    Real User
    Simple implementation, reliable, but security could improve
    Pros and Cons
    • "All of the features of Fortinet FortiGate are useful and the security protection is good."
    • "The security of Fortinet FortiGate could improve."

    What is our primary use case?

    Fortinet FortiGate is used for the overall protection of companies.

    What is most valuable?

    All of the features of Fortinet FortiGate are useful and the security protection is good.

    What needs improvement?

    The security of Fortinet FortiGate could improve.

    For how long have I used the solution?

    I have been using Fortinet FortiGate for approximately one year.

    What do I think about the stability of the solution?

    Fortinet FortiGate is a stable solution.

    What do I think about the scalability of the solution?

    The solution is scalable. We have 11 clients using this solution.

    How was the initial setup?

    The initial setup of Fortinet FortiGate is straightforward.

    What's my experience with pricing, setup cost, and licensing?

    Fortinet FortiGate allows you to purchase licenses for hardware and software.

    Which other solutions did I evaluate?

    I have evaluated Cisco solutions.

    What other advice do I have?

    I would recommend this solution to others, it is a good solution.

    I rate Fortinet FortiGate a seven out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
    PeerSpot user
    reviewer940329 - PeerSpot reviewer
    ICT Systems Administrator at a philanthropy with 11-50 employees
    Real User
    Stable security solution with easy integration, ease of use, and good product support
    Pros and Cons
    • "Security management tool that's easy to integrate and easy to work with. No issues found with its stability and scalability."
    • "Bandwidth usage in reporting could be improved for Fortinet FortiGate."

    What is our primary use case?

    Our use case for Fortinet FortiGate is that it's a firewall for managing our security.

    What is most valuable?

    What I found most valuable in Fortinet FortiGate is its easy integration.

    It's also able to individually manage users.

    I also like the VPN aspect of this solution.

    It's a product that's easy to work with, especially when you work from home, e.g. you're able to integrate it easily with the users.

    What needs improvement?

    Bandwidth usage in reporting could be improved. There's an aspect in reporting that I'm trying, but what I noticed is if you logged into the VPN, there's an effect on the reporting in terms of bandwidth, that needs improvement.

    For how long have I used the solution?

    We've dealt with Fortinet FortiGate for the last four years.

    What do I think about the stability of the solution?

    We didn't have any issues with the stability of Fortinet FortiGate.

    What do I think about the scalability of the solution?

    We find Fortinet FortiGate scalable, because currently, we have 150 users of it, and it could handle up to 1,000 users. It's good for growth.

    How are customer service and support?

    Technical support for this solution is really good.

    The first time we were using it, we called support and reported an issue, and saw that support was really good. There's nothing I can complain about regarding technical support for Fortinet FortiGate.

    How was the initial setup?

    The setup for Fortinet FortiGate was easy, because we had it done by another company. It was a construction company that we had this set up for, but I can't remember their name.

    What about the implementation team?

    Another company implemented this solution for us, and they also took us through the training and it was okay.

    What's my experience with pricing, setup cost, and licensing?

    If you compare Fortinet FortiGate with Sophos and other firewall products available in the market, this solution is affordable. If you really want to use Fortinet FortiGate, you'll find that it's affordable.

    What other advice do I have?

    Fortinet FortiGate works well for me. I have not encountered any issues that required me to recommend an action or request if this solution could be improved. It suited the needs of the organization I'm using it in, so I didn't really find an area that needs to be improved, because this solution works very well for us.

    My advice to others looking into implementing Fortinet FortiGate is that they need to do their research. They need to find out exactly why they need to use this product and for what purposes, because there are so many options for users. They really need to know what they want for their organization before they implement Fortinet FortiGate. They also need to think about the type of files they require, how many users will use this product, and what they intend to do with it.

    If I could give Fortinet FortiGate a score of 11 out of 10, I would. It's very good. It's a ten out of ten for me. It's a really good solution.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: partner
    PeerSpot user
    Silvia Ihensekhien - PeerSpot reviewer
    Chief Information Security Officer at ShipServ Limited
    Real User
    Useful dashboards and reasonably priced
    Pros and Cons
    • "The dashboard I have found the most valuable in Fortinet FortiGate."
    • "Fortinet FortiGate is not very easy to use. The navigation could be improved to make it easier to use."

    How has it helped my organization?

    It gives a good overview of the security posture

    What is most valuable?

    The dashboard I have found the most valuable in Fortinet FortiGate.

    What needs improvement?

    Fortinet FortiGate is not very easy to use. The navigation could be improved to make it easier to use. Instead of double clicking the items FortiGate needs to click the "details" button to get the configurations or record details

    For how long have I used the solution?

    I have been using Fortinet FortiGate for approximately four years.

    What do I think about the stability of the solution?

    So far the solution is quite stable 

    What do I think about the scalability of the solution?

    They provide different products and features and can be added if you needed 

    Which solution did I use previously and why did I switch?

    This is the first solution we used since we moved to Cloud 

    What about the implementation team?

    We used a partner to do the implementation of the solution.

    What's my experience with pricing, setup cost, and licensing?

    The price of Fortinet FortiGate is reasonable for an SME.

    Which other solutions did I evaluate?

    No

    What other advice do I have?

    I rate Fortinet FortiGate an eight out of ten.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    reviewer1197741 - PeerSpot reviewer
    Group IT Infrastructure Manager at a manufacturing company with 1,001-5,000 employees
    Real User
    A scalable and stable solution
    Pros and Cons
    • "Fortinet FortiGate is a stable solution."
    • "I would like to see improvements with the antivirus and IPS as they are not working properly all the time."

    What is our primary use case?

    We are a sister company of Fortinet FortiGate. Our organization has more than 3,000 users.

    What needs improvement?

    I would like to see improvements with the antivirus and IPS as they are not working properly all the time.

    For how long have I used the solution?

    I have been using Fortinet FortiGate for twelve years.

    What do I think about the stability of the solution?

    Fortinet FortiGate is a stable solution.

    What do I think about the scalability of the solution?

    This solution is very scalable.

    What other advice do I have?

    Prior to choosing Fortinet FortiGate you should make sure you select the right box. Be sure of the capacity and have a capacity plan before installation. I suggest you do a failover and redundant together, compact boxes together.

    I would rate this solution an 8 out of 10.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Download our free Fortinet FortiGate Report and get advice and tips from experienced pros sharing their opinions.
    Updated: December 2024
    Buyer's Guide
    Download our free Fortinet FortiGate Report and get advice and tips from experienced pros sharing their opinions.