Fortinet FortiGate Reviews

In our current data center, we use eight Fortinet firewalls. These firewalls serve multiple tiers of the network, including internet users, server farms, and DMZ ports. This gives us multiple approaches to our system and network. As a result, we are able to receive all reports before the analyzer.

In 2011, we were using a Cisco ASA 5540 fixed firewall. We moved to Fortinet because their UTM appliance was a next-generation firewall that offered more than one solution in a single box. This meant that we could handle the network, server, and client parts of our infrastructure with a single device. We also chose Fortinet because of the ease of its GUI and its ease of implementation in multiple locations. Currently, I have three data centers. We are using a consolidated console with a broader view of the network traffic. This is why we moved to Fortinet. We had previously used Juniper and Cisco, but we found that Fortinet offered a better solution for our needs.

We deployed the solution on-premises because, while the private sector in Kuwait has begun to move to the cloud, government entities are not permitted to do so.

I started with the firewall module, and we were using multiple boxes for multiple functions. I was using a Juniper SSL VPN. They came to us with a single-box solution that included SSL VPN, so we moved to that. Then they came up with client endpoint security, and we moved to that as well. They also introduced web filtering in Fortinet, so we moved to that as well. All of the technology that we were using previously on separate consoles is now consolidated into a single console. I can see the beauty of this product in that it has a single console that manages all of the facilities on one web page.

The firewall is top-notch. We are using SSL VPN.

When we first started, Fortinet was using a single appliance with a firewall module in the region. They later came up with many different solutions. I have also used FortiDB, but it has been discontinued. We have since removed it. We are looking forward to Fortinet considering a sandboxing solution. This would allow us to secure our database at that layer. I see the database area as being weaker. I would suggest that Fortinet add sandboxing to their solution.

I have been using Fortinet FortiGate for 12 years.

Fortinet FortiGate is stable which is why we have stuck with it for almost 12 years.

The scalability is good. In 2016, we scaled our system to ensure that we would have enough capacity for the next five to seven years. We are currently only utilizing 25 percent of the hardware processing.

We have around 900 users on our networks per second with a total active directory of 7,000.

The technical support in our region is excellent. There are three levels of support. I remember one time when my problem was not resolved by level one or level two, so it was escalated to level three which was awesome. The level three technician was able to understand the issue quickly by reviewing the chain of email logs and the available information.

Positive

We previously used Juniper and Cisco firewalls before switching to Fortinet FortiGate. We were drawn to Fortinet because of its superior control and visibility, as well as its high availability, throughput, and durability. Fortinet's FortiGate firewalls are ASIC-based, which makes them more reliable and efficient than other solutions. As a result, we were able to handle more traffic with Fortinet than with any other vendor.

The initial deployment was complex. We started with a low-level design, discussing with the vendor that we had a certain number of firewalls and concurrent sessions available on the network, and that we had remote sites. We began by implementing the boxes in the data center, then the main data center headquarters, and then the campus network, which has its own data center with a firewall module. We later installed it in one of our accessory branches in their data center. The installation was done in phases.

When the high-level design was in place, we began migrating the configuration. We used a migration tool from Cisco and Juniper, which was very smooth because it was intelligent enough to take all the network IDs, policies, and source destinations, forward based. This meant that we had fewer challenges when we started the migration.

However, we did encounter some challenges during the migration. These were not due to Fortinet, but rather to the configuration that had been migrated from the other vendor. We resolved these challenges by manually checking each policy one by one, and the issue was rectified within a couple of days.

A total of four people were involved in the deployment. Two people from our organization, one from the vendor, and one from the partner. We have to go through our partner to access the vendor.

The implementation was completed by the vendor.

Fortinet FortiGate's features and price have provided a return on investment for our organization.

The pricing is a bit more expensive than the others but Fortinet is the best in the region. They have a good hold on the market because they are everywhere.

We pay for support and licensing fees.

I give the pricing a nine out of ten.

We evaluated Palo Alto Networks, but they did not have a presence in our region, so we did not move forward with them. We also evaluated Check Point, but it is not a government-approved solution in our region.

I give Fortinet FortiGate a nine out of ten. 

Fortinet FortiGate has good regional support. One of the best things about this solution is that Fortinet doesn't disappear after the sale. They keep engaging us with new technologies. For example, they recently engaged us with a SIEM and SOAR solution that allows me to have a single console for all of my security needs. I have a plan to move to this solution and consolidate all of my firewalls into a single FortiManager. This will allow me to have a more secure and efficient network.

Fortinet is not as focused on cybersecurity as some other companies, but they are very strong in network security. They are constantly coming up with new and innovative solutions that help us to protect our networks. I am very happy with Fortinet FortiGate and I would recommend it to anyone looking for a reliable and secure network solution.

We have deployed the solution in multiple locations.

Our partner is involved in maintenance, especially when a new FortiOS is released. We engage the vendor to understand the maintenance requirements, such as stability and any potential risks. We follow the vendor's recommendations and perform maintenance accordingly. We also use FortiAnalyzer to manage our logs. We delete old logs in accordance with government policy, which requires six months of data to be kept. We take care to ensure that maintenance does not affect these logs.

Fortinet FortiGate is one of the best and most affordable solutions with top-notch technology on the market. We get something that is both cheaper and of good quality with Fortinet FortiGate. Fortinet submitted the lowest-priced bid and met all of our technical requirements.

I specify, configure and deploy firewalls  in organizations with 500 or fewer employees and 15 or fewer sites.  Primarily I choose between Cisco, Sonicwall and Fortigate small and medium sized appliances.  Occasionally I deploy virtual appliances in AWS.   I prefer to use Fortigate firewalls for several reasons- remote access is simple and the included client works with MacOS Windows and IOS devices.  The level of security works well for most clients and the authentication with AD/LDAP makes the solution easier to deploy.  I also find that the clients  appreciate the lower price point than other vendors.

We have a standard build. We give the client the laptop, and, especially with the pandemic, we send them home with the laptop or FedEx the laptop already configured, and the user is ready to go. 

I don't even need to know the client's password. I can just install the software and create a profile. The client fills the profile in with simple instructions, types in their password instructions, and connects it and they're good. It's really simple. 

That's why we have standardized recommending Fortinet. That doesn't mean that I don't support other solutions as well, however, the device that I like the best is the one that's easy to use for me and it's easy to use for the clients. The price point is not bad as well.

The ease of setting the solution up is a valuable aspect for us.

The most valuable aspect that differentiates it from other solutions is that the client (the SSL VPN client or the IP sec VPN client, the same clients) is included in the solution. We don't have to pay extra for the software and the clients. 

I have had some issues, but no more than others and I don't have to buy an expensive add-on license to do it and it's managed and it's updated automatically. That's the key thing, that the client is included and it updates itself so I don't have to do too much to manage it and it's very transparent to the end-user.

The biggest "gotcha" is that if the client purchases what they call the UTM shared bundle, which has unified threat management on both, it's not as easy to manage if you have more than one firewall. 

If I wanted a unified console, I have to pay extra. And that's the downfall. That's the only needed improvement that I would say for the Fortinet solution, is that they should have it web-based from the get-go. You should not have to buy an extra bundle or an extra device.

If I have to make an update to a web filter, and I have 12 devices, I've got to do it in 12 places. If I don't want to do that the client can pay for a pretty expensive device or virtual appliance that does that for them. It's like an expensive centralized management tool. That's the big downfall of Fortinet. It doesn't come included, you have to pay for it. Their web-based one, that's sort of just like an inventory manager. It's not really good for distributing roles. With Cisco, you don't have to do anything. The one from Aruba HD has one too. Fortinet should try to be similar to those options.

In the next release, it would be amazing if they could give a better tool for upgrading, so that if I upgrade from an older version to the other, it can read the configuration and processes it for me so that I don't have to rewrite it from scratch. In FortiConverter, they have a tool like this, however, it doesn't work well. It's really more for bringing items in from other vendors, not from one version to the other.

That was my last experience where they operated from version five to six. However, that's really the only big thing. The main thing is to include the FortiManager cloud software like Cisco does. To have one solution. If you paid $150 a year for the support, you might as well get that too so I could manage all the devices at one spot. They do have FortiCloud, however, it's not the same as the way Cisco does it. They are selling another product called FortiManager. FortiManager should be included with the support, and that would make it more of a business solution, rather than a feature request.

I would say that I have been using the solution for over 10 years. It's likely been between 10 and 15 years at this point.

Fortigate firewalls are very reliable- in the past 15 years I believe only 2 devices in a 100 have failed.  The failures were due to harsh environments (dust and water will ruin any electronic device).  The input I can give to any technology person or client looking to choose a firewall / threat management device I would highly recommend the stability / reliability of fortigate.  Once installed it will do it's job efficiently and effectively for several years.

I will tell a client not to go with Fortinet if they have no firewall or they have a very, very old firewall. If this is from scratch, I'd say let's not go with Fortinet, let's go with Meraki if you have the money. I always say create the budget for it if you have a lot of sites, as Cisco does a better job if you have a lot of sites. If you have two sites, then it's fine to go with Fortinet. It'll scale to that scale. However, if you want to go over a couple of sites, it's not the best option.

The solution's initial setup is straightforward. It's actually gotten better. I got good at doing it from scratch from the command line, or even from the GUI with all the 50 steps to set up stuff. However, now they're wizards and it's much better. It was the thing that probably a lot of people commented on initially, and they just worked hard to fix it. They updated the software from version four to five to six. They did a good job at making it easier.

If the client had a lot of downtime or a lot of issues with older equipment, or they did not like the fact that they had to pay every year just to be able to use the device, then the return on investment of spending $900 for a Fortinet 60E per site for a three-year contract will hands-down beat pretty much anybody. 

It is definitely set it and forget it. There's very little input. You'll save money on consulting. If you were to call me and you're doing Juniper or you're doing Palo Alto, there's a lot more configuring and it's a lot harder to add stuff and therefore, as a consultant, I make more money, and I'm being serious. Once I set up a Fortinet I really don't have to touch it for years.

Maybe I have to log in to check that I need to do an update, however, in that case, they usually send me an email saying hey, your license key is up and maybe you want to buy a new one. I take the old one out and put a new one in, that's when I get paid again. It's boiled down to that. 

I'm not only an authorized reseller. I am a consultant that uses their equipment and recommends them on a routine basis. I am not a Fortinet partner, however.

I use a series of FortiGate products, including the 60, the 90, and the 100. Some of them are E's, some of them are S's; it all depends. However, they have pretty much the same user interface.

If a company is considering the solution, I'd advise that they consider purchasing the FortiManager if they really like the feature set and the way that Fortinet works. For example, a company we work with has these large scale solutions, and they use FortiManager. If you're a very large implementation, definitely look into Fortinet. If you're small, for example, under 20 devices, consider joining Cisco Meraki as it's so much easier. That's what I would tell any client. 

FortiManager and FortiGate are really good. If you like the way the GUI works it's more flexible than Cisco. There are more bells and whistles, however, Cisco is going to be the way to do it if you're going to do 50 sites. If you were to do a lot of sites, consider Cisco. If not, you can do Fortinet.

At the end of the day, the solution is very flexible, and if the client has special business partners that want a special type of nailed up VPN or special configuration for the clients, it offers that. The lesson I learned using the solution was to go with the solution that's most flexible for the client and at the same time is as low touch as possible. That's why I've standardized on FortiGate, as it's low touch for me and I'd rather spend time fixing other stuff or troubleshooting the other problems for clients than this particular solution.

You want to spend less time fighting with your remote access solution or your firewall solution and work on other problems. It should not be a difficult thing, and yet, a lot of people struggle with that. Especially today with the pandemic, they have to be able to have access to their stuff and that's crucial. That's the biggest takeaway. Is it easy to manage it, is it easy to connect? If so, it's worth the investment.

I would rate the solution nine out of ten. If they included FortiManager in their offering, I'd give the product a perfect ten.

My customers use Fortinet FortiGate for SD-WAN, network security, branch-to-branch communication, site-to-site channel communication, multi-layer protection, authentication, and antivirus solutions. They span various industries, including IT setups, chip-level designing, VLSI companies, software development, SAP implementation, manufacturing, and production groups.

The strengths of Fortinet FortiGate include network security, VPN, site-to-site tunnels, client VPN solutions, two-factor authentication for VPN clients, and SD-WAN for branch level. We have implemented these solutions for various customers.

Regarding challenges, customers initially faced issues like internet dropping, but after firmware upgrades, everything worked well.

I believe Fortinet should offer short and frequent training sessions, preferably in video format, whenever they introduce new features. These sessions should be around five to ten minutes long, allowing users and partners to quickly grasp the information without disrupting their daily tasks.

Long training sessions spanning one or two full days can lead to distractions and reduced focus due to continuous support calls. Therefore, providing brief and focused training snippets would be more beneficial for users.

I have been using Fortinet FortiGate for six to seven years.

Our customers are satisfied with the stability of Fortinet FortiGate. I would rate it as a ten out of ten for stability.

Fortinet FortiGate is quite flexible and scalable, allowing us to scale up from sixty to a hundred units. However, there are limitations for extremely high production levels. I would rate its scalability an eight out of ten.

Positive

Setting up Fortinet FortiGate is straightforward and easy. I would rate it a ten out of ten for ease of setup. The deployment typically takes around two to three hours.

Operational costs for Fortinet FortiGate are pretty low because once it's configured, no changes are needed. In terms of ROI, clients have seen benefits. After switching from other brands to

Fortinet, they experienced fewer support calls. Initially, there were some support calls in the first one to two months, but after that, there were none. Clients are now comfortable and not wasting productive hours on IT support.

The cost of Fortinet FortiGate is competitive and not expensive compared to other enterprise- grade solutions. On average, the license cost per year is around seventy percent of the firewall's purchase price.

Regarding AI elements, I believe Fortinet has the capability to implement machine learning snippets for improved security and advanced configurations, but this should be integrated as part of their overall strategy.

I will advise to focus on configuring the admin tools and monitoring users and serial numbers effectively. 

As for rating the solution, I would give it a ten out of ten for being a very good solution.

It is our primary router here in the office with all the firewall policies.

The solution has many valuable features. I like all of them.

Its stability is great. On a previous job, we set probably up to 100 FortiGates, and during the three years they were set up none of them failed.

It's a very scalable solution.

The pricing is great and very reasonable. 

The initial setup is simple. 

We use a yearly subscription for a unified protection model. I like the features that it gives me. It is actually a built-in proxy server and it allows me to use great protection and so on. In terms of application control, the built-in anti-virus is okay. One of the things that I like the most is it has a built-in SD-WAN solution - its price is included in the hardware. I don't need to buy anything else to use SD-WAN. This is the feature that I like, in Fortinet, probably the most. All other vendors sell SD-WAN as a separate solution and you must buy a separate controller which has to be installed somewhere, on-premise or on the cloud, and it costs money. Fortigate does not.

I can't think of an area of the product that needs improvement. Even the cost is okay. I have no real complaints. 

It would be good if they had fewer updates. Almost every update has bots that are either critical or something small yet valuable. Whenever I try to do an update, I always fear that something will break.

I've used the solution for a few years. I used it on a previous project and I use it now as well.

The stability has been excellent. It's very reliable and the performance is great. They have not failed in three years. There are no bugs or glitches. It doesn't crash or freeze. 

The scalability of the product is great. If a company needs to expand it, it can do so.

Up to 100 people use it right now, and likely we will increase usage so that it covers 150 to 200 users. 

If our other branch offices open in other cities or other countries, I will buy another firewall for them as well.

I've contacted technical support in the past.

For example, I tried to update my firewall to 7.0.4 and there was a block with the DHCP server. Some devices did not acquire an IP address. Really, it was something about FortiGate. I asked Fortinet for technical support and I created a ticket, and the next day they replied to me they agree that this was a bug that they would work on. As far as I can see now, there is already an option of 7.0.5. While I didn't test it myself, in the changelog I can see that this bug is fixed.

So far, we have been satisfied as they have answered us by the next day typically.

I did not previously use a different solution.

It's an easy setup. Everything is very straightforward and simple to understand. It's not complex, not difficult. A company won't have any issues with the process.

The deployment might take up to one week. I don't remember exactly. I continued to add some features, however, in the instant deployment, when it came here I had another router here, it wasn't too long of a process. Later, I asked my bosses to buy a firewall and when it arrived, on a Friday in the evening, I installed it and everything was fine. It was very fast.

I handle the deployment and maintenance myself. We do not need a big team to manage everything. It's pretty low-maintenance. 

I handled the implementation myself. I did not need a consultant or an integrator.

The pricing is very fair for a firewall. There's nothing to complain about in terms of licensing.

The price model is fair. I have to pay only for the features that only Fortinet gives me. Things like routing are free. Other vendors like Cisco, make me pay for things that should be free.

I would recommend the solution to others.

Fortinet has an education platform that is named trainingfortinet.com and many courses are on there. All the video lessons are free. Users can view them to learn about the features that Fortinet has. It's an excellent resource.

I would rate the solution at a nine out of ten.

We used FG-90D as UTM device to protect some users and servers, and also to enable inter-vlan routing with advanced security policies inside our lab zone. Also used FG-500D in transparent mode in front of Cisco ASA for advanced and high performance protection by applying IPS, AV, AntiSpam, App.Control and DoS-protection profiles.

We have better manageability: opening and closing ports/services, adding addresses is done very quickly (can be done in single page of the web GUI).

It offers outstanding reporting tools when coupled with FortiAnalyzer (Fortinet's log collector and reporting tool) help meet compliance (there are PCIDSS, HIPAA and many more report types).

Better security posture: safe web surfing, less spam and viruses in incoming email messages, very granular AppControl, blocking vulnerability exploitation attempts and traffic anomalies by IPS, preventing DoS attacks by DoS policies.

Good VPN, both IPSEC and SSL (web-mode, tunnel-mode). An engineer/network administrator has tools to debug VPN issues that can occur during tunnel setup with other vendors' equipment.

SD-WAN feature at no cost. This is really great feature for remote locations (branch offices) and HQ, application steering between many ISP links becomes a simple task. Steering can be done dynamically by measuring link quality (latency, jitter, packet loss, available bandwidth).

Wi-Fi and Switch controller at no cost. FortiSwitch and FortiAP can become a kind of port extender of the firewall, all its ports can be referenced in firewall policies. When you have such management plane consolidation it gives you a simpler way to operate.

Security Fabric Framework is helping in analyzing sudden and rapid changes in whole infrastructure, and gives the ability to simplify daily operations (e.g. address objects synchronization between all firewalls in Fabric, estimating overall security rating, single-sign-on for admin access and many more)

Single Sign On support with deep LDAP integration (several variants for environments with different scales), RADIUS authentication.

Can work as transparent and explicit web-proxy, the last option supports Kerberos authentication which requires no agents installed on any windows server.

Human readable firewall policies with editable security policies and
addresses in single page. This is very useful and time saving feature.

Firmware upgrade process is very simple, even for cluster configurations it is fully automated by default.

Straightforward SNAT and DNAT; you may work in two ways: with Central NAT rules configuration and by applying translation directly inside firewall policies.

Bulk CLI commands are uploaded via gui in script file (portions of config file).

VDOMs are very useful when you need to grant admin role to clients separately. VDOMs in FortiGate can be represented in FortiAnalyzer's ADOMs (administrative domain), which can have different log storage policies, event handling and alerting configurations. You can create one VDOM working in NAT/Route mode, and another VDOM working in Transparent mode.

If you don't want to create and use second VDOM you can still transparently inspect traffic at layer 2 level while having only one VDOM in NAT/Route mode. This is achived by configuring Virtual Wire Pair ports that work like a separate bridge.

Ability to capture packets going through any interface of device (and VM too). You can set number of packets, filter out packets by IP and port number for particular troubleshooting purposes, then download a .pcap file from web gui and analyze it in your favorite programm.

Advanced routing (RIP, OSPF, BGP, PBR). It gives you a seamless and simple integration into a large network.

IPS, AV, Web Filter, AppControl profiles are working very well.

SSL Inspection and CASI (Cloud Access Security Inspection) profiles.

Rich logging options allow you troubleshoot most problems.

Straightforward HA with different redundancy schemas.

IPv6 support.

I think there could be more QoS features in GUI. FortiGate has Traffic Shaping feature that is enough in most cases when shaping egressing packets, but sometimes I just need 802.1p prioritizing (Class of Service) of incoming packets and manual ingress queue assignment. This is what would be nice to have, but I realize that such a job is more efficiently done by L4 switch standing before firewall. Fortinet has a FortiSwitch that can do it, and it also can be controlled by FortiGate via FortiLink protocol.

[Firmware version FortiOS 6.2 update]: There are a lot of improved and newly added things, so it is very hard to imagine any additional features.

Four years.

Small models (up to FG-90) are build on SoC (System on a Chip), so they need to be mounted in places with enough airflow and right temperature, otherwise they could hang, slow down traffic processing, but more often you just can't log in to the device's web-interface (reboot won't help you until it cools down). Actually, that's not an issue. It is a technical requirement for operating environment to be 5-40 degrees (but at 35 degrees with poor airflow there may be issues mentioned above).

For large scale deployment I would suggest to look at FortiManager, a central management point for large amount of FortiGates. I have tested the solution and found it quite useful. I could download configuration from any device and install edited list of policies to several devices simultaneously through a couple of clicks. Also I liked functionality of clearing out Address objects list from unused entries. It can be configured to be a central repository of firmware and updates, and a local rating server (url and antispam rating services) which can improve rating lookup latency value.

Technical support is good (in average).

We used an old IPS from Cisco. We switched because of End-of-Support on that device.

Initial setup in plain networks is very straightforward. For large environment you should prepare beforehand, because FortiGate is a highly-tunable and feature rich product, so you must have a plan with many considered details.

We did not engage a vendor team. Documentation is good enough to implement with an in-house team.

Setup cost may be not so low, as you expect, because it depends on different factors, but TCO for 5 years may pleasantly surprise you.

Palo Alto, Cisco ASA, CheckPoint

Many interesting things are hidden in CLI, they can help you in different situations. Web-interface (GUI) is primarily intended for day-to-day routine.

Don't underestimate FortiAnalyzer. It can give you a better understanding of what is going on in your network. When FortiGate sends logs to FortiAnalyzer, FortiAnalyzer inserts received log data into database. Predefined and customizable data queries, charts and reports can significantly help you by visualizing problem points, so you can thoroughly investigate security events and traffic behavior anomalies.

FortiGate is a constantly evolving product, so pay attention to FortiOS version it runs.

For IPS, IDS, traffic management, SDWAN, high availability, we leverage Fortinet FortiGate as a virtual appliance to secure our data center, internal office infrastructure, and site-to-site VPNS Site to client VPNS for our internal lab controls, rather than using physical Fortinet FortiGate hardware.

We implemented Fortinet FortiGate as part of our compliance requirements to address the high volume of intrusion attempts we were experiencing. This solution provides us with a insight on Intrusion to block these attacks and gain insights into who is trying to access our network. Essentially, we aim to understand the nature of incoming and outgoing network traffic.

FortiGate offers visibility into the types, brands, versions, and users of connected devices. This visibility is crucial for our industrial devices, as their reliable operation is essential to our business.

Fortinet Security Fabric empowers us to comply with regulations, governance, and compliance requirements across regions like the US and Europe, ensuring smooth operations for our global business.

FortiGate's built-in APIs enable us to integrate with the vendors of our choice.

Fortinet's FortiGate is easy to deploy in our environment thanks to its well-written and easy-to-follow documentation.

FortiGate is a highly benchmarked product that improves efficiency and adds value to our organization.

Although we don't see a benefit overnight, we gradually see the benefits of FortiGate over the years. It has provided a lot of insight into our organization's activities.

FortiGate significantly helped reduce the risk of cyberattacks that could disrupt our production. This has protected us against financial losses.

Fortinet has its management suite so it helps to centralize the management of network and security operations in our company. This helps us easily manage the issues and solutions that are required.

Fortinet FortiGate provides us with actionable data to inform our decisions about the most appropriate course of action. It delivers insights into resource consumption and compromised hosts, helping us identify the source of unauthorized login attempts. This comprehensive view allows us to understand what's entering our network.

Fortinet Security Fabric improved security across our industrial control systems.

Fortinet FortiGate helped reduce our mean time to remediate.

Fortinet FortiGate helped to mature our approach to cybersecurity for protecting our industrial equipment. The level of detail we can see regarding incoming traffic and ongoing activities is quite high. This detailed visibility extends to host configuration and other such aspects, providing us with valuable insights. As a result, Fortinet can provide a clear understanding of how to manage our network and quickly mitigate any issues that may arise.

The most valuable feature of FortiGate is FortiView which provides proactive monitoring. 

Ideally, I'd like to see most CLI configuration options exposed in the GUI to avoid manual command typing. However, there should be a more user-friendly approach than simply replicating everything in the GUI. Alternatively, some users might prefer scheduling tasks through commands for automation.

I have been using Fortinet FortiGate for over 12 years.

I would rate the stability of Fortinet FortiGate ten out of ten. As long as we configure FortiGate properly.

The technical support has improved over the years.

Positive

We previously used an open-source firewall, but we were looking for a solution that was more proactive, easier to manage, and continuously improved. FortiGate was a major competitor at the time and has since become one of the market leaders.

Initially, there was a learning curve during the deployment. We did have the help of local vendors.

If our policies are already in place, we can have the solution up and running in less than a day using a script. However, if we need to determine our policies while implementing the solution, it can take over a month to complete.

Fortinet FortiGate mitigates an excessive amount of manpower requirements because it is easy to manage and this helps contribute to a return on investment.

The price varies yearly and there could be additional costs to help manage the infrastructure. 

In certain markets, if an organization subscribes to their internet service they get a Fortinet firewall included in the cost.

We evaluated some of the leading brands. At the time we found FortiGate easier to administrate and handle. The interface was intuitive and the solution was affordable.

I would rate Fortinet FortiGate nine out of ten.

Fortinet FortiGate is one of the most user-friendly security appliances I've encountered. It has a gentle learning curve, and even beginners can configure it effectively. However, for a successful deployment, it's crucial to have a well-defined network layout, documented initial requirements, and a clear configuration strategy. While physical documentation isn't mandatory, a well-organized approach is essential. This includes using clear and consistent naming conventions for commands and rules, along with detailed descriptions within the configuration itself. This makes it easy for anyone to understand the overall logic and navigate the configuration from start to finish. It's important to note that my approach to policy management might involve unique syntax. This includes how I structure policy sets and identify which ones consume the most resources. Understanding how policies interact with other aspects, like implementation and rule execution, is also crucial. Ultimately, a well-defined naming standard is the foundation for a clear and maintainable configuration.

I use it for a VPN. I use it as a gateway between locations. That's what I use it for.

They're Point-to-Point Networks, Metro Ethernet Networks, and over across the internet. We set it up with an AD VPN tunnel in between the various connections.

We use it for interconnectivity between the various sites to provide VPN tunnels. In contrast, service providers, even on Metro Ethernet and Point-to-Point Networks, cannot provide a secure connection between two points.

We've actually replaced 30 or more Cisco routers that were doing these VPN connections, and we replaced them with the FortiGates in order to provide Point-to-Point connectivity. It increased throughput on the various links, and it increased security.

Their VPN connection, their routing capabilities, their layer three throughput, and their firewall management capabilities that limit access from one VLAN to another are all the most valuable aspects for us. 

The solution is stable.

It can expand easily.

Support is helpful.

The product is significantly cheaper than, for example, Cisco. 

The user productivity has been good as they can, for example, transfer files easier. There is no slowdown. 

In their IPS Web Security Gateway, the reporting functions need to be a little bit more user-friendly for how to get the reports from it. That's one of the reasons why we don't use that function.

With the reports, you can see it, and you can get good feelings so upper management can go, "Oh, wow. That looks pretty." However, it's very basic.

I've been using the solution for two years. 

The stability is very good. There are no bugs or glitches, and it doesn't crash or freeze. 

We've been able to scale pretty well. It's not a problem of you need to expand. 

End users will be passing through it. Most of the accounting passes through it to various other locations. We have about 1,500 people on the product, technically.

We do have plans to increase usage. We have not completed the entire County yet. We've done 80% and still need to action the last 20%.

Technical support is very helpful. 

Positive

We used to use Cisco. We switched to FortiGate due to its throughput, ease of use, and cost.

Our needs are a little bit more complex than others. That said, overall, I would say it's about average in terms of the ease of setup. We got to do a VPN tunnel across, and it was AD VPN, it was something brand new. 

When I set things up now, it's pretty straightforward. When I first started, it was different as I'd never seen the technology before. When I first started, I'd never seen this technology, I didn't have a clue. Others may be in the same boat. 

Now that we're familiar with technology, this is very easy to set up. We've deployed 30 of them. I've got junior engineers that can follow my instructions and set up the FortiGate, and we're up and running. It gets easier over time. We've been doing this over the last two years.

We have up to two people needed for deployment and maintenance tasks. 

The deployment is completely done in-house. We didn't have any outside assistance. 

We did use Fortinet's tech support when we came into some problems. However, we didn't use any extra vendor.

Licensing is renewed every three to five years. They are less expensive e than Cisco. It has reduced the overall cost of maintaining a Cisco environment.

It's a package deal. There are no extra costs. 

We did not look into other solutions. 

I'd advise potential users to just implement the right size for you and what your needs are.

I'd rate the product nine out of ten. 

We are just a customer and end-user.

Fortinet FortiGate needs to improve the logging and reporting. Additionally, the next-generation application's policies should be improved. When they were released they had bugs.

I have been using Fortinet FortiGate for approximately 12 years.

Whenever we install a new release of an OS we should expect lots of bugs on the system that could break the system. Something that is working fine in the previous system, if we upgrade it, it could break it. Fortinet should work a lot on this to remediate it before releasing any OS. This includes any update and upgrade of FortiOS because I have seen issues when I upgraded, such as the memory and CPU jumping to 100 percent, and some or all functions were not operational. These bugs should be fixed in the firmware.

If there is a need for some upgrade or update on an existing system then I will plan ahead, but if it is not stable I will not do it. We have new releases being tested now and once they are rated stable I will upgrade.

I have found the support from Fortinet FortiGate very poor. I do not use them anymore because they are not very good. This is based on the support I have received from South Africa and India. However, the support from France I have heard was excellent. I only open support tickets for bugs.

I would rate the support from Fortinet FortiGate a two out of five.

I have previously used SonicWall, Sophos, Juniper, and Cisco Meraki.

The initial setup of Fortinet FortiGate was straightforward.

The time it takes to implement a firewall a large and small firewall is the same. It does not matter the size of the firewall. The complexity comes from the network and the scope of work that we need to do for the customer on the network.

If it is a large network, it will take us more time to deploy it, because there is more to configure. If it is a small network, it will take less time, but configuration-wise, it's likely the same.

I have deployed Fortinet FortiGate on my own. I have never needed help from any third-party consultant, or integrator. I work as a consultant and integrator for other companies. I provide my service as a consultant.

Fortinet FortiGate doesn't require a lot of maintenance if you deploy the system correctly, it will run well. However, you do need to have some security checks, auditing, and cleanup of the system, every month. It depends on the company policies. 

If you already deployed the solution correctly you should not have an issue. Maintenance is required, we do have some customers that are doing morning checks on memory and CPU, it does not take much time.

The license for Fortinet FortiGate is affordable in my country.

I rate Fortinet FortiGate an eight out of ten.