Fortinet FortiGate Reviews

I specify, configure and deploy firewalls  in organizations with 500 or fewer employees and 15 or fewer sites.  Primarily I choose between Cisco, Sonicwall and Fortigate small and medium sized appliances.  Occasionally I deploy virtual appliances in AWS.   I prefer to use Fortigate firewalls for several reasons- remote access is simple and the included client works with MacOS Windows and IOS devices.  The level of security works well for most clients and the authentication with AD/LDAP makes the solution easier to deploy.  I also find that the clients  appreciate the lower price point than other vendors.

We have a standard build. We give the client the laptop, and, especially with the pandemic, we send them home with the laptop or FedEx the laptop already configured, and the user is ready to go. 

I don't even need to know the client's password. I can just install the software and create a profile. The client fills the profile in with simple instructions, types in their password instructions, and connects it and they're good. It's really simple. 

That's why we have standardized recommending Fortinet. That doesn't mean that I don't support other solutions as well, however, the device that I like the best is the one that's easy to use for me and it's easy to use for the clients. The price point is not bad as well.

The ease of setting the solution up is a valuable aspect for us.

The most valuable aspect that differentiates it from other solutions is that the client (the SSL VPN client or the IP sec VPN client, the same clients) is included in the solution. We don't have to pay extra for the software and the clients. 

I have had some issues, but no more than others and I don't have to buy an expensive add-on license to do it and it's managed and it's updated automatically. That's the key thing, that the client is included and it updates itself so I don't have to do too much to manage it and it's very transparent to the end-user.

The biggest "gotcha" is that if the client purchases what they call the UTM shared bundle, which has unified threat management on both, it's not as easy to manage if you have more than one firewall. 

If I wanted a unified console, I have to pay extra. And that's the downfall. That's the only needed improvement that I would say for the Fortinet solution, is that they should have it web-based from the get-go. You should not have to buy an extra bundle or an extra device.

If I have to make an update to a web filter, and I have 12 devices, I've got to do it in 12 places. If I don't want to do that the client can pay for a pretty expensive device or virtual appliance that does that for them. It's like an expensive centralized management tool. That's the big downfall of Fortinet. It doesn't come included, you have to pay for it. Their web-based one, that's sort of just like an inventory manager. It's not really good for distributing roles. With Cisco, you don't have to do anything. The one from Aruba HD has one too. Fortinet should try to be similar to those options.

In the next release, it would be amazing if they could give a better tool for upgrading, so that if I upgrade from an older version to the other, it can read the configuration and processes it for me so that I don't have to rewrite it from scratch. In FortiConverter, they have a tool like this, however, it doesn't work well. It's really more for bringing items in from other vendors, not from one version to the other.

That was my last experience where they operated from version five to six. However, that's really the only big thing. The main thing is to include the FortiManager cloud software like Cisco does. To have one solution. If you paid $150 a year for the support, you might as well get that too so I could manage all the devices at one spot. They do have FortiCloud, however, it's not the same as the way Cisco does it. They are selling another product called FortiManager. FortiManager should be included with the support, and that would make it more of a business solution, rather than a feature request.

I would say that I have been using the solution for over 10 years. It's likely been between 10 and 15 years at this point.

Fortigate firewalls are very reliable- in the past 15 years I believe only 2 devices in a 100 have failed.  The failures were due to harsh environments (dust and water will ruin any electronic device).  The input I can give to any technology person or client looking to choose a firewall / threat management device I would highly recommend the stability / reliability of fortigate.  Once installed it will do it's job efficiently and effectively for several years.

I will tell a client not to go with Fortinet if they have no firewall or they have a very, very old firewall. If this is from scratch, I'd say let's not go with Fortinet, let's go with Meraki if you have the money. I always say create the budget for it if you have a lot of sites, as Cisco does a better job if you have a lot of sites. If you have two sites, then it's fine to go with Fortinet. It'll scale to that scale. However, if you want to go over a couple of sites, it's not the best option.

The solution's initial setup is straightforward. It's actually gotten better. I got good at doing it from scratch from the command line, or even from the GUI with all the 50 steps to set up stuff. However, now they're wizards and it's much better. It was the thing that probably a lot of people commented on initially, and they just worked hard to fix it. They updated the software from version four to five to six. They did a good job at making it easier.

If the client had a lot of downtime or a lot of issues with older equipment, or they did not like the fact that they had to pay every year just to be able to use the device, then the return on investment of spending $900 for a Fortinet 60E per site for a three-year contract will hands-down beat pretty much anybody. 

It is definitely set it and forget it. There's very little input. You'll save money on consulting. If you were to call me and you're doing Juniper or you're doing Palo Alto, there's a lot more configuring and it's a lot harder to add stuff and therefore, as a consultant, I make more money, and I'm being serious. Once I set up a Fortinet I really don't have to touch it for years.

Maybe I have to log in to check that I need to do an update, however, in that case, they usually send me an email saying hey, your license key is up and maybe you want to buy a new one. I take the old one out and put a new one in, that's when I get paid again. It's boiled down to that. 

I'm not only an authorized reseller. I am a consultant that uses their equipment and recommends them on a routine basis. I am not a Fortinet partner, however.

I use a series of FortiGate products, including the 60, the 90, and the 100. Some of them are E's, some of them are S's; it all depends. However, they have pretty much the same user interface.

If a company is considering the solution, I'd advise that they consider purchasing the FortiManager if they really like the feature set and the way that Fortinet works. For example, a company we work with has these large scale solutions, and they use FortiManager. If you're a very large implementation, definitely look into Fortinet. If you're small, for example, under 20 devices, consider joining Cisco Meraki as it's so much easier. That's what I would tell any client. 

FortiManager and FortiGate are really good. If you like the way the GUI works it's more flexible than Cisco. There are more bells and whistles, however, Cisco is going to be the way to do it if you're going to do 50 sites. If you were to do a lot of sites, consider Cisco. If not, you can do Fortinet.

At the end of the day, the solution is very flexible, and if the client has special business partners that want a special type of nailed up VPN or special configuration for the clients, it offers that. The lesson I learned using the solution was to go with the solution that's most flexible for the client and at the same time is as low touch as possible. That's why I've standardized on FortiGate, as it's low touch for me and I'd rather spend time fixing other stuff or troubleshooting the other problems for clients than this particular solution.

You want to spend less time fighting with your remote access solution or your firewall solution and work on other problems. It should not be a difficult thing, and yet, a lot of people struggle with that. Especially today with the pandemic, they have to be able to have access to their stuff and that's crucial. That's the biggest takeaway. Is it easy to manage it, is it easy to connect? If so, it's worth the investment.

I would rate the solution nine out of ten. If they included FortiManager in their offering, I'd give the product a perfect ten.

The typical use case for Fortinet FortiGate is perimeter security, which is why our clients use this solution.

We are an implementer of Fortinet solutions.

It works well to protect the edge. For protecting the edge, Fortinet FortiGate secures any data traversing the network back to the cloud or data center through encryption. I have found it easy to configure, which results in no problems.

The security services provided by Fortinet FortiGate firewall are among the best. They have been in Gartner's quadrant for a very long time, which always helps.

Fortinet FortiGate has been able to secure mission-critical data effectively. It secures our customer's network properly, so that's always beneficial.

The ability of Fortinet FortiGate to provide network and security convergence is impressive, as they have stable features including application control. They also have advanced routing policies that set themselves apart in network security. Their solutions gel effectively with a single console for management, which is a significant advantage.

FortiOS is quite good in my experience with Fortinet FortiGate, and it works very effectively and is stable for companies. The customers have given feedback that FortiOS has been very stable for a long time. 

From a feature standpoint, it's easy to set up if people want to try and set up VPNs and other configurations. Policy control is quite nice, and we have a lot of experience with this solution, which helps us a lot.

Their support can be better, and there should be better policies for immediate replacement in critical situations. Their replacement policy varies depending on the type of support subscription. With the standard support subscription, if the device goes down, the customer has to first ship the box, and then Fortinet sends the replacement. With the higher support, the customer has to ship the device after they have the replacement. It would be better for customers to get immediate replacements even with a standard subscription.

I have more than 10 years of experience working with Fortinet FortiGate.

It is very stable. I would rate it a ten out of ten for stability.

If you size the solution correctly based on the customer's network, number of users, and throughput required, there is no problem regarding scalability, so I would rate it a nine out of ten for scalability.

We have small, medium, and large customers who have opted for Fortinet FortiGate.

I would rate technical support from Fortinet an eight out of ten. Their technical support can be improved slightly as we sometimes experience delays in support for urgent customer needs.

Positive

The typical deployment model for Fortinet FortiGate is mostly on-premises. However, there is a virtual appliance available for cloud setups, but in India, most of the sales are for on-premises appliances.

Fortinet FortiGate definitely reduces the total cost of ownership because it offers better management capabilities through a single platform. Its widespread use makes skill sets more available, making it much more cost-effective for customers than other products which may require higher resource costs.

It is more affordable than Check Point and Palo Alto. Another thing is that all the features and the OS remain the same irrespective of the size of the device.

Pricing-wise, Fortinet typically provides one-year support with the firewall appliance. There is also an option for three years which is how their licensing works. They also offer add-ons for features to keep more logs or data, which is standard across their competitors as well.

The price-to-performance ratio for using Fortinet FortiGate is always better compared to any other competitor, so they are rated better than the likes of Check Point or Palo Alto.

The network availability improves when implementing a Fortinet solution; it's definitely much better for a customer compared to having no solutions in place. They are affordable overall.

I would rate Fortinet FortiGate a nine out of ten.

Our main use cases for Fortinet FortiGate include using it as a perimeter firewall. Fortinet FortiGate manages all our policies and other things.

Fortinet FortiGate has impacted our cost savings and security efficiency positively.

Fortinet FortiGate's VPN capabilities are very effective for us. We utilize the VPN facilities of Fortinet FortiGate all the time, so anybody who accesses our SAP systems utilizes the VPN of Fortinet FortiGate.

It has been quite seamless in terms of integration. We find it very useful for us.

The features I find most useful in Fortinet FortiGate are its simplicity of utilization, which is very important, and its provision of interfaces to see the alerts and other things. It is very useful. We use it to understand who our top users of the internet are, what they are using, and when they are using it. It gives us many glimpses into the inner workings of the organization.

At this moment, we believe that Fortinet FortiGate should be improved by injecting more AI because the kind of threats we are seeing are more ransomware threats. Fortinet FortiGate is able to ensure these threats do not enter, but we would prefer to see more proactive alerting mechanisms come out.

I have been working with Fortinet FortiGate in this company for about a year or over a year now, and in my previous company, I used it for almost four years, totaling five years of experience.

For stability, I have no complaints; we are satisfied customers.

Fortinet FortiGate is scalable enough for our environment. We are using Fortinet FortiGate in the consumer durables industry for electrical products. We currently have a little over 2,000 users working with Fortinet FortiGate in our environment.

We plan to increase the usage of Fortinet FortiGate in the future, shortly upgrading and increasing the number of users.

For technical support of Fortinet FortiGate, we utilize a channel partner and we are very happy with them. They support us almost instantly. They have backend support from Fortinet FortiGate, which they utilize. I would rate the support an eight out of ten.

Positive

The setup of Fortinet FortiGate is very simple, worthy of a nine out of ten rating.

The deployment part of Fortinet FortiGate takes a couple of hours. We decided to go for Fortinet FortiGate because it was simple to implement, it was simple to get the policies implemented, and the interfaces were quite simple. Simplicity was the main reason. The product is very good.

I find it quite reasonable.

Before working with Fortinet FortiGate, we evaluated Check Point, Palo Alto, and Blue Coat solutions. The reason we chose Fortinet FortiGate was basically because of security and simplicity of use.

I would recommend Fortinet FortiGate to those who are looking into using it because if they look at the manner in which it protects their enterprise, it does a wonderful job of that. 

I would rate Fortinet FortiGate an eight out of ten.

My customers use Fortinet FortiGate for SD-WAN, network security, branch-to-branch communication, site-to-site channel communication, multi-layer protection, authentication, and antivirus solutions. They span various industries, including IT setups, chip-level designing, VLSI companies, software development, SAP implementation, manufacturing, and production groups.

The strengths of Fortinet FortiGate include network security, VPN, site-to-site tunnels, client VPN solutions, two-factor authentication for VPN clients, and SD-WAN for branch level. We have implemented these solutions for various customers.

Regarding challenges, customers initially faced issues like internet dropping, but after firmware upgrades, everything worked well.

I believe Fortinet should offer short and frequent training sessions, preferably in video format, whenever they introduce new features. These sessions should be around five to ten minutes long, allowing users and partners to quickly grasp the information without disrupting their daily tasks.

Long training sessions spanning one or two full days can lead to distractions and reduced focus due to continuous support calls. Therefore, providing brief and focused training snippets would be more beneficial for users.

I have been using Fortinet FortiGate for six to seven years.

Our customers are satisfied with the stability of Fortinet FortiGate. I would rate it as a ten out of ten for stability.

Fortinet FortiGate is quite flexible and scalable, allowing us to scale up from sixty to a hundred units. However, there are limitations for extremely high production levels. I would rate its scalability an eight out of ten.

Positive

Setting up Fortinet FortiGate is straightforward and easy. I would rate it a ten out of ten for ease of setup. The deployment typically takes around two to three hours.

Operational costs for Fortinet FortiGate are pretty low because once it's configured, no changes are needed. In terms of ROI, clients have seen benefits. After switching from other brands to

Fortinet, they experienced fewer support calls. Initially, there were some support calls in the first one to two months, but after that, there were none. Clients are now comfortable and not wasting productive hours on IT support.

The cost of Fortinet FortiGate is competitive and not expensive compared to other enterprise- grade solutions. On average, the license cost per year is around seventy percent of the firewall's purchase price.

Regarding AI elements, I believe Fortinet has the capability to implement machine learning snippets for improved security and advanced configurations, but this should be integrated as part of their overall strategy.

I will advise to focus on configuring the admin tools and monitoring users and serial numbers effectively. 

As for rating the solution, I would give it a ten out of ten for being a very good solution.

It is our primary router here in the office with all the firewall policies.

The solution has many valuable features. I like all of them.

Its stability is great. On a previous job, we set probably up to 100 FortiGates, and during the three years they were set up none of them failed.

It's a very scalable solution.

The pricing is great and very reasonable. 

The initial setup is simple. 

We use a yearly subscription for a unified protection model. I like the features that it gives me. It is actually a built-in proxy server and it allows me to use great protection and so on. In terms of application control, the built-in anti-virus is okay. One of the things that I like the most is it has a built-in SD-WAN solution - its price is included in the hardware. I don't need to buy anything else to use SD-WAN. This is the feature that I like, in Fortinet, probably the most. All other vendors sell SD-WAN as a separate solution and you must buy a separate controller which has to be installed somewhere, on-premise or on the cloud, and it costs money. Fortigate does not.

I can't think of an area of the product that needs improvement. Even the cost is okay. I have no real complaints. 

It would be good if they had fewer updates. Almost every update has bots that are either critical or something small yet valuable. Whenever I try to do an update, I always fear that something will break.

I've used the solution for a few years. I used it on a previous project and I use it now as well.

The stability has been excellent. It's very reliable and the performance is great. They have not failed in three years. There are no bugs or glitches. It doesn't crash or freeze. 

The scalability of the product is great. If a company needs to expand it, it can do so.

Up to 100 people use it right now, and likely we will increase usage so that it covers 150 to 200 users. 

If our other branch offices open in other cities or other countries, I will buy another firewall for them as well.

I've contacted technical support in the past.

For example, I tried to update my firewall to 7.0.4 and there was a block with the DHCP server. Some devices did not acquire an IP address. Really, it was something about FortiGate. I asked Fortinet for technical support and I created a ticket, and the next day they replied to me they agree that this was a bug that they would work on. As far as I can see now, there is already an option of 7.0.5. While I didn't test it myself, in the changelog I can see that this bug is fixed.

So far, we have been satisfied as they have answered us by the next day typically.

I did not previously use a different solution.

It's an easy setup. Everything is very straightforward and simple to understand. It's not complex, not difficult. A company won't have any issues with the process.

The deployment might take up to one week. I don't remember exactly. I continued to add some features, however, in the instant deployment, when it came here I had another router here, it wasn't too long of a process. Later, I asked my bosses to buy a firewall and when it arrived, on a Friday in the evening, I installed it and everything was fine. It was very fast.

I handle the deployment and maintenance myself. We do not need a big team to manage everything. It's pretty low-maintenance. 

I handled the implementation myself. I did not need a consultant or an integrator.

The pricing is very fair for a firewall. There's nothing to complain about in terms of licensing.

The price model is fair. I have to pay only for the features that only Fortinet gives me. Things like routing are free. Other vendors like Cisco, make me pay for things that should be free.

I would recommend the solution to others.

Fortinet has an education platform that is named trainingfortinet.com and many courses are on there. All the video lessons are free. Users can view them to learn about the features that Fortinet has. It's an excellent resource.

I would rate the solution at a nine out of ten.

The majority of use cases have been around UTM. Initially, they were famous for their UTM solution because nobody was offering what Fortinet was offering. 

We most probably use the latest version.

Fortinet has a very strong OS. They have a single OS through which they integrate all the networks and security operations. Our experience has been very good. Fortinet gives us a single fabric for the security and network teams. This unification has helped us a lot in providing Secure SD-WAN and other solutions, such as network switches, wireless controllers, FortiNAC, FortiAuthenticator, etc. They have a single pane of glass for all these from the monitoring and visibility aspect.

The integrated application protection provided by Secure SD-WAN is very good. Fortinet is a security-focused company. The features related to application recognition and how to enhance the performance and security of applications are pretty good.

The customers for whom we deployed FortiGate have become long-term customers of Fortinet. Even when they compare the solution with some of the other vendors, they're more comfortable with going with Fortinet and upgrading and refreshing the hardware and the software. It's a very good product, and the customer satisfaction is pretty good.

It impacts operational efficiency because we can quickly make the changes. For example, Cisco has some limitations in terms of the time it takes for any change to take effect, which impacts the operational efficiency, whereas in the case of Fortinet, they've got a very quick way of doing the changes and reverting them, which eliminates any downtimes because of the configurations. Their method for configuring and applying policies is very simple and easy. Because of that, it's very easy to do complex changes, and in the case of misconfiguration, revert those changes without much of an impact. Overall, Fortinet FortiGate brings a lot of operational improvements because of the strength of FortiOS.

Secure SD-WAN has helped us remediate threats more quickly. Normally, with the WAN solutions or the simple SD-WAN solutions, security is done on the hub side. With the Secure SD-WAN solution, we can apply security at the branch level, so unnecessary or malicious traffic doesn't reach the data centers or the hub site, which helps in improving the overall security posture. Also, we can tighten and apply a single security policy across all the branches or different segments of the WAN, which improves overall security. Fortinet offers different security measures for blocking malicious traffic and having a uniform policy across the entire organization. 

Secure SD-WAN has helped reduce our mean time to detect (MTTD) and mean time to resolve (MTTR). Applying a central security policy at the branch level immediately helps us to detect any malicious traffic and block it there, so the chances of anything reaching the hub or the data center side are less. It improves MTTD and MTTR because it has a very good interface where we can easily respond to all the attacks and manipulate things. Applying security with the help of Secure SD-WAN helps to mitigate attacks from where they are originating, which improves MTTD and MTTR.

Secure SD-WAN has helped reduce help desk tickets. Because of the operational efficiency and security, there are not many issues that impact the number of tickets.

With the help of Secure SD-WAN, we can provide operational efficiency because we can apply policies on an application-level basis. With Secure SD-WAN, we can apply a security policy per application. The central security application structure helps to apply all the measures from one central place and from the cloud. Because it's connected to many intelligence centers, it future-proofs a business and improves it overall. 

Fortinet has a very good solution for Secure SD-WAN. One very good feature is that they have robust and simple FortiOS through which they provide all solutions. That's their strength. There's not much complexity involved with the Secure SD-WAN solution of Fortinet as compared to Cisco's solution, which has a lot of flexibility but complexity also comes with that flexibility.

From a reporting perspective, there's room for improvement. They provide FortiAnalyzer through which one can get some enhancements, but the visibility and reporting still need slight improvement. Recently, a customer had a requirement of getting some reports on their internet usage. Palo Alto has a bit better reporting than the Cisco and Fortinet firewalls, but we cannot get granular details about the user-level security, usage, etc.

Their support also needs improvement.

I've been working with this solution for around ten years.

It's very stable.

For small and mid-level enterprises, it has been a very good solution, and that's why they captured that market. Our experience with it has been very good. It's easy to configure and deploy. In our country, their main market is small and big enterprises, but they are gradually focusing on the performance aspect. It's being used in large enterprises as well as a firewall solution.

It's scalable. There were some performance issues a few years ago, but they've fixed them for better performance, optimization, and high throughput. Performance-wise, it's very good.

Support is one of the areas that they need to look into because as compared to some of the other companies, Fortinet's support is not that responsive. The product is very stable, but their support needs to be improved. I'd rate their support a six out of ten.

Neutral

We used Cisco and Juniper. We switched to FortiGate because it offers a lot of features at a very good price point. Unlike some of the other vendors, you don't have many license restrictions. For large and medium enterprises, they provide a wireless controller, authenticator, and mail features. There are so many features integrated within FortiOS, whereas, with many vendors, you have to work with different products. It's very helpful for small organizations with tighter budgets. There's also the ease of configuration that helps to bring things online as quickly as possible as compared to some of the other solutions that have a learning curve and that take some time.

I mostly work on the pre-sales side. I discuss all the features, and then I work with the deployment team. They do the installation.

Its installation is easy. Normally, we get the scope and have the high-level design. After that, we go to the low-level design where we manage all the configuration templates. We have discussions with the customer and finalize all the policies that need to be applied at the site. We segment sites by size, traffic, application usage, etc. We apply the policies on a group basis, and then we apply the configurations on the controllers or the sites.

In our area, people are mostly interested in on-prem setup instead of cloud because not many controllers are located within the country, so the traffic has to be traversed outside the country. For banks and financial sectors, on-prem is more suitable, but small organizations can have it on the cloud.

We implement it ourselves. For small projects, one or two people are good enough because we majorly find all the things at the LLD stage. We have a team that works on the LLD and configurations, and then we've got an on-field team that takes those configurations and applies the changes. Normally, if the implementation isn't distributed across the country, not many resources are required. Two or three resources are good enough, but if it's distributed across different regions, then a larger team is required. Once we have the templates, things are posted automatically, so not much to be done at the sites. We just have to do connectivity and configure the policies. As compared to other deployments, we require much less staff for the deployment tasks.

It requires maintenance, but generally, the product is very stable and doesn't require much maintenance. Normally, there aren't many changes. If there are any issues, we definitely need to monitor and check. Most of the issues aren't related to the solution itself if you have implemented it in the right manner, so planning needs to be done in the right manner.

There's definitely an ROI. Having a centralized way of managing and applying policies across the entire organization always helps. The time to manage, operate, and resolve issues is much lower. When you have a central place to manage and do the changes, you get efficiency and time savings.

A year or two years back, its price was competitive and reasonable. That was one of the reasons that people easily switched to Fortinet. Over the last two years, the prices have increased drastically. However, the prices of others have also increased. An advantage is there from the price point but not as much as it was previously.

It's a very good product. It has all the features required for operations. We strongly recommend using Fortinet for your edge or data center security or for your SD-WAN. FortiGate is doing very well. Fortinet has been capturing the security market, and now they're capturing the market for SD-WAN as well. They're a leader in Gartner's Quadrant. Their FortiMail and FortiWeb solutions are also very good. They provide all these solutions, and we have deployed all these solutions in the market. They're working perfectly, and customers have minor complaints about them.

Currently, no SD-WAN solution is interoperable with other vendors. Every SD-WAN vendor has its own solution. There's no standardization, so there isn't much interoperability. For example, we need a controller and branch-level software or hardware. Hardware is agnostic for some vendors, but normally, vendors also have their hardware. There are a few vendors that provide hardware-agnostic SD-WAN solutions, but Fortinet has its own hardware on which the complete SD-WAN solution runs.

Overall, I'd rate Fortinet FortiGate an eight out of ten.

We used FG-90D as UTM device to protect some users and servers, and also to enable inter-vlan routing with advanced security policies inside our lab zone. Also used FG-500D in transparent mode in front of Cisco ASA for advanced and high performance protection by applying IPS, AV, AntiSpam, App.Control and DoS-protection profiles.

We have better manageability: opening and closing ports/services, adding addresses is done very quickly (can be done in single page of the web GUI).

It offers outstanding reporting tools when coupled with FortiAnalyzer (Fortinet's log collector and reporting tool) help meet compliance (there are PCIDSS, HIPAA and many more report types).

Better security posture: safe web surfing, less spam and viruses in incoming email messages, very granular AppControl, blocking vulnerability exploitation attempts and traffic anomalies by IPS, preventing DoS attacks by DoS policies.

Good VPN, both IPSEC and SSL (web-mode, tunnel-mode). An engineer/network administrator has tools to debug VPN issues that can occur during tunnel setup with other vendors' equipment.

SD-WAN feature at no cost. This is really great feature for remote locations (branch offices) and HQ, application steering between many ISP links becomes a simple task. Steering can be done dynamically by measuring link quality (latency, jitter, packet loss, available bandwidth).

Wi-Fi and Switch controller at no cost. FortiSwitch and FortiAP can become a kind of port extender of the firewall, all its ports can be referenced in firewall policies. When you have such management plane consolidation it gives you a simpler way to operate.

Security Fabric Framework is helping in analyzing sudden and rapid changes in whole infrastructure, and gives the ability to simplify daily operations (e.g. address objects synchronization between all firewalls in Fabric, estimating overall security rating, single-sign-on for admin access and many more)

Single Sign On support with deep LDAP integration (several variants for environments with different scales), RADIUS authentication.

Can work as transparent and explicit web-proxy, the last option supports Kerberos authentication which requires no agents installed on any windows server.

Human readable firewall policies with editable security policies and
addresses in single page. This is very useful and time saving feature.

Firmware upgrade process is very simple, even for cluster configurations it is fully automated by default.

Straightforward SNAT and DNAT; you may work in two ways: with Central NAT rules configuration and by applying translation directly inside firewall policies.

Bulk CLI commands are uploaded via gui in script file (portions of config file).

VDOMs are very useful when you need to grant admin role to clients separately. VDOMs in FortiGate can be represented in FortiAnalyzer's ADOMs (administrative domain), which can have different log storage policies, event handling and alerting configurations. You can create one VDOM working in NAT/Route mode, and another VDOM working in Transparent mode.

If you don't want to create and use second VDOM you can still transparently inspect traffic at layer 2 level while having only one VDOM in NAT/Route mode. This is achived by configuring Virtual Wire Pair ports that work like a separate bridge.

Ability to capture packets going through any interface of device (and VM too). You can set number of packets, filter out packets by IP and port number for particular troubleshooting purposes, then download a .pcap file from web gui and analyze it in your favorite programm.

Advanced routing (RIP, OSPF, BGP, PBR). It gives you a seamless and simple integration into a large network.

IPS, AV, Web Filter, AppControl profiles are working very well.

SSL Inspection and CASI (Cloud Access Security Inspection) profiles.

Rich logging options allow you troubleshoot most problems.

Straightforward HA with different redundancy schemas.

IPv6 support.

I think there could be more QoS features in GUI. FortiGate has Traffic Shaping feature that is enough in most cases when shaping egressing packets, but sometimes I just need 802.1p prioritizing (Class of Service) of incoming packets and manual ingress queue assignment. This is what would be nice to have, but I realize that such a job is more efficiently done by L4 switch standing before firewall. Fortinet has a FortiSwitch that can do it, and it also can be controlled by FortiGate via FortiLink protocol.

[Firmware version FortiOS 6.2 update]: There are a lot of improved and newly added things, so it is very hard to imagine any additional features.

Four years.

Small models (up to FG-90) are build on SoC (System on a Chip), so they need to be mounted in places with enough airflow and right temperature, otherwise they could hang, slow down traffic processing, but more often you just can't log in to the device's web-interface (reboot won't help you until it cools down). Actually, that's not an issue. It is a technical requirement for operating environment to be 5-40 degrees (but at 35 degrees with poor airflow there may be issues mentioned above).

For large scale deployment I would suggest to look at FortiManager, a central management point for large amount of FortiGates. I have tested the solution and found it quite useful. I could download configuration from any device and install edited list of policies to several devices simultaneously through a couple of clicks. Also I liked functionality of clearing out Address objects list from unused entries. It can be configured to be a central repository of firmware and updates, and a local rating server (url and antispam rating services) which can improve rating lookup latency value.

Technical support is good (in average).

We used an old IPS from Cisco. We switched because of End-of-Support on that device.

Initial setup in plain networks is very straightforward. For large environment you should prepare beforehand, because FortiGate is a highly-tunable and feature rich product, so you must have a plan with many considered details.

We did not engage a vendor team. Documentation is good enough to implement with an in-house team.

Setup cost may be not so low, as you expect, because it depends on different factors, but TCO for 5 years may pleasantly surprise you.

Palo Alto, Cisco ASA, CheckPoint

Many interesting things are hidden in CLI, they can help you in different situations. Web-interface (GUI) is primarily intended for day-to-day routine.

Don't underestimate FortiAnalyzer. It can give you a better understanding of what is going on in your network. When FortiGate sends logs to FortiAnalyzer, FortiAnalyzer inserts received log data into database. Predefined and customizable data queries, charts and reports can significantly help you by visualizing problem points, so you can thoroughly investigate security events and traffic behavior anomalies.

FortiGate is a constantly evolving product, so pay attention to FortiOS version it runs.

For IPS, IDS, traffic management, SDWAN, high availability, we leverage Fortinet FortiGate as a virtual appliance to secure our data center, internal office infrastructure, and site-to-site VPNS Site to client VPNS for our internal lab controls, rather than using physical Fortinet FortiGate hardware.

We implemented Fortinet FortiGate as part of our compliance requirements to address the high volume of intrusion attempts we were experiencing. This solution provides us with a insight on Intrusion to block these attacks and gain insights into who is trying to access our network. Essentially, we aim to understand the nature of incoming and outgoing network traffic.

FortiGate offers visibility into the types, brands, versions, and users of connected devices. This visibility is crucial for our industrial devices, as their reliable operation is essential to our business.

Fortinet Security Fabric empowers us to comply with regulations, governance, and compliance requirements across regions like the US and Europe, ensuring smooth operations for our global business.

FortiGate's built-in APIs enable us to integrate with the vendors of our choice.

Fortinet's FortiGate is easy to deploy in our environment thanks to its well-written and easy-to-follow documentation.

FortiGate is a highly benchmarked product that improves efficiency and adds value to our organization.

Although we don't see a benefit overnight, we gradually see the benefits of FortiGate over the years. It has provided a lot of insight into our organization's activities.

FortiGate significantly helped reduce the risk of cyberattacks that could disrupt our production. This has protected us against financial losses.

Fortinet has its management suite so it helps to centralize the management of network and security operations in our company. This helps us easily manage the issues and solutions that are required.

Fortinet FortiGate provides us with actionable data to inform our decisions about the most appropriate course of action. It delivers insights into resource consumption and compromised hosts, helping us identify the source of unauthorized login attempts. This comprehensive view allows us to understand what's entering our network.

Fortinet Security Fabric improved security across our industrial control systems.

Fortinet FortiGate helped reduce our mean time to remediate.

Fortinet FortiGate helped to mature our approach to cybersecurity for protecting our industrial equipment. The level of detail we can see regarding incoming traffic and ongoing activities is quite high. This detailed visibility extends to host configuration and other such aspects, providing us with valuable insights. As a result, Fortinet can provide a clear understanding of how to manage our network and quickly mitigate any issues that may arise.

The most valuable feature of FortiGate is FortiView which provides proactive monitoring. 

Ideally, I'd like to see most CLI configuration options exposed in the GUI to avoid manual command typing. However, there should be a more user-friendly approach than simply replicating everything in the GUI. Alternatively, some users might prefer scheduling tasks through commands for automation.

I have been using Fortinet FortiGate for over 12 years.

I would rate the stability of Fortinet FortiGate ten out of ten. As long as we configure FortiGate properly.

The technical support has improved over the years.

Positive

We previously used an open-source firewall, but we were looking for a solution that was more proactive, easier to manage, and continuously improved. FortiGate was a major competitor at the time and has since become one of the market leaders.

Initially, there was a learning curve during the deployment. We did have the help of local vendors.

If our policies are already in place, we can have the solution up and running in less than a day using a script. However, if we need to determine our policies while implementing the solution, it can take over a month to complete.

Fortinet FortiGate mitigates an excessive amount of manpower requirements because it is easy to manage and this helps contribute to a return on investment.

The price varies yearly and there could be additional costs to help manage the infrastructure. 

In certain markets, if an organization subscribes to their internet service they get a Fortinet firewall included in the cost.

We evaluated some of the leading brands. At the time we found FortiGate easier to administrate and handle. The interface was intuitive and the solution was affordable.

I would rate Fortinet FortiGate nine out of ten.

Fortinet FortiGate is one of the most user-friendly security appliances I've encountered. It has a gentle learning curve, and even beginners can configure it effectively. However, for a successful deployment, it's crucial to have a well-defined network layout, documented initial requirements, and a clear configuration strategy. While physical documentation isn't mandatory, a well-organized approach is essential. This includes using clear and consistent naming conventions for commands and rules, along with detailed descriptions within the configuration itself. This makes it easy for anyone to understand the overall logic and navigate the configuration from start to finish. It's important to note that my approach to policy management might involve unique syntax. This includes how I structure policy sets and identify which ones consume the most resources. Understanding how policies interact with other aspects, like implementation and rule execution, is also crucial. Ultimately, a well-defined naming standard is the foundation for a clear and maintainable configuration.