Fortinet FortiGate Reviews

We used FG-90D as UTM device to protect some users and servers, and also to enable inter-vlan routing with advanced security policies inside our lab zone. Also used FG-500D in transparent mode in front of Cisco ASA for advanced and high performance protection by applying IPS, AV, AntiSpam, App.Control and DoS-protection profiles.

We have better manageability: opening and closing ports/services, adding addresses is done very quickly (can be done in single page of the web GUI).

It offers outstanding reporting tools when coupled with FortiAnalyzer (Fortinet's log collector and reporting tool) help meet compliance (there are PCIDSS, HIPAA and many more report types).

Better security posture: safe web surfing, less spam and viruses in incoming email messages, very granular AppControl, blocking vulnerability exploitation attempts and traffic anomalies by IPS, preventing DoS attacks by DoS policies.

Good VPN, both IPSEC and SSL (web-mode, tunnel-mode). An engineer/network administrator has tools to debug VPN issues that can occur during tunnel setup with other vendors' equipment.

SD-WAN feature at no cost. This is really great feature for remote locations (branch offices) and HQ, application steering between many ISP links becomes a simple task. Steering can be done dynamically by measuring link quality (latency, jitter, packet loss, available bandwidth).

Wi-Fi and Switch controller at no cost. FortiSwitch and FortiAP can become a kind of port extender of the firewall, all its ports can be referenced in firewall policies. When you have such management plane consolidation it gives you a simpler way to operate.

Security Fabric Framework is helping in analyzing sudden and rapid changes in whole infrastructure, and gives the ability to simplify daily operations (e.g. address objects synchronization between all firewalls in Fabric, estimating overall security rating, single-sign-on for admin access and many more)

Single Sign On support with deep LDAP integration (several variants for environments with different scales), RADIUS authentication.

Can work as transparent and explicit web-proxy, the last option supports Kerberos authentication which requires no agents installed on any windows server.

Human readable firewall policies with editable security policies and
addresses in single page. This is very useful and time saving feature.

Firmware upgrade process is very simple, even for cluster configurations it is fully automated by default.

Straightforward SNAT and DNAT; you may work in two ways: with Central NAT rules configuration and by applying translation directly inside firewall policies.

Bulk CLI commands are uploaded via gui in script file (portions of config file).

VDOMs are very useful when you need to grant admin role to clients separately. VDOMs in FortiGate can be represented in FortiAnalyzer's ADOMs (administrative domain), which can have different log storage policies, event handling and alerting configurations. You can create one VDOM working in NAT/Route mode, and another VDOM working in Transparent mode.

If you don't want to create and use second VDOM you can still transparently inspect traffic at layer 2 level while having only one VDOM in NAT/Route mode. This is achived by configuring Virtual Wire Pair ports that work like a separate bridge.

Ability to capture packets going through any interface of device (and VM too). You can set number of packets, filter out packets by IP and port number for particular troubleshooting purposes, then download a .pcap file from web gui and analyze it in your favorite programm.

Advanced routing (RIP, OSPF, BGP, PBR). It gives you a seamless and simple integration into a large network.

IPS, AV, Web Filter, AppControl profiles are working very well.

SSL Inspection and CASI (Cloud Access Security Inspection) profiles.

Rich logging options allow you troubleshoot most problems.

Straightforward HA with different redundancy schemas.

IPv6 support.

I think there could be more QoS features in GUI. FortiGate has Traffic Shaping feature that is enough in most cases when shaping egressing packets, but sometimes I just need 802.1p prioritizing (Class of Service) of incoming packets and manual ingress queue assignment. This is what would be nice to have, but I realize that such a job is more efficiently done by L4 switch standing before firewall. Fortinet has a FortiSwitch that can do it, and it also can be controlled by FortiGate via FortiLink protocol.

[Firmware version FortiOS 6.2 update]: There are a lot of improved and newly added things, so it is very hard to imagine any additional features.

Four years.

Small models (up to FG-90) are build on SoC (System on a Chip), so they need to be mounted in places with enough airflow and right temperature, otherwise they could hang, slow down traffic processing, but more often you just can't log in to the device's web-interface (reboot won't help you until it cools down). Actually, that's not an issue. It is a technical requirement for operating environment to be 5-40 degrees (but at 35 degrees with poor airflow there may be issues mentioned above).

For large scale deployment I would suggest to look at FortiManager, a central management point for large amount of FortiGates. I have tested the solution and found it quite useful. I could download configuration from any device and install edited list of policies to several devices simultaneously through a couple of clicks. Also I liked functionality of clearing out Address objects list from unused entries. It can be configured to be a central repository of firmware and updates, and a local rating server (url and antispam rating services) which can improve rating lookup latency value.

Technical support is good (in average).

We used an old IPS from Cisco. We switched because of End-of-Support on that device.

Initial setup in plain networks is very straightforward. For large environment you should prepare beforehand, because FortiGate is a highly-tunable and feature rich product, so you must have a plan with many considered details.

We did not engage a vendor team. Documentation is good enough to implement with an in-house team.

Setup cost may be not so low, as you expect, because it depends on different factors, but TCO for 5 years may pleasantly surprise you.

Palo Alto, Cisco ASA, CheckPoint

Many interesting things are hidden in CLI, they can help you in different situations. Web-interface (GUI) is primarily intended for day-to-day routine.

Don't underestimate FortiAnalyzer. It can give you a better understanding of what is going on in your network. When FortiGate sends logs to FortiAnalyzer, FortiAnalyzer inserts received log data into database. Predefined and customizable data queries, charts and reports can significantly help you by visualizing problem points, so you can thoroughly investigate security events and traffic behavior anomalies.

FortiGate is a constantly evolving product, so pay attention to FortiOS version it runs.

For IPS, IDS, traffic management, SDWAN, high availability, we leverage Fortinet FortiGate as a virtual appliance to secure our data center, internal office infrastructure, and site-to-site VPNS Site to client VPNS for our internal lab controls, rather than using physical Fortinet FortiGate hardware.

We implemented Fortinet FortiGate as part of our compliance requirements to address the high volume of intrusion attempts we were experiencing. This solution provides us with a insight on Intrusion to block these attacks and gain insights into who is trying to access our network. Essentially, we aim to understand the nature of incoming and outgoing network traffic.

FortiGate offers visibility into the types, brands, versions, and users of connected devices. This visibility is crucial for our industrial devices, as their reliable operation is essential to our business.

Fortinet Security Fabric empowers us to comply with regulations, governance, and compliance requirements across regions like the US and Europe, ensuring smooth operations for our global business.

FortiGate's built-in APIs enable us to integrate with the vendors of our choice.

Fortinet's FortiGate is easy to deploy in our environment thanks to its well-written and easy-to-follow documentation.

FortiGate is a highly benchmarked product that improves efficiency and adds value to our organization.

Although we don't see a benefit overnight, we gradually see the benefits of FortiGate over the years. It has provided a lot of insight into our organization's activities.

FortiGate significantly helped reduce the risk of cyberattacks that could disrupt our production. This has protected us against financial losses.

Fortinet has its management suite so it helps to centralize the management of network and security operations in our company. This helps us easily manage the issues and solutions that are required.

Fortinet FortiGate provides us with actionable data to inform our decisions about the most appropriate course of action. It delivers insights into resource consumption and compromised hosts, helping us identify the source of unauthorized login attempts. This comprehensive view allows us to understand what's entering our network.

Fortinet Security Fabric improved security across our industrial control systems.

Fortinet FortiGate helped reduce our mean time to remediate.

Fortinet FortiGate helped to mature our approach to cybersecurity for protecting our industrial equipment. The level of detail we can see regarding incoming traffic and ongoing activities is quite high. This detailed visibility extends to host configuration and other such aspects, providing us with valuable insights. As a result, Fortinet can provide a clear understanding of how to manage our network and quickly mitigate any issues that may arise.

The most valuable feature of FortiGate is FortiView which provides proactive monitoring. 

Ideally, I'd like to see most CLI configuration options exposed in the GUI to avoid manual command typing. However, there should be a more user-friendly approach than simply replicating everything in the GUI. Alternatively, some users might prefer scheduling tasks through commands for automation.

I have been using Fortinet FortiGate for over 12 years.

I would rate the stability of Fortinet FortiGate ten out of ten. As long as we configure FortiGate properly.

The technical support has improved over the years.

Positive

We previously used an open-source firewall, but we were looking for a solution that was more proactive, easier to manage, and continuously improved. FortiGate was a major competitor at the time and has since become one of the market leaders.

Initially, there was a learning curve during the deployment. We did have the help of local vendors.

If our policies are already in place, we can have the solution up and running in less than a day using a script. However, if we need to determine our policies while implementing the solution, it can take over a month to complete.

Fortinet FortiGate mitigates an excessive amount of manpower requirements because it is easy to manage and this helps contribute to a return on investment.

The price varies yearly and there could be additional costs to help manage the infrastructure. 

In certain markets, if an organization subscribes to their internet service they get a Fortinet firewall included in the cost.

We evaluated some of the leading brands. At the time we found FortiGate easier to administrate and handle. The interface was intuitive and the solution was affordable.

I would rate Fortinet FortiGate nine out of ten.

Fortinet FortiGate is one of the most user-friendly security appliances I've encountered. It has a gentle learning curve, and even beginners can configure it effectively. However, for a successful deployment, it's crucial to have a well-defined network layout, documented initial requirements, and a clear configuration strategy. While physical documentation isn't mandatory, a well-organized approach is essential. This includes using clear and consistent naming conventions for commands and rules, along with detailed descriptions within the configuration itself. This makes it easy for anyone to understand the overall logic and navigate the configuration from start to finish. It's important to note that my approach to policy management might involve unique syntax. This includes how I structure policy sets and identify which ones consume the most resources. Understanding how policies interact with other aspects, like implementation and rule execution, is also crucial. Ultimately, a well-defined naming standard is the foundation for a clear and maintainable configuration.

I use it for a VPN. I use it as a gateway between locations. That's what I use it for.

They're Point-to-Point Networks, Metro Ethernet Networks, and over across the internet. We set it up with an AD VPN tunnel in between the various connections.

We use it for interconnectivity between the various sites to provide VPN tunnels. In contrast, service providers, even on Metro Ethernet and Point-to-Point Networks, cannot provide a secure connection between two points.

We've actually replaced 30 or more Cisco routers that were doing these VPN connections, and we replaced them with the FortiGates in order to provide Point-to-Point connectivity. It increased throughput on the various links, and it increased security.

Their VPN connection, their routing capabilities, their layer three throughput, and their firewall management capabilities that limit access from one VLAN to another are all the most valuable aspects for us. 

The solution is stable.

It can expand easily.

Support is helpful.

The product is significantly cheaper than, for example, Cisco. 

The user productivity has been good as they can, for example, transfer files easier. There is no slowdown. 

In their IPS Web Security Gateway, the reporting functions need to be a little bit more user-friendly for how to get the reports from it. That's one of the reasons why we don't use that function.

With the reports, you can see it, and you can get good feelings so upper management can go, "Oh, wow. That looks pretty." However, it's very basic.

I've been using the solution for two years. 

The stability is very good. There are no bugs or glitches, and it doesn't crash or freeze. 

We've been able to scale pretty well. It's not a problem of you need to expand. 

End users will be passing through it. Most of the accounting passes through it to various other locations. We have about 1,500 people on the product, technically.

We do have plans to increase usage. We have not completed the entire County yet. We've done 80% and still need to action the last 20%.

Technical support is very helpful. 

Positive

We used to use Cisco. We switched to FortiGate due to its throughput, ease of use, and cost.

Our needs are a little bit more complex than others. That said, overall, I would say it's about average in terms of the ease of setup. We got to do a VPN tunnel across, and it was AD VPN, it was something brand new. 

When I set things up now, it's pretty straightforward. When I first started, it was different as I'd never seen the technology before. When I first started, I'd never seen this technology, I didn't have a clue. Others may be in the same boat. 

Now that we're familiar with technology, this is very easy to set up. We've deployed 30 of them. I've got junior engineers that can follow my instructions and set up the FortiGate, and we're up and running. It gets easier over time. We've been doing this over the last two years.

We have up to two people needed for deployment and maintenance tasks. 

The deployment is completely done in-house. We didn't have any outside assistance. 

We did use Fortinet's tech support when we came into some problems. However, we didn't use any extra vendor.

Licensing is renewed every three to five years. They are less expensive e than Cisco. It has reduced the overall cost of maintaining a Cisco environment.

It's a package deal. There are no extra costs. 

We did not look into other solutions. 

I'd advise potential users to just implement the right size for you and what your needs are.

I'd rate the product nine out of ten. 

We are just a customer and end-user.

We are using Fortinet FortiGate as a firewall.

Fortinet FortiGate has been invaluable. It has helped save costs due to its various features, reliable performance, very good UI, low latency, and stability.

The Threat Intel engine in Fortinet FortiGate is highly rated for its effectiveness in threat prevention. It has a good UI and overall integration, including FortiGate Manager for controlling all firewalls from a single place.

The anti-malware engine could use an upgrade. It should automatically classify and sandbox malicious packets with more granular controls, including providing details like TV numbers.

Initially, we faced some issues with updates due to network factors needing to be white-listed in the proxy. These problems have since been resolved, and we are not facing any issues now.

While I don't have a clear picture of scalability, we scale up in different regions based on the number of users and the amount of load. This is typically handled by architecture teams.

Customer support is very responsive, addressing queries in a timely manner. I would rate the customer support ten out of ten.

Positive

We have also used Palo Alto Firewalls and Fortinet FortiGate. Fortinet FortiGate has a better UI and overall integration, including FortiGate Manager for single-place control over all firewalls.

The initial setup was straightforward and easy, thanks to the support provided. I would rate the ease of setup ten out of ten.

We had the help of the end-of-support team for the setup, which made the process quite straightforward and easy.

The price is reasonable for our company. The finance team handles the specifics regarding the license costs.

We evaluated Palo Alto NG Firewalls before settling on Fortinet FortiGate.

We use Fortinet FortiGate to safeguard our online users, who are primarily students, around the clock.

Over the past seven years, we've utilized Fortinet FortiGate to address a wide range of security challenges. Initially, we implemented a firewall to secure our network perimeter. Subsequently, we sought to protect internal network segments. Next, we implemented application-level security measures. And most recently, we've implemented selective service controls to manage access to applications like Google services, WhatsApp, and video conferencing platforms. These measures have addressed evolving security needs over time. Currently, we're focused on enhancing authentication and remote access security. To achieve this, we're implementing security tokens to verify user identities and ensure authorized access.

Fortinet FortiGate enables us to comply with regulatory governance and compliance requirements.

FortiGate is one of the security solutions we have implemented to enhance and protect our network infrastructure, including devices, across the campus for all users. Specifically, FortiGate has shielded us from Internet security threats, application threats, and unwanted websites or access to unauthorized web services. For instance, access to classified websites is restricted based on user permissions. This has resulted in a cleaner network environment, not just from a security standpoint but also in terms of overall network performance. Secondly, FortiGate has significantly alleviated the burden on network administrators and server managers. The product has proven to be highly reliable.

It has effectively reduced our risk of cyberattacks. We have experienced a very small number of incidents, primarily due to configuration loopholes. However, FortiGate has been successful in preventing intrusions from the Internet. It has effectively thwarted hacking attempts, making it a valuable tool for our computer and network security.

We operate in an educational setting and do not rely solely on online connectivity. Therefore, an internet outage would only impact academic activities. While some internet services are utilized within our campus primarily for business purposes, they are not entirely internet-dependent. Consequently, the impact of equipment failure is minimal. In the event of equipment malfunction, we have established contingency plans and alternative facilitating services in place. Additionally, our devices are designed for high availability, with two devices functioning as a backup in case one fails. We have not experienced any device failures to date.

It has streamlined the management of our network and security operations. While the machine itself doesn't provide an out-of-the-box solution, its effectiveness hinges on the expertise and security knowledge of its users. Therefore, engineering and security proficiency are paramount to maximizing the benefits of FortiGate.

FortiGate offers a lot of reporting logs and reports. By continuously monitoring these resources, we can gather sufficient information to take immediate action and implement necessary changes. However, the effectiveness of this approach hinges on having dedicated personnel to review and respond to the provided insights. The device itself cannot act autonomously without human intervention and analysis.

FortiGate has helped us reduce our mean time to remediation by 60 percent. Its user-friendly interface facilitates rapid issue resolution.

Fortinet FortiGate is an extremely user-friendly product. In terms of security, we have not experienced any security flaws or loopholes, and it has proven to be quite stable. Additionally, we have not experienced any downtime, which is of utmost importance.

The log analyzer, for instance, is a product being developed as a common solution for multiple FortiGate devices. Consequently, the log analyzer's functionalities are not fully integrated into the individual FortiGate products. I would prefer to have more detailed logs within the FortiGate products themselves rather than relying on a separate tool.

While Fortinet claims to offer a comprehensive network solution, it falls short in addressing computer application issues, particularly server security. Fortinet's capabilities are primarily focused on network security.

I have been using Fortinet FortiGate for over seven years.

I rate the stability of Fortinet FortiGate ten out of ten.

Fortinet FortiGate is a fixed configuration that depends on the number of nodes and devices.

The support from Fortinet and its vendors is good.

Positive

The initial deployment can be completed in a few days. Two to three people are involved in the deployment.

In the Asian economy in which we operate, FortiGate is expensive.

I would rate Fortinet FortiGate eight out of ten.

I'm not involved in the operation of industrial devices. We do, however, have devices that are part of laboratories, and they may be flagged during searches because we belong to the education sector. In any case, FortiGate provides protection, and I wouldn't know the extent of visibility there because it's primarily concerned with providing security for those devices. If they are connected to the network, alright.

We have around 1,500 users and over 3,000 devices that utilize FortiGate.

We are using Fortinet for administration over local users that need to connect with our wireless. We have users that come from different domains, and there are certain limits and restrictions that need to be implemented.

There is not much visible improvement, but it's a stable and reliable environment. We did not see anything critical in the production environment.

Reliability is the best feature. We faced some issues when we were setting it up, but the service, portal, and administration are good.

There is some development gap. We had experienced bugs in their operating system. When we were planning to upgrade it, there was no patch available for a bug, and the support team was saying that they need to work on that. That's the part they should work on.

There are some complex administration tasks in their administration portal. That needs to be improved.

It has been around two years since we set it up.

It's stable.

It's scalable. We have 1,500 to 2,000 people across the world. We have multiple regions and multiple sites.

We contacted them for a few cases. I would rate them a seven out of ten. They could be better at finding solutions.

Neutral

This was the first option, but we'll try Cisco as well for our Wi-Fi setup for the next one to two years. 

It was a management call to go for this. They know what is best for their business.

I was not exactly involved in its initial setup, but at a later stage, I had to jump into that. I was more into Cisco setup.

Overall, the setup was easy. There was a portal, and most of the things were similar to other hardware we use, such as Palo Alto. We found some bugs during the setup, and there was not much support available from the Fortinet support team

In terms of maintenance, there are upgrades available roughly every quarter.

It's worth the money.

The price range is quite acceptable and normal.

It's excellent. The services, administration, and reliability are up to the mark. They just need to improve it a bit. 

I would recommend it if you want to set it up for your business. Overall, I would rate it a nine out of ten.

It is just for firewalls and network security.

It's mostly compliance, like just meeting our security requirements to keep our data secure. We don't make money out of it. It just keeps our data safe.

I have FortiGate for SD-WAN and all access points here, which has helped with traffic shaping capabilities.

I also use AI (Rapid7) to improve my cybersecurity. 

It's easy to use and provides good visibility of network traffic.

The SD-WAN functionality is a bit overly complicated and not fully documented.

I have been using it for six years. 

The customer service and support are good. I can contact them online or over the phone.

Neutral

I have used Sophos XTM and Palo Alto.

FortiGate is more feature-rich and has a broader range of hardware. They offer switches, access points, firewalls, and the whole network stack, whereas a lot of others only do firewalls.

It's just a good value and the possibility of using those features. We haven't used FortiSwitches yet; we're investigating them at the moment, but we haven't ordered any yet.

The SD-WAN was certainly tricky and took a while to figure out, but the rest of the security features were straightforward.

The deployment took us six months. 

It's hard to measure the return on investment, but it certainly helps us manage our security requirements easier than other solutions that I've used.

It's good value for the money.

It was worth the money overall. It's good value.

Overall, I would rate the solution an eight out of ten. 

Our company uses this solution for endpoint network security. 

The ECC management and the GUI that offers single interface management are the most valuable features of Fortinet FortiGate. 

The documentation available for Fortinet FortiGate should be improved. Often, I find documentation of older models and not the latest version of Fortinet FortiGate. I have to often utilize the older documentation and reengineer the information for the latest model of Fortinet FortiGate. 

There are competitor products in the market that can monitor all logs, which are referred to as SOC; Fortinet FortiGate should have such in-built features. The solution should be able to implement machine learning and analytics of all the logs for threat detection and protection. 

I have been using Fortinet FortiGate for more than a year.

I would rate the stability an eight out of ten. 

The solution is used daily in our organization. I would rate the scalability an eight out of ten. 

I would rate the tech support an eight out of ten. Our company needs to contact customer support on certain issues. The support team is usually able to resolve the issues by communication over call a few times. Sometimes, there was quite some back-and-forth through support tickets with the vendor team before the issues got resolved. 

Positive

Our company previously worked with Juniper, NETGEAR, and Cisco. The devices from the aforementioned vendors reached the End of Life, and their support was expiring in our company, so we switched to Fortinet FortiGate to have visibility and manage all devices through a single vendor. 

I would rate the initial setup a nine out of ten. Due to some network complexities, we had to schedule the downtime of our organization's business, so the initial deployment of Fortinet FortiGate took more time than anticipated. But the setup process was seamless and our company didn't face any abrupt down time. 

At our company, first, we prepared a deployment plan and then divided the services into varying areas based on which the deployment was performed in phases. Only two professionals, a system engineer, and an infrastructure manager, are required to deploy Fortinet FortiGate.

Another two individuals are needed to maintain the solution with the same aforementioned professional job designations. In our company, we didn't face any issues while integrating Fortinet FortiGate with our existing infrastructure and even with other tools.

A third-party team deployed the solution for our organization. 

In our company, we haven't realized an ROI yet, as the solution was implemented just a year ago. There are some devices that I need in addition to other area devices of my company, we are in process of renewing all old devices with newer versions.

In the next few months, our company will be able to obtain the actual capex purchase with at least ten switches. Fortinet FortiGate is worth the money, offers multiple solutions under one roof. 

I would rate the pricing a five out of ten. Our company onboarded the solution through a traditional capex purchase of the standard license with three years of customer support. 

Our company has been using Fortinet FortiGate since 2009 at the firewall level, due to familiarity with the RTO and FortiGate environment, complete adoption of Fortinet FortiGate was an easier choice than other solutions for a single clear management. 

Fortinet FortiGate also had all the features that our company was expecting, and in terms of ease of management, opting for the same vendor from firewall to edge device was a comfortable option. 

Previously, in our organization, we didn't have a network monitoring tool. With the adoption of Fortinet FortiGate, we can now check the port level of the switches that can be witnessed at the EP end, where all devices remain connected to the network. The management and monitoring are the major benefits of Fortinet FortiGate. 

I would advise others to consider adopting the solution without hesitation. I read the latest Gartner Magic Quadrant report, and it mentioned that, based on its track record, Fortinet can compete with the best in terms of network and security solutions.

For the last five years I believe Fortinet has dominated the market. I recently attended a Fortinet event where I met all the local and regional support team; I learned that the vendor is continually expanding, and in our region, we can easily avail support and guidance regarding Fortinet solutions whenever required. 

The monitoring subscription that is provided with the Fortinet FortiGate has built-in AI features for the past three years. I believe Fortinet is in the sixth generation of their AI and ML utilizing the native infrastructure. Thus, the AI features have been available for a long time in Fortinet FortiGate, but they are promoting it now due to the market trends. I would overall rate the solution an eight out of ten.