Fortinet FortiGate Reviews

We use Fortinet FortiGate for VPN. We connect the branches together for the HQ. That's why we are using the VPN, and we publish some of the websites in the HQ, and the users can access that website from outside with the two-factor authenticator and a token key. We are using FortiGate to control the connection between the branches. But, for the software, we are using this to collect the data to extract reports.

I like FortiManager.

Improvements depend on your specific needs. Currently, it meets my requirements. Whenever I need something, Fortinet improves and updates the software for me.

I have been working with Fortinet FortiGate for about ten years.

Fortinet FortiGate is a stable solution.

On a scale from one to five, I would give its stability a five.

Fortinet FortiGate is scalable. If you are familiar with it, you can work from anywhere and do whatever you want. It is very easy to scale. We have about 500 users in our organization. It is not only engineering and not IT because we publish many websites from HQ to other branches. End-users use the Fortinet username and password to log in with two-factor authentication and the token.

Technical support is good.

On a scale from one to five, I would give technical support a five.

Positive

The initial setup was very easy. We had two third-party members and four of my team members implement this solution. It took us five to six days to install and deploy both the software and hardware. For the software alone, it took us about two days to implement. You need two people to manage and maintain this solution.

We had a third-party company help us with this implementation. They came and did the first setup, and after that, I followed the technical support from Fortinet.

Licensing costs are acceptable. I think it's cheaper than Cisco. We pay for the license on a yearly basis.

On a scale from one to ten, I would give Fortinet FortiGate a ten.

We are using FortiGate as a perimeter firewall.

It is our perimeter firewall. URL filtering, IPS, and antivirus features are most valuable.

It is easy to manage, and it doesn't need much knowledge from the team. It is a stable device, and there are many features that are included out of the box.

Their support can be improved in terms of the response time and the quality of support.

There are some tiny bugs that sometimes affect the operations. In the past revision of it, there was a bug. Because of the bug, we had to downgrade the version. It happened only with the last revision.

I have been using this solution for two years.

It has been very stable over the past two years.

I have no problem with scalability. When I need to add any device, I just find and add it to the network. I have no issue with the count of devices. I can buy a license and add whatever devices I need to add. Currently, I have no issue with the scalability of this firewall, but if I reach the maximum limit, I need to exchange the box or just add licenses. We currently have about 1,000 users.

I have contacted them many times. My experience with them was good, but their support can be improved overall. I would rate them a three out of five. 

It was very simple.

There was a partner supporting us. Our experience with them was very good. I would rate its setup experience a four out of five.

For maintenance, we currently have a team of two people, but it may be extended to three or four.

It has been two years. I don't remember the actual price, but it was affordable.

We buy the boxes and then use the license for three years.

I would recommend this product. It is a very good product to be used as a perimeter firewall.

I would rate it an eight out of 10.

We have been using it for our internal infrastructure, but mainly, we are providing it as a service to our customers.

In one of the use cases, a customer is using FortiGate, and they also use FortiAP. To collect the usage and monitor the traffic, they use FortiAnalyzer. So, they have FortiGate, FortiAP, and FortiAnalyzer. It is not a very big deployment. It is a midsized company with less than 50 people.

The UTM feature is quite good. FortiAP is easy to deploy because both Fortigate and FortiAP are under the same brand. Otherwise, you need to do more work on the configuration.

Price, of course, can always be more competitive or better.

If a customer has a requirement for firewall, security, WiFi, and analytics, it is good if we can propose a solution from the same vendor, but we have found that no distributor in Hong Kong has sufficient knowledge to deploy Network Access Control (NAC) solutions. They have a wide range of products, but apart from the popular ones, such as a firewall or an AP,  there is not sufficient support here in Hong Kong for NAC solutions.

I have been using this solution for more than 10 years.

It is reasonably stable.

Our customers are mainly small to medium businesses. I really didn't have a chance to scale it up. We have a customer with two subsidiaries on the same floor. They are changing from traditional features to SD-WAN features. Based on what I heard from my colleagues, migration work is quite smooth, and there are no big issues.

I'm not doing hands-on work for the projects, but from my colleagues, I haven't heard of any delay or incompetency in support.

It is quite easy. The duration depends on the complexity. If you are using a firewall from one brand and WiFi from another brand, then you probably would need more time to do the setup. Overall, the saving is around 25% in terms of labor hours.

Their licensing costs are annual. The UTM feature license along with their support is called FortiCare. We include that as a part of the annual maintenance cost. Palo Alto or Juniper also have an annual subscription charge for UTM.

Price, of course, can always be more competitive, but it is not the most expensive product. The price-performance ratio is quite high for FortiGate.

I would recommend this solution to others as well as to our existing customers who are not using FortiGate. I would rate it an eight out of 10.

I am using Fortinet FortiGate as a perimeter internet firewall.

The most valuable feature is the FortiManager for centralized management.

Fortinet FortiGate could improve if it had a cloud-managed solution.

I have been using Fortinet FortiGate for approximately 10 years.

Fortinet FortiGate is approximately 80 percent stable.

The scalability of Fortinet FortiGate is good.

The technical support from Fortinet FortiGate is terrible. They can improve.

The presales, account management, and post-sales are the three worst things about Fortinet.

I have previously used other solutions such as Cisco, Check Point, and Palo Alto.

The solution I would recommend largely depends upon the environment it is being implemented. We tend to mix and match firewalls, but Check Point tends to be,  easier to manage, but more expensive. Their support is much better than Fortinet's when it comes to pre-sales and post-sales.

The price of Fortinet FortiGate is better than Cisco, Check Point, and Palo Alto. In terms of pricing, it's probably a better-priced firewall solution overall.

I rate Fortinet FortiGate an eight out of ten.

I have deployed several of the following models for customers: 200D, 60E, 60D. This review focuses on the FortiGate 200D.

The first implementation I performed of a FortiGate 200D was to replace a Juniper SSG-140 in a main corporate office.  This implementation provided improved network administration and network performance.

We also received more timely security updates, and it became easier to connect all of the other offices together (via an IPsec VPN mesh).

As additional FortiOS releases have come out, we have obtained more flexibility in device identification and WAN load-balancing, among other things.

• The CLI is robust and powerful, enabling rapid, consistent changes via SSH. 
  
  The device identification is very flexible, facilitating the creation of rules to regulate all sorts of devices that might spring up on a network, especially via WiFi.
• The IPsec tunnels are very easily created, and quite interoperable with devices from other vendors.
• WAN load-balancing has improved, but needs some refinement.
  
  You can set up a different DDNS config for each WAN link.
  
  It is great to be able largely use the same OS features across the family of devices.

WAN load-balancing could be a lot better at detecting when a link is poor or inconsistent, and not just flat out dead. There are lots of options for routing traffic over a specific path when you have WAN load-balancing enabled, but they are not as clear and consistent as they could be, and most can only be set at the CLI.

Some configuration elements cannot be easily altered once created.  For instance, there is no way to rename an interface (say, for a VPN tunnel), unless you create an entirely new one and perform a little gymnastics to switch from one to the other. Or, you export the config, rename the elements in question, then re-import the entire config.

Creating a meshed VPN connection (Office A with two WAN links connecting to Office B with two WAN links) requires a massive bundle of four IPsec interfaces, with two policies. It would be nice to have a cleaner, simpler config for that functionality, something not very uncommon today.

I have found that if you have a console cable in the device when you reboot it for a disk check, it will boot to the device firmware. This will not happen for a regular reboot.

If you have more than a very basic environment, you quickly have to escalate past the first level of support. The initial level is so-so.  The next level up has been stellar for me, and quick to figure out issues and resolve them.

I've only experienced stability issues a few times.  One was with the v5.4.0 and .1 releases. Also, there was an issue during the v5.2.x series where there was an SSD issue that was fixed with later firmware. Overall, the devices have been very stable.

No. Scalability is good, and performance increases are great as you move to higher products.

Customer support is okay. They are fairly responsive for level three and higher (one and two) issues, but if your issue is a little complex, you will want to ask them to escalate to a second level tech. They don't always read all the info you provide in the first pass, but overall, they are helpful.

I previously favored NetScreen/Juniper SSG solutions, but Juniper stopped supporting the SSG line, and FortiGate provides more value and performance for the dollar.

I've also tested the Sophos solutions, but found them not compelling enough to switch from the FortiGate devices.

The devices are very easy to setup, even if you need to configure VPNs. You could have an HA config up and running within 60-90 minutes, with the latest firmware installed, and a couple of policies and tunnels.

If you do not regularly work with enterprise-class firewalls, you might need to add an hour to the above scenario, but the provided wizards make it pretty easy to address the basic functions.

In-house deployment all the time.

In almost every case, I've experienced (or had customers experience) an ROI within 12 months, based on better performance for the same price or increased functionality for the same (or less) price.

Licensing and setup costs are generally pretty clear with Fortinet. If you go with centralized management or their Log Analyzer tool, these carry some additional pricing that you need to look at.

Check out the price matrix, and go with a value-added reseller that understands how to help you size out the equipment. Remember to always look at the performance with the assumption that you will have many of the unified threat management (UTM) features on, not off.

Yes, I tested and evaluated solutions from pfSense, Sophos, and Palo Alto.

I highly recommend, and often try to deploy Fortinet solutions for my office network and for my customers. They run for a long time, they are supported for many OS updates, and they are pretty solid.

Don't upgrade the OS right away when it is released, if a major new version has come out.  v5.0 was problematic early, but v5.2 was great. v5.4 was a problem child, but v5.6 had only a minor issue. v6.0 was surprisingly smooth and had only a minor issue. I could have avoided most of these problems if I waited an additional month or so before updating, but I updated because I need to advise customers on what they should be doing.

I've had to interact with support a lot, and overall they've been good (with the caveat mentioned earlier).

Fortinet FortiGate offers a new official solution for SASE. This solution is more cost-effective for my organisation than the hardware. It doesn’t require renewals every year or every three years. With FortiGate, you get a firewall as a cloud service and optimal protection.

Fortinet FortiGate meets all the security demands of my industry. It covers endpoint security, including web interface, DNS security, and ELP. I'm currently using the latest version. The features that have most improved our network security are Web Control, filtering, application control, IDS, IPS policies, and Deep SSL inspection.

The intrusion prevention system (IPS) in FortiGate is highly effective. It detects and prevents intrusions, maintaining security efficiently. It works seamlessly with my environment and Google Analytics, providing robust protection.

The firmware updates are sometimes not stable. The stability issues can vary, sometimes happening once a month or quarterly. New firmware updates can occasionally introduce bugs, causing some policies to fail. We then have to raise a ticket, and Fortinet usually provides a fix within a few days.

I have been using Fortinet FortiGate for the past three to five years.

For overall stability, I'd rate FortiGate an eight. It is stable, but there are sometimes issues with the software, so there's room for improvement.

There are no scalability issues with Fortinet FortiGate. I haven't needed to scale it yet, but I have a relationship with the vendor, and they have a program to scale their hardware if required.

They also offer many solutions free of cost with the hardware, including advanced solutions. We have four branches of our organization, and they use these effectively.

The support team is very effective.

Positive

I previously used Cisco for my environment, specifically Cisco ISE for access control, but I have shifted to Fortinet products due to their cost-effectiveness.

The deployment process of Fortinet FortiGate was very straightforward. The installation took about twenty minutes, and fully configuring it with security features took about an hour. It was pretty fast, so I didn't need to spend days preparing and configuring.

I am involved in the maintenance of FortiGate, and I have five engineers with me. Three are on-site, handling different boxes, and two are remote.

I've noticed benefits in terms of performance and timing with Fortinet FortiGate. Its implementation and deployment are quick, and migration from other vendors to Fortinet is smooth and easy. Typically, we only have about fifteen minutes of downtime during the transition and gradually implement the policies.

For the price, I'd rate it a ten because it's very cost-effective.

I chose Fortinet FortiGate because it is effortless to use compared to other vendors. Their customer support is excellent, with quick responses and qualified attack engineers. They provide relevant documentation and immediate engineer assistance if needed.

Regarding AI capabilities, the product promises threat intelligence based on AI and machine learning, which I plan to explore. FortiGate integrates smoothly with other solutions.

I'd rate FortiGate a nine out of ten.

Our primary use cases for FortiGate are SD-WAN and the next-gen firewall.

Most clients in the Philippines seek a cost-effective solution that can secure their network, and FortiGate is often their first choice. If your network is secure, there's less downtime and threat exposure, increasing overall efficiency. 

Fortinet's secure SD-WAN helps us remedy threats faster. It's user-friendly, and you can see everything on the FortiGate dashboard through a single pane of glass. Secure SD-WAN has reduced our mean time to detect. We haven't had any significant issues so far. 

SD-WAN has reduced our help desk tickets by making us secure. Many of our clients switched from other brands to Fortinet, and they feel that the FortiGate box and the added security FortiGuard provides have exceeded their expectations. 

FortiGate firewalls are user-friendly, and I like the security profiling features. 
FortiGate has always had good interoperability. Their fabric enables you to integrate a lot of products into one vendor. 

The secure SD-WAN gives you a tool for failproof your connections, especially with a branch-to-branch setup. FortiGate also comes with FortiGuard, which is an excellent threat-detection service. They have their own R&D and threat intelligence for FortiGuard.

While FortiGate is cheaper than most other solutions, we're seeing increased license renewal costs. Most of our clients are asking for more significant discounts because the price is going up. 

We have been using the solution for more than two years.

I rate FortiGate an eight and a half out of ten for stability.

I rate FortiGate a nine out of ten for scalability. 

I rate Fortinet support a nine out of ten. 

Positive

We also use Meraki. FortiGate has advantages in terms of usability. Also, if we don't pay for the Meraki license, it becomes useless. 

Deploying FortiGate is straightforward. It typically takes about three days to deploy and configure the solution. One person is usually enough to deploy it. 

Most of our clients are still using the FortiGate D Series, so they have gotten their money's worth. 

Fortinet is much cheaper compared to the other leading platforms. However, most of our customers are asking for bigger discounts on license renewals. 

I rate Fortinet FortiGate a nine out of ten. 

Our primary use case is for social network blocking and for unusual applications in our network as well as for intrusion prevention. We are a department store. 

This product has made it easier to secure our network. 

The pipe filter application is an outstanding feature. The hardware processors are also very impressive. In general, this is an easy-to-use application, with a user-friendly interface. If you have any issues, Fortinet has a support library where you can search for videos and documentation. If you want to configure anything and you're unsure about it, the solution is in the videos. If a single link fails, it automatically connects to a secondary one and that's saved me a lot of time as I would have previously had to deal with it manually. Fortigate blocks unusual traffic and therefore secures our network. Third-party integrations are good.

The updates Fortinet provides are sometimes unstable. We have to check everything thoroughly before any upgrade.

We've been using this solution for seven years. 

The solution is very scalable. The processor, the microprocessor and the security processors are very intelligent so they can scale significantly and manage that well. 

The initial setup is straightforward and easy to manage. There is no maintenance required. 

We've seen a return on our investment. 

This is a very comprehensive solution but the cost is quite high. 

We evaluated several options before going with Fortinet. 

I think this is the best solution of its kind on the market and I rate it nine out of 10.