Fortinet FortiGate Reviews

My company's customers use the solution for VPNs, specifically for SSL VPNs, IPSec VPNs, and other areas like web filters and application filters.

The most valuable feature of the solution revolves around SSL VPN. SSL VPN is good since I stay in a family where we use some other servers with port forwarding features, and so there is a lot of risk with it. Last time, my server got hacked with a ransomware attack. After that, we got a firewall and gave an SSL VPN to my client to connect to their servers, after which, such kind of activities involving ransomware attacks stopped.

Though the tool's GUI is user-friendly, it can be considered as an area with certain shortcomings where improvements are required.

I have been using Fortinet FortiGate for five years. I am a reseller of the solution. I work with Fortinet FortiGate 40F and 60F.

Stability-wise, I rate the solution a ten out of ten.

Scalability-wise, I rate the solution an eight out of ten.

The challenges faced by our company related to the product are associated with the activation part. Whenever my company tries to activate the product, there are some challenges. Previously, my company had given a new product to our customer who had used Fortinet FortiGate in the past. When my company tried registering the product on the portal and activating the trial license, we saw that only 30 days of use remained in the tool. We installed the product's license after all the trial licenses were activated.

I have seven to ten customers running medium-sized businesses using Fortinet FortiGate.

After connecting to Fortinet Firewall, I have not faced any complaints related to large-scale traffic or attacks.

The solution's technical support needs to be fast since whenever my company raises a complaint, it takes almost two to three hours to get a callback from the customer support team. I rate the technical support a seven out of ten.

Neutral

I don't have any experience with SonicWall because it is not very user-friendly. Fortinet FortiGate is more user-friendly than SonicWall, so we are currently working with Fortinet FortiGate and Sophos.

The product's initial setup phase is easy. I rate it as an eight, where one is difficult, and ten is easy. Sometimes, when configuring the SD-WAN policies, I have seen issues with the tool not working properly. After updating the firmware, the tool worked properly, but there was some issue with the SD-WAN part.

For the product's deployment phase, I configured LAN and WAN, followed by the web filter policies. If a customer requires it, you can configure the VPNs.

The solution is deployed on an on-premises model.

The solution can be deployed in half an hour.

It is a bit expensive. On a scale of one being cheap and ten being expensive, I rate the tool's price as an eight. The price is justified for the features and capabilities offered by the product.

I can't describe how Fortinet FortiGate has been most effective for security posture since I haven't configured any security settings. It has a setting like in Outlook's configuration involving SMTP and POP. I didn't configure any security settings in the tool.

The tool's VPN functionality supports our company's customers' remote workforce since we have given an SSL VPN connection to support those working from outside the company. After connecting to the VPN, one needs to connect it to the server directly as it is better for security.

Whenever you upgrade firewall firmware, the user interface doesn't really change. If I upgrade to a new firmware with other tools, the user interface has slightly changed.

On the portal of Fortinet, there are VMs that are available for FortiGate. Our company can give the solution to the customer on a trial basis to check how it is working, so that there are no issues.

I rate the tool a nine out of ten.

It's mainly used to secure our clients' network access because they do not have any servers. The only things we have connected to the FortiGate firewall are access points, CCTVs, and a printer. It's just used for web browsing and internet access.

It definitely helps with intrusion prevention. When managing a firewall, you need to create policies to dictate the traffic flow within your environment. And once you enforce a policy, it has an intrusion prevention assistant that you can activate, so it's not just acting as a firewall.

Like most next-generation firewalls today, it helps control network traffic. I don't have any problem managing the network traffic within our network. It's very easy to access and manage.

FortiGate has also helped reduce the risk of cyberattacks. If such an attack happened, the main consequences for us would be data breaches, where some of our company's most important information might be leaked and used by other people. That would endanger our production and security.

And with the System Events page, I can easily access and see the events that are happening within the device and the network. It's easy to track if something has happened and, based on that, make a decision about the next step that I should take. I can see if it is severe or if it is just something that is not critical but more than a nuisance. Even in that case, I have to think about the steps that I will take to prevent it from happening again.

Mostly, it's about protecting the internet access of our end users in the production area of our company. It protects us during our web browsing and from internet-related activities.

The feature I like most is the SD-WAN. It allows you to manage more than one ISP at the same time. And there is a high-availability mode, so if one of your ISPs is down, you still have a backup.

It also provides us with visibility because we are able to track the IP addresses, as well as the type of device, OS, vendor name, and the name of the devices.

In addition, Fortinet Security Fabric helps us meet regulations and compliance requirements.

The built-in APIs enable us to integrate with different vendors, such as TP-Link and Luigi. We did not have any problems with the integration. It's very easy to configure and connect. This helps reduce deployment time, but that has more to do with network knowledge than with the product. If you're familiar with basic networking, it would be easy for you to understand the application of a certain device and integrate it with the API of your choice.

I've been working with Fortinet FortiGate for about 10 months.

I would like to see improvements in the support from Fortinet. Here in the Philippines, whenever we have problems with a Fortinet product, we mostly ask for support from distributors and resellers and not directly from Fortinet.

Neutral

I don't know why our company acquired FortiGate because I'm not the account manager. I'm just the technical person who installed the product. But I can assume they just looked at other companies that are securing their networks and decided to secure their internet access like those companies do.

Including the reconfiguration of the network setup, the deployment took at least five days. But the actual deployment of the device only took one day. There were four people involved.

I have no idea what the difference in pricing is if you buy it from a reseller or distributor compared to Fortinet, or even if Fortinet gives that option. The pricing is justified. It's a little pricey, but what you pay for is what you get.

I can't say how much it has reduced MTTR because I have not experienced any issues with FortiGate.

When I first built the FortiGate firewall, it enabled me to learn more about the network security field.

I used this solution while working with my last organization. I handled plain firewall deployment as well as SD-WAN deployment. 

I was providing consulting services to various Telco customers. It helped customers save on the cost of highly expensive MPLS links. With the help of Secure SD-WAN, they were able to utilize broadband or even LTE connectivity, which saves costs. That's the flexibility that Secure SD-WAN gives to various customers. In addition to saving costs, they are also able to utilize active-active load balancing, where you can have two parallel links: primary and secondary. The secondary one used to sit idle in traditional scenarios, whereas now, the solution gives you the flexibility to configure both links as active-active, so you can prioritize critical traffic from link one and other traffic from link two. At the same time, you also have the option to maintain redundancy.

Secure SD-WAN is a great way to manage your entire organization network, especially the WAN network. Customers don't have to hop to multiple places. Fortinet has a solution called FortiManager. With the help of that, you can monitor, configure, and maintain your entire organization's network. It's a very convenient option. It's a single pane of glass from a customer's point of view. They don't have to log in to individual devices, and they can see the real traffic. They can see what's coming into the network, what sort of alerts or logs are there, and what sort of applications are being consumed.

Secure SD-WAN doesn't help with tool consolidation, but it's a secure way or mechanism they provide so that if branch users are accessing the internet, they can directly break out from the branch location rather than coming back to the data center. In that way, it improves the user experience while also giving security at the highest level.

I have not interacted much with Secure SD-WAN in terms of API integration or third-party integrations. However, they have pretty good integration with the RADIUS, LDAP, and AD servers. In that way, they have everything in-built. You can make the firewall a DNS server or some sort of DHCP server. Such features are included there. From a security standpoint, they have open API integration with their own SIEM or SOAR solutions. Third-party API integration is also possible, but the API details that are exposed are very limited.

The integrated application protection provided by Secure SD-WAN is a cool feature. They have real-time scanning of the application with the help of SSL inspection. You get to see the real-time traffic of applications, and you can protect your network from harmful websites. They have a signature database for that. This data also gets refreshed. It's a direct feed that the device takes from the central intelligence.

When you have Secure SD-WAN in place, you are more secure from the outside internet. They have a flavor of SASE, but I have not worked on it.

When you have a granular view of your entire network including users and security features being enabled, you get more visibility into your network. You get to know what's coming in and going out. If an administrator sees that some traffic is being hit repetitively from a particular location, functionality is available to block a region, country, or even an IP or domain.

In terms of Secure SD-WAN reducing our mean time to resolve, in the case of issues specific to SD-WAN, I've seen instances where customers can look into the dashboard and inform the support team that this is the issue they are facing. This helps them to have some visibility into these firewalls and isolate the entire issue from the technology perspective; for example, when a wireless client is facing some sort of challenge accessing the internet, whereas some of the wired users are able to access the internet. The testing tools given in the FortiGate GUI dashboard come in handy during troubleshooting. With the very user-friendly interface, it becomes very obvious and easy for any IT guy to simply follow the workflow to resolve any day-to-day operational issues.

The security features that they have are quite good. On top of that, their licensing model is quite nice where they don't charge you anything for the SD-WAN functionality for the firewall. The routing and firewall features are also good.

The unified view that they have built into this firewall is good. Within the same dashboard, you get to see the security profiles, the type of traffic that's passing through, the top applications that are being consumed, etc.

It's also very easy to use.

I was not looking after the operations part, but sometimes, I did get engaged in some critical activities related to operations. There are some caveats in every product. Tunnel flapping was one of the major things I had seen wherein your internet link remains but your VPN tunnel is down. However, since I got a fix from the TAC team, I have not noticed it, but the customer complained a few times that they couldn't access the internet because of this problem. There were tunnel issues where there was already established connectivity, but at the kernel level, there were some issues. For example, there's a feature for auto-site connectivity wherein whenever it automatically creates a new tunnel, at the kernel level, it also creates an interface. Sometimes, that interface crashes and a new interface could not be created, which results in connectivity loss. 

Fortinet has established itself in the SMB market segment. It's doing pretty well in that space, but when it comes to the enterprise segment, they are lagging a little bit. It all boils down to the performance of the hardware. If I enable all of the security features available on my device, the throughput degrades quite a lot. If I have put 10 GBPS of throughput on a firewall and I enable all of these features available, such as IPS or UTM functionalities, the throughput comes down to 1 GBPS.

I used Fortinet FortiGate for seven months. I last used it in February of this year.

I'd rate it a seven out of ten in terms of stability.

The solution offers the option of deploying VMs or virtual machines to any public cloud, such as AWS or Azure. It provides such flexibility. If you have any application hosted in the cloud space, you can have a VM spin of the FortiGate over there and have a site-to-site tunnel established, so the scalability is there. Otherwise, at the site level, it's mostly hardware-based work. If you size it properly, then you have the option to expand. You might have chosen a low-end model because of the tight budget. In that case, it's not scalable on a specific site. However, if you have a certain number of sites, for example, if you have 400 of them and you want to expand to 500 or 1,000, there is simply a license that goes at the FortiManager level to support additional devices. FortiManager provides a single pane of management. 

I'd rate it a seven out of ten in terms of scalability.

My experience was not that rewarding. It took me around three hours in total to get a simple issue identified and fixed. I escalated it to their L3 engineer, and after that, I was able to resolve the issue. The entire process took around three hours. First, their initial level person was troubleshooting, then it went to the next level, and then it went to the highest level.

Neutral

From the security perspective, I have not used any other solution, but I did have a glance at Cisco's portfolio. Cisco Meraki is one of the solutions that you can compare it with. Others were more specific to the routing and switching domain. I know the concepts and theory of Cisco SD-WAN, but I have not used it in a real environment for any customer.

For one of the clients, it was deployed on the Azure public cloud. Initially, it was not easy. It was complex. Every product and technology requires a certain type of prerequisite, and when you have anything hosted on a public cloud, it becomes a tedious job to get things done quickly because multiple stakeholders are involved in that.

I have deployed Secure SD-WAN specifically for many customers. I find it easy, but you need one person to be at the site for remote connectivity. That person just needs to do the basic configuration. Once the device has IP reachability, you can easily discover it from FortiManager, which is the central controller. So, once you have the device on FortiManager, it takes a few clicks to onboard the device because you already would have a template in place.

The deployment duration depends on the number of sites. For a customer with ten sites, it would take a week's time because there are a lot of dependencies. It also depends on the customer's readiness and availability, but a week's time would be enough for the deployment of ten sites. If there is proper planning in place, you can also deploy 50 sites in a week, but that's something you cannot control from your side because there are a lot of dependencies on the customer and the service provider. If you have to integrate it into a customer's existing network, it becomes quite challenging to make them understand your prerequisites. There are instances where nobody is available from the customer side from the technical standpoint to help you. Those are the roadblocks, but from the solution perspective, it's quite easy to onboard devices.

The deployment can be done by one person if that person is dedicated to a single project, but if more projects are running in parallel, you would require a few more people.

It does require maintenance, which includes upgrading the operating system and installing patches. Two to three people would be enough for around 500 site maintenance but not in the 24/7 case. If it's 24/7, then nine people would be required for that.

By default, they give SD-WAN along with the firewall. They don't have separate licensing for the SD-WAN functionality. However, they have security licenses that are sold separately on a subscription basis. Customers can consume these security features to protect their users from internet traffic.

To those evaluating this solution, I'd advise doing a PoC of different vendors who are meeting their requirements. They can then decide for themselves after seeing the demo.

Overall, I'd rate it an eight out of ten. It's user-friendly. It's also good features-wise, but their support is weak, and on the architecture front, it's not true SD-WAN. It's not decoupling the control chain functionality from the device to the controller. 

We utilize the Fortinet FortiGate firewall to safeguard our network and provide secure VPN access from external locations.

We implemented FortiGate because we needed a firewall to protect our data.

FortiGate helped us meet our ISO requirements.

In the time we have been using FortiGate, we have not had any security breaches. 

FortiGate has reduced the risk of cyberattacks that can disrupt our production. Since implementing FortiGate we have not dealt with any such attacks.

I'm unsure whether centralized FortiGate management enhances efficiency, but our experience with it has been exceptional. We haven't encountered any issues, and the operational aspects have been seamless. Additionally, there was no downtime, which is crucial for our operations.

Our Fortinet security fabric has enhanced security across our industrial control system. By safeguarding our production environment and ensuring the security of VPN access granted to individuals, we have achieved comprehensive data protection. We have not experienced any incidents that would have occurred if our firewall was inadequate.

FortiGate does a lot of research, and the product is regularly updated, especially in the ransomware area. I know of a couple of other companies around us that had some ransomware incidents, but we never have. From that perspective, FortiGate has helped mature our approach to cybersecurity a lot.

The email protection and VPN features are the most valuable.

The process of configuring firewall rules appears excessively complex. While FortiGate offers greater functionality than other firewall solutions, its user interface could benefit from simplification.

I would like the log viewing process to be improved to provide a clearer understanding of the logs.

I have been using Fortinet FortiGate for five years.

I would rate the stability of FortiGate ten out of ten. We have never had any issues.

We used the limit of our FotiGate firewall which was around 150 users and we never noticed any performance issues. 

I would rate the scalability of FortiGate eight out of ten.

The technical support is good.

Positive

Our decision to switch from FortiGate to Sophos was solely driven by the seamless integration with our existing Sophos antivirus system. Had this integration not been an advantage, we would have maintained our FortiGate system.

The initial deployment was straightforward due to our understanding of the product and its operation. It was completed in one day by a team of two.

The price of FortiGate is comparable to that of most other firewall solutions and is more affordable than Cisco.

I would rate Fortinet FortiGate eight out of ten.

Except for the firmware updates we have to do now and then, there is no other maintenance required for FortiGate.

We had FortiGate deployed in one location in a big server room. We have 150 users.

I would recommend FortiGate to anyone. FortiGate is an out-of-the-box firewall with good pricing and excellent features.      

We use Fortinet FortiGate for the protection of our perimeter, VPNs, web filtering, application filtering, and general edge protection.

I received four tickets a year when I joined my current company, and what the solution has really done is enabled the SD-WAN feature. This has given us more value and reduced the amount of time spent on the manual management of our edge device. We are now able to set our SLAs and be on autopilot.

The most valuable features of the solution are SD-WAN, filtering testing applications, web filtering, and the new VPN. The new web flash is especially noteworthy because it supports Google and the single sign-on for our VPN activities.

The routing capability on the FortiGate devices has room for improvement.

I have been using the solution for three and a half years.

The solution is very stable.

The solution is very scalable. To scale our firewall we only need to add more hardware. We currently have over 2,000 users.

We previously used Mikro Tik before the organization decide to switch.

The initial setup is straightforward. As long as we know what we are doing the deployment can be completed within one business day.

The implementation was completed by a partner and two people were required. We completed the configurations ourselves.

The pricing is flexible. We pay for our device and our subscription according to our needs.

I give the solution a ten out of ten.

One interesting and critical thing about Fortinet is the add-ons they have included with their firewalls, such as SD-WAN, which would cost a lot of money with other providers but is included with Fortinet's firewall.

When looking for a solution that can better optimize our connectivity and also keep providing security along the website for our branch offices, Fortinet FortiGate is the best solution. The solution is worth every cent. I use FG-61E and for the size of the device it has been very stable for the three years with only occasional reports to apply updates. Fortinet FortiGate has been very responsive to vulnerabilities that have been released. Our business is 24/7 and we don't have leaks. Our servers are always available.

We use Fortinet FortiGate for a UPP solution. For example, DNS filtering, IPS, and VPN access.

The most valuable feature of Fortinet FortiGate is load balancing. It can provide central management and VPNA. Additionally, it has enhanced our security environment.

The management UI is more user-friendly than Cisco's solution.

Fortinet FortiGate could improve by adding FortiAnalyzer to its solution, we should not have to use another solution. FortiAnalyzer can provide more detailed information.

I hope that Fortinet FortiGate provides a software define network(SDN) solution.  and provide the interface for the user. If we have the SDN interface we can develop our system to manage Fortinet devices.

I have been using Fortinet FortiGate for approximately one year.

Fortinet FortiGate is a stable solution.

I have found Fortinet FortiGate to be scalable.

Our company is across many locations. For example, Europe, South America, America, China, Taiwan, and Asia. At this moment all of the sites are using Fortinet FortiGate. There are approximately 10,000 users that are using Fortinet FortiGate.

I have not used technical support.

I previously used Juniper. I did prefer the Juniper OS but not anymore because the Junos firewall seems not to be very stable. Since Juniper had stability issues is why we went with Fortinet FortiGate.

There is a license to use Fortinet FortiGate.

I have evaluated other solutions, such as Cisco.

I would recommend this solution to others.

I rate Fortinet FortiGate a nine out of ten.

We've deployed FortiGate on some customer premises. We've also deployed other Fortinet products, such as FortiMail and FortiManager. We often bundle Fortinet devices. We use FortiGate as a firewall. It is for security and protection. 

The solution has helped our clients secure their network efficiently. It offers security across multiple sites and helps monitor traffic effectively.

It's very good and very stable for businesses. It works very well. 

The UI is better than the alternatives. 

We like using Fortinet devices. They integrate well with one another.

Fortinet provides good visibility and segmentation.

Fortinet's devices are purpose-built to operate in various environments. It operates well across clouds. We can run Fortigate as an MSP.

It helps with intrusion prevention specific to various environments. It provides us with details about the traffic for better monitoring. 

FortiGate has helped reduce the risk of cyberattacks that might disrupt our client's production. 

The product provides policies for strict monitoring to make the network secure. If something hits against a policy, it will be blocked.

We'd like to see the product offer higher discounts to users. They should offer special pricing to premium partners and customers. 

The company has been using the solution for the last five or so years. I've maybe used it for three years.

The stability depends on the FortiGate model. You need the right model for the amount of GB traffic. If a customer deploys a smaller model on more traffic, there may be issues. Otherwise, it handles traffic well. Overall, it's a stable solution. I'd rate stability nine out of ten. 

Our clients are quite sizable. One of them is one of the biggest telecoms in our country. We also have smaller customers that deal with smaller FortiGate models. We have a variety of customers of different sizes from around the country.

It's a scalable solution. I'd rate it nine out of ten. 

Technical support is good. They offer very accurate solutions. We learn a lot from them. We're happy with their level of service. 

Positive

We typically deploy the solution to our client's VMs. The deployment sometimes takes about a month. We have a team of 12 people who work on the FortiGate side. 

Their services are good, and we are happy to work with them, however, the pricing could be cheaper. 

We're a Fortinet partner. 

If we have the option of which firewall to choose, whether Fortinet, Cisco, Juniper, et cetera, we will choose Fortinet. We're very comfortable with their devices. We have a very skillful team, and we've become very comfortable with Fortinet. They have good support as well.

I'd rate the solution ten out of ten. 

Our customers use these devices as security devices, and we sell these devices to our customers. We also use it ourselves. We have the entire lab, and we use some of the functions in our local network.

It protects our customers' networks from viruses and threats.

The firewall, IPS, and VPN functions are the most valuable features. The antivirus functions are also good.

It works very well. It has a lot of different functionalities. Its cost is also fine for our customers.

In some cases, its initial setup could be hard for customers.

I have 10 to 12 years of experience with these devices.

Their devices are quite stable. We have not had any problems with the operating systems or maintenance of subscriptions. It is a robust device.

In most cases, they work very fast. It also depends on the device they are supporting. In the case of FortiGate, we do not have any complaints, but when we had to buy the FortiADC solution for one of our customers, we faced quite a few difficulties with technical support. I do not know why, but it could be that some devices are supported by different teams in Fortinet. We had difficulties with FortiADC, but we have not had any problems with FortiGate. I would rate their support for FortiGate a nine out of ten.

Positive

We worked with Cisco and Check Point firewalls. We worked with Cisco ASA for a long time. We worked with it for about five years, and we were happy with it, but it was old-fashioned. We went to Fortinet and started working with this company. 

FortiGate has good security functions and high-level technical documentation. Their documentation is very easy to understand. 

FortiGate's performance is also better than Cisco ASA. It has 10 VDOMs. It is a great function because you can add virtual functions for different groups in your network. It is quite useful.

It is deployed on-premises. Our customers prefer to deploy not only Fortinet devices but all security devices on-premises. They rarely use cloud licenses. Some customers only buy it from us, and for some customers, we also set it up.

Its setup is easy for us, but not every company wants to use our service for setting it up because of the cost. They prefer to install it themselves. In some cases, it could be hard for them.

In terms of the implementation strategy, we first try to understand what problem a customer wants to solve by using FortiGate. We collect a lot of information about a customer's network, such as protocols and devices being used. We try to prepare this device in our local lab. We preload the device and send it to the customer, and then we finalize the installation in the customer's building.

We have very technical staff, and we do not have difficulties with installations. We have had situations where customers do not have much experience with it, and then we recommend them to go for certain features such as IPS, antivirus, etc. 

The deployment duration depends on the size of the environment, but generally, it does not take more than one or two months. 

Generally, two to three people are required for the deployment.

For maintenance, our customers have technical staff. They regularly check and ensure that all the functions are working. We are glad to help them if they need any help.

We have seen an ROI. We have bought a lot of these devices, and we have had a good experience with them. It has saved us a lot of money.

It is quite affordable for our customers. There is a separate cost for IPS, antivirus, web filtering, and other features. They have a great choice of licenses. You can go for the license that you want, which is quite useful.

You have to buy a support license for FortiCare. In most cases, people buy the UTM bundle that comes with IPS, web filtering, and FortiCare. 

They are on the right path. They have improved a lot over the past 10 years. Fortinet is one of the leaders in security devices along with Cisco, Palo Alto, and Check Point.

I would rate Fortinet FortiGate a nine out of ten. It is stable. It has quite a lot of features, such as IPS, VPN, etc. It is affordable for our customers. It is a good choice.