Fortinet FortiGate-VM Reviews

We are service providers, and we provide managed services to external customers.

The primary use case of this solution is for firewalling, web applications, and proxying.

We use all of the UTM (Unified Threat Management) features that come with this product.

The most valuable features of this solution are the integration within the environment, with centralized reporting. 

One analyzer and the different devices feeding into that environment. 

The firmware is always up-to-date.

Compatibility and integration with other products or vendors such as Cisco SD-WAN products need improvement.

The multi-tenancy environment for multiple customers, to make it more secure, needs some improvement.

When you buy a bigger box, you should have the ability to slice and dice data. It should also have the ability to give customers either read and write or more privileged access to that environment. Specifically, to the environment that doesn't overflow into the other parts that have been sliced up.

I would like to see a type of portal for on-site deployment, where they can report into a cloud portal and have a high-level view of utilization. Basic indicators on the performance of the environment, including health status, should be displayed.

I have been using this solution for approximately six years.

We are completely satisfied with the stability of this solution.

Because we're sitting on a multi-tenant type of setup the scalability will depend on the customer's ability to upgrade.

Externally we have several customers that range from government to enterprise clients that use the product and we manage the backend. 

The number of users can range from a site that has 100 users to a site that has 2,000 to 3,000 users.

With the multi-tenant environment, we are able to use resources from multiple accounts. 

We run a 24/7 operation with various requirements, and have a team of 15 to 20 to maintain this solution.

We have plans to increase the usage as the requirement increases for more secure environments with more advanced features or other features within the security space. We would go from a standard firewall to maybe a web application firewall, or to authentication with the two-factor type of services.

Technical support is good. We work through a distributor and it's just a matter of a phone call to explain what needs to be done or a feature that we need to enable, and within an hour or two they come back to explain what has to be done.

They also give advice going forward with what to deploy.

The initial setup is fairly straightforward.

The implementation varies from being complex to being straightforward. It can take two to three weeks to implement with some tweaking afterward.

Part of the implementations comes with professional services from Fortinet themselves. In most cases, if it's a new version or a new deployment, we typically get the implementation services from a service provider rather than the vendor.

We have clients with three-year licensing and others with five. 

It's not a cheap solution but it comes with its benefits.

It's all bundled. When we purchase this product, it is bundled with a support license for that period.

With our clients, there is a range of Fortinet FortiGate versions, anything from FortiGate 60E to FortiGate 3700D. 

Management connects to a FortiAnalyzer, and we have application firewalls as well.

We have a centralized data center where we have a combination of customers with on-premises equipment. This includes small devices to secure the customer's environment, and larger devices at the data center, specifically for our customers.

We try to build our services around Fortinet products.

We prefer to work with Fortinet products based on what we have learned from the Gartner Magic Quadrant, and I recommend them.

I would rate this solution a nine out of ten.

We use FortiGate-VM as a firewall. My company has more than 4,000 users, and we plan to increase usage. 

I like FortiGate's IPS, IDS, and URL filtering. 

I think Fortinet should provide us with more reporting from the AI/ML point of view. They could also offer the SaaS application in a single box. The VPN and ZTNA have so many verticals that they work as a standalone solution. They need to be in a single box.

I have worked with FortiGate-VM for the last three years.

I rate FortiGate-VM eight out of 10 for stability. 

From a scalability point of view, we have a physical user license. If we need to upgrade, we can get a box. There is presently sufficient formal organization to scale up.

I have no problems with Fortinet support.

Positive

We have used Check Point and Palo Alto firewalls. 

We deployed FortiGate-VM with the help of a partner and the vendor. The deployment process took three months. We previously used Cisco ASA and had no migration tool, so we had to start from scratch. 

FortiGate-VM is affordable. In terms of operating costs, we contract with the OEM for a three-year contract and then renew. We haven't received any notice from them because all of our infrastructure is under contract. Every three years, if we cannot get a good price from the vendor, we replace the box.

I rate Fortinet FortiGate-VM eight out of 10. It has all the features. The only recommendation is to combine the vertical into a single box. To improve performance, they should build an engine in the box that enables them to scale per the user requirement. 

We use the solution for the private cloud.

Fortinet FortiGate-VM has a standard hardware firewall and easy deployment. You download a pre-configured virtual machine and run it on your hypervisor, Hyper-V, or ESXi by VMware. It is an excellent solution for private cloud setups, allowing seamless management using Fortinet without additional hardware purchases. Moreover, it offers flexibility—you can integrate it with physical hardware for redundancy or establish branch office VPNs effortlessly. Fortinet's automation capabilities facilitate smooth connectivity between public and private clouds.

The solution is highly scalable, depending on the type of hardware it runs on. You need knowledge of hypervisors to learn about the virtualized environment.

I have been using Fortinet FortiGate-VM as an integrator for one year.

The product is stable.

We cater the solution to SMBs.

I have used SonicWall. Fortinet has fewer hardware requirements than SonicWall. The basic requirement is the same.

The initial setup is easy and doesn't take more than one hour.

ROI is pretty good because it's simply software as a service. You subscribe to a service, and VM is available from FortiGate to download, install, and run. You get all the features. The scalability depends upon the hardware or VM. It could be serving 1000s or 100s users, depending on the configuration.

The solution is expensive.

It could have some versions limited by several users to reduce the price. Else, they could limit the product features, and create some version for a smaller organization with basic requirements.

Support is additional and comes apart from the subscription.

There's not much maintenance required. One to two people is required. Patches and upgrades are required and happen automatically if you've configured it that way. It is easy to deploy over the cloud. There are ready appliances to run in a public cloud like Amazon, Microsoft, or Google Cloud.

I recommend the solution. It is fantastic, easy to deploy, and very scalable. It saves a lot of time. Some particular hardware is not available in stock. FortiGate-VM is a good alternative. You could download, configure, and apply it. You could buy it online or from a Fortinet partner. It's quick and easy to set up.

Overall, I rate the solution a ten out of ten.

We use the solution as a firewall. 

Fortinet is user-friendly. 

We have lost some information and we do not know how that happened through the solution. That needs improvement. 

I have been using Fortinet FortiGate-VM for minimum five years. 

Once in a while there are stability issues otherwise the solution is stable. 

Presently, six thousand users are using the solution. 

The initial setup of Fortinet is easy. 

Overall, I would rate the solution a nine out of ten. 

The use case was a bit more complex than other clients, however, the typical usage was for VPNs for end-users to get into the internal network. For a mid-size company, that's a pretty much typical use. 

The only thing out of the ordinary would be the SIEM for all the network information, all the metadata, that is cloud-based. We had to create a tunnel to it so that the collector, being in the cloud, would be able to access the internal information.

It performs the functions it needs to perform and it's been reliable. It didn't need to be modified and we didn't have problems where things would just crop up. After months configured it's been rock solid, which is good. That's why I haven't touched it in a year and a half.

I liked its general capabilities.

Its cloud management is very good.

I did like the ability to back up the configuration into the cloud, as opposed to having to store the configurations or just downloading them, the backups, to local devices.  When you want to back up the configuration you can download it as a local file and save it to the cloud.   

That flexibility was very useful. 

The product had a fairly good user interface. It was well thought out and the controls seem to be in a logical hierarchy. I was able to find stuff without having to configure things. There was just a logical breakdown of how to find things.

There were a few cases where I had to use the command line interface on it. Now they do have the ability to pop up a command line, which is nice, however, the fact that you can't do everything within the GUI is probably a problem. There's a thing I have for most products that have started out in the command line and have added GUI, and the GUI is always somewhat behind in capability.

If you have a product you should be able to control the entire product through your user interface. You shouldn't have to drop back into backend command line commands in order to tweak something. There's a couple of cases where we had to do that when we were trying to set up one of the tunnels in particular. We were talking to Check Point or some other company. You've got two different manufacturers with a sort of standard for tunneling with all kinds of encryption methods and stuff like that. You have all these options, and, in order to get the right one, we couldn't discern it from the logs that we were viewing with the user interface. We had to drop down to the command line in order to do that. I would have thought that there should be enough information options made visible in what you can just do from the user interface.

I have been dealing with the solution for three years or so. However, the last time I used it was within the last 12 months or so. The company was restructuring their office due to COVID, and so we had to go in and make changes and set up different connections, That's the last time I was actually in it.

The stability is rock solid. It's a very good solution. I haven't had to touch it for a year. The last thing I did was a firmware upgrade. That was a year ago, and they haven't requested any more work on that now. It's still operational and solid. There have been no complaints really on it.

The product was sized for what the client was doing. I can't really say one way, or the other, whether it's more or less scalable than other solutions. I know we could do things to it - that we didn't do - to increase its capability. However, it didn't need to be done and they didn't have the budget for adding anything to it. It's hard to say. I can't really speak to the scalability of it.

Technical support has been great. They really helped us when we had issues with some early problems during setup.

It ties to the device, so it's pretty easy to see whether or not you have support, however, it was not difficult to get in touch with them. You get someone with knowledge right away. You don't have to go through a filter of people asking you "Is it plugged in?"

I'm actually reselling a managed service of SonicWall. It's not completely hands-on. Now all I do is get reports from it and I can look at the dashboard, however, I don't actually have to configure it.

I've also resold Barracuda.

The initial setup was straightforward. It got complex when we started adding in requirements for tunneling et cetera. The implementation involved VPNs and the general configuration of the firewall. Then they added in these other requirements that it needed to connect to AWS. First, it was to their remote hosted environment. Then, subsequently, to the AWS environment as well. It grew over time. Over the course of a year, we spent a lot of time on it.

I'd rate the initial setup experience at a four out of five. Most of the stuff went pretty well. We had one issue and we had to drop down into it. However, their support was very good. We were able to contact support, and they were able to stay online and walk us through that problem, so without any issues. They didn't balk at it. We didn't have to beg them to help us. Some support you get in there and have to say, "I'm sorry, yes I've done all those things. Get me to the next level."

They had good quality support.

In terms of deployment, it was there when I got there. They had purchased it out of the box and they hadn't configured it. For six months it just sat there. We had it up and running within a month of me getting there. Then over time, we added more and more requirements to it. It didn't take very long to figure out what they wanted to do with it and get it set up. The actual configuration was very quick. It was just the planning beforehand that took time.

Besides myself, there were about four other people in the IT department working on the product. However, really, only one person is responsible for the gateways.

The ROI that they were looking for was an improvement in security for the whole company. It was one of those evolving things, that as new security deployments come up some of them get implemented within the firewall and others are implemented structurally or in other ways. It was able to help them meet their security goals. That was probably the biggest value that they were looking for. It also did not impede their normal operating procedure.

The licensing costs are in line with everyone else. It all seems expensive when you're talking about firewalls, however, they're all the same. It's likely in the middle of the pack.

There are costs involved with FortiTokens. Everyone has different ways of controlling VPN access, however, with the FortiTokens you get a certain amount with the device, and then you have to buy more as you add them on. They're not costly.

However, it's something you have to buy in batches, so if you've got 40 people you're going to buy a bunch of FortiTokens, and each token is an encryption key so that you can have your little app that's multifactor. They charge for that. Everyone else, in terms of competition, charges for that too.

I can't speak to if the client evaluated another solution prior to choosing this.

I primarily work as a consultant. 

The solution's deployment was on-premises, however, there were VPNs set up for remote access, VPNs set up for site-to-site, and VPNs set up for cloud-based SIEM.

As with any solution, you need to size it. You need to plan what you're going to do and what your expectations are with it before you choose the pure model. After that, proper planning is needed before you try to deploy it so you don't have to back stuff out.

I'd rate the solution at an eight out of ten.

I occasionally implement Fortinet for clients. 

In the most recent instance, we had a cloud implemented and I was driving the infrastructure. The client had separate areas inside it purposely. They needed to implement a FortiGate solution in the same client, with different VMs, for different clients, to make different areas for these clients. 

It's great that we can have separate services for the same client. 

It's a complete solution. You only need to deploy it once. You can have many clients and many services for these clients in the same VM. It's a solution that works very well for companies that may need separated sections.

It makes things less expensive for clients. The pricing is good.

The interface is decent.

Technical support has a lot of knowledge.

The initial setup is simple. 

The solution is stable.

It can scale well.

The solution could use very well-defined support for resellers. There isn't necessarily 24/7 support and resolution.

The interface could be improved. 

The product could have more protocol routing options. 

I'd rate the solution at a seven out of ten.

The stability is good. There are no bugs or glitches. It doesn't crash or freeze. 

If you need to scale, this is a good option.

The technical support is pretty good. We are quite satisfied with the level of service on offer. 

The initial setup process is very easy and straightforward. It's not difficult or complex. 

We only need three people for deployment and maintenance. It's not a solution that requires a big team. You might need one or two field engineers. 

I'm working in a Fortinet partner company. I'm a reseller.

I'm dealing with the latest version of the product.

I like the 100F version, and it may be a good option for most clients, however, it might not be right for every company. It's a good idea to figure out what you need before you decide to avoid purchasing something that's not right for your company's needs.

The solution is mainly used for remote connectivity and endpoint and gateway network security.

The most valuable aspect of the solution is the V-Scanner which is the monitoring software. That's something that I love. 

We are able to closely monitor the usages of individual users and see their usage habits and other items, including the data itself, which gives us quite a bit of visibility.

I think one thing we couldn't find in the software console was all of our logs. In the logs themselves, for example, we couldn't find if a user was accessing all of the VPN. We don't get to know or we don't have a report that shows on what date or for how long and from what time he user has logged on. We don't have that particular feature or that kind of visibility. That could be improved. Reporting, therefore, in general, could be improved.

The one thing that could be improved is the integration with the exchange. The gateway level controls can be enhanced a bit more. For example, it's still little here and there. You do get malicious attacks and suspicious emails like spam. It's not like Sophos where we got a lot of spam email, and yet, it's still relatively vulnerable. It can be upgraded, maybe with a fifth-generation firmware that it is ready for unknown threats. 

Especially after this pandemic situation, it requires a little more enhancement. For an SME level organization, it's okay, but when it comes to corporate and banking enterprises it still requires a lot of enhancement. Comparing it to Palo Alto, for example, it's still very behind the curve.

We've been using the solution for two years.

The solution is very stable. It's reliable, for the most part.

It's stable, comparatively, to the fifth generation UDL appliances or other software that is available in the market. It's quite stable for the integration. It still requires more of a formal enhancement for speedy patches and speedy updates.

The solution has a moderate amount of scalability potential. I wouldn't say it's the best, however, it is possible to scale it if you need to.

We have about 25-30 people on the VM currently.

We've never had to contact Fortigate's technical support, so I can't speak to their quality of service. If we have any issues on the solution, we tend to handle the problem internally.

We used to have Sophos and we shifted to Fortinet about two years ago.

The integration of the active directory with Sophos was not up to spec. We decided to drop it and instead went ahead with Fortinet.

The initial setup was a bit difficult. It's not perfectly straightforward. This may have been due to the fact that we were using ISA, which is pretty determined, and we had to migrate from ISA to Sophos and from Sophos to Fortinet. It was a little difficult, but not that complex.

For us, the implementation took about two weeks.

Each quarter we have a managed service contract with the integrator and they do any preventative maintenance every quarter. We have four visits in a year that we have agreed upon. Every quarter they come to us and they do some penetration testing and see the usability features and give us a report.

We outsourced the implementation to an integrator that handled the setup for us. They also handle quarterly maintenance for us.

The pricing of the solution is moderate. It's competitive, although I wouldn't consider it a cheap solution per se.

Aside from the licensing, there are some add-ons that need to be added that we personally haven't added. There are features such as content filtering, etc., that we haven't opted for. However, users can add them on if they need to for an additional cost.

We're just customers. We don't have a professional relationship with the organization. We're using the latest version of the solution.

I have learned that they have some internal resources available. However, those who are not trained and certified should not be experimenting with it. 

I'd advise other organizations that, if they don't have a proper administrator who can monitor and maintain their appliance, it's better they if don't implement it. It's not like somebody who has a background of software can handle Fortinet. They need to be properly trained and knowledgable.

I'd rate the solution seven out of ten overall.

Our primary use cases are using the solution as a configuring solution or data management. We use it for simple data center segmentation.

We got a PCL segmentation instance that has been replaced with a virtual instance. This has benefitted our organization by quite a bit.

The solution's most valuable aspects are IPS and the signature.

I don't see any specific features that are missing from the solution right now.

The user interface needs to be improved.

I've been using the solution for about six to seven months now.

The stability of the solution is good. We haven't faced any issues at all while using the product.

I haven't attempted to scale the solution, so I can't speak to how easy or hard it would be to expand it.

In our organization, we currently have 500 users on the solution. They're mostly end-users and admins.

We were previously using Palo Alto before we switched to Fortigate. We switched after seeing the solution on a commercial.

The initial setup was not complex. The implementation proved to be straightforward.

The project took about one week in total, including deployment and configuration.

There was only a single person needed to handle the deployment process.

I'd rate the solution seven out of ten. I only really use the solution for communication and ordering support.

We don't have a business relationship with Fortigate. We're just a customer.