Fortinet FortiGate-VM Reviews

The solution is mainly used for remote connectivity and endpoint and gateway network security.

The most valuable aspect of the solution is the V-Scanner which is the monitoring software. That's something that I love. 

We are able to closely monitor the usages of individual users and see their usage habits and other items, including the data itself, which gives us quite a bit of visibility.

I think one thing we couldn't find in the software console was all of our logs. In the logs themselves, for example, we couldn't find if a user was accessing all of the VPN. We don't get to know or we don't have a report that shows on what date or for how long and from what time he user has logged on. We don't have that particular feature or that kind of visibility. That could be improved. Reporting, therefore, in general, could be improved.

The one thing that could be improved is the integration with the exchange. The gateway level controls can be enhanced a bit more. For example, it's still little here and there. You do get malicious attacks and suspicious emails like spam. It's not like Sophos where we got a lot of spam email, and yet, it's still relatively vulnerable. It can be upgraded, maybe with a fifth-generation firmware that it is ready for unknown threats. 

Especially after this pandemic situation, it requires a little more enhancement. For an SME level organization, it's okay, but when it comes to corporate and banking enterprises it still requires a lot of enhancement. Comparing it to Palo Alto, for example, it's still very behind the curve.

We've been using the solution for two years.

The solution is very stable. It's reliable, for the most part.

It's stable, comparatively, to the fifth generation UDL appliances or other software that is available in the market. It's quite stable for the integration. It still requires more of a formal enhancement for speedy patches and speedy updates.

The solution has a moderate amount of scalability potential. I wouldn't say it's the best, however, it is possible to scale it if you need to.

We have about 25-30 people on the VM currently.

We've never had to contact Fortigate's technical support, so I can't speak to their quality of service. If we have any issues on the solution, we tend to handle the problem internally.

We used to have Sophos and we shifted to Fortinet about two years ago.

The integration of the active directory with Sophos was not up to spec. We decided to drop it and instead went ahead with Fortinet.

The initial setup was a bit difficult. It's not perfectly straightforward. This may have been due to the fact that we were using ISA, which is pretty determined, and we had to migrate from ISA to Sophos and from Sophos to Fortinet. It was a little difficult, but not that complex.

For us, the implementation took about two weeks.

Each quarter we have a managed service contract with the integrator and they do any preventative maintenance every quarter. We have four visits in a year that we have agreed upon. Every quarter they come to us and they do some penetration testing and see the usability features and give us a report.

We outsourced the implementation to an integrator that handled the setup for us. They also handle quarterly maintenance for us.

The pricing of the solution is moderate. It's competitive, although I wouldn't consider it a cheap solution per se.

Aside from the licensing, there are some add-ons that need to be added that we personally haven't added. There are features such as content filtering, etc., that we haven't opted for. However, users can add them on if they need to for an additional cost.

We're just customers. We don't have a professional relationship with the organization. We're using the latest version of the solution.

I have learned that they have some internal resources available. However, those who are not trained and certified should not be experimenting with it. 

I'd advise other organizations that, if they don't have a proper administrator who can monitor and maintain their appliance, it's better they if don't implement it. It's not like somebody who has a background of software can handle Fortinet. They need to be properly trained and knowledgable.

I'd rate the solution seven out of ten overall.

Our primary use cases are using the solution as a configuring solution or data management. We use it for simple data center segmentation.

We got a PCL segmentation instance that has been replaced with a virtual instance. This has benefitted our organization by quite a bit.

The solution's most valuable aspects are IPS and the signature.

I don't see any specific features that are missing from the solution right now.

The user interface needs to be improved.

I've been using the solution for about six to seven months now.

The stability of the solution is good. We haven't faced any issues at all while using the product.

I haven't attempted to scale the solution, so I can't speak to how easy or hard it would be to expand it.

In our organization, we currently have 500 users on the solution. They're mostly end-users and admins.

We were previously using Palo Alto before we switched to Fortigate. We switched after seeing the solution on a commercial.

The initial setup was not complex. The implementation proved to be straightforward.

The project took about one week in total, including deployment and configuration.

There was only a single person needed to handle the deployment process.

I'd rate the solution seven out of ten. I only really use the solution for communication and ordering support.

We don't have a business relationship with Fortigate. We're just a customer.

We use Fortinet FortiGate-VM for a constrained firewall and comprehensible security solution. Currently, I'm involved in implementing FortiGate and FortiManager for a customer project over the past month, and Fortinet has proven to be quite effective in this regard.

Regarding specific features, I appreciate the option for external selection, where you can choose either to use a default or create a self-description. This simplifies the process compared to other vendors that require creating a test extension profile and then applying it to the installation. With FortiGate, there is a streamlined approach. From the benefits perspective, clients mainly see cost reduction, especially with FortiGate VM Firewall, as it eliminates the need for additional hardware.      

The product is satisfactory. I haven't identified any features to improve, and based on the number of deployments I've handled with FortiGate-VM, there haven't been any complaints from the customer's side.

I have been using Fortinet FortiGate-VM for the past five years. 

Fortinet is a stable and user-friendly solution. The configuration is straightforward, and it provides a secure environment. I recall a challenge where a customer was using VDOM to segment their networks, but faced issues with communication between firewalls. Through online research, I discovered a tool to replace Fortinet, and it resolved the issue. During a critical migration for a large customer with six hardware firewalls, Fortinet proved reliable and prevented the possibility of mistakes. The GUI interface is well-organized, especially the security tab, making it easy to navigate. Fortinet simplifies network and security tasks, making it accessible for those with a basic understanding of networking and security concepts. Overall, as a vendor, Fortinet stands out for its streamlined approach, avoiding the need to navigate between multiple locations for configuration.

I haven't personally tried Fortinet's technical support, but according to my colleague who has used it, the experience was not positive. He mentioned that the support process is not as direct and efficient as Cisco's. In Cisco, when there's an issue, you can call, initiate a case, and the support engineer can join you directly for troubleshooting. However, with Fortinet, it seems the process involves working on the case independently, and the support requests are assigned to different engineers. 

When advising the team for cost reduction, I suggest going with the VM if there's no budget. However, if there is a budget, I recommend purchasing the hardware. For all vendors, technically speaking, hardware is considered better than VM. However, for Fortinet, the difference between VM and hardware is mainly budget-related. If the customer has a budget, it's advisable to purchase the hardware. When recommending from the sales team's perspective, if the customer has a budget, they will suggest going with hardware. If there's no budget, the recommendation is to opt for VM, especially if the customer is working with Azure or AWS. The difference between VM and hardware lies primarily in patches, and overall, everything is satisfactory. One aspect worth noting is that during VM deployment, checking connectivity between the hypervisor, distribution switch, and network firewall is required. In contrast, for hardware, once the configuration is complete, connectivity is straightforward.

As for my overall rating of the FortiGate VM solution on a scale from one to ten, with one being the worst and ten being the best, I would rate it as a ten.

I use Fortinet FortiGate-VM in my company to manage firewall installation and endpoint connectivity.

The most valuable feature of the solution is that it is easy to operate.

If a user makes any changes, it will immediately have an effect on the solution. If a user makes any changes in a product like Palo Alto, there is a need to push those changes to the firewall and apply commit changes, which shows the configuration part, making it a good feature since it sometimes helps, considering how a user may make small errors.

Errors made by a user get applied when using Fortinet FortiGate-VM. In the production environment, if a user makes any changes in a live environment, there is a need for the user to be very alert. The aforementioned area can be considered for improvement in the solution. Palo Alto is good for the production environment.

Capacity-wise, I think the solution's log storage area is something that needs to be increased since, by default, it stores logs for only seven days. The compliance team in our company needs to check the logs, which may be older than ninety days. Though the tool provides a storage hard disk with enough space, in our company, we can't store logs.

I have been using Fortinet FortiGate-VM for more than three years. My company is a customer of the product.

As my company uses an active-passive deployment in our environment, we did not face any stability-related issues with the product. Stability-wise, I rate the solution a ten out of ten.

Around 4000 to 6000 employees in my organization use the solution.

The solution's technical support is good. I rate the technical support a ten out of ten.

Positive

I rate the product's initial setup phase a ten on a scale of one to ten, where one is a difficult setup phase, and ten is an easy setup phase.

The solution can be deployed in an hour or two.

I deployed the solution by myself in my organization.

It is a medium-priced product.

Compared to the other VMs in the market, Fortinet FortiGate-VM is very easy to use.

I rate the overall tool a nine out of ten.

The virtual and hardware versions of the solution are mostly the same. 

The VM it's very quick for deployment. If we need to have a POC for a customer, if we don't have any hardware physically at our premises, at our store, in our office, we can download the VM from Fortinet and install all the VM to their environment in order to run it. If we have a customer that says "let's start tomorrow" we are able to do that in a way that's not possible with a hardware version.

Normally Fortinet is very flexible that it supports almost all environments. 

The solution is user friendly.

The cost of the solution is pretty fair.

The documentation is very good.

The SD-WAN is very good, as compared to, for example, Citrix SD-WAN which has an overall lack of security and needs to leverage other devices, like Palo Alto, to cover this.

The licensing needs to be improved. We need longer licensing periods, especially for POCs and trials. It should be for six months. Right now, it's too short of a timeframe. 

Overall as I say, the features-wise and performance-wise the VM and hardware versions are the same. The main difference is that the hardware-based option ins is more powerful compared to the VM version. 

Their technical support is not helpful and I try to avoid using it.

I've been using the solution for ten years. It's been a decade now.

We do occasionally get bugs on the solution, and when that happens, we do need to go to technical support to get the issue resolved.

Let's say tomorrow we want to upgrade in terms of memory, in terms of processor. If we are VM  based we are using files and by default, we have some spec which is set to the VM. If tomorrow we need more capacity for this logging, we can just upgrade it. We take an analyzer like G1 or G5 and we upload the license, and it will upgrade automatically. 

It's so much easier as compared to hardware, due to the fact that, with hardware, you need to change everything completely. 

We have nine people on our team working with the solution regularly.

The support for Fortinet is not very good, and so I tend not to contact them if I can avoid it. They are not good in their general response time. Some team members are quite technical, however, that's not everyone, and you aren't guaranteed to get someone who knows what they are talking about. Sometimes their answers are irrelevant as if they aren't even replying to your actual questions. Other times they tell you what you need is not possible.   

Fortinet has forums for users, and if you go there, you'll see that there are a lot of others saying they are unhappy with support as well. While I'm a big fan of Fortinet, I do not like their support.

We only really use it now if we have an issue with a bug and there's no workaround except to go right to them. Otherwise, we don't contact them.

The cost of the solution is good.

Normally I don't really push a virtual appliance. Some customers may be interested in a virtual appliance for scalability. For most of our customers, we are pushing hardware-based solutions and not a virtual appliance.

For example, if we have a customer that has a private data center in Mauritius and wants to have a hybrid solution, let's say to interconnect on the public cloud, and they want to do SD-WAN to secure it from the public to its current on-premises data center, normally we will go with the virtual appliance on the public side. 

I would recommend Fortinet's hardware 100% of the time, especially in comparison to Palo Alto. With the VM, it's a harder question to answer. A better question would be: what do you will prefer for a next-generation firewall? Do you prefer Fortinet? Do you recommend Fortinet or Cisco or Palo Alto? I would say personally I always recommend Fortinet. I will continue to due to the fact that the cost and the integration, and the general user-friendliness, are all impressive.

I'd rate the solution eight out of ten. I'd rate it higher if it had a longer trial, better licensing, and stronger technical support. There are still places for improvement in the solution.

We use the product primarily in environments requiring robust network security and compliance, especially in the banking and enterprise sectors.

The platform has enhanced our organization's security posture by providing effective threat protection, bandwidth management, and SDN capabilities.

They could enhance the product's functionality for more comprehensive threat detection and mitigation, especially for large-scale deployments.

I have been using Fortinet FortiGate-VM for several years. 

The product is stable. 

The product is scalable. 

The initial setup of FortiGate was straightforward. It involved detailed planning for appliance selection based on user numbers, throughput requirements, firewall, IPS capacity, and VPN needs. 

We managed the implementation in-house, leveraging our expertise in network configuration.

FortiGate offers a favorable ROI due to its competitive pricing structure and effective network security capabilities, making it a cost-effective choice for our organization.

We evaluated alternatives like Checkpoint and Palo Alto. We chose FortiGate for its cost-effectiveness, robust performance in our specific use cases, and the comprehensive support provided by Fortinet.

The product's threat protection features have been instrumental in managing subscription-based licensing and ensuring compliance with regulatory requirements, especially in banking environments.

I rate Fortinet FortiGate-VM an eight out of ten. 

Fortinet FortiGate-VM was used for our company's customers, but presently, most of our clients use Sophos UTM.

My company's clients use Fortinet FortiGate-VM to protect their entire internal network.

Fortinet FortiGate-VM has very good features. The most important factor about the product is that it is very intuitive. Fortinet FortiGate-VM is very handy compared to Check Point and Palo Alto.

With Fortinet FortiGate-VM, you get all the tools in the basic package, so there is no need to get a special platform for each component, which makes it much easier to implement.

The stability of the product is an area of concern where improvements are required.

The response time of the technical support team is an area of concern where improvements are needed.

I have been using Fortinet FortiGate-VM for a few years. My company has a partnership with Fortinet.

Stability-wise, I rate the solution a seven out of ten.

There are certain issues that users may face when they update Fortinet FortiGate-VM due to some bugs.

Considering that the machines work with the same operating system and in the same method in an environment, the use of the scalability feature is very easy.

Scalability-wise, I rate the solution an eight out of ten.

I work with our company's small, medium, and enterprise-sized clients who use the solution.

At times, you can get a quick answer from the support team, but for some cases or issues, it takes a long time for the technical team to respond.

I rate the technical support a seven out of ten.

Neutral

I have experience with Check Point and Palo Alto. The first firewall that my company worked with was Check Point, and we have used it for many years.

The product is easy to implement.

The solution is deployed on the cloud and on an on-premises model.

The complexity of the organization determines the time required to deploy the solution. Basically, it takes three hours to deploy the product, and for a big company, it takes two days.

One good engineer is enough to take care of the deployment phase of the product.

The pricing of the product depends on a company's negotiation skills, and if a company can't get it at a good price, there are other tools that can be purchased from the market.

I rate the product price a seven on a scale of one to ten, where one is a low price, and ten is a high price.

Our company needs to make either a yearly or a three-year payment towards the licensing charges attached to the product. There are no additional costs attached to the solution apart from the tool's licensing charges.

Fortinet FortiGate-VM is a very good product.

The maintenance of the product is very easy. One person is required to take care of the maintenance of the product.

I recommend the product to those who plan to use it. Before buying the product, people should consider the ease of implementation Fortinet FortiGate-VM offers.

Check Point is the best when it comes to monitoring and investigating logs. In general, the most important thing users should consider is that the implementation part should be good, for which Fortinet FortiGate-VM is the best.

I rate the overall tool an eight out of ten.

We use Fortinet FortiGate-VM for managing inbound and outbound internet traffic through our environment. Sometimes, we also use it for managing the site's internet outbound and routing. We also use it for IPSec on Azure. We also have an on-premises environment, and we're using it for IPSec on that environment. 

All the routing happens through it because we're swinging all the traffic on the Azure side through a firewall which is basically the gateway. It acts as the gateway and manages outbound traffic in that environment. We have also set up the SSL VPN for users. We do have FortiGate on-premise, and we set up the SSL VPN connection for users.

It made the routing of traffic seamless and it helped us with SD-WAN as well as load balancing.

I like the visibility and monitoring features because they're easy to use to monitor traffic. Features like geo-blocking and more have AI, and we're currently using all of it. But for now, we're only using geo-blocking, and we're able to block traffic from different countries. I also like that it's highly responsive. VM04 is also very powerful.

It would be better if it could provide you with options before completely blocking anything through the web filter. If you are doing a deep SSL inspection on the site if it says it's expired, it doesn't give you the option to continue at your own risk. I can't say that it's bad, but SSL internally isn't really a requirement. However, its security features can help. Right now, we have people going out and spending on purchasing the SSL certificates for internal sites. 

I have been using this solution for three years.

Fortinet FortiGate-VM is a stable and very reliable solution.

Fortinet FortiGate-VM is a scalable solution. It's very powerful, and I've never seen that machine running out of resources. It always worked.

Tech support is okay, but we do a lot of management by ourselves. We have a third party that we use when we do implementations, and I haven't contacted Fortinet even though I have access to it. The local support that we use costs much less. 

I still remember using Check Point, and it took a long time to apply a policy. To install the policy, you had to wait for ten to 20 minutes or even 30 minutes. Fortinet FortiGate-VM instantly applies the policy on the FortiGate itself.

The initial setup was difficult because we were all new when it came to the Azure environment. It was a little difficult to create space and understand that you have to have more than one interface. But once you get used to it. It's pretty straightforward.

It's straightforward if you have all that is required when you're clearing your traffic. If you're clearing your traffic already into your internal length to communicate with the firewall range, and you have information and understand it before the implementation, it will be very seamless. It will be stress-free when you understand the environment where you're going to implement it.

Our license is yearly, but we're thinking of going monthly. I think it's somewhere around 100,000 for VM04. Nowadays, everyone wants to be a hacker, so we believe in security. That's why we also have third-party people that we involve to make sure that we're secure. 

I don't think the costs are too bad. You still want to get advice from people who worked in security for many years, so you add a third party. The third party also said they would give their share like 100K, or 200K or something like that, so I don't think it's too expensive for security. I think it just adds more trust. 

We have been using Check Point Firewall so it was easy to identity the difference.

I will recommend the solution. If it's a first-time deployment in Azure, they need to understand a couple of things, like the interfaces we need to create. The good thing about FortiGate is that they don't hide how their devices work. You can go to their website and get every instruction that you need at any time. It's straightforward and even has pictures showing you what you should expect. I've done a few changes for the first time, and I didn't have to stress. But you must know the infrastructure well.

On a scale from one to ten, I would five Fortinet FortiGate-VM a ten.