Fortinet FortiGate-VM Reviews

We are using Fortinet FortiGate-VM for network-level security.

There is a cloud and on-premise version of the solution available.

Our company deploys this solution to many companies.

The most valuable features of Fortinet FortiGate-VM are the ease of use, IPS system, application filter, web filtering, and email security. Additionally, there is a migration tool that other vendors do not provide. We only need to upload the configuration file to the tool, and it converts everything, except the passwords, and gives us the new configuration, which we can directly upload on the firewall. This migration process takes a maximum of 15 minutes.

The solution can improve by adding separate interfaces for proxy and flow-based usage.

In the next release, the web application firewall should be integrated into the hardware. There is separate hardware for the web application firewall and for  FortiGate.

I have been using Fortinet FortiGate-VM for approximately seven years.

I rate the stability of Fortinet FortiGate-VM an eight out of ten.

We have approximately 30 users and 30,000 users.

This is a scalable solution.

I rate the scalability of Fortinet FortiGate-VM an eight out of ten.

The support from Fortinet FortiGate-VM exhibits high responsiveness. Whenever I raise a ticket on their portal, they typically respond within 15 to 20 minutes. In urgent cases, we can contact them via a ticket, and an engineer will be promptly assigned to assist.

I rate the support from Fortinet FortiGate-VM an eight out of ten.

Positive

I have used multiple types of firewalls and vendors, such as Cisco Firepower. Palo Alto, and Sophos.

Palo Alto is a great solution but it is expensive. I would choose them over Fortinet FortiGate-VM but they are too expensive. For my use case, Fortinet FortiGate-VM is the best for the environment.

Fortinet FortiGate-VM has discounts for generalized partners.

The initial setup time of Fortinet FortiGate-VM depends on the policies and filters that need to be applied to different users. The time can vary a lot on the environment. Its time ranges from minutes to a month. However, we can do the process remotely and it takes approximately 10 minutes.

We do the implementation of the solution.

The license can be purchased at intervals of one, three, and five years.

The price of the solution is in the middle range compared to the other vendors. However, the vendor is increasing the price gradually.

One person is suitable in a 24-hour period for the maintenance of the solution. A three to five administrator maintenance team would be sufficient to cover all the maintenance shifts per week.

I highly recommend Fortinet FortiGate-VM to others.

I rate Fortinet FortiGate-VM a nine out of ten.

We use Fortinet FortiGate-VM for managing inbound and outbound internet traffic through our environment. Sometimes, we also use it for managing the site's internet outbound and routing. We also use it for IPSec on Azure. We also have an on-premises environment, and we're using it for IPSec on that environment. 

All the routing happens through it because we're swinging all the traffic on the Azure side through a firewall which is basically the gateway. It acts as the gateway and manages outbound traffic in that environment. We have also set up the SSL VPN for users. We do have FortiGate on-premise, and we set up the SSL VPN connection for users.

It made the routing of traffic seamless and it helped us with SD-WAN as well as load balancing.

I like the visibility and monitoring features because they're easy to use to monitor traffic. Features like geo-blocking and more have AI, and we're currently using all of it. But for now, we're only using geo-blocking, and we're able to block traffic from different countries. I also like that it's highly responsive. VM04 is also very powerful.

It would be better if it could provide you with options before completely blocking anything through the web filter. If you are doing a deep SSL inspection on the site if it says it's expired, it doesn't give you the option to continue at your own risk. I can't say that it's bad, but SSL internally isn't really a requirement. However, its security features can help. Right now, we have people going out and spending on purchasing the SSL certificates for internal sites. 

I have been using this solution for three years.

Fortinet FortiGate-VM is a stable and very reliable solution.

Fortinet FortiGate-VM is a scalable solution. It's very powerful, and I've never seen that machine running out of resources. It always worked.

Tech support is okay, but we do a lot of management by ourselves. We have a third party that we use when we do implementations, and I haven't contacted Fortinet even though I have access to it. The local support that we use costs much less. 

I still remember using Check Point, and it took a long time to apply a policy. To install the policy, you had to wait for ten to 20 minutes or even 30 minutes. Fortinet FortiGate-VM instantly applies the policy on the FortiGate itself.

The initial setup was difficult because we were all new when it came to the Azure environment. It was a little difficult to create space and understand that you have to have more than one interface. But once you get used to it. It's pretty straightforward.

It's straightforward if you have all that is required when you're clearing your traffic. If you're clearing your traffic already into your internal length to communicate with the firewall range, and you have information and understand it before the implementation, it will be very seamless. It will be stress-free when you understand the environment where you're going to implement it.

Our license is yearly, but we're thinking of going monthly. I think it's somewhere around 100,000 for VM04. Nowadays, everyone wants to be a hacker, so we believe in security. That's why we also have third-party people that we involve to make sure that we're secure. 

I don't think the costs are too bad. You still want to get advice from people who worked in security for many years, so you add a third party. The third party also said they would give their share like 100K, or 200K or something like that, so I don't think it's too expensive for security. I think it just adds more trust. 

We have been using Check Point Firewall so it was easy to identity the difference.

I will recommend the solution. If it's a first-time deployment in Azure, they need to understand a couple of things, like the interfaces we need to create. The good thing about FortiGate is that they don't hide how their devices work. You can go to their website and get every instruction that you need at any time. It's straightforward and even has pictures showing you what you should expect. I've done a few changes for the first time, and I didn't have to stress. But you must know the infrastructure well.

On a scale from one to ten, I would five Fortinet FortiGate-VM a ten.

The solution is mainly used for remote connectivity and endpoint and gateway network security.

The most valuable aspect of the solution is the V-Scanner which is the monitoring software. That's something that I love. 

We are able to closely monitor the usages of individual users and see their usage habits and other items, including the data itself, which gives us quite a bit of visibility.

I think one thing we couldn't find in the software console was all of our logs. In the logs themselves, for example, we couldn't find if a user was accessing all of the VPN. We don't get to know or we don't have a report that shows on what date or for how long and from what time he user has logged on. We don't have that particular feature or that kind of visibility. That could be improved. Reporting, therefore, in general, could be improved.

The one thing that could be improved is the integration with the exchange. The gateway level controls can be enhanced a bit more. For example, it's still little here and there. You do get malicious attacks and suspicious emails like spam. It's not like Sophos where we got a lot of spam email, and yet, it's still relatively vulnerable. It can be upgraded, maybe with a fifth-generation firmware that it is ready for unknown threats. 

Especially after this pandemic situation, it requires a little more enhancement. For an SME level organization, it's okay, but when it comes to corporate and banking enterprises it still requires a lot of enhancement. Comparing it to Palo Alto, for example, it's still very behind the curve.

We've been using the solution for two years.

The solution is very stable. It's reliable, for the most part.

It's stable, comparatively, to the fifth generation UDL appliances or other software that is available in the market. It's quite stable for the integration. It still requires more of a formal enhancement for speedy patches and speedy updates.

The solution has a moderate amount of scalability potential. I wouldn't say it's the best, however, it is possible to scale it if you need to.

We have about 25-30 people on the VM currently.

We've never had to contact Fortigate's technical support, so I can't speak to their quality of service. If we have any issues on the solution, we tend to handle the problem internally.

We used to have Sophos and we shifted to Fortinet about two years ago.

The integration of the active directory with Sophos was not up to spec. We decided to drop it and instead went ahead with Fortinet.

The initial setup was a bit difficult. It's not perfectly straightforward. This may have been due to the fact that we were using ISA, which is pretty determined, and we had to migrate from ISA to Sophos and from Sophos to Fortinet. It was a little difficult, but not that complex.

For us, the implementation took about two weeks.

Each quarter we have a managed service contract with the integrator and they do any preventative maintenance every quarter. We have four visits in a year that we have agreed upon. Every quarter they come to us and they do some penetration testing and see the usability features and give us a report.

We outsourced the implementation to an integrator that handled the setup for us. They also handle quarterly maintenance for us.

The pricing of the solution is moderate. It's competitive, although I wouldn't consider it a cheap solution per se.

Aside from the licensing, there are some add-ons that need to be added that we personally haven't added. There are features such as content filtering, etc., that we haven't opted for. However, users can add them on if they need to for an additional cost.

We're just customers. We don't have a professional relationship with the organization. We're using the latest version of the solution.

I have learned that they have some internal resources available. However, those who are not trained and certified should not be experimenting with it. 

I'd advise other organizations that, if they don't have a proper administrator who can monitor and maintain their appliance, it's better they if don't implement it. It's not like somebody who has a background of software can handle Fortinet. They need to be properly trained and knowledgable.

I'd rate the solution seven out of ten overall.

The virtual and hardware versions of the solution are mostly the same. 

The VM it's very quick for deployment. If we need to have a POC for a customer, if we don't have any hardware physically at our premises, at our store, in our office, we can download the VM from Fortinet and install all the VM to their environment in order to run it. If we have a customer that says "let's start tomorrow" we are able to do that in a way that's not possible with a hardware version.

Normally Fortinet is very flexible that it supports almost all environments. 

The solution is user friendly.

The cost of the solution is pretty fair.

The documentation is very good.

The SD-WAN is very good, as compared to, for example, Citrix SD-WAN which has an overall lack of security and needs to leverage other devices, like Palo Alto, to cover this.

The licensing needs to be improved. We need longer licensing periods, especially for POCs and trials. It should be for six months. Right now, it's too short of a timeframe. 

Overall as I say, the features-wise and performance-wise the VM and hardware versions are the same. The main difference is that the hardware-based option ins is more powerful compared to the VM version. 

Their technical support is not helpful and I try to avoid using it.

I've been using the solution for ten years. It's been a decade now.

We do occasionally get bugs on the solution, and when that happens, we do need to go to technical support to get the issue resolved.

Let's say tomorrow we want to upgrade in terms of memory, in terms of processor. If we are VM  based we are using files and by default, we have some spec which is set to the VM. If tomorrow we need more capacity for this logging, we can just upgrade it. We take an analyzer like G1 or G5 and we upload the license, and it will upgrade automatically. 

It's so much easier as compared to hardware, due to the fact that, with hardware, you need to change everything completely. 

We have nine people on our team working with the solution regularly.

The support for Fortinet is not very good, and so I tend not to contact them if I can avoid it. They are not good in their general response time. Some team members are quite technical, however, that's not everyone, and you aren't guaranteed to get someone who knows what they are talking about. Sometimes their answers are irrelevant as if they aren't even replying to your actual questions. Other times they tell you what you need is not possible.   

Fortinet has forums for users, and if you go there, you'll see that there are a lot of others saying they are unhappy with support as well. While I'm a big fan of Fortinet, I do not like their support.

We only really use it now if we have an issue with a bug and there's no workaround except to go right to them. Otherwise, we don't contact them.

The cost of the solution is good.

Normally I don't really push a virtual appliance. Some customers may be interested in a virtual appliance for scalability. For most of our customers, we are pushing hardware-based solutions and not a virtual appliance.

For example, if we have a customer that has a private data center in Mauritius and wants to have a hybrid solution, let's say to interconnect on the public cloud, and they want to do SD-WAN to secure it from the public to its current on-premises data center, normally we will go with the virtual appliance on the public side. 

I would recommend Fortinet's hardware 100% of the time, especially in comparison to Palo Alto. With the VM, it's a harder question to answer. A better question would be: what do you will prefer for a next-generation firewall? Do you prefer Fortinet? Do you recommend Fortinet or Cisco or Palo Alto? I would say personally I always recommend Fortinet. I will continue to due to the fact that the cost and the integration, and the general user-friendliness, are all impressive.

I'd rate the solution eight out of ten. I'd rate it higher if it had a longer trial, better licensing, and stronger technical support. There are still places for improvement in the solution.

My company functions as a mobile operator and supports business customers. We use the solution for our infrastructure and firewalls. 

The tool's most valuable feature is its ability to deploy it on live physical hardware. Specifically, when providing firewall services for clients, we can leverage such hardware appliances to support multiple customers on the same hardware.

The product needs to focus on cloud-nativeness and pricing. 

I have been using the product for six to seven years. 

Fortinet FortiGate-VM is a good solution in terms of stability. I rate it a seven out of ten. 

I rate the tool's scalability a ten out of ten. 

The tool's technical support is good. 

We rely on automation for deployment, making it easy for us. We clone the existing infrastructure for additional customers. Our challenging aspect is coordinating with clients to set up the infrastructure. Understanding the existing infrastructure of business customers, especially their premises and specific requirements, is a crucial step.

I rate Fortinet FortiGate-VM's pricing a six out of ten. 

I rate the overall solution a seven out of ten. 

My primary use case of this solution is for advanced security in the cloud, as well as SD-WAN and branch connectivity. We use version 6.4 and are just now moving to 7.0. 

FortiGate-VM has many valuable features: it's easy to use, it's intuitive, it's got very good traffic inspection features, it's got comprehensive filtering categories, and it has an extensive threat database, using FortiGuard. 

FortiGate-VM could be improved by making it cloud-based. I'd like it to be a cloud-based management solution instead of just a dedicated management orchestration tool. 

I have been using FortiGate-VM for five years. 

Personally, I like Fortinet support. I know other colleagues and people think it's slow, but I don't.

I used FortiGate for 10 years. I also have experience with Azure Firewall Premium, Cisco ASA, and Cisco Firepower. 

The installation is really easy. There's HA deployment in the marketplace involving Azure and AWS. I handle the installation myself. 

I implement this solution myself for customers. 

There are yearly or monthly licenses which you can choose from. 

I rate FortiGate-VM an eight out of ten. I recommend this solution to others. There's a use case, like any cloud-based firewall. 

We're an MSP, so we sell, configure, and manage these solutions for customers. 

Their support is very good. Fortinet has a good support base here who has been working closely with us. Whenever there is an issue that needs to be addressed to our end clients, we have received very good support. 

The product is quite user-friendly so we didn't have a lot of issues that needed to be addressed. 

The pricing structure is also flexible. 

Customization needs improvement. A lot of people have very unique requirements that they ask for at times. Everybody wants to get more out of the solutions so that they have more with less. I would like a little more customization, especially now that everything is becoming a lot more flexible with cloud-based deployments. A little more flexibility in terms of the offering that we can do or the bundling of products would help acquire markets much faster or much better.

I have been using FortiGate-VM for just under a year. 

It is definitely stable. We have not had a lot of support calls so, so far it is good. We have been pushing our clients to see whether they need additional support.

We want to organize more training and have a lot more awareness-building seminars and workshops. That is something that I think we can or we would be wanting to look at moving ahead. We haven't been able to organize a lot of that yet, but that is something that I think can help in many aspects is awareness, to be able to draw in and attract local talent who would be able to help with support.

Our clients are mostly enterprise businesses. 

We are a value-added reseller. The technical support primarily is coming from Fortinet because we are in the process of building up to provide the right service. Once we are comfortable then we will be again discussing with Fortinet that we are able to assume a greater role in providing the services locally or on-site from here.

We are still getting help from Fortinet for the deployment. We have been able to push this to two clients after we onboarded this. In the next couple of months, we believe that we will be able to take over the implementation and they can take a little more of a backseat. We want to be more independent, locally, with the local support and local team to be able to deploy it. We want to ensure that the service is seamless.

POCs are definitely the way to go because cyber-security is still in many cases new for many clients. Cybersecurity is a very wide arena in today's day and age. There is no one single solution, every day someone else is innovating some specialization in some form or another. Clients would like to see a proof of concept before they go on a large full-scale deployment. 

In the next release, I would like to have the possibility of being able to offer cyber-insurance with this because this is something that I think is completely unavailable at the moment here. This would add a whole new dimension. 

I would rate it a seven out of ten.