Fortinet FortiGate-VM Reviews

I am a network engineer. I deploy firewalls for customers. I also provide firewall installation and configuration services.

I mostly prefer Fortinet firewalls. The graphical user interface is user-friendly and easy to configure. I recommend it to my clients because it is very easy to deploy. 

Performance, scalability, and everything else are top-notch compared to others like Sophos or Cisco. I've used them all, and Fortinet is my go-to.

The main use case is for organizations that can't afford or procure hardware appliances. They can install the VM and license it as a cost-effective alternative.

The combination of SD-WAN and VPN capabilities is the most valuable feature.

If I could add one feature, it would be free security profiles.

I have experience with FortiGate VM. I've used it for practice and deployed it on customer sites.

I have been using it for four years. 

I haven't personally experienced any bugs, and none of my clients have reported any either.

I would rate the scalability a seven out of ten. 

The customer service and support are very knowledgeable and helpful.

I've deployed Cisco firewalls and hold certifications like CCNA and CCNP. But for security-level firewalls, I always go with FortiGate.

The initial configuration is very easy, even for non-technical users.

VMs can be affordable, but for high-demand scenarios, I'd still recommend the hardware. For the cost, it's a ten out of ten.

I would recommend the hardware firewall unless you have specific constraints. If you're installing on a server or desktop, and something happens like a cache issue, you won't have the same backup options as a physical appliance.

With hardware, you can claim a warranty, get a new unit, and easily restore from your existing backup. That wouldn't be as straightforward with a VM.

Over a hundred customers have deployed the physical Fortinet firewall based on my recommendations.

Overall, I would rate the solution a seven out of ten. 

Internally, I've been using this solution to front our servers.

I found the Antivirus and Anti-spam features most valuable in this solution. I'm happy with FortiGate-VM because it's good for our servers. It stopped many attacks, including spam, over our networks.

It's been a year since I started using FortiGate-VM.

I find this solution really stable.

The scalability of this solution is an eight or a nine to me. It's good.

I don't have experience with Fortinet's technical support. When I face any problem or issue, I call the company that came here to implement the device.

I hired a consultant to implement the solution. I had a good experience. It was good for my work and my networks.

FortiGate-VM is more expensive than Sophos. We have two appliances: a main appliance, then a backup, e.g. FortiGate-VM, and this make it so expensive, even more than the costs from Sophos.

We pay the standard three-year licensing fees.

I evaluated Sophos.

I spent many years using Cyber and Sophos. Mainly, I use Sophos, while I use FortiGate-VM in the network background.

I see that Fortinet is a big company. I can't compare the Sophos and Fortinet solutions I'm using, because I'm using Sophos at the front, and behind Sophos, I'm using FortiGate-VM, so I can't give a good comparison or opinion. I've only used FortiGate-VM for one year.

It took nearly one month to complete the FortiGate-VM deployment because the decision came from upper management.

No other users use FortiGate-VM in our organization, because it's a device or appliance that only stands in front of our servers.

We don't have a need for maintenance yet. We've only been using it for one year and it currently needs no maintenance.

I don't know if our organization has plans to increase the usage of FortiGate-VM because this decision will come from upper management.

I'm a good observer and I'm still learning some feature metrics of this solution.

What I'd like to advice people looking into implementing FortiGate-VM is to study the FAQs of other users. You should know the tricks and what exactly is needed in this appliance. This is a very good appliance, but I have less experience with it compared to Sophos which I've used for many years.

I'm rating FortiGate-VM an eight out of ten.

Maybe others rate the vendor a 10 out of 10, but I'm sticking with eight.

Their support is very good. Fortinet has a good support base here who has been working closely with us. Whenever there is an issue that needs to be addressed to our end clients, we have received very good support. 

The product is quite user-friendly so we didn't have a lot of issues that needed to be addressed. 

The pricing structure is also flexible. 

Customization needs improvement. A lot of people have very unique requirements that they ask for at times. Everybody wants to get more out of the solutions so that they have more with less. I would like a little more customization, especially now that everything is becoming a lot more flexible with cloud-based deployments. A little more flexibility in terms of the offering that we can do or the bundling of products would help acquire markets much faster or much better.

I have been using FortiGate-VM for just under a year. 

It is definitely stable. We have not had a lot of support calls so, so far it is good. We have been pushing our clients to see whether they need additional support.

We want to organize more training and have a lot more awareness-building seminars and workshops. That is something that I think we can or we would be wanting to look at moving ahead. We haven't been able to organize a lot of that yet, but that is something that I think can help in many aspects is awareness, to be able to draw in and attract local talent who would be able to help with support.

Our clients are mostly enterprise businesses. 

We are a value-added reseller. The technical support primarily is coming from Fortinet because we are in the process of building up to provide the right service. Once we are comfortable then we will be again discussing with Fortinet that we are able to assume a greater role in providing the services locally or on-site from here.

We are still getting help from Fortinet for the deployment. We have been able to push this to two clients after we onboarded this. In the next couple of months, we believe that we will be able to take over the implementation and they can take a little more of a backseat. We want to be more independent, locally, with the local support and local team to be able to deploy it. We want to ensure that the service is seamless.

POCs are definitely the way to go because cyber-security is still in many cases new for many clients. Cybersecurity is a very wide arena in today's day and age. There is no one single solution, every day someone else is innovating some specialization in some form or another. Clients would like to see a proof of concept before they go on a large full-scale deployment. 

In the next release, I would like to have the possibility of being able to offer cyber-insurance with this because this is something that I think is completely unavailable at the moment here. This would add a whole new dimension. 

I would rate it a seven out of ten. 

In terms of what features should be improved with Fortinet, I feel it should give better reports. They provide some basic reports in the entry-level and middleware products but I would love this product if they gave more reports, including more MIS from the traffic because they capture everything in the UTM. They don't produce a team value report. They don't produce a usable report where the IT manager, IT head or CTO can analyze where the attack happened or figure out where the bridge is down, etc. The reports are basic. There are engines which make everything on the GUI. All the user can potentially access for the risky function in the Fortinet but it should be on the GUI, it should not be behind the command line. They could definitely provide the FortiAnalyzer with the basic UTM in a bundle pack.

People should not have to ask for another FortiAnalyzer. It's an entry-level product. I understand that FortiAnalyzer is an expert level product but the functionality should be available at the entry-level as well. Fortinet should think about the entry-level and give it managing capabilities. That's why I selected Sophos because, for a small or medium office, all the reports are available there.

Secondly, Sophos is cost-effective. It is comparatively much cheaper. Sophos is available for a much cheaper price than Fortinet. Also, they have some other functions like sandboxing and others. FortiGate should be more customer-friendly and budgeted better. If I am a buyer, I do not want multiple appliances to manage. It should be one box, one appliance. One mobile should do everything. Multiple products require IT to create a workaround. You have to buy two products and then there is actually another one with that, one plus one, and then there is multiple management, so the product is definitely cumbersome. The beauty of the product is implementation and maintenance without it.

I have my own team to maintain this product. We are very happy as a Sophos user, as we get whatever we want from the reporting point of view. There are no glitches. There is no one issue in particular. When I ask, or my team asks, how the network is working and why there is network latency there are reports about where the traffic is going and I do not have the input after moving or switching to Sophos. I can get the support regarding which IP is working where and which IPs are making traffic, and more.

I have been personally using FortiGate-VM for two years.

We already procured Sophos. I already ordered two devices from our Indian partner.

We are now partners with Sophos. We were partners with FortiGate for the last year.

The first reason that we switched is because of our work use cases. We moved 80% of our infrastructure to AWS outsource. So we do not require a big firewall anymore. We are a 50 to 70 employee organization so a different firewall is required. We have a 310 exchange enterprise-level firewall. So we moved to 83210 Sophos. The reason why we are changing to different technologies is the comprehensive reports that Sophos provides at the very basic entry-level firewall. In the FortiGate, we have to also have another plan for data analyzer.

The second thing which I believe is that FortiGate has some special functions in the CLI (command-line interface) mode. Sophos does not support that and all its functions are on the UI. So it's easier management in Sophos compared to FortiGate. 

In terms of ease of use, if you implement FortiGate in your organization, you must have a FortiGate person who knows FortiGate and then three, four, or five years to learn to maintain the FortiGate device. Whereas Sophos doesn't require that much because all the things are on the UI. So anybody can understand it from the UI.

I can give you an example of the issue with UI. This is a basic thing. In the UI, you could go to the FortiGate console and work directly in the command. You can manage it from the command but you must have command line experience to manage the FortiGate device. If I want to see the traffic and where it goes and where it's from or any attack, in case of an attack, you need FortiAnalyzer to analyze, to track the packet, to protect the traffic. So that's easily available in other products like Sophos 83210. 

The cost of Sophos and other players is better compared to the FortiGate. FortiGate is a more important product in the industry. It is recommended, but the cost is also a major point in evaluating Fortinet's firewall solutions in our niche.

On a scale of 1 to 10, I'd give it a 9. 

FortiGate is a nice and very good product but the implementation and post-implementation of the product are cumbersome. You have to manage four devices instead of two devices if I go for FortiAnalyzer. For a small, entry-level business, Fortinet should give the entire reporting on the UI so that end to end engineers can manage efficiently. So as technology is concerned, I give eight out of 10, but because of reporting, I would give five out of 10. I am just giving an example: if I know everything or you know everything but if you can't explain it, how do other people come to know that you know everything? FortiGate clearly captures each and everything for the backup capture and everything but it doesn't show what it is acquiring. Analytical reports are missing from there.

The use case for VMs is if you're going to deploy them like a SaaS edge, to protect your applications or provide deeper visibility into the traffic. Or you could use it in your data centers as well. However, that's not our preference.

We primarily use the solution for network segmentation at our data centers and remote connectivity to our distributed sites.

We were able to take advantage of their management tool, FortiManager, to get a single pane of glass. FortiManager and FortiAnalyzer do not have a single panel glass. Rather, they are two panes of glasses to manage and monitor the firewalls where previously we were using Cisco. I don't want to call them legacy firewalls, however, with Cisco firewalls, we didn't have that management or logging visibility.

The product has pretty good logging and reporting capabilities native to the firewall. Then they also use FortiAnalyzer to aggregate that traffic and provide more detailed and aggregated reporting. That's going to help when you're analyzing network traffic for network segmentation initiatives.

The stability is excellent.

It's very easy to set up, even for more junior developers.

The scalability has improved. 

It's got a clean interface and it's very intuitive. Everything is easy to navigate.

Their offering for MFA isn't the cleanest. They have a product called FortiAuthenticator. It's not a FortiGate but that is one of their MFA offerings. However, other products that I've used, like Duo, are better from a user experience standpoint. They are easier to configure. 

I've been using the solution for ten years. It's been a while. 

Six or seven years ago, they had issues with code versions where they would make changes within the code version and they would have some bugs. That said, over the last six or so years, their releases have been very stable. We've had very few issues with any type of bugs or issues.

Scalability has gotten better with their SD-WAN offering. They're able to utilize inexpensive lines such as 4G, 5G, or DSL. It has allowed us to move away from expensive MPLS lines.

Historically, conventional or Next-Gen firewalls have been utilized at data centers and remote sites. Now, however, a lot of customers are moving towards Zero-Trust access and SASE. I'm currently looking to get a little bit more information on Zero-Trust architecture, as it reduces the overall management and need for physical firewalls in all your locations, which can get expensive.

We also use the Cisco ASA firewalls. I do find that Fortinet is easier to handle than Cisco as you don't need to handle tasks via the command line, which makes it easier especially for junior-level developers.

The initial setup is very straightforward. I started out in the Cisco world with Cisco firewalls and switches. Then we started deploying FortiGate and I found that FortiGate was easier to learn, especially for junior-level engineers. We were able to get junior-level engineers up to speed quicker than if it was a Cisco platform, especially if they haven't used the command line before.

Deployment usually takes a day, depending on the complexity of the firewall. It might be a day to two, depends on if we are using multiple IPSec tunnels if it's at a data center or a remote site. 

In terms of deployment and maintenance, in my experience, by a rough order of magnitude, a company would need one technician per 30 firewalls. For our company, we had a team of three network engineers and we had a fleet of about 120 firewalls.

I handed the implementation myself with my team. We didn't need any integrators or consultants.

For our entire fleet of 120 firewalls, we're paying about $100,000 per year. The licensing fees give you support and the capability to download updated definitions of threat intelligence from Fortinet.

I was previously a customer. now I am a reseller and Fortinet partner.

We primarily use hardware-based appliances, including the 100 D/E series, 100F, 190 D/E's, ADCs, 600 E's. They are similar to VMs.

We're using the most recent code level at this time. We're one version behind the latest version. We tend to use one version behind the most recent for safety reasons so that we can avoid troublesome bugs or glitches.

Anyone looking to deploy Next-Gen firewalls, in general, should really define their use cases to be able to decide on the proper technology to deploy within the environment. If you're looking to deploy Next-Gen firewalls at all your locations and create point-to-point VPN tunnels, they can get cumbersome and difficult to manage policies. It is also difficult to do network segmentation. With some of the Zero-Trust offerings, you're able to actually move your clients outside of your corporate perimeter, and then isolate those applications based on the user per application, instead of requiring them to dial back via traditional VPN to your data centers, which sometimes isn't the best user experience for your end-users.

I'd rate the solution at an eight out of ten.

We use FortiGate as an edge security device. We are system integrators and we use this product ourselves, as well as implement it for our clients.

The geofencing and blocking capabilities for all non-domestic countries lower the attack surface by approximately 85%.

The most valuable feature is geofencing, where we can block all access from all non-domestic locations.

In the next releases, it would be nice to see central cloud management.

They have an on-premises solution that you can deploy for fleet management or for multiple site management, but it seems like a cloud solution would be a little bit easier.

We have been using FortiGate for the past two years.

We are using the latest version.

This is a very stable solution.

So far, this product has scaled very well. We have approximately 100 deployed, as edge devices. Currently, it is our only edge device and we plan to continue rolling it out in the future.

Their technical support is great.

We used Cisco ASAs exclusively before changing exclusively to FortiGate.

We decided to change to FortiGate because the entitlement was too difficult on Cisco.

The initial setup is straightforward and it takes approximately two hours to deploy.

Licensing is pretty standard. It's approximately 15% of the total cost per year as a subscription cost.

The subscription cost also includes support for entitlement, which was not the case with Cisco. That was the deciding factor. We changed our whole install base because of that.

There are no additional costs other than the standard licensing fees.

I would recommend stopping waiting to use Fortinet Fortigate. It's really a great solution and their support is very good. SonicWall has awful support. I can't say more strongly how bad SonicWall has ever been.

With the engineers, everything is difficult to phrase. They don't understand what you're trying to do. They should understand. Their first-level support is terrible. They really don't understand. You can't get to the next level without going through level one. 

Level one is terrible. It's frustrating enough that we just do it ourselves with Google articles because of this.

I would rate this solution a nine out of ten.

We primarily use the solution for the security so that our systems will not be penetrated externally.

The security the solution provides is its most valuable feature. All the basic security we need is found within this product.

The functionality provided is very good.

It integrates well with FortiMail and the two combined add a nice layer of security for our on-prem emails.

As we just began implementing the solution, I'm not sure if there are any features missing. We haven't come across any shortcomings in the product yet.

We purchased the product through a reseller, and we don't have any issues with them and therefore, so far, don't have any issues with the solution itself.

The product may not be as robust as Palo Alto. However, unless you are a big bank, you probably won't need it to be.

This is the first time we've acquired a firewall. It's pretty much a new experience on our end. We haven't been using it long at all. 

We haven't had any issues when it comes to stability. It's been very good.

The scalability of the solution is good. We haven't faced any issues with expansion.

We have yet to contact technical support, as we've just started to use the product and haven't had any issues to speak of so far.

This is our first firewall. We didn't previously have a different solution.

The solution's setup was pretty straightforward. It took the team about two to three weeks to deploy it.

We had a reseller assist us with the implementation.

Fortigate is cheaper if you compare it to Palo Alto, a main competitor.

Our team evaluated Palo Alto as well, although I did not evaluate it directly. I'm not sure what the main difference was between Palo Alto and Fortigate.

However, we have evaluated Fortinet for the last four or five months and now we're officially acquiring the licenses for it. 

I believe the pricing was a big part of the decision to choose Fortigate.

We've also recently acquired FortiMail as well.

This solution has the basic functionalities required for a firewall. In fact, in terms of our evaluation, it's basic functionalities are enough for us. If I were to compare it to Palo Alto, it does not necessarily have the full capability of that particular solution. We're not a bank. We don't belong to the banking industry so we don't really need such high caliber firewalls that provide multiple levels of security. It's not required with our industry, so a mid-range firewall like Fortigate is perfect.

If your business is small or even enterprise-level, if it doesn't necessarily need multiple or heavy firewalls, Fortigate will actually work just fine for you.

I'd rate the solution seven out of ten. It perfectly meets our requirements.

The tool is expensive. 

I have been working with the product for two years. 

I rate the tool's stability a ten out of ten. 

Fortinet FortiGate-VM is scalable. We have 15 users. 

Fortinet FortiGate-VM's deployment is easy. 

I rate Fortinet FortiGate-VM an eight out of ten.