Fortinet FortiGate-VM Reviews

In terms of what features should be improved with Fortinet, I feel it should give better reports. They provide some basic reports in the entry-level and middleware products but I would love this product if they gave more reports, including more MIS from the traffic because they capture everything in the UTM. They don't produce a team value report. They don't produce a usable report where the IT manager, IT head or CTO can analyze where the attack happened or figure out where the bridge is down, etc. The reports are basic. There are engines which make everything on the GUI. All the user can potentially access for the risky function in the Fortinet but it should be on the GUI, it should not be behind the command line. They could definitely provide the FortiAnalyzer with the basic UTM in a bundle pack.

People should not have to ask for another FortiAnalyzer. It's an entry-level product. I understand that FortiAnalyzer is an expert level product but the functionality should be available at the entry-level as well. Fortinet should think about the entry-level and give it managing capabilities. That's why I selected Sophos because, for a small or medium office, all the reports are available there.

Secondly, Sophos is cost-effective. It is comparatively much cheaper. Sophos is available for a much cheaper price than Fortinet. Also, they have some other functions like sandboxing and others. FortiGate should be more customer-friendly and budgeted better. If I am a buyer, I do not want multiple appliances to manage. It should be one box, one appliance. One mobile should do everything. Multiple products require IT to create a workaround. You have to buy two products and then there is actually another one with that, one plus one, and then there is multiple management, so the product is definitely cumbersome. The beauty of the product is implementation and maintenance without it.

I have my own team to maintain this product. We are very happy as a Sophos user, as we get whatever we want from the reporting point of view. There are no glitches. There is no one issue in particular. When I ask, or my team asks, how the network is working and why there is network latency there are reports about where the traffic is going and I do not have the input after moving or switching to Sophos. I can get the support regarding which IP is working where and which IPs are making traffic, and more.

I have been personally using FortiGate-VM for two years.

We already procured Sophos. I already ordered two devices from our Indian partner.

We are now partners with Sophos. We were partners with FortiGate for the last year.

The first reason that we switched is because of our work use cases. We moved 80% of our infrastructure to AWS outsource. So we do not require a big firewall anymore. We are a 50 to 70 employee organization so a different firewall is required. We have a 310 exchange enterprise-level firewall. So we moved to 83210 Sophos. The reason why we are changing to different technologies is the comprehensive reports that Sophos provides at the very basic entry-level firewall. In the FortiGate, we have to also have another plan for data analyzer.

The second thing which I believe is that FortiGate has some special functions in the CLI (command-line interface) mode. Sophos does not support that and all its functions are on the UI. So it's easier management in Sophos compared to FortiGate. 

In terms of ease of use, if you implement FortiGate in your organization, you must have a FortiGate person who knows FortiGate and then three, four, or five years to learn to maintain the FortiGate device. Whereas Sophos doesn't require that much because all the things are on the UI. So anybody can understand it from the UI.

I can give you an example of the issue with UI. This is a basic thing. In the UI, you could go to the FortiGate console and work directly in the command. You can manage it from the command but you must have command line experience to manage the FortiGate device. If I want to see the traffic and where it goes and where it's from or any attack, in case of an attack, you need FortiAnalyzer to analyze, to track the packet, to protect the traffic. So that's easily available in other products like Sophos 83210. 

The cost of Sophos and other players is better compared to the FortiGate. FortiGate is a more important product in the industry. It is recommended, but the cost is also a major point in evaluating Fortinet's firewall solutions in our niche.

On a scale of 1 to 10, I'd give it a 9. 

FortiGate is a nice and very good product but the implementation and post-implementation of the product are cumbersome. You have to manage four devices instead of two devices if I go for FortiAnalyzer. For a small, entry-level business, Fortinet should give the entire reporting on the UI so that end to end engineers can manage efficiently. So as technology is concerned, I give eight out of 10, but because of reporting, I would give five out of 10. I am just giving an example: if I know everything or you know everything but if you can't explain it, how do other people come to know that you know everything? FortiGate clearly captures each and everything for the backup capture and everything but it doesn't show what it is acquiring. Analytical reports are missing from there.

The product accesses the perimeter firewall and internet proxy at the same time. It allows the creation of a virtual DMZ network. We can have services on the DMZ.

The reporting is good. The signatures are quite good. We have some confidence in the product’s protection capabilities.

The users must buy FortiSIEM to get advanced analytics. The product must provide users with more reports before asking them to buy FortiSIEM.

I have been using the solution for around a couple of years.

There are no stability issues. As long as we provide adequate resources, the solution works.

VM provides scalability options. We could pair the virtual firewalls and have more capacity. We know it's there, but it wasn't necessary, given the organization's size. Around 350 users from a small microfinance company use the solution. The product is extensively used since it also provides internet proxy and VPN. Almost all services that require connectivity are going through the firewall.

We contacted the technical support team regarding a clarification we needed on how to get some services to talk to one another. The team was very handy in that process.

The setup is not that complex. I wouldn't say it's simple, but It's relatively straightforward as long as we follow the guidelines and work with the recommendations.

We deployed the solution with the help of a local partner. We just had one engineer on-site who was supported by Fortinet Professional Services.

There is a good ROI on the product. The solution was quickly deployed, and we were able to have more protection and better visibility of our traffic on the network. We can get a lot of value out of the solution due to the reports.

The pricing is really good. The FortiGate licensing model is workable compared to many other providers who license everything. The local partner was there to guide us in structuring the license to keep the costs minimal. At the moment, there are no additional costs associated with the tool.

We had a competitive evaluation of other products. We chose Fortinet FortiGate-VM because of its affordability. It also had some of the features that were part of our roadmap.

It's a good solution. It’s worth checking out. It is easy to configure and quite easy to use. Some solutions are built by engineers for engineers. The product is a bit relatively easy to use and work with. Overall, I rate the solution an eight or nine out of ten.

The use case for VMs is if you're going to deploy them like a SaaS edge, to protect your applications or provide deeper visibility into the traffic. Or you could use it in your data centers as well. However, that's not our preference.

We primarily use the solution for network segmentation at our data centers and remote connectivity to our distributed sites.

We were able to take advantage of their management tool, FortiManager, to get a single pane of glass. FortiManager and FortiAnalyzer do not have a single panel glass. Rather, they are two panes of glasses to manage and monitor the firewalls where previously we were using Cisco. I don't want to call them legacy firewalls, however, with Cisco firewalls, we didn't have that management or logging visibility.

The product has pretty good logging and reporting capabilities native to the firewall. Then they also use FortiAnalyzer to aggregate that traffic and provide more detailed and aggregated reporting. That's going to help when you're analyzing network traffic for network segmentation initiatives.

The stability is excellent.

It's very easy to set up, even for more junior developers.

The scalability has improved. 

It's got a clean interface and it's very intuitive. Everything is easy to navigate.

Their offering for MFA isn't the cleanest. They have a product called FortiAuthenticator. It's not a FortiGate but that is one of their MFA offerings. However, other products that I've used, like Duo, are better from a user experience standpoint. They are easier to configure. 

I've been using the solution for ten years. It's been a while. 

Six or seven years ago, they had issues with code versions where they would make changes within the code version and they would have some bugs. That said, over the last six or so years, their releases have been very stable. We've had very few issues with any type of bugs or issues.

Scalability has gotten better with their SD-WAN offering. They're able to utilize inexpensive lines such as 4G, 5G, or DSL. It has allowed us to move away from expensive MPLS lines.

Historically, conventional or Next-Gen firewalls have been utilized at data centers and remote sites. Now, however, a lot of customers are moving towards Zero-Trust access and SASE. I'm currently looking to get a little bit more information on Zero-Trust architecture, as it reduces the overall management and need for physical firewalls in all your locations, which can get expensive.

We also use the Cisco ASA firewalls. I do find that Fortinet is easier to handle than Cisco as you don't need to handle tasks via the command line, which makes it easier especially for junior-level developers.

The initial setup is very straightforward. I started out in the Cisco world with Cisco firewalls and switches. Then we started deploying FortiGate and I found that FortiGate was easier to learn, especially for junior-level engineers. We were able to get junior-level engineers up to speed quicker than if it was a Cisco platform, especially if they haven't used the command line before.

Deployment usually takes a day, depending on the complexity of the firewall. It might be a day to two, depends on if we are using multiple IPSec tunnels if it's at a data center or a remote site. 

In terms of deployment and maintenance, in my experience, by a rough order of magnitude, a company would need one technician per 30 firewalls. For our company, we had a team of three network engineers and we had a fleet of about 120 firewalls.

I handed the implementation myself with my team. We didn't need any integrators or consultants.

For our entire fleet of 120 firewalls, we're paying about $100,000 per year. The licensing fees give you support and the capability to download updated definitions of threat intelligence from Fortinet.

I was previously a customer. now I am a reseller and Fortinet partner.

We primarily use hardware-based appliances, including the 100 D/E series, 100F, 190 D/E's, ADCs, 600 E's. They are similar to VMs.

We're using the most recent code level at this time. We're one version behind the latest version. We tend to use one version behind the most recent for safety reasons so that we can avoid troublesome bugs or glitches.

Anyone looking to deploy Next-Gen firewalls, in general, should really define their use cases to be able to decide on the proper technology to deploy within the environment. If you're looking to deploy Next-Gen firewalls at all your locations and create point-to-point VPN tunnels, they can get cumbersome and difficult to manage policies. It is also difficult to do network segmentation. With some of the Zero-Trust offerings, you're able to actually move your clients outside of your corporate perimeter, and then isolate those applications based on the user per application, instead of requiring them to dial back via traditional VPN to your data centers, which sometimes isn't the best user experience for your end-users.

I'd rate the solution at an eight out of ten.

We use FortiGate as an edge security device. We are system integrators and we use this product ourselves, as well as implement it for our clients.

The geofencing and blocking capabilities for all non-domestic countries lower the attack surface by approximately 85%.

The most valuable feature is geofencing, where we can block all access from all non-domestic locations.

In the next releases, it would be nice to see central cloud management.

They have an on-premises solution that you can deploy for fleet management or for multiple site management, but it seems like a cloud solution would be a little bit easier.

We have been using FortiGate for the past two years.

We are using the latest version.

This is a very stable solution.

So far, this product has scaled very well. We have approximately 100 deployed, as edge devices. Currently, it is our only edge device and we plan to continue rolling it out in the future.

Their technical support is great.

We used Cisco ASAs exclusively before changing exclusively to FortiGate.

We decided to change to FortiGate because the entitlement was too difficult on Cisco.

The initial setup is straightforward and it takes approximately two hours to deploy.

Licensing is pretty standard. It's approximately 15% of the total cost per year as a subscription cost.

The subscription cost also includes support for entitlement, which was not the case with Cisco. That was the deciding factor. We changed our whole install base because of that.

There are no additional costs other than the standard licensing fees.

I would recommend stopping waiting to use Fortinet Fortigate. It's really a great solution and their support is very good. SonicWall has awful support. I can't say more strongly how bad SonicWall has ever been.

With the engineers, everything is difficult to phrase. They don't understand what you're trying to do. They should understand. Their first-level support is terrible. They really don't understand. You can't get to the next level without going through level one. 

Level one is terrible. It's frustrating enough that we just do it ourselves with Google articles because of this.

I would rate this solution a nine out of ten.

We primarily use the solution for the security so that our systems will not be penetrated externally.

The security the solution provides is its most valuable feature. All the basic security we need is found within this product.

The functionality provided is very good.

It integrates well with FortiMail and the two combined add a nice layer of security for our on-prem emails.

As we just began implementing the solution, I'm not sure if there are any features missing. We haven't come across any shortcomings in the product yet.

We purchased the product through a reseller, and we don't have any issues with them and therefore, so far, don't have any issues with the solution itself.

The product may not be as robust as Palo Alto. However, unless you are a big bank, you probably won't need it to be.

This is the first time we've acquired a firewall. It's pretty much a new experience on our end. We haven't been using it long at all. 

We haven't had any issues when it comes to stability. It's been very good.

The scalability of the solution is good. We haven't faced any issues with expansion.

We have yet to contact technical support, as we've just started to use the product and haven't had any issues to speak of so far.

This is our first firewall. We didn't previously have a different solution.

The solution's setup was pretty straightforward. It took the team about two to three weeks to deploy it.

We had a reseller assist us with the implementation.

Fortigate is cheaper if you compare it to Palo Alto, a main competitor.

Our team evaluated Palo Alto as well, although I did not evaluate it directly. I'm not sure what the main difference was between Palo Alto and Fortigate.

However, we have evaluated Fortinet for the last four or five months and now we're officially acquiring the licenses for it. 

I believe the pricing was a big part of the decision to choose Fortigate.

We've also recently acquired FortiMail as well.

This solution has the basic functionalities required for a firewall. In fact, in terms of our evaluation, it's basic functionalities are enough for us. If I were to compare it to Palo Alto, it does not necessarily have the full capability of that particular solution. We're not a bank. We don't belong to the banking industry so we don't really need such high caliber firewalls that provide multiple levels of security. It's not required with our industry, so a mid-range firewall like Fortigate is perfect.

If your business is small or even enterprise-level, if it doesn't necessarily need multiple or heavy firewalls, Fortigate will actually work just fine for you.

I'd rate the solution seven out of ten. It perfectly meets our requirements.

The tool is expensive. 

I have been working with the product for two years. 

I rate the tool's stability a ten out of ten. 

Fortinet FortiGate-VM is scalable. We have 15 users. 

Fortinet FortiGate-VM's deployment is easy. 

I rate Fortinet FortiGate-VM an eight out of ten. 

We use the solution for securing our network.

The solution's intrusion detection feature is excellent.

The solution's web-filtering configuration could be more straightforward. It takes a long time to configure.

I have been using the solution for eight years.

The solution is primarily stable. Although, some time ago, there were performance drops where it was freezing as the logs were full. We managed to resolve the issue. I rate its stability eight out of ten.

It is a very scalable product. The solution users in our organization include IT managers, finance officers, accountants, and chief financial officers. I rate its scalability a nine out of ten.

The solution's support team is excellent and efficient.

Positive

The solution's initial setup and configuration are straightforward. But if someone is trying to put policies and restrictions in place, then one has to understand many things. It takes one and half hours to configure and requires two executives for maintenance.

Initially, the solution's price was high for us. But it decreased on the purchase of more than one license.

I recommend the solution to others and rate it a nine.

Fortinet FortiGate-VM is used as a firewall for multiple servers.

Price is okay and can be considered in the middle range, provided we compare it with other solutions. So, the solution can be made cheaper.

Fortinet FortiGate-VM should have a public forum where engineers can ask and answer questions. This would make it easy for anyone to search for incidents and find solutions quickly without needing to ask for support. The forum should contain a lot of information to help users troubleshoot issues on their own.

The solution's support can be considered a bit slow since it takes some time to resolve issues. So, support needs to be improved.

Sizing can be challenging for customers interested in using Fortinet FortiGate-VM. They often ask for guidance on how to size the virtual machine for their needs properly.

I have been using Fortinet FortiGate-VM for three years. Also, my company is an integrator for the solution, and I am using its first version since we did not have to update it.

Stability-wise, I rate the solution a ten out of ten.

I never had any problem with the solution's scalability. The solution's final customer can comment on its scalability.

In general, its scalability is good. Scalability-wise, I rate the solution a nine out of ten.

The technical support is okay. I rate the technical support an eight out of ten. Sometimes we need to find information quickly, and it can take time to open a ticket and go through the procedures of providing logs. But the support team is good. However, if we compare it to open-source solutions, developers can find information quickly over platforms like Slack. Network or site engineers need to open a ticket, and some of these tickets are not open-source. If we compare it to development engineers who can find answers quickly by searching on Google, there is a difference in the speed of finding solutions.

Positive

I don't have experience working with solutions deployed on the cloud, but I have experience with products deployed on-premises, like Veeam, which was deployed on the server, and VMware. I have worked with Palo Alto, which is a complicated solution.

The solution's initial setup process was very easy. The solution was deployed on the private cloud. The deployment process can be carried out in two weeks, and only three engineers are required. Maintenance can be carried out efficiently.

On a scale of one to ten, where ten is very expensive, I rate the solution around two or three. I think the solution's prices are okay, considering the services and features they offer.

Fortinet FortiGate-VM is easy to test due to the available videos and QuickBooks with a lot of information. The solution is presented simply and is more robust in security compared to Palo Alto, which is complicated. For our team, Fortinet FortiGate-VM is the best choice as information is easily available on the internet, and it is open source. Unlike other solutions, we can find everything on how to deploy, manage, and support it. Moreover, we were provided Fortinet FortiGate-VM for free, which helped us develop our skills quickly.

It is a stable and good solution. Those planning to use the solution should go through Fortinet FortiGate-VM's guide and prepare for the integration while having a good design and good view. Also, it is important to plan deployment steps since step-by-step deployment of the solution is needed to avoid any problems. I rate the overall solution a ten out of ten.