Fortinet FortiManager Reviews

Our client was at the start of a network automation journey. They were a multi-brand network environment and they started investing in the FortiManager to support their vision of network and security orchestration.

That was their first step in a series of steps to build up their security capabilities or at least to get better visibility on the security topics within their environment. With a different team, they also deployed the Nessus and Lansweeper in the same environment to do automated vulnerability sweeps. Before I left that customer, there were plans of deploying additional Fortinet products - FortiAnalyzer, for example. I left the customer team in February this year, so I'm not updated anymore on what's happening there. 

This was the first time for me to work with the FortiManager or a similar product. It was an interesting learning for me personally, to understand how we could do centralized management of these firewalls. At the same time, while we were deploying the solution, I considered how useful it would be in collaboration with other Fortinet products, for example, the Analyzer, and the FortiSIEM, to really get automated security responses. That's what the vision was.

To have a quicker response to security events, the customer wanted to eventually acquire the capabilities to do automated security responses, just to make it faster to respond to security events. Even without the security orchestration, just the fact that the customer could request the firewall team to configure a job that would roll out a configuration on the firewalls and it could be deployed across all the firewalls through the FortiManager. That was a big improvement compared to deploying the new firewall rule on each firewall sequentially. So being able to roll it out to all the firewalls in the same change, was a big improvement in terms of being able to respond more quickly to any security events.

The initial setup was straightforward. 

Within the management of some features on FortiManager, specifically the management of user objects used for VPN service, FortiManager is quite weak. This was the case as of the time when we deployed them, which was one software cycle ago. I don't know whether that deficiency was fixed, however, we found it was easier to make changes to the VPN user objects, and local user objects. It was much easier to make the changes directly on the firewall than with FortiManager because in FortiManager you have to go through different windows, and even the CLI, in order to make the changes to the user database. It's just a matter of improving the UI, being able to manipulate objects that could be manipulated using the firewall GUI for example. It's just about expanding the features of the product so that whatever you can do on the firewall, you can also do it at the same level of convenience on the FortiManager.

I used the solution for a while. I used it just last year. The project ended in February this year, so it has been several months now since I last touched FortiManager.

The solution was stable. I left that customer last February, so I don't know how it is now. At the point I left, it was stable. 

With regards to scalability, with the on-prem solution, I would say it won't be as scalable as a more virtual solution, either on the cloud or on-prem. With virtualized environments, you can scale easily. With appliances, you do have hard limits in terms of capabilities. Once the number of devices exceeds the limits of the product, then you have no choice but to upgrade to a higher model of FortiManager.

We have two clients who use FortiManager in their environment.

The overall support was okay. We only had issues really when we raised several tickets to help solve the synchronization of the user objects, I felt it took much longer than it should have. It took several weeks before we finally definitively were told it won't work and this is what we need to do. Therefore, it took much longer than I felt it should have taken. For other topics that we raised during the deployment, they were quite helpful, however.

I helped the project team in implementing it. It was the first time that we implemented FortiManager.

The initial setup was straightforward. If you wanted just to do the basic configuration, it's quite straightforward.  

That said, it was straightforward except we had some big issues, and big challenges in our first attempt to put all the devices in the same ADOM as each device had a fair amount of custom firewall rules and custom firewall objects already existing, and each firewall at the branch site was also acting as a local VPN hub. 

We had a lot of local user objects and we discovered quite quickly that when we had a lot of user objects for the same user, but on different firewalls, when we wanted to put them into the same ADOM, it created a huge challenge in synchronizing user objects because these user objects on different firewalls are considered to be different user objects owned by the same physical person. They had the same username and the same authentication credentials, so it created an issue in synchronization.

Eventually, after consulting with Fortinet, we had to redo our design. That was the only hiccup we had in the design during implementation. Had we known about this requirement, had we understood that particular technical constraint earlier, our design from the beginning would have been much different.

The deployment itself took four months. 

We had two technical people who set up the solution, however, neither were full-time. You only really need one full-time person.

The licenses that we purchased as part of the project were for three years. I don't remember the price anymore. I can't recall the monthly license fee. In any case, the licenses were purchased for three-year periods.

I'd rate the product eight out of ten.

FortiManager is software that enables you to manage the solution from a central point. For instance, we had 50 sites and were able to manage all the sites from a central management console. This solution is deployed on-premises. My company was using version 7.

There were 5,000 people using this solution in my company.

We had a security policy that was deployed on all the devices, and we managed it from only one place. We didn't have to manage it on each piece of equipment. Second, regarding the configuration of SD-WAN, we could build configuration templates on FortiManager and push the templates from FortiManager to the different Fortigate units.

This solution enables you to centralize the rules and the configuration of all the equipment.

One of the biggest limitations is the grammar of the API – not the API itself. It was not very well done.

The CLI could be enhanced.

Stability was good.

Scalability was very good.

Technical support was excellent. We bought the optional support, so we paid an additional fee.

We had dedicated support just for us. We had one person who was really good and helped us design the solution. We had a very good design, so the deployment was good afterward.

Setup is of medium difficulty. It's not that complicated, but it's not easy. On a scale of 1 to 5, I would rate it a 3. It's not a simple plug and play, but it's not that difficult either.

For the design and deployment, we used four people. For maintenance, we only needed one part-time engineer per year.

We used an external company to run the deployment, and it took us three months to finish the design of the solution and three months to deploy all the boxes and all sites.

We had some people who were helping us deploy because there were several sites all over the country, so there were some people who were going on-site.

For the licensing fee, we paid around 10,000 to 15,000 euros. 

I would rate this solution 7 out of 10.

My advice is to know your product before you start using it.

We use Fortinet FortiManager to create different policies and much more. We used to create a lot of VPNs, and we used to perform the cleanup of firewalls because of security orders with FortiManagemer. We created standard policies for multiple devices. For example, we have more than four hundred or five hundred devices, and a standard policy needs to be created. We have to create the policy and deploy it, and we can also clean up the firewall rule.

I like the rapid deployment feature. I also like that it's easy to troubleshoot.  FortiManager is amazing because we can have a centralized policy. All our devices are integrated, and we can also engage in troubleshooting. We can use it for different deployments. One fantastic feature is the ability to create a version and deploy it immediately.

It would be better if it were easier to run a routing protocol. In the next release, I would like them to enhance some features in the GUI rather than CLI or OSP. For example, whenever a customer generates an ISP directly on the firewall, it's complicated to configure the routing protocol. 

I have been using Fortinet FortiManager for about four years.

Fortinet FortiManager is a stable product.

On a scale from one to ten, I would give stability a ten.

Fortinet FortiManager is a scalable solution.

On a scale from one to ten, I would give scalability a nine.

Technical support was amazing.

Positive

We used Palo Alto before. Most of our customers are running Cisco EAC and would like to block some websites. But next-generation features aren't available. So we have to use a FortiGate tool. Considering the costs and the fact that it's easy to deploy, it was the better solution. And most importantly, VPN is free. We don't need to buy a VPN license to configure it.

The initial setup is straightforward. 

We implemented this solution. You need two people to implement this solution. A security architect and an engineer are enough.

On a scale from one to ten, I would give Fortinet FortiManager a nine.

Fortinet FortiManager acts as a centralized platform for overseeing our entire Fortinet security infrastructure, which includes FortiGate firewalls, switches, and access points. From a single user interface, we can manage and configure these components to ensure maximum protection of our networks. The TNA concept is where we can have Zero Touch Provisioning.

FortiManager offers a full zero-touch provisioning feature that allows us to create a template of our devices and onboard them remotely without visiting the site. This is an excellent benefit of using FortiManager for our Firewall assets.

Fortinet FortiManager is user-friendly.

The scalability has room for improvement. The solution is available in both a hardware and a virtual machine model. The VM model is scalable by simply adding additional licenses, but the hardware model has scalability limitations.

I have been using the solution for seven years.

I give the stability a nine out of ten.

I give the scalability an eight out of ten.

We have over 30 customers using the solution.

The technical support team is good.

Positive

The initial setup is straightforward.

Once we have set up our template, it should take only two to three days to deploy. After that, we can quickly and easily add firewalls without any further automation.

I give the solution an eight out of ten.

I would highly recommend FortiManager; in my experience, it is much simpler than any other central management solution I have seen. FortiManager is user-friendly, straightforward, and works incredibly well. Pushing policies and other tasks is made incredibly easy and uncomplicated.

I like the features on offer. For example, SD-WAN. It's one single configuration point for everything, especially when you have a headquarters and branch.

The VPN also is beneficial also.

The correlation with the FortiAnalyzer is very good with FortiManager. 

The solution is very stable.

We find the pricing to be fair. 

I didn't like the connectivity with FortiManager and FortiSwitch, which was buggy and annoying and had fewer features. For example, sometimes you could change something in FortiManager, and then you had to upload another version of the configuration. If you changed something on the suite side, you had a problem. The correlation between FortiManager and the Forti suites was not that good.

I'd like more visibility and more troubleshooting features for the whole VPN. I'd like a better quality of service and maybe more features. We always compare features with what other vendors offer to see if there is added value from a certain product. From what I've seen, for example, with SD-WAN that Cisco used to build, which was similar to the VPN for FortiManager, it was quite easy to implement in comparison. 

I've used this solution for the last four years.

It is a stable product. The performance is good. 

It's scalable if you have many devices. It makes things easier, especially if you want to have a VPN and stuff like that. When you have lots of devices, it's very helpful as a solution.

I work with a variety of Fortinet products, including FortiGate, FortiManager, FortiAnalyzer, and FortiWiFi with access points.

The pricing is quite reasonable.

I can't speak to exact pricing as I don't handle the licensing aspects. In some cases, where customers have two or three devices, it comes for free.

I'm a Fortinet partner. 

I'd rate the solution seven out of ten.

FortiManager, we're just managing our FortiGates deployed in our different sites, and we are monitoring our MSSP solution there from the FortiManager. There are different sites and different clients that have their different FortiGates. The FortiManager manages all FortiGates. We push templates. If there are any changes in the FortiGate, we're just not doing that directly to the FortiGate, we are managing it via FortiManager.

It was very amazing. The things were very clear. I pushed templates from FortiManager to our site, and they were deployed successfully. It was quite enjoyable.

The templates are great. They are very helpful. You make a template and push it to the FortiGate, and it's been working fine.

It's pretty user-friendly.

Technical support is helpful.

The solution can scale.

It's stable. 

I didn't use the alternative FortiManager yet, so I'm happy with the FortiManager right now. If I use some other product, then I should be able to isolate things, and I'd like some sort of isolation feature in the product. There's nothing I can say that's a negative point. 

When I started, it was a bit difficult, however, now it's okay. It can be a bit complex for basic users.

If I'm defining a subnet, I need to define it in two different locations. We have to create the subnet and then name it as well. So there are two different ways to define a single subnet, and it should only be one.

The solution is very stable. There are no bugs or glitches. 

The solution is scalable. We have a lot of customers on the product and some are expanding.

Technical support is very helpful and responsive. Every time we open a ticket, they help us and make sure it's resolved. 

We did not previously use a different solution. 

I didn't deploy FortiManager. I'm just operating it. When I joined the company, it was already deployed, and we didn't deploy any other FortiManager. I didn't work on implementation. My understanding, however, is that it would not be that difficult. 

Compared to competitors like Cisco, Fortinet is very reasonable. 

We didn't research any other solutions. We like and prefer FortiManager.

We are Fortinet partners.

The solution is deployed on-premises in our data center.

I'd rate the solution eight out of ten.

FortiManager is used just to manage a lot of devices from Fortinet, especially FortiGate. We can push the configuration, we can push the packages, and we can change the configuration from the FortiManager via centralized management.

There are a lot of features that are important to us. For example, we like that we can roll back to the previous configuration, or push configuration on devices remotely. We also have the ability to save the configuration on FortiManager. If there is an issue with the devices, we can report the configuration remotely.

It's a very rich, robust product.

The integration is quite good.

Its pricing is decent. 

This solution is easy to set up.

The solution is able to scale quite well. 

We are not missing any features at this time. I don't have any expectations about additional features.

The storage could be better for logs. There is a degradation of performance if we activate logs on FortiManager.

I've been using the solution for four years. 

The solution is stable. We haven't faced any performance issues. There are no bugs or glitches. It doesn't crash or freeze. 

It's scalable. It's easy to expand. 

The solution is very straightforward and simple. It's not overly complex to implement. 

The pricing is reasonable. It varies. Sometimes we need to buy many appliances and sometimes just a few. 

There are some additional costs sometimes from our partner. It depends on the size of the environment of our clients. We can negotiate on and maybe lower the price if a lot of devices are needed. 

We are a VMware vendor. We work with a local partner. We are a kind of integrator.

With respect to the requirements, new users should consider performance and be sure to tune the solution correctly during the configuration and integration. It will ensure it works well once it is up and running.

I'd rate the solution nine out of ten.

We are one of the partners, so we are using it for customer testing for managers, owners, and others at head office. We are looking at FortiManager in terms of quality deployment and ability to manage everything. We're using it for management.

We are using a VM version and can scale it as we need. It depends on our license, however, we find we can scale.

The general policy, its integration, and deployment are all easy. We don't have a lot of devices, however, it creates a center where we can manage everything. The initial setup is very simple. 

The solution is stable. 

It's a scalable product.

The GUI is not ideal. It needs to be improved. It should be more user-friendly.

I've been using the solution for around two years. 

The product is a stable one. From time to time, we may see bugs, however, overall, it's a stable one. It doesn't crash or freeze. It is reliable. 

The support has been good. They are helpful and responsive. We're pleased with the level of service we get.

Positive

I don't have much experience with the other products compared to this product. The main reason that it's been chosen for clients is it's very well integrated with the rest of the Fortinet environment. For example, if somebody has an environment in SuccessFactors, FortiManager is good.

It's very simple to set up the solution. It's not overly complex or difficult. The documentation helps with any complexity.

I'd rate the solution four out of five in terms of ease of deployment. 

You just need a single engineer, a software engineer, to set up and maintain the solution. Someone who has Fortigate knowledge should have no problem handling the solution. 

When you are going for a massive FortiGate environment, the costs compared to your investment would be fine. However, if you're going for below ten devices, the cost will be a little bit high. You would have to justify the expense. 

I'd rate it a three out of five in terms of availability.

We are a Fortinet partner. 

I'd rate the solution seven out of ten.