Fortinet FortiOS Reviews

We primarily use the solution as a firewall operating system.

The built-in SD-WAN is the most valuable aspect of the product.

It is simple to set up. 

The solution has been stable so far. 

It's easy to scale. 

The pricing is excellent. 

SD-WAN configuration could be easier. 

The support could be better.

We'd like to see bandwidth optimization and traffic prioritization capabilities. These are the two things that I'm looking for, especially in SD-WAN.

I've been using the solution for three years. 

It's stable as a product. However, SD-WAN has some issues. The route policies and how you prioritize traffic are the areas of concern for us.

I'd rate the solution seven out of ten in terms of how stable it is. 

The scalability is great. 

We have 1,500 users using the solution. 

We are not very pleased with the support. It could be better. 

Neutral

We are using Fortinet, however, we are exploring Palo Alto.

While the initial setup is not an issue, the SD-WAN configuration is a little complex.

There are three people here who are maintaining the firewalls.

The solution is the cheapest on the market. I'd rate it five out of five in terms of affordability.

I've compared this solution to other vendors. Palo Alto is number one in the world. Then I would go with Check Point. Then my third preference would be Fortinet.

We are end-users.

I'd rate the solution five out of ten. 

We primarily use Fortinet FortiOS for site-to-site VPNs, reporting features, and wireless capabilities. It is well integrated within the Fortinet ecosystem.

The main challenge with Fortinet FortiOS is integration with third-party solutions. I don't see any other areas for improvement. Nowadays, all products work well for 50-60 percent of needs. We must only fulfill 60-70 percent of client requirements because they don't use 100 percent of product features. Banks and financial sectors might need more security features. I don't work much in banking, but they often use multiple products for different security layers, not just firewalls. They might use various products or APIs for different purposes. In the end, clients use the products that suit their needs.

At the moment, I don't see any additional features that need to improve, as it's already performing well, even for small businesses. However, one area that could be improved is the consistency in pricing across different regions. Sometimes, the pricing varies depending on the distributor or region, which can confuse. For instance, online prices may not match what we get from distributors, particularly for subscriptions.

I have been using the product for ten years. 

Pricing for the tool can vary. Sometimes, aggressive pricing is offered at the start, but later, as subscriptions and expansions are needed, the costs can increase, and customers may have to pay whatever is required.

I recommend Fortinet FortiOS for SMBs. In my opinion, whether Fortinet FortiOS or Sophos is better depends on the specific features and requirements of the client. For example, Sophos offers strong centralized management and mobile monitoring, which might be advantageous in certain scenarios. The decision isn't solely based on features; budget and how the client plans to use the product are also important factors. Some products excel in certain areas but may not be as strong in others. Therefore, we typically suggest a product that meets about eighty to ninety percent of the client's needs. Sometimes, depending on the situation, we might even recommend alternative solutions, including Chinese products, if they fit the client's requirements and budget better.

The tool's impact on operational costs also depends on the scale of the customer's operations. FortiOS delivers great performance and value for money for multi-office, multi-organization, or multi-branch setups. However, for single-office setups, a smaller device might be more than enough, as many services like email are now cloud-based, reducing the need for extensive on-premise protection. Rather than investing in hardware, we sometimes use software-based solutions installed in data centers or hypervisors, depending on the customer's situation, requirements, and budget.

Our budget presents different challenges, and we have various types of customers and consumers. I want to know your exact expectations from us so I can clarify things easily. You've implemented matrices, and most products support them. However, compatibility with other products is very important. Sometimes, our VLANs or switches aren't compatible with the tool, so we must be careful. Many switches aren't compatible with it, so we might choose a different solution.

Sometimes, we choose to implement FortiOS across many sites and devices based on the budget. Fortinet often gives us good prices, but not always. It depends on which distributor offers the best price. These days, the market isn't just about features, as most products support all areas. We must make things easy, stay within budget, and meet customer requirements. That's how we decide which products to use. 

I rate the overall solution an eight out of ten. 

We are using the solution as a firewall. It provides portal access.

Feature-wise, the solution is strong. It has SD-WAN, site-to-site VPN, load balancing, and application-based load balancing. 

It's very user-friendly. 

Compared to other OEMs, due to the SD-WAN and the IPsec VPN, there is no need for the licensing for SD-WAN and the IPsec site-to-site on the remote access VPN.

Chipset wise they're using an ACS chipset dedicated to FortiOS.

The interface and dashboard are good. 

We've been happy with the pricing. 

The initial setup is easy.

There aren't any features missing at this time. 

For monitoring purposes, we don't have any option to monitor the ISP link. If the ISP link goes down, then there is no monitoring tool or in-built monitoring tool. We can use a third-party application, like Zoho or PRTG. However, we would like something in-built. 

They need to improve the solution at the application level. 

I've been using the solution for five years. 

Sometimes it is unstable. However, they'll easily fix the issue. We get upgrades and updates. If there is even any vulnerability or malware, we'll get it fixed immediately. They give good responses to the customers.

While there are bugs, sometimes the development team is on top of it and fixes everything fast. They'll send a patch in the next update.

We work with more than 100 customers. 

Technical support is helpful and responsive. 

Positive

I worked on FortiGate and Palo Alto.

The solution is very simple, very straightforward. It's not complex a all. 

How long it takes to deploy depends on the client's requirements. 

For a mid-level customer, we can deploy within an hour. We can complete everything and have it up and running, and the users get internet access. If they need more rules, they need more things, then it could take time, depending on the configuration.

The cost of the solution has been fine. 

You do have to pay for a license. I'm not sure of the exact cost. I'm more of a technical person.

We're a customer and end-user.

We have the solution deployed on the cloud and on-premises. 

I've deployed the 600F model a couple of times.

New users need to do some homework, and then we proceed with the configuration. Security-wise, they need to make the customized port. 

I'd rate the solution eight out of ten. 

I used FortiOS, the Fortinet firewall operating system, to connect two additional sites. I set up IPSec VPNs to connect all three sites. I also configured firewall rules to block certain countries and websites, such as gambling and social media sites like Facebook. Additionally, I implemented firewall rules to protect our web servers from XSS and SQL Injection attacks. Initially, I configured the VPN using IPsec, but when I couldn't find a suitable client for our workstations and desktops, I switched to SSL VPN. Fortinet provides dedicated FortiClient VPN software, which I used for this setup.

At the beginning of this month, we experienced DDoS and SQL injection attacks. The attack originated from a botnet and seemed to be associated with BroadNet. It was coming from a Fortinet device. I had to contact Spectrum to inform them about the botnet attack and provide them with the specific IP addresses to block. This action likely prevented us from being hacked and protected our web servers that were exposed to the public. This incident highlighted the usefulness of FortiOS's threat intelligence features.

The firewall options in FortiOS allow us to open up access to our vendors for EDI and all its features.

Fortinet could integrate something like a YubiKey for 2FA with their SSL VPN clients. Additionally, Fortinet could support WireGuard for our small office locations.

These small offices have two clients that log into our VPN from their workstations. Since all our sites use FortiGate, it would be great if I could set up WireGuard on the Fortinet device. Instead of using IPSec, having WireGuard support for site-to-site VPNs would be wonderful.

I have been using Fortinet FortiOS since February this year.

They handle the support because it's their device. We don't own it; we lease it from Spectrum. So, I can't speak to that for now. However, when we used to own the FortiGate, every time I called Fortinet for support, I would rate their response time at eight out of ten and their problem-solving ability at nine out of ten.

Once they respond, because it takes me a while to navigate the bureaucracy, I call the 800 number. They ask for various information, tokens, and other details. After I explain the problem, they call me back again. Usually, they assign the issue to an engineer, which also takes time. The engineer then calls me and solves the problem. So, I have to deal with a lot of bureaucracy. 

Positive

We had a really old FortiGate there, and when we switched to the newer FortiGate, it was cheaper than the old one.

When we purchase a FortiGate, it comes with FortiOS. Overall, the pricing for the device and related components is better than average. In comparison, FortiGate offers more competitive pricing than Palo Alto and Cisco.

If they could log in, it would be possible only if FortiOS is included. With FortiOS, you can manage all your devices. Let's say you have ten devices and need to manage all of them, including patching FortiOS. FortiCloud helps you with that, and it's nice to have FortiCloud as a bundle with FortiOS. Even if you only have one device, I would still recommend it.

I suggest incorporating AI or machine learning to anticipate threats in the future. For instance, if you configure a new site with your FortiGate, AI could detect any misconfigurations. It would be beneficial for FortiOS, FortiGate, or Fortinet to have an AI feature that alerts you to potential misconfigurations in devices, like an edge router, communicating with others. This AI could also analyze your logs to identify patterns, such as frequent false positives, and recommend reconfiguring the device to minimize unnecessary alerts. 

It's good. In my case, I was the only one dealing with the devices at that time. I would get all kinds of false positives and alerts. Sometimes, if there's a new device, the configuration from the old device to the new device doesn't translate. Maybe on the old device, everything defaults to open, and you must close everything. On the new device, everything might be defaulted to closed, and you have to open up the required ports. So, something like that would be nice, where it's easier to configure and find out if you did something wrong.

Overall, I rate the solution an eight-point five to nine out of ten.

Fortinet FortiOS provides a full UTM experience, including UTM profiles, firewall rules, remote access, VPN connection, IPSec, and SSL connection.

I have found the most valuable feature of Fortinet FortiOS is the low maintenance.

The central management can improve in Fortinet FortiOS. It is sometimes difficult to manage all the devices.

I wrote my opinion about changes to the SSL-VPN authentication directly on the Fortinet forum, and they said that right now they will not change it. Hopefully, in the future, they will change the SSL-VPN authentication for groups and users.

I have been using Fortinet FortiOS for approximately five years.

The stability of Fortinet FortiOS depends on the operation being done. If we are using the basic functions I would rate the stability of Fortinet FortiOS a five out of five. If we are using the advanced functionality I would rate the stability a three out of five. Overall the solution is stable.

The support from Fortinet FortiOS is good. However, there are times they give a five out of five level of support and whereas other times they give a one out of five.

Fortinet FortiOS's installation is easy.

The scalability of Fortinet FortiOS is good. However, central management is intuitive for the end-users. We had a lot of questions about central management, and sometimes they didn't use it and did their firewall management directly on FortiGate instead of using Fortinet FortiOS.

My advice to others is for them to read the instructions on how to use the solution.

I rate Fortinet FortiOS a nine out of ten.

We primarily use the solution for banks, whereby they want to secure their edge network, to filter their web application and block forms, etc. We also are able to integrate AWS using secure channels. It's more robust and they have different modes including nap, flow, and proximity.

You can apply patterns to look for. That can be done for applications also. You can ask for a specific feature to become a pattern.  If you were using Office 360 and had 2 ISPs, automatically using SD-WAN will allow you to switch over to the other link based on the criteria you can set yourself. You don't need to go to the device to manually sort and link it, it does it automatically.

Users can go directly to the cloud from the branch instead of routing to the head office and then the cloud. That will reduce the cost of routing, so you just pay for internet service and you have access to the cloud.

The interface is easy to understand, so when there are threats you get alerts. It's quite intuitive, but if you are ever confused they have instructional videos. For example, if you don't understand a graph there's a link to a video that explains what the graph means. It makes it very user-friendly.

The solution is good, but they have poor marketing in Nigeria. They need to market their product better.

They need to work on their support. Cisco has the best technical support. In comparison, Fortinet's support takes too long. If you are paying for SLAs, you should also get value from your SLAs.

Right now, everybody is moving to the cloud. The solution has already worked on that aspect, and they are embedding security to the cloud. However, security can be more enhanced and as long as they continue to offer more protection I'll be happy.

The solution is very stable.

The solution is very scalable. It allows for API integrations so you can actually integrate into other security solutions.

Technical support could be more qualified and offer a quicker turnaround.

The initial setup is very straightforward, especially if that person understands security.

We integrate solutions on the client's request. Most times I push on Fortinet, as it's a robust system.

You can integrate your endpoint with Fortinet. You can integrate the cloud on-premises. Because the solution is so robust and offers excellent the features we tend to enjoy using FortiOS. Cisco is similar, however, and we do work with them too.  

We are using the on-premises deployment model.

We are an integrator, so we do integrations using Fortinet, Cisco, Sophos, and Palo Alto.

If you're an SMB or a small enterprise, I would recommend Fortinet.

I would advise users to make sure they are getting value for what they are paying for. I can say that Fortinet is not as expensive as the others, but it also gives good value. The main thing is not about the cost, but the value and Fortinet delivers on that front.

I would rate the solution nine out of ten.

FortiGate as a product is very easy to configure. There is a lot of data now with switching IDS and IPS. It's a truly complete solution for our customers.

It's a good idea to have the firewall connected to the switches. That way, the firewall is the controller of the switches. We like how the solution is designed with that in mind.

The solution's switches are lacking. They need more features added to them to build them out a bit. The switches are very simple if you compare them with other companies like Cisco or Aruba. Those organizations offer their clients much more.

Technical support could be better. Some competitors have much more responsive support teams.

I know the last version had NAC, network access control, added inside the firewall. It's a process, however. There's still work to do. The next version will be better. Right now, you can't authenticate other devices. You only can authenticate Forti devices and not devices from other companies. This could be the next addition to the solution that will make its performance even better. 

I've been dealing with the solution for ten years now. It's been a decade.

The solution is stable. We have no issues in that regard. There aren't bugs and glitches. It doesn't crash. It's reliable.

The solution is very scalable. We have a solution from the most basic office setup to a very complex data center. It works well in either scenario. If a company requires scale, this solution can provide it.

I have used technical support in the past. It's good for the most part. However, other companies, from my experience, have better technical support. They might be able to improve this aspect of the solution a little bit.

While it's easy to access them, finding a solution to whatever problems you are dealing with takes a long time. They need to get better at turning around queries faster so clients aren't kept waiting for so long.

The initial setup is very straightforward. I wouldn't describe the process as complex.

Deployment takes one to two hours. Everything happens pretty fast.

The pricing is good. They are especially fair when compared with other companies, like Palo Alto, for example, which can get quite expensive.

We work with a lot of manufacturers of firewalls. It's normally Fortinet, however, we also work with Cisco, Palo Alto, and Sophos. My company works with Barracuda as well. To be honest, I am not a specialist with Barracuda. I normally don't work with that.

That said, typically, when we work with clients, one of the first solutions we will suggest will be Fortinet. We do normally also recommend Cisco first, as well, due to the fact we are Cisco partners. We're also partners with Fortinet.

We have a deal with Palo Alto and our security center recommends Barracuda because of their other security solutions like WAF or solutions in the cloud (not their firewall). 

Normally, we use the on-premise deployment model. At this moment, we are working with a public cloud deployment model as well.

I'd rate the solution eight out of ten overall.

We use it for end-point gateway protection and also use the FortiOS for external user connection and server VPN. We love that clear synchronization as it's almost invisible with the fabric for the guests, externally to connect. The zero-choice engine that they use is pretty good. It is perfect for setting up one-to-one channels for different services that have to pass through the firewall. So it does that seamlessly.

The most valuable features of Fortinet FortiOS are its constant updates and definitions. The new definitions and the content information coming out to the threat labs keeps you updated on your signatures so that you know what's happening out there. And also doing well, for my system, we have, like, what is called, active scans.

It's constantly accessing Sophos into your gateway, even Sophos that you authorized.

I want to see a better integration or a better integration with the endpoint protection or with EDR with the security life cycle. I want to see if that enhances a bit more so I have granular datasets and the user level through to the gateway because that's where most of our threats come from. It's from user activities on the Internet and passes into your files over that gateway. That's where most of our threats would appear and where our exposure to vulnerabilities lies.

So if we can tighten that up, we can harden our infrastructure much better.

I have been using the solution for quite some time.

The customer support team is good and responsive.

We did the initial setup ourselves, so it was easy. The learning curve was that great once you have any experience with any firewall or any experience with any security appliance, you can pull around it. We did get some help from our providers. But that was basic.

The EMS setup was all in-house. Our service provider assisted with the firewall setup. The implementations were very smooth. And the transition of our current from our current security device to that when we did it a couple of years ago, it's seamless.

The pricing is competitive for the medium and high markets but for the small markets it can be expensive.

You have to see what works best for your environment. Each environment is different depending on the applications and different services you are running in that environment. Suppose it's a full Windows environment versus a mixture if you have a hybrid environment. It all depends on the type of environment you're running and finding the right tools that meet your domain.

But for the regular Windows environment, it's perfect.

I rate it eight out of ten.