Currently, whatever features FortiGate provides are sufficient. There are some features we do not use, like DLP and WAF, and there is no specific area that needs improvement.
Security, infrastructure and networking engineer at Abetelnet Solutions
Real User
Top 5
2024-06-06T19:27:00Z
Jun 6, 2024
We sometimes encounter issues with the SSL certificate. Occasionally, we face problems with the certificate, possibly due to a lack of understanding. This often occurs when we deploy the proxy mode with certain components.
The bad side is that they are not really geared for DPI usage in telecom applications. They're great at DPI if you have a bank or a smaller network, but on a large-scale network, the DPI performance is declining. Their DPI performance dies. It acts more like a firewall or router, applying rules with minimal analysis. For in-depth analysis, the ability to associate with more powerful processors is critical. Today, only two manufacturers produce silicon that are able to deal with fiber-level processing: Intel and NVIDIA. Intel had the best technology but stopped developing new products. NVIDIA, on the other hand, took parallel processing and the ability to handle high levels of information simultaneously, gaining ground in that market. At the end of the day, it's really about processing power. More and more, firewalls need to be smart, but often, the processors inside are designed to function like traditional firewalls from a long time ago. But with very large volumes, they don't perform as well as they could. We often end up reducing the ability to be smart, which can slow down traffic. More processing power is needed. Security using firewalls used to be fairly straightforward, but now you technically need to run AI-based intelligence. For example, if you have a denial-of-service attack at the first level, do you block everyone trying to reach an address, or do you maintain a specific user? And how do you deal with regular users who are already connected? They may be trying to block the service by overloading access. If FortiGate CNF has stronger processors with AI-based capabilities; these issues can be addressed extremely fast. So far, most manufacturers aren't ready for that. They depend on third-party software that is very good but lacks the processing capability inside the device. Or you end up oversizing the device you’re buying because it doesn't perform well. You might need to go from a $100,000 device to a $400,000 device to get the performance you need. If you had a stronger processor that could do the work, it would be great. This is what many manufacturers, from Juniper to FortiGate, Cisco, and others, are trying to do—they’re designing silicon optimized for firewalls. Fortinet is producing its own silicon, which is great, but it’s not doing the entire job. It’s good at handling the packet quickly, but it lacks the processing capability to be truly smart. There is a change coming to the market [telecom], especially with the 5G changeover, which will change the structure of data centers and firewalls worldwide. Today, most of the data goes to a data center. Another improvement is in terms of security, with companies offering next-level protection in monitoring threats. They have international call centers where all threats are aggregated, allowing them to respond in real-time to cyberattacks. The idea is good, but it needs improvement because it's not yet perfect.
They should offer more affordable renewal options or flexible plans for license upgrades. It would make the product more accessible to a wider range of users.
Pre Sales Engineer /Network Engineer at Comstar - Information Systems Associates Ltd.
Real User
Top 10
2023-01-19T13:38:04Z
Jan 19, 2023
Right now, there are two options in it if a customer has two designs. They each independently have to have their own DNS. I'd like them to add a DNS option for FortiGate.
Firewall Security Management solutions monitor, configure, and maintain your firewall infrastructure, ensuring robust protection against cyber threats. These solutions help automate firewall policy management, reduce human error, and enhance network security by providing centralized control over multiple firewalls.
Currently, whatever features FortiGate provides are sufficient. There are some features we do not use, like DLP and WAF, and there is no specific area that needs improvement.
We sometimes encounter issues with the SSL certificate. Occasionally, we face problems with the certificate, possibly due to a lack of understanding. This often occurs when we deploy the proxy mode with certain components.
The bad side is that they are not really geared for DPI usage in telecom applications. They're great at DPI if you have a bank or a smaller network, but on a large-scale network, the DPI performance is declining. Their DPI performance dies. It acts more like a firewall or router, applying rules with minimal analysis. For in-depth analysis, the ability to associate with more powerful processors is critical. Today, only two manufacturers produce silicon that are able to deal with fiber-level processing: Intel and NVIDIA. Intel had the best technology but stopped developing new products. NVIDIA, on the other hand, took parallel processing and the ability to handle high levels of information simultaneously, gaining ground in that market. At the end of the day, it's really about processing power. More and more, firewalls need to be smart, but often, the processors inside are designed to function like traditional firewalls from a long time ago. But with very large volumes, they don't perform as well as they could. We often end up reducing the ability to be smart, which can slow down traffic. More processing power is needed. Security using firewalls used to be fairly straightforward, but now you technically need to run AI-based intelligence. For example, if you have a denial-of-service attack at the first level, do you block everyone trying to reach an address, or do you maintain a specific user? And how do you deal with regular users who are already connected? They may be trying to block the service by overloading access. If FortiGate CNF has stronger processors with AI-based capabilities; these issues can be addressed extremely fast. So far, most manufacturers aren't ready for that. They depend on third-party software that is very good but lacks the processing capability inside the device. Or you end up oversizing the device you’re buying because it doesn't perform well. You might need to go from a $100,000 device to a $400,000 device to get the performance you need. If you had a stronger processor that could do the work, it would be great. This is what many manufacturers, from Juniper to FortiGate, Cisco, and others, are trying to do—they’re designing silicon optimized for firewalls. Fortinet is producing its own silicon, which is great, but it’s not doing the entire job. It’s good at handling the packet quickly, but it lacks the processing capability to be truly smart. There is a change coming to the market [telecom], especially with the 5G changeover, which will change the structure of data centers and firewalls worldwide. Today, most of the data goes to a data center. Another improvement is in terms of security, with companies offering next-level protection in monitoring threats. They have international call centers where all threats are aggregated, allowing them to respond in real-time to cyberattacks. The idea is good, but it needs improvement because it's not yet perfect.
They should offer more affordable renewal options or flexible plans for license upgrades. It would make the product more accessible to a wider range of users.
There could be more detailed descriptions regarding version upgrades, particularly in terms of the upgrade process.
The product is very expensive.
There is room for improvement in terms of support.
Right now, there are two options in it if a customer has two designs. They each independently have to have their own DNS. I'd like them to add a DNS option for FortiGate.