What needs improvement with Fortinet FortiGate IPS?

Pricing is one of the factors that need improvement. Maybe they can offer a smaller scope for a cheaper price for smaller organizations.

Our customers have a specific application for two-way inspection. Two-way inspections are not possible in FortiGate. It is usually available in load-balancing solutions like F5. It would be a good improvement if the product provides two-way inspection features in the next release.

One area for improvement is the licensing policy. If support licenses are not renewed, the product's functionality ceases, which can be disruptive. Integrating more advanced threat detection capabilities utilizing artificial intelligence would be highly beneficial in future releases.

There is room for improvement in being proactive about identifying and integrating new signatures.

The tool is expensive for small businesses, making it an area where the tool can improve the product by making it available at a cheaper rate.

The solution’s stability could be improved because we sometimes face some drops. It was not due to the box, but it was due to some misconfiguration on our end.

They should provide us with a CSV number for patch updates. It will help us block specific signatures as well.

Fortigate is always innovating. I'm not sure if any improvements are needed. We'd like to have multi-factor authentication via fiber.

The solution is not scalable. The solution is expensive.

Price is a major competitor in the market for solutions. When we compare solutions, it's important to consider the pricing. To stay ahead of the competition Fortinet FortiGate IPS needs to think about how to adjust pricing. Most people prefer to use Apollo setpoint.

Fortinet can add some Machine Learning and AI to improve its accuracy and give it an edge on IPS detection and protection. They have some machine language learning but can still improve using AI.

Whitelisting could be better. We'd like to be able to automate more so we can whitelist in bulk. It would be ideal to have the ability in this tool or to have a tool that could plug in and allow us to do whitelisting in batches.

The dashboard is not user friendly so is a bit complicated. Training is important or you will suffer when completing tasks. We would like the ability to divide users by position and assign different rules to each position. For example, managers are allowed to browse YouTube but employees are not allowed.

It would be helpful to have a better tool for migrating all policy rules using an automatic script. The current tool does not place entire configurations in their desired locations. It takes time to manually configure for compatibility across different platforms or vendors.

Fortinet FortiGate can improve performance. There was a huge challenge in terms of CPU and memory where the IPS engine would keep triggering. There were random spikes of overutilization in the CPU and memory resources. They have to work on CPU and memory stability considering these IPS engines. A few versions were very unstable. The current Fortinet FortiGate IPS package has only standard options. If they could work around optimizing those packages for different needs it would be better. There might be a media company, or banking organization, which needs a different set of signatures and different bundles on priority. If they could segregate that in terms of organization and needs, or at least institutional-wise segregation, that could be great.

FortGate's IPS reporting could be made better by giving more details regarding the source and destination of network traffic when it comes to the overview section. This would allow me to more easily follow the flow of traffic based on IP addresses, without having to integrate the IPS with other products that perform more sophisticated traffic analysis. Another improvement, that may only tangentially relate to the IPS, would be to include more functionality and details regarding SD-WAN (such as the ISDB), in order to make it more secure.

We sometimes have issues when carrying out inspections because the system slows down and our clients complain about it. The only other drawback is that we have to manually insert certificates for our clients. Most social networking sites have dependencies and to completely block them requires a deep inspection profile. For protection, we need to put the certificates in for all of our clients. It's a major drawback not having it embedded in the system. I would very much like to see Forticlient's new TNA technology included with the original license for Fortigate. It currently requires an additional license which is quite costly for us as a middle-size organization. We could include it with VPN for our clients.

The interface and product support could use improvement.

We'd like more integration with the analyzer so we can track down any problem and have a correlation to try to find the root cause. The solution could maybe use more integration with artificial intelligence to be more proactive.

The price of the solution could be cheaper.

The interface could be better. We would like the initial setup to be a bit easier. It isn’t missing any features. We’re pretty happy with it.

Fortinet FortiGate IPS could improve the configuration. In some use cases, there can be some configuration conflicts.

There could be more modifications. Some features are enabled, however, compared to Fortinet, some features are not easy. Sometimes the dashboard does not open properly. When we add more options, SD-WAN features, and user control features, the opening is very slow. It does not sync properly.

Overall, the integration could be better. The FortiManager is likely not good. I can't use it as it is unstable most of the time. We'd like to have an SD-WAN for a sandbox, for the Fortinet perimeter. We'd like to be able to manage different boxes.

The biggest problem we have is the way they handle virtual IPs. It's not handled well at all and even pfSense handles that better. There are three different ways to configure it, depending on whether it is an internal or a through process, and it's just unnecessarily complicated. It would be nice if everybody got together and agreed on some language in their CLIs, but that's not going to happen. If you only dealt with one product on a regular basis, then the problem wouldn't be as evident.

I would like to be able to see more log details.

The web filtering categories could improve in Fortinet FortiGate IPS. There are too many websites under the category of Unknown and the other categories are not featuring all the necessary sites.

The IPS monitoring can be improved. The price could be better. The installation was comparatively on the complex side when the solution's ease of use is stacked up against such products as Palo Alto.

When everything is taken into account, the migration is quite painless. I believe that improvements will continue to come from the fact that as threat vectors get more complex around the world, advanced threat protection and deep packet inspection will become increasingly vital. That is where technology needs to advance much more quickly. The most important feature to have is zero trust, which is lacking in Fortinet FortiGate IPS. Zero trust is something that has to be embedded and I would still like to see how Fortinet approaches it.

The solution could improve the configuration, there are times the configuration is missing.

It would be better if they had a dashboard where we could see what attacks were happening. It would be good to see who's trying to get into our network.

Its performance can be better. We have had performance issues in the past, but we sometimes tend to find that it is more related to what we do in our network than anything else. It is quite a good product, and there isn't much to improve.

I think they could improve the monitoring.

The user interface needs a bit of upgrading. Pricing could be better. Customers are looking for 24/7 protection, but it's not as critical in the end. The pricing is preventing them for adopting it so they should be competitive.

They can probably improve the reporting feature. Reporting and report alerting are the main key features of this solution. They can always find ways to improve these.

I have been pretty satisfied with the application as it is. I am pleased with the layout and how everything is integrated. Sometimes we will have a client who has a firewall that is not FortiGate, and often times we are able to convince them to switch over to using FortiGate as their solution because of our recommendations. On a little different subject, the software for antivirus that we usually use with FortiGate is called Webroot. I know that some of our Apple / Mac clients experience some issues with the integration of that product. The integration, in that case, is not seamless. That is an issue that could be addressed.