What needs improvement with Fortinet FortiManager?

The graphics interface between Fortinet FortiManager and any Forti products should be standardized. Doing a configuration change directly in the UTM is not the same as doing it via FortiManager for some features.

Configuring Fortinet without internet access is challenging.

The price always has room for improvement.

Issues arise when customers experience unstable electricity or poor grounding conditions. In such cases, their CPE or other devices on-site may become unreliable, leading to occasional configuration discrepancies. To address this, site visits are necessary, and sometimes manual configuration adjustments are required. In extreme cases, device replacement may be necessary, particularly when inadequate electricity grounding poses a persistent challenge, creating specific conditions for intervention.

I cannot comment on what needs to be improved, although there are always potential areas for improvement in every product. The Fortinet team is always very responsive and resolves issues quickly. For example, sometimes there may be a communication issue. However, other items may be the culprit, such as network connectivity. It depends on the customer's network.

I haven't had any issues with the product. Their EDR products could be better. They need to dedicate more R&D to that area.

The solution has to be enhanced to manage new switches.

There are a lot of bugs that need to be fixed, for example, the ZTP. Automating and making it easier to understand devices is necessary, especially in terms of zero-touch provisioning. This mechanism needs more work as there are some bugs and some functions that do not work very well. Today, there are tickets with Fortinet regarding a problem with cluster devices. It means two devices can be configured to work like one device. In general, it is easy to configure manually, but when you want to do it automatically, Forti Manager should help, but today it didn't work. FortiManager is a good tool, but there is a lack of really advanced documentation. While there are a lot of features available, for example, when working with Fortinet support, it can be challenging to find the right information. I work with Fortinet support every week as we have a partnership in my enterprise. However, for the public, it's not easy to access the kind of documentation we have access to. This level of partnership with Fortinet can be costly to attain for the general public. Some learning websites and communities are available, but the documentation provided is not as advanced as what we have access to. It's challenging to find confirmation and recommendations for advanced admin settings based on complex configurations. To have access to this kind of information, a partnership or conversation with Fortinet support is required, which can be expensive for most users.

FortiManager should improve the integration with third-party platforms. Though the solution is easy to manage, we need adequate training to use it.

Pricing-wise, it could always be less, even though it is less expensive than Palo Alto.

The presence of Fortinet in our region (Nigeria) needs to be stronger. They need to have a local footprint and local support. I cannot recall any missing features. The pricing could always be lower.

The scalability has room for improvement. The solution is available in both a hardware and a virtual machine model. The VM model is scalable by simply adding additional licenses, but the hardware model has scalability limitations.

The information extraction through command lines was could improve to some extent. Although there were some command lines available, there were not enough options. For instance, I needed to obtain the management IP address of my two Fortigates, but the Fortinet FortiManager did not provide me with the IP address on the LAN interface. I attempted to find this information through the command line but was unsuccessful. I also searched for articles on the internet, but could not find a solution. This is an aspect that could be improved or potentially there is a method to access this information that I have yet to discover.

The fabric for integrations or connections could be improved. This would make a big difference for some customers.

The solution has some bugs that we have to fix for customers. We provide feedback about these issues to Fortinet for future development or updates. More software stability is needed to prevent breakdowns.

I didn't like the connectivity with FortiManager and FortiSwitch, which was buggy and annoying and had fewer features. For example, sometimes you could change something in FortiManager, and then you had to upload another version of the configuration. If you changed something on the suite side, you had a problem. The correlation between FortiManager and the Forti suites was not that good. I'd like more visibility and more troubleshooting features for the whole VPN. I'd like a better quality of service and maybe more features. We always compare features with what other vendors offer to see if there is added value from a certain product. From what I've seen, for example, with SD-WAN that Cisco used to build, which was similar to the VPN for FortiManager, it was quite easy to implement in comparison.

You cannot integrate with other solutions, so they should allow integration with Cisco and Juniper. It'd be great if we could log into other provider equipment on Fortinet FortiManager.

The GUI is not ideal. It needs to be improved. It should be more user-friendly.

The rules need to be more flexible. I prefer configuring rules and the VPN on the standalone device, not on the manager.

If you have more than one FortiMail device, you can't manage it then with FortiManager on FortiGate. It needs more integration with more Fortinet devices. For how we use the solution, we do not need any new features.

The solution should be more open to other products. FortiManager must be able to manage other products from other vendors. While it's perfect for other Forti products, it's not ideal for everything. This is not available to work with many other vendors in the cloud. In the end, you want only one view of your own security view of everything, which is impossible with FortiManager. Of course, this is the case with Palo Alto as well.

The compatibility with legacy products should be better. It would also be nice if the software could manage other devices from Fortinet and third parties.

Within the management of some features on FortiManager, specifically the management of user objects used for VPN service, FortiManager is quite weak. This was the case as of the time when we deployed them, which was one software cycle ago. I don't know whether that deficiency was fixed, however, we found it was easier to make changes to the VPN user objects, and local user objects. It was much easier to make the changes directly on the firewall than with FortiManager because in FortiManager you have to go through different windows, and even the CLI, in order to make the changes to the user database. It's just a matter of improving the UI, being able to manipulate objects that could be manipulated using the firewall GUI for example. It's just about expanding the features of the product so that whatever you can do on the firewall, you can also do it at the same level of convenience on the FortiManager.

Its licensing model should be improved.

There's nothing special about it compared to other vendors, except for its simplicity. This solution needs more experienced technical support staff.

The FortiManager is more complex and they can make it easier to use the VPN manager. All other features are okay. However, the VPN manager is more difficult and can cause some issues in the environment, if you do not have the experience to use it.

FortiManager could be simpler.

The solution could improve by having better integration with other solutions other than Fortinet.

We have some visibility issues with the reporting. As the reporting is not properly available, we have to use many tools to get a meaningful outcome of the reports. There should be training available for the clients. Cisco, for example, provides training hours or credits at the time of purchase. People should get some kind of coaching on how to use this solution and various features rather than depending upon the support partners. The reports are available separately, but they should be a part of the standard product.

We have experienced a series of minor bugs that necessitated contacted technical support on several occasions.

Fortinet develops many different solutions but only some of them can be managed using FortiManager. For example, if you have a load balancer then you have to have a separate manager. Having FortiManager work with all of the Fortinet products would be a good improvement.

Fortinet is releasing quite a lot of new versions and I would say that most of the versions are not well tested before they're pushed out. Even the new versions sometimes are a bit buggy before it's all correct.

The GUI and the whole process of configuration should be improved. The response times from technical support need to be a bit quicker.

Performance issues should be improved. We have problems when we have more mobile connections than local devices. Most of us have two to three devices. Finetuning and performance tuning need improvement.

The product could be improved by making it a little easier to configure. Sometimes it's a bit complicated to find the right way to configure. For example, if you want to have a link between a FortiGate to a FortiSwitch, sometimes it's not so clear. Sometimes there is a problem because U.S. FortiGate has one version and FortiSwitch has another version of the operating system and it's difficult to create, to have a link between two devices, and we have to do an upgrade before using it. I would like the configuration to be easier. If that is solved then the product is perfect.

The user interface itself has areas that need improvement. It would be very useful if they come up with a feature or a process that makes the transition of the interfaces between virtual domains easier. It's a difficult process to transfer one interface from one virtual domain to another.

Regional support in African countries needs to be improved.

The solution is very good; I'm not sure if I can think of any features that are lacking. The GUI could be updated. It's not as good as it could be and is something the solution should improve in an upcoming release. It would be nice if there could be more reporting included in the solution so that we could get more details about an individual user's profile.

Not just in FortiManager, but in any Fortinet project in general, the troubleshooting is very hard. If you compare it with other products from other vendors like Cisco or like Palo Alto, it is just more difficult. Say we are in a situation where we need to do some debugging. It is very hard to understand and to use the CMD and the CLI commands because there is not very much documentation. There is no description when you are using the CLI and there are no examples to follow. So it is hard to do some troubleshooting to find a problem. There is FortiAnalyzer that can help with this but it is not real-time. It is too hard to view real-time inbound and outbound traffic. Because we are network engineers and network administrators, we always need to have some time real-time traffic to view what is happening now, as it happens, to know what is really going on.

The areas that need improvement are implementation and support. In terms of implementation, it mainly needs clear documentation. There are many features that are not mentioned in the documentation.