We performed a comparison between Fortinet FortiGate and Zscaler Internet Access based on real PeerSpot user reviews.
Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It's inexpensive compared to some of the other technology out there."
"The most valuable features of Fortinet FortiGate are remote access, web filtering, and IPS."
"The signature database and zero-day detection are Fortinet FortiGate's most valuable features."
"There are great templates, so you don't have to customize them if you don't want to. You do have the option to custom create some folders and some reports, however, with what is there, you don't really need to go through extra effort, as they already give you a lot of predefined views of reports and so forth."
"Unified Threat Management (UTM) features."
"Initial setup is straightforward. There weren't too many issues with setting it up. It takes one hour or so."
"It is useful for protecting and segregating the internal networks from the internet. Most of our customers also use the FortiGate client to connect to their offices by using the VPN client, and of course, they usually activate the antivirus, deep inspection, and intrusion prevention services. They are also using it for web filtering and implementing various policies dealing with forwardings, NAT, etc."
"The most important feature, normally for small business customers, is link load balancing."
"The solution has reduced cyberattacks."
"It is easy to set up the solution."
"The most valuable feature is the ability to drop packets."
"Zscaler covers all the features needed to replace a VPN or proxy solution. They are good. They've been on the market for 15 years now, so they are mature enough."
"We use ZIA for outbound internet connectivity. The internet traffic of on-prem users will be directed to the ZIA cloud for security checks and web filtering."
"The most valuable features I found in Zscaler Internet Access are the restriction of users for a particular URL, the security feature related to stopping DDoS, and the VPN."
"We enjoy all of the proxy capabilities and the capability to integrate into the SIEM/SOC solution."
"For our needs, the cloud-native proxy architecture is a very good solution. We are moving away from on-prem appliances and moving more toward cloud-based solutions. Zscaler is a good fit for our strategy. This architecture helps with cyber threats because we inspect most of the traffic and we can see that a lot of threats are stopped directly in the secure web gateway."
"If they could extend their fabric towards other vendor environments for integration, that would be great."
"The debugging and troubleshooting has room for improvement."
"With the addition of some features, it is possible that FortiGate can be used in all verticals."
"I would like to have logs, monitoring, and reporting for a month without extra fees."
"The renewal price and the availability could be improved."
"My only complaint about FortiGate is a lack of QinQ VLAN tunneling. I haven't found this feature in any Fortinet product. You can do this on all Cisco routers, including the smaller models. However, QinQ isn't available on the biggest, most expensive Fortinet units. They still don't have that. I think now we're on software version 6.0, and they still haven't found a solution for QinQ. It isn't a dealbreaker, but that's my main complaint."
"In some cases, its initial setup could be hard for customers."
"The central management for the FortiGate Fortinet Firewall needs improvement. They have the manager to do the essential management for both SD-WAN and for the security policy. They should also improve the SD-WAN function."
"The main issue with Zscaler Internet Access is proxy IP detection, which sometimes makes sites inaccessible."
"The performance needs improvement. Some areas create performance issues and, depending on the use cases, require reconfiguration to perform again."
"The solution is expensive. They recently revised the pricing and packaging. Some of our existing customers have been asking for alternate solutions for a lower price."
"Zscaler does not provide dedicated IPs to each customer. Hence, they share a pool of IPs provided by Zscaler. There is a chance of blacklisting these IPs. I also do not like the multi-management portal."
"If they can also integrate with the multi-factor authentication to prompt users to do another, second-factor authentication, that would be ideal."
"In terms of user experience, it could be better."
"There are a few features that are not compatible with the Azure cloud."
"We'd like for them to include some sort of antivirus tool."
Fortinet FortiGate is ranked 2nd in Firewalls with 306 reviews while Zscaler Internet Access is ranked 2nd in Secure Web Gateways (SWG) with 46 reviews. Fortinet FortiGate is rated 8.4, while Zscaler Internet Access is rated 8.2. The top reviewer of Fortinet FortiGate writes "It's a reliable solution that's easy to install and cheaper than competitors ". On the other hand, the top reviewer of Zscaler Internet Access writes "Provides integrated CASB and file sandboxing but could be less expensive ". Fortinet FortiGate is most compared with Sophos XG, Cisco Secure Firewall, Netgate pfSense, Meraki MX and WatchGuard Firebox, whereas Zscaler Internet Access is most compared with Cisco Umbrella, Microsoft Defender for Cloud Apps, Netskope , Prisma Access by Palo Alto Networks and Appgate SDP. See our Fortinet FortiGate vs. Zscaler Internet Access report.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Bluecoat and Forcepoint offer credible solutions. Think through where your users are and what they connect to. A mobile workforce may need an agent and a cloud gateway (unless you force them back to base over VPN) but may give problems if connecting to sites that whitelist you by IP. And not all providers have good global breakout points. Be particularly careful if you work in China.
My recommendation is Cisco Meraki MX84 with advanced security license (its have two kind of license Advanced security and Enterprise licenses).
I recommend Fortigate
All FortiGate appliances are powered by the FortiOS™ operating system with the following features and benefits:
Features. Firewall, Virtual Private Networking (VPN), AntiVirus, Intrusion Prevention, Web Filtering, DLP, and anti-spam; AntiVirus /Antispyware
Answer is , it depends... If you do any web based business with Banks or Governments then get a hardware solution like Bluecoat or Fortinet because web based providers can not provide you with a static source IP and you will fail security checks. I've been involved in corporate moves to the "cloud" using Zscaler and both went very wrong, very fast, a year later and they still have monthly outages because of the "cloud" providing random source IP's. If this is for a public internet access outside of your corporate network then you should be fine otherwise I suggest hardware you control.
This is a "how long is a piece of string?" type question. As the other vendors have said it is hard to recommend something fully without knowing all the background. Your background did stipulate that you had multiple sites and you were growing. Having a traditional deployment scenario will mean that you need to have a "box" at each site and add more boxes as you add more sites. Going with a more modern solution like Zscaler will allow more rapid growth opportunities - just add users, no matter where they are - also this allows you to restrict with a single policy in the cloud rather than on each device.
AS others have said, be mindful of the proximity of the Zscaler because of latency, but they do have >100 POPS which you will probably find pretty local.
Overall, there is a lot more research you can do, but I'm leaning towards a cloud offering from the branches. You might consider an SD-WAN device at each branch that also has FW built in. This would give you connectivity resilience at a much lower price, but perhaps this is a debate for another day :-)
Cisco Meraki is an excellent solution in the cloud, has AMP included and can be integrated with Umbrella and Thread Grid.
We use Fortigates for web filtering and security. We are a global company with > 10,000 users.
This protects all users on our internal network. Remote users can use the Fortinet FortiClient for remote AV and web filtering protection.
We used Zscaler several years ago but we were unhappy with latency for complex websites and managing PAC files was difficult.
Since you are going for a web security. Zscalar web security solution will be my recommendation considering its robust features and vast threat intelligence base. It is best you go for the cloud solution since you are working across sites.