Fortinet FortiGate Reviews

We use Fortigate, and we have a relationship with Fortinet. We are working with the Fortigate 100F firewall. It is mainly for firewalling, but we would also use them for network demarcation as a DHCP or NAT router. We're also working with our Fortinet account manager to try and push further forward using an SD-WAN controller.

In terms of deployment, it comes through to the build lab. We configure it and then ship it to our customers. We are reviewing how to obviously do zero hands with FortiCloud, but what we've done so far has been conventional configuration and shipping.

Fortigate represents a really scalable way of delivering perimeter network security, some level of layer 7 security, WAF, and also a way to create a meshed ADVPN solution.

Usually, we sell the bundle with the UTM or threat management piece with IPS, IDS. Other providers, such as Palo Alto, are ahead in terms of safe functionality. So, for me, delivering truly safe service is probably something that still needs to be improved.

Anything they can bring around safe service would be brilliant. At the end of the day, when we talk to customers about deploying, split tunneling, and looking at endpoint security, remote access or safe type of features would be useful.

I've been selling Fortinet technologies for over 10 years.

It is stable.

It is scalable. It is quite straightforward. Moving from, for instance, legacy 200D to 100F has proved not to be an issue. It is quite straightforward.

I am not a hundred percent sure. Our third-line guys deal with them quite a lot. In terms of escalation, for example, when one of my customers had a query about secure authentication on the portal, it has taken some time to get feedback from the vendor or the manufacturer. So, I am unsure. I've not had a great experience, but I can't really answer that one properly.

It is reasonably straightforward if you've got the management portal in terms of FortiCloud. With that, migrating from one firewall, as it reaches the end of support, to an upgraded firewall is fairly intuitive. You should be able to easily reverse out a script and configuration and apply that to the new firewall, following proper governance as a managed service.

We're a managed service provider, so we would probably put two to three PS engineer days to follow the appropriate protocol. From a lead time perspective, a new high availability firewall deployment should not take more than 10 working days from the config test, deployment, and failover test perspective.

If you are a mid-market business, Fortigate presents a solid proposition for the mid-market. If you are getting to enterprise-level, for me, Palo Alto is still a more viable product when you get up to what I call financial services, enterprise-level service customers. 

I would rate it an eight out of 10 for its ease of deployment and its ubiquitous approach to network security. 

Our customers use these devices as security devices, and we sell these devices to our customers. We also use it ourselves. We have the entire lab, and we use some of the functions in our local network.

It protects our customers' networks from viruses and threats.

The firewall, IPS, and VPN functions are the most valuable features. The antivirus functions are also good.

It works very well. It has a lot of different functionalities. Its cost is also fine for our customers.

In some cases, its initial setup could be hard for customers.

I have 10 to 12 years of experience with these devices.

Their devices are quite stable. We have not had any problems with the operating systems or maintenance of subscriptions. It is a robust device.

In most cases, they work very fast. It also depends on the device they are supporting. In the case of FortiGate, we do not have any complaints, but when we had to buy the FortiADC solution for one of our customers, we faced quite a few difficulties with technical support. I do not know why, but it could be that some devices are supported by different teams in Fortinet. We had difficulties with FortiADC, but we have not had any problems with FortiGate. I would rate their support for FortiGate a nine out of ten.

Positive

We worked with Cisco and Check Point firewalls. We worked with Cisco ASA for a long time. We worked with it for about five years, and we were happy with it, but it was old-fashioned. We went to Fortinet and started working with this company. 

FortiGate has good security functions and high-level technical documentation. Their documentation is very easy to understand. 

FortiGate's performance is also better than Cisco ASA. It has 10 VDOMs. It is a great function because you can add virtual functions for different groups in your network. It is quite useful.

It is deployed on-premises. Our customers prefer to deploy not only Fortinet devices but all security devices on-premises. They rarely use cloud licenses. Some customers only buy it from us, and for some customers, we also set it up.

Its setup is easy for us, but not every company wants to use our service for setting it up because of the cost. They prefer to install it themselves. In some cases, it could be hard for them.

In terms of the implementation strategy, we first try to understand what problem a customer wants to solve by using FortiGate. We collect a lot of information about a customer's network, such as protocols and devices being used. We try to prepare this device in our local lab. We preload the device and send it to the customer, and then we finalize the installation in the customer's building.

We have very technical staff, and we do not have difficulties with installations. We have had situations where customers do not have much experience with it, and then we recommend them to go for certain features such as IPS, antivirus, etc. 

The deployment duration depends on the size of the environment, but generally, it does not take more than one or two months. 

Generally, two to three people are required for the deployment.

For maintenance, our customers have technical staff. They regularly check and ensure that all the functions are working. We are glad to help them if they need any help.

We have seen an ROI. We have bought a lot of these devices, and we have had a good experience with them. It has saved us a lot of money.

It is quite affordable for our customers. There is a separate cost for IPS, antivirus, web filtering, and other features. They have a great choice of licenses. You can go for the license that you want, which is quite useful.

You have to buy a support license for FortiCare. In most cases, people buy the UTM bundle that comes with IPS, web filtering, and FortiCare. 

They are on the right path. They have improved a lot over the past 10 years. Fortinet is one of the leaders in security devices along with Cisco, Palo Alto, and Check Point.

I would rate Fortinet FortiGate a nine out of ten. It is stable. It has quite a lot of features, such as IPS, VPN, etc. It is affordable for our customers. It is a good choice.

We are using FortiGate as a perimeter firewall.

It is our perimeter firewall. URL filtering, IPS, and antivirus features are most valuable.

It is easy to manage, and it doesn't need much knowledge from the team. It is a stable device, and there are many features that are included out of the box.

Their support can be improved in terms of the response time and the quality of support.

There are some tiny bugs that sometimes affect the operations. In the past revision of it, there was a bug. Because of the bug, we had to downgrade the version. It happened only with the last revision.

I have been using this solution for two years.

It has been very stable over the past two years.

I have no problem with scalability. When I need to add any device, I just find and add it to the network. I have no issue with the count of devices. I can buy a license and add whatever devices I need to add. Currently, I have no issue with the scalability of this firewall, but if I reach the maximum limit, I need to exchange the box or just add licenses. We currently have about 1,000 users.

I have contacted them many times. My experience with them was good, but their support can be improved overall. I would rate them a three out of five. 

It was very simple.

There was a partner supporting us. Our experience with them was very good. I would rate its setup experience a four out of five.

For maintenance, we currently have a team of two people, but it may be extended to three or four.

It has been two years. I don't remember the actual price, but it was affordable.

We buy the boxes and then use the license for three years.

I would recommend this product. It is a very good product to be used as a perimeter firewall.

I would rate it an eight out of 10.

We have been using it for our internal infrastructure, but mainly, we are providing it as a service to our customers.

In one of the use cases, a customer is using FortiGate, and they also use FortiAP. To collect the usage and monitor the traffic, they use FortiAnalyzer. So, they have FortiGate, FortiAP, and FortiAnalyzer. It is not a very big deployment. It is a midsized company with less than 50 people.

The UTM feature is quite good. FortiAP is easy to deploy because both Fortigate and FortiAP are under the same brand. Otherwise, you need to do more work on the configuration.

Price, of course, can always be more competitive or better.

If a customer has a requirement for firewall, security, WiFi, and analytics, it is good if we can propose a solution from the same vendor, but we have found that no distributor in Hong Kong has sufficient knowledge to deploy Network Access Control (NAC) solutions. They have a wide range of products, but apart from the popular ones, such as a firewall or an AP,  there is not sufficient support here in Hong Kong for NAC solutions.

I have been using this solution for more than 10 years.

It is reasonably stable.

Our customers are mainly small to medium businesses. I really didn't have a chance to scale it up. We have a customer with two subsidiaries on the same floor. They are changing from traditional features to SD-WAN features. Based on what I heard from my colleagues, migration work is quite smooth, and there are no big issues.

I'm not doing hands-on work for the projects, but from my colleagues, I haven't heard of any delay or incompetency in support.

It is quite easy. The duration depends on the complexity. If you are using a firewall from one brand and WiFi from another brand, then you probably would need more time to do the setup. Overall, the saving is around 25% in terms of labor hours.

Their licensing costs are annual. The UTM feature license along with their support is called FortiCare. We include that as a part of the annual maintenance cost. Palo Alto or Juniper also have an annual subscription charge for UTM.

Price, of course, can always be more competitive, but it is not the most expensive product. The price-performance ratio is quite high for FortiGate.

I would recommend this solution to others as well as to our existing customers who are not using FortiGate. I would rate it an eight out of 10.

I am using Fortinet FortiGate as a perimeter internet firewall.

The most valuable feature is the FortiManager for centralized management.

Fortinet FortiGate could improve if it had a cloud-managed solution.

I have been using Fortinet FortiGate for approximately 10 years.

Fortinet FortiGate is approximately 80 percent stable.

The scalability of Fortinet FortiGate is good.

The technical support from Fortinet FortiGate is terrible. They can improve.

The presales, account management, and post-sales are the three worst things about Fortinet.

I have previously used other solutions such as Cisco, Check Point, and Palo Alto.

The solution I would recommend largely depends upon the environment it is being implemented. We tend to mix and match firewalls, but Check Point tends to be,  easier to manage, but more expensive. Their support is much better than Fortinet's when it comes to pre-sales and post-sales.

The price of Fortinet FortiGate is better than Cisco, Check Point, and Palo Alto. In terms of pricing, it's probably a better-priced firewall solution overall.

I rate Fortinet FortiGate an eight out of ten.

I have deployed several of the following models for customers: 200D, 60E, 60D. This review focuses on the FortiGate 200D.

The first implementation I performed of a FortiGate 200D was to replace a Juniper SSG-140 in a main corporate office.  This implementation provided improved network administration and network performance.

We also received more timely security updates, and it became easier to connect all of the other offices together (via an IPsec VPN mesh).

As additional FortiOS releases have come out, we have obtained more flexibility in device identification and WAN load-balancing, among other things.

• The CLI is robust and powerful, enabling rapid, consistent changes via SSH. 
  
  The device identification is very flexible, facilitating the creation of rules to regulate all sorts of devices that might spring up on a network, especially via WiFi.
• The IPsec tunnels are very easily created, and quite interoperable with devices from other vendors.
• WAN load-balancing has improved, but needs some refinement.
  
  You can set up a different DDNS config for each WAN link.
  
  It is great to be able largely use the same OS features across the family of devices.

WAN load-balancing could be a lot better at detecting when a link is poor or inconsistent, and not just flat out dead. There are lots of options for routing traffic over a specific path when you have WAN load-balancing enabled, but they are not as clear and consistent as they could be, and most can only be set at the CLI.

Some configuration elements cannot be easily altered once created.  For instance, there is no way to rename an interface (say, for a VPN tunnel), unless you create an entirely new one and perform a little gymnastics to switch from one to the other. Or, you export the config, rename the elements in question, then re-import the entire config.

Creating a meshed VPN connection (Office A with two WAN links connecting to Office B with two WAN links) requires a massive bundle of four IPsec interfaces, with two policies. It would be nice to have a cleaner, simpler config for that functionality, something not very uncommon today.

I have found that if you have a console cable in the device when you reboot it for a disk check, it will boot to the device firmware. This will not happen for a regular reboot.

If you have more than a very basic environment, you quickly have to escalate past the first level of support. The initial level is so-so.  The next level up has been stellar for me, and quick to figure out issues and resolve them.

I've only experienced stability issues a few times.  One was with the v5.4.0 and .1 releases. Also, there was an issue during the v5.2.x series where there was an SSD issue that was fixed with later firmware. Overall, the devices have been very stable.

No. Scalability is good, and performance increases are great as you move to higher products.

Customer support is okay. They are fairly responsive for level three and higher (one and two) issues, but if your issue is a little complex, you will want to ask them to escalate to a second level tech. They don't always read all the info you provide in the first pass, but overall, they are helpful.

I previously favored NetScreen/Juniper SSG solutions, but Juniper stopped supporting the SSG line, and FortiGate provides more value and performance for the dollar.

I've also tested the Sophos solutions, but found them not compelling enough to switch from the FortiGate devices.

The devices are very easy to setup, even if you need to configure VPNs. You could have an HA config up and running within 60-90 minutes, with the latest firmware installed, and a couple of policies and tunnels.

If you do not regularly work with enterprise-class firewalls, you might need to add an hour to the above scenario, but the provided wizards make it pretty easy to address the basic functions.

In-house deployment all the time.

In almost every case, I've experienced (or had customers experience) an ROI within 12 months, based on better performance for the same price or increased functionality for the same (or less) price.

Licensing and setup costs are generally pretty clear with Fortinet. If you go with centralized management or their Log Analyzer tool, these carry some additional pricing that you need to look at.

Check out the price matrix, and go with a value-added reseller that understands how to help you size out the equipment. Remember to always look at the performance with the assumption that you will have many of the unified threat management (UTM) features on, not off.

Yes, I tested and evaluated solutions from pfSense, Sophos, and Palo Alto.

I highly recommend, and often try to deploy Fortinet solutions for my office network and for my customers. They run for a long time, they are supported for many OS updates, and they are pretty solid.

Don't upgrade the OS right away when it is released, if a major new version has come out.  v5.0 was problematic early, but v5.2 was great. v5.4 was a problem child, but v5.6 had only a minor issue. v6.0 was surprisingly smooth and had only a minor issue. I could have avoided most of these problems if I waited an additional month or so before updating, but I updated because I need to advise customers on what they should be doing.

I've had to interact with support a lot, and overall they've been good (with the caveat mentioned earlier).

Our primary use case is for social network blocking and for unusual applications in our network as well as for intrusion prevention. We are a department store. 

This product has made it easier to secure our network. 

The pipe filter application is an outstanding feature. The hardware processors are also very impressive. In general, this is an easy-to-use application, with a user-friendly interface. If you have any issues, Fortinet has a support library where you can search for videos and documentation. If you want to configure anything and you're unsure about it, the solution is in the videos. If a single link fails, it automatically connects to a secondary one and that's saved me a lot of time as I would have previously had to deal with it manually. Fortigate blocks unusual traffic and therefore secures our network. Third-party integrations are good.

The updates Fortinet provides are sometimes unstable. We have to check everything thoroughly before any upgrade.

We've been using this solution for seven years. 

The solution is very scalable. The processor, the microprocessor and the security processors are very intelligent so they can scale significantly and manage that well. 

The initial setup is straightforward and easy to manage. There is no maintenance required. 

We've seen a return on our investment. 

This is a very comprehensive solution but the cost is quite high. 

We evaluated several options before going with Fortinet. 

I think this is the best solution of its kind on the market and I rate it nine out of 10. 

We use Fortinet FortiGate mostly for a data center firewall.

The most valuable features of Fortinet FortiGate are the different types of profiling. It has been the most effective for me. The WAF and the antivirus profile are the most effective in network protection.

I have been using Fortinet FortiGate for approximately seven years.

Fortinet FortiGate is a stable solution. However, my issue is the performance only. When I use all the profiles, this affects the performance. From the beginning, I should have had a better sizing of the box.

The coverage and scalability of Fortinet FortiGate are good.

We use the solution for daily operations in the data center. There are hundreds of users that use the solution.

The support from Fortinet FortiGate is great. When I have an issue with the support team, it is when I can't understand what they need and they do not understand. They then typically ask for a remote session which can help us receive the solution. Overall, the support team for Fortinet FortiGate is very good.

The initial setup of Fortinet FortiGate is very straightforward.

I rate the initial setup of Fortinet FortiGate a four out of five.

We pay for the solution annually.

The sizing is very important for the Fortinet FortiGate because after designing you have to choose what size and what kind of FortiGate you will implement. Sometimes you need to implement profiling and this will take from your processing.

In my area, this solution is recommended for many projects because it's very easy to do the implementation and troubleshoot and is highly stable. The integration between many devices, such as the FortiAnalyzer and FortiManager, is good and helps us. Fortinet FortiGate is recommended for any firewall design.

I rate Fortinet FortiGate a nine out of ten.