We performed a comparison between Fortinet FortiGate and Zscaler Internet Access based on real PeerSpot user reviews.
Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I have found Fortinet FortiGate to be scalable."
"The email protection and VPN features are the most valuable."
"It's a user-friendly firewall. Most of the tasks are very simple. It's simple to configure and troubleshoot this firewall."
"The most valuable features of the solution are SD-WAN, filtering testing applications, web filtering, and the new VPN."
"The initial installation is very straightforward."
"We have been able to offer several services to customers in a single box."
"The most valuable feature is the VDOM, which allows the customer to have multiple firewalls in a single campus."
"Fortinet FortiGate protects against internet-based threats, both internal and external. It is scalable, stable, easy to use, and easy to install."
"The most valuable feature of the solution is SWG traffic."
"Zscaler covers all the features needed to replace a VPN or proxy solution. They are good. They've been on the market for 15 years now, so they are mature enough."
"Whether you are in a hotel somewhere, or in Africa, it does not matter. You will get the Zscaler protection presence anywhere."
"The most valuable features I found in Zscaler Internet Access are the restriction of users for a particular URL, the security feature related to stopping DDoS, and the VPN."
"Stability-wise, I rate the solution a nine and a half out of ten...The setup phase was easy."
"Zscaler Internet Access protects using data loss prevention. If you have a CASB exposing your cloud out into the network, then Zscaler Internet Access will go ahead and control that unknown cloud application in the CASB, protecting it. There is also data detection with exact data match. This improves the data coming into your cloud so you are protecting it."
"We enjoy all of the proxy capabilities and the capability to integrate into the SIEM/SOC solution."
"Zscaler Internet Access's best feature is the granular policy controls."
"We would like to see an upgrade to the VPN feature, we are using the VPN from outside of our office and there is a limitation to 10 connections, more connections would be suitable."
"With the reports, you can see it, and you can get good feelings so upper management can go, "Oh, wow. That looks pretty." However, it's very basic."
"The security of Fortinet FortiGate could improve."
"Fortinet FortiGate can be integrated with different platforms. They have integrations in place, but I can't say they're 100%."
"The solution could be more user friendly."
"There aren't really any negative aspects to discuss."
"MTBF: Hardware failure is more common when compared to SonicWall or Cisco ASA."
"I would like to have logs, monitoring, and reporting for a month without extra fees."
"The main issue with Zscaler Internet Access is proxy IP detection, which sometimes makes sites inaccessible."
"Zscaler Internet Access can improve by adding traffic filtering based on the DNS."
"The OS capabilities and WSL support could be improved."
"There are a few features that are not compatible with the Azure cloud."
"Another thing that I would like to see is if Zscaler could have a separate product for direct access. I looked at a private access solution, but I understand there's a separate product that isn't integrated with this."
"Cloud App’s database should be improved."
"What could be improved in Zscaler Internet Access is its price. It could be cheaper."
"One thing that they could improve is the ability to import rules from other platforms."
Fortinet FortiGate is ranked 2nd in Firewalls with 306 reviews while Zscaler Internet Access is ranked 2nd in Secure Web Gateways (SWG) with 46 reviews. Fortinet FortiGate is rated 8.4, while Zscaler Internet Access is rated 8.2. The top reviewer of Fortinet FortiGate writes "It's a reliable solution that's easy to install and cheaper than competitors ". On the other hand, the top reviewer of Zscaler Internet Access writes "Provides integrated CASB and file sandboxing but could be less expensive ". Fortinet FortiGate is most compared with Sophos XG, Cisco Secure Firewall, Netgate pfSense, Meraki MX and WatchGuard Firebox, whereas Zscaler Internet Access is most compared with Cisco Umbrella, Microsoft Defender for Cloud Apps, Netskope , Prisma Access by Palo Alto Networks and Appgate SDP. See our Fortinet FortiGate vs. Zscaler Internet Access report.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Bluecoat and Forcepoint offer credible solutions. Think through where your users are and what they connect to. A mobile workforce may need an agent and a cloud gateway (unless you force them back to base over VPN) but may give problems if connecting to sites that whitelist you by IP. And not all providers have good global breakout points. Be particularly careful if you work in China.
My recommendation is Cisco Meraki MX84 with advanced security license (its have two kind of license Advanced security and Enterprise licenses).
I recommend Fortigate
All FortiGate appliances are powered by the FortiOS™ operating system with the following features and benefits:
Features. Firewall, Virtual Private Networking (VPN), AntiVirus, Intrusion Prevention, Web Filtering, DLP, and anti-spam; AntiVirus /Antispyware
Answer is , it depends... If you do any web based business with Banks or Governments then get a hardware solution like Bluecoat or Fortinet because web based providers can not provide you with a static source IP and you will fail security checks. I've been involved in corporate moves to the "cloud" using Zscaler and both went very wrong, very fast, a year later and they still have monthly outages because of the "cloud" providing random source IP's. If this is for a public internet access outside of your corporate network then you should be fine otherwise I suggest hardware you control.
This is a "how long is a piece of string?" type question. As the other vendors have said it is hard to recommend something fully without knowing all the background. Your background did stipulate that you had multiple sites and you were growing. Having a traditional deployment scenario will mean that you need to have a "box" at each site and add more boxes as you add more sites. Going with a more modern solution like Zscaler will allow more rapid growth opportunities - just add users, no matter where they are - also this allows you to restrict with a single policy in the cloud rather than on each device.
AS others have said, be mindful of the proximity of the Zscaler because of latency, but they do have >100 POPS which you will probably find pretty local.
Overall, there is a lot more research you can do, but I'm leaning towards a cloud offering from the branches. You might consider an SD-WAN device at each branch that also has FW built in. This would give you connectivity resilience at a much lower price, but perhaps this is a debate for another day :-)
Cisco Meraki is an excellent solution in the cloud, has AMP included and can be integrated with Umbrella and Thread Grid.
We use Fortigates for web filtering and security. We are a global company with > 10,000 users.
This protects all users on our internal network. Remote users can use the Fortinet FortiClient for remote AV and web filtering protection.
We used Zscaler several years ago but we were unhappy with latency for complex websites and managing PAC files was difficult.
Since you are going for a web security. Zscalar web security solution will be my recommendation considering its robust features and vast threat intelligence base. It is best you go for the cloud solution since you are working across sites.