What is our primary use case?
We use this solution for reporting. We also use it to keep logs for our clients that require logs with a history of more than seven days.
In addition to our own firewalls, we have several clients with firewalls that report into the same FortiAnalyzer.
We have a private cloud deployment, set up on-premises.
What is most valuable?
The most valuable features are customizing reports, and the ability to drill down to display critical information in real-time. FortiGate itself, for example, doesn't offer all of this information on the entry-level firewalls. You can get more detailed information from FortiAnalyzer based on the log that is retrieved from FortiGate while it is operating.
What needs improvement?
I would like to be able to do more customization. For example, I would like to be able to develop my own set of reports that I can upload to the analyzer, and then it can report in a fashionable way as to what I really expect, rather than the ones that are preconfigured. Then we can play around with them in terms of where you can position your top bandwidth users, and such.
The reports are good, but they are over-summarized.
For how long have I used the solution?
We have been using this solution for four years.
What do I think about the stability of the solution?
The device has been pretty much stable. We haven't really had issues with it in the time that we've been using it.
What do I think about the scalability of the solution?
The licensing limits the storage in terms of how much information it can store. For example, you can collect seven gigs of log files in a day.
We have twenty firewalls connecting to FortiAnalyzer. We are moving some of them to the FortiCloud platform because we get thirty days of reporting on a non-subscription basis with FortiCloud. With FortiAnalyzer, we would have to pay for more licenses.
At this stage, we do not plan to increase usage. The majority of our clients who have entry-level firewalls are now depending on FortiCloud. It is more robust than us having more of the FortiAnalyzer devices. Because FortiCloud is accessible from anywhere, a client can easily manage it, rather than us giving them access to the Fortianalyzer. So, we're finding FortiCloud being a better option than us having an on-site FortiAnalyzer.
How are customer service and technical support?
When I speak with Fortinet technical support it is usually in regards to FortiGate. I would rate their support team an eight out of ten. Sometimes, what happens is that we open a webchat with them where you don't have to open a ticket. The problem is that you may end up dealing with the level-one support who doesn't really give you the answer, so they then refer you to open a ticket. This delay can be a problem when you have a client that needs an issue resolved right then and there.
If you previously used a different solution, which one did you use and why did you switch?
We have not used any other solutions for log analysis.
How was the initial setup?
The initial setup of this solution is pretty straightforward. We have a few FortiGate firewalls, and they communicate with FortiAnalyzer over the public networks by sending their logs.
The deployment was not difficult and did not take much time. It is just the initial configuration on FortiAnalyzer, which takes no more than ten minutes. Then, the analyzer will be synchronized with FortiGate. It is just a matter of entering the FortiAnalyzer IP address, then allowing it to register. In total, it takes about twenty minutes.
There are three administrators for this solution, and I handle the maintenance myself.
What about the implementation team?
We handled the deployment ourselves. The documentation from Fortinet is pretty straightforward.
What's my experience with pricing, setup cost, and licensing?
The pricing of this solution is fair, and it is based on what you can manage. There are no costs in addition to the licensing fees.
Which other solutions did I evaluate?
We tried NetFlow Analyzer, and the product was good but it was highly expensive.
What other advice do I have?
This solution, at every stage, does what I expect it to.
My advice for anybody researching this solution is to consider the size of their organization. If it is very big and they need to retain a log for a specific number of days or a period of time, for example, going back to thirty days and they also need to analyze the traffic in real-time, then FortiAnalyzer would be ideal. However, the same service is now available on FortiCloud, which is something else that I highly recommend.
With other solutions, such as NetFlow Analyzer, you can really customize your report to what you expect. Together you can insert logs, you can customize your reports with the logs that you're receiving, unlike with FortiAnalyzer. This is a major drawback.
I would rate this solution a seven out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.