Fortinet FortiGate Review

Scalable with good core functionality and good support

What is our primary use case?

We use this solution for different reasons.

We use it for the firewall with SDWAN functionality

We use it in some use cases as a VPN Server.

 We use it as a Wi-Fi controller on some sites.

We use if for internal network segregation and routing

How has it helped my organization?

Fortinet FortiGate has improved the way our organization functions.

What is most valuable?

Versatile with a lot of controls and expert level customizations for advanced users

NGFW features seems to be effective are relatively easy to implement. 

Fortigate DC Agent is a useful free feature to automatically detect logged on users and implement user based access policy

Basic VPN is included without extra charges

What needs improvement?

The Wi-Fi controller feature needs a lot of improvement. The function itself is not as stable as it should be in our use case which might be a problem in either the APs or the controller.

Would like to see more wizards and automation for more features such as virtual servers, SSL VPN, and others where policies, rules entries are created automatically form wizard input.

Some of the features related to load-balancing and traffic shaping are not as straightforward as they need to be. 

The VPN functionality needs low-level debugging get what really going on. Log level is too detailed and requires someone who is quite experienced to analyze and solve those issues. 

Zero-trust base features are lagging behind the other competition, based on what I have read. Would like to see those features in a clearly in the UI.

For how long have I used the solution?

I have been using Fortinet FortiGate for four years.

We are not using the latest version, but close to it.

What do I think about the stability of the solution?

There are some stability issues when move to a newer version. It's always good to be a couple of steps behind when you upgrade as usually the latest major releases are a not stable. We are quite cautious to update.

The stability of VPN connection phase is can be enhanced

Wifi AP/Controller stability is an issue for us

What do I think about the scalability of the solution?

It's quite scalable. The scalability and the migration are okay as well. Licensing model is also stright forword and certain features such as basic SSL VPN requires no to min additional cost per user.

How are customer service and technical support?

Their technical service is quite good. The application notes and the help on the web are quite good.

I would rate technical support an eight out of ten.

Which solution did I use previously and why did I switch?

By the time I joined a Fortigate was selected against pfsense.

How was the initial setup?

The initial setup is intermediate in complexity but support and online documentation covers for it.

What's my experience with pricing, setup cost, and licensing?

If you're a small-medium size business:

- Size your use case carefully as licensing price jumps significantly with HW changes. 

- Customizable Forticilent SW can be downloaded for free with FNDN membership

- If you have multi sites and require Fortigate based 2FA then consider getting a dedicated fortiauthenticator (VM) with fortiokens acting a central RADIUS server which can be cheaper than cloud tokens an with additional authentication flexibilities.

Which other solutions did I evaluate?

pfsense; was decided against based required features (mainly VPN which is based in OpenVPN)

Paloalto; is a more expensive with comparable security features based on a recent NSS LABs report

What other advice do I have?

Follow the instructions on the application manual carefully. Otherwise, certain features would not be running quite as they need them to without clear errors reported. 

Contact technical support, they're responsive and have solutions for most of the problems.

Chose/size the HW carefully based on your use case as certain features are HW accelerated  in higher variants but takes a huge toll on CPU/ memory when running on lower variants.

Consider using Fortigate DC Agent which is  useful free feature to automatically detect logged on users and implement user based access policy

Consider segregating functions on different units instead of having all features on a Fortigate (i.e avoid having wifi controller + firewall + VPN on a single unit specially for lower variants)

Because of the flexibility, the advanced user features, the high level of security controls, and the tweaks that are available for the user, I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

Which version of this solution are you currently using?

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Fortinet FortiGate reviews from users
...who work at a Comms Service Provider
...who compared it with Cisco ASA Firewall
Learn what your peers think about Fortinet FortiGate. Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
523,742 professionals have used our research since 2012.
Add a Comment
ITCS user