Fortinet FortiGate Review
FortiGate security appliances provide UTM security in a single device with a good administrative interface and performance

We're discussing a family of UTM (Unified Threat Management) appliances. FortiGate is a term which includes a wide range of products, starting with small ones dedicated to small offices, and developing into devices which are able to grant security and networking for large companies. The family includes physical devices and virtual machines, which grant network security on different layers using a single point of control. FortiGate is optimized to avoid bottlenecks or delays while the various controls are performed. High availability is also part of the available features with various solutions to avoid single points of failure. 

In the following short list, I will list some interesting points about the FortiGate solution. 

1. Administrative Interface

If you are experienced with network security management, you are aware this activity requires interaction with many different software and hardware solutions from disparate vendors. In the aforementioned scenario, it is normal to have frequent updates to apply on the various products and to watch more than one monitoring tool to keep track of security events. The FortiGate solution includes all the controls you could expect using a patchwork of security products in a single device with a single administrative interface. It is your switch, router, firewall, VPN hub, antivirus, anti-spam, proxy, and endpoint security solution all-in-one. 

If you define a network object or group for firewalling purposes, it will be available to define antivirus rules or internet browsing policies. There are two administrative interfaces:

  • Web-based manager (a graphical interface usable through a web browser);
  • CLI (a command line interface).

A strong point of FortiGate is that the graphical interface is complete and easy to use, especially if we think there is a list of operations that we are able to perform inside.

If you have used appliances or firewalls from other vendors, often you have to use not-so-friendly command lines to obtain the exact result you need. With FortiGate, you will use the CLI seldomly and only for the most “exotic” features.

2. UTM, the Fortinet way

Unified Threat Management may be complex to manage, because you work on different protocols, at different layers and with disparate threats to consider. In FortiGate, you can have three great layers:

  • Networking services (switching and routing, both static and dynamic);
  • Network security services (firewalling, secure VPN connection, intrusion detection and endpoint security);
  • Application security services (spam and virus controls, web filtering, application control and data leak prevention).

As long as you pay (and renew as it expires) the “bundle” license, you have all the aforementioned features available, including the updates for signatures and definitions coming to your appliance directly from Fortinet. You do not have to use all the available controls, but you are able to turn them on and off “On Demand”, so you could start with a simple configuration and add control layers when you feel more comfortable.

3. Virtual Domains

One of the available features include the capability of a FortiGate to support many Virtual Domains (VDOMs). VDOMs enable you to grant access to different companies with different administrators on the same physical unit. Each one will be able to keep their specific configuration with no impact on the others. What you are doing is creating “virtual units”, and keeping on a “root domain” which is used to manage the virtual domains. VDOMs add a lot of flexibility to the solutions that you are able to plan using FortiGate.

4. High Availability and Resiliency

There are four different ways to make a FortiGate unit have high availability. You could use a traditional “cluster” design with two or more units: FortiGate Cluster Protocol (FGCP), a solution with an external load balancer: FortiGate Session Life Support Protocol (FGSP), a Layer 3 resiliency solution like Virtual Router Redundancy Protocol (VRRP), or a Layer 2 solution like Fortinet Redundant UTM Protocol (FRUP). Again, we have a great deal of flexibility to design the best solution for our company’s needs.

5. The Dark Side of the Moon

It would not be fair to review a product omitting the negative points. With FortiGate, the main complaint that I have heard is about the technical support. My personal experience is the same as many people who are not happy with this aspect of the service offered by Fortinet. Often, your problem is diverted to local partners. I have to say that I have had mixed results with them. While some partners are professional, many are not skilled enough and I have had costs that are not equivalent to their quality. This is the same issue with other vendors, but that is not an excuse. As long as Fortinet support sends me to a local reseller or partner, from my point of view, they are taking responsibility for their capabilities.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
23 visitors found this review helpful
869b3f93 8ead 4638 85b5 fc805ccad6bc avatarBernard van de koppel avatar 1431695123?1431695121Jody reed li?1423677088F1c9552d a967 415f 9643 d3f76ed85ae4 avatar?1443658556Cedric larfeil li?1414339585Anonymous avatar x30Anonymous avatar x30Anonymous avatar x30Anonymous avatar x30Anonymous avatar x30


Kavin m li?1418193594
Kavin MReal UserTOP 20

Fortinet is a very good device in SMB market.. handling is very easy . very nice user interface. Comparing with all other UTMs its performance is very good. VDOM,Transparent mode,Routing,Switching like many options available.

Like (2)29 October 15
88c58488 451e 4cee 8cbb 9e93067daeb6 avatar
Vahid KazimovReal User

There 2000 people in our Univeristy
Which Fortinet product (Fortigate and FortiAp) must we use without any probems ?

Like (0)11 January 16
F68c6f94 2a28 479e 9b53 86c7c1be91e8 avatar

Hi Vahid.
I see no good reason to NOT use Fortinet products in your university.
They are good and scalable as much as you need.
Just keep an eye on sizing (i.e. selecting the right appliance for your needs).

Like (3)11 January 16
88c58488 451e 4cee 8cbb 9e93067daeb6 avatar
Vahid KazimovReal User

Fabrizio Volpe, thank you very much

Like (0)12 January 16
Anonymous avatar x30

Hi, exactly how do you get to pick the right Fortinet firewall device for your needs? I have about 3000 users on my university network and still using Firtigate 82c which seems to fail now. Please advice!!!

Like (0)26 May 16
F68c6f94 2a28 479e 9b53 86c7c1be91e8 avatar

Good morning Nkosinathi.
A good starting point is the Fortinet Product Matrix ( ) that contains all the devices and related capabilities.

You have to select the best fit based (for example) on the number of FortiClients used by your university.

My suggestion (for a 2,000 users campus) would be a couple of FG-200D (at least) paired in a cluster for redundancy.
As usual, the more you will spend, the better result you will have.

Like (1)26 May 16
A5223938 eed9 42af 9f16 9a9bd1568f21 avatar
Orlee GillisCommunity Mgr

Fabrizio, once you've chosen a product from Fortinet's Product Matrix, do you stay with your selection permanently, or have you changed products in the past?

Like (0)05 October 16
Anonymous avatar x30

What Fortigate model number would be most appropriate for a school with around 50 users in total?

Like (0)18 May 17
Jody reed li?1423677088

We use a 90D in our office of 30. All our users are heavily interacting with web based portals and such. I would think it would scale to your target of 50 nicely.

Like (0)18 May 17
Anonymous avatar x30
JosephKingoriReal User

Am using fortigate 500D, experience is excellent. User friendly GUI config environment. When it comes to security, its the best.

Like (0)19 June 17
Anonymous avatar x30

Hi Fabrizio, great review! Thanks for your valuable time!
If you have a chance, could you please advise about what model fits better for a warehouse with about 60 users (desktops, smartphones, handheld scanners) plus 10 vpn users? Also we use site-to-site vpn between 2 companies.
Should I pick Fortinet, Sonicwall or pFsense?

Like (0)08 August 17
F68c6f94 2a28 479e 9b53 86c7c1be91e8 avatar

Hi Claudio. Based on the Product Matrix ( ) the FortiGate 30E looks like a good candidate (calculating 50 sessions per user).
HAving not enough experience on SonicWall and pFsense I am not able to give you a comparison :-)

Like (0)08 August 17
Anonymous avatar x30

I have used Fortigates for 6 years. Like you, similar experiences augmented by an additional support subscription due to my early learning curves. What I did not realize was the speed compromises with all the security apps active - if I have a Verizon FiOS true Gig subscription, my speed was tapered down to 100 Mbps or less. That is a 90% reduction. With 6 users multiplied by cell phones accessing the same WiFi, you can imagine the data speeds we were actually working with.

So, I picked WatchGuard, the T70 specifically. The data speeds with everything turned on remains near the subscription (1 Gig) and I have the same types of protections as the Fortigate. It is too early to report the reliability and other specs since this has changed only in the last week, but the specs tell me a lot that helped me to understand what I missed on my first go-around with Fortigate. Don't get me wrong, I had zero issues over the last 6 years to Fortigate's credit. However, that speed compromise doesn't work for me. Perhaps I missed something, but my support knows the product and there were no adjustments available, other than turning certain feature off. I couldn't afford that security risk, not these days.

Like (0)01 November 17
F68c6f94 2a28 479e 9b53 86c7c1be91e8 avatar

Security solutions are something that has to be tailored to each company's needs, so WatchGuard could be a better match with your requirements and it is absolutely understandable.

Like (0)11 December 17
96b51e23 a5f2 462f 954d f6fb009ae0f1 avatar
Orlon RoseReal User

I can understand additional security features slowing things down, its the same in the physical world at the airport! but from 1 Gig to 100 Mbps seems a bit extreme to me. My boss and fellow co-workers would not accept any explanation for those numbers. Is this typical of all UTM devices? Im considering fortinets fortigate devices for securing our network but this makes me a bit weary.

Like (0)16 December 17
Anonymous avatar x30
Why do you like it?

Sign Up with Email