Fortinet

Fortinet FortiGate Review
The FortiGate security appliances. UTM security in a single device, good administrative interface and performances.

11,922
12

First things first 

Talking about FortiGate from Fortinet we are talking about a family of UTM (Unified Threat Management) appliances. This means: FortiGate is a term that includes a wide range of products, starting from small ones dedicated to small offices, and growing up to devices that are able to grant security and networking for really big companies. The family includes physical devices and virtual machines, which grant network security on different layers using a single point of control. FortiGate is optimized to avoid bottlenecks or delays while the various controls are performed. High availability is also part of the available features, with different solutions to avoid single points of failure.

In the short list that follows, I will try to list some interesting points about the FortiGate solution. 

1. Administrative Interface

If you are experienced with network security management, you know that usually this kind of activity requires to interact with many different software and hardware coming from disparate vendors. In the aforementioned scenario, it is normal to have frequent updates to apply on the various products and to watch more than one monitoring tool to keep track of security events. The FortiGate solution includes all the controls you could expect using a patchwork of security products in a single device with a single administrative interface. It is your switch, your router, your firewall, your VPN hub, your antivirus, your antispam, your proxy and your end-point security solution all in one. 

If you define a network object or group for firewalling purposes, it will be available also to define antivirus rules or Internet browsing policies. There are two administrative interfaces:

    ·Web-based manager (a graphical interface usable through an web browser)

    ·CLI (a command line interface)

A strong point of a FortiGate is the fact that the graphical interface is complete and easy to use (especially if we think to the list of operations that we are able to perform inside).

Again, if you have used appliances or firewalls coming from other vendors, you know that often you have to use a not-so-friendly command lines to obtain the exact result that you need. Talking about FortiGate, you will use the CLI seldom and only for the most “exotic” features.

2. UTM the Fortinet way

Unified Threat Management may be complex to manage, because you work on different protocols, at different layers and with disparate threats to consider. In a FortiGate you can think to have three great layers:

    ·Networking services (switching and routing, both static and dynamic)

    ·Network security services (firewalling, secure VPN connection, intrusion detection and endpoint security)

    ·Application security services (spam and virus controls, web filtering, application control and data leak prevention)

As long as you pay (and renew as it expires) the “bundle” license, you have all the aforementioned features available including the updates for signatures and definitions, coming to your appliance directly from Fortinet. I am not saying that you have to use all the available controls, but you are able to turn them on and off “on-demand” so you could start with a simple configuration and add control layers when you feel more comfortable.

3. Virtual Domains

One of the available features include the capability of a FortiGate to support many Virtual Domains (VDOMs). VDOMs enable you to grant access to different companies with different administrators on the same physical unit. Each one of them will be able to keep his/her specific configuration with no impact on the others. What you are doing here is creating “virtual units”, keeping on a “root domain” that is used to manage the virtual domains. VDOMs add a lot of flexibility to the solutions you are able to plan using FortiGate

4. High Availability and Resiliency

There are four different ways to make a FortiGate unit high available. You could use a traditional “cluster” design with two or more units FortiGate Cluster Protocol (FGCP), a solutions with an external load balancer FortiGate Session Life Support Protocol (FGSP), a layer 3 resiliency solution like Virtual Router Redundancy Protocol (VRRP) or a layer 2 solution like Fortinet Redundant UTM Protocol (FRUP). Here we have (again) a great deal of flexibility to design the best solution for our company’s needs.

5. The Dark Side of the Moon

It would be not fair to review a product omitting the negative points. Talking about FortiGate, the main complain I have heard is about the technical support. My personal experience is the same of many people that are not happy with this aspect of the service offered from Fortinet. Often your problem is diverted to local partners and I have to say that I had mixed results with them. While some partners are professional, many are not skilled enough and have costs that are not equivalent to their quality. I know that there is the same issue with other vendors too but that is not an excuse. As long as Fortinet support sends me to a local reseller or partner, from my point of view, they are taking responsibility for their capability too. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
23 visitors found this review helpful
F1c9552d a967 415f 9643 d3f76ed85ae4 avatar?1443658556Marco de lellis li?1420452159Bernard van de koppel avatar 1431695123?1431695121Cedric larfeil li?1414339585869b3f93 8ead 4638 85b5 fc805ccad6bc avatarD629ccb3 dd36 43eb a285 0dd55accdaba avatarAnonymous avatar x30Anonymous avatar x30Anonymous avatar x30Anonymous avatar x30

12 Comments

Kavin m li?1418193594
Kavin MReal UserTOP 20

Fortinet is a very good device in SMB market.. handling is very easy . very nice user interface. Comparing with all other UTMs its performance is very good. VDOM,Transparent mode,Routing,Switching like many options available.

Like (2)29 October 15
88c58488 451e 4cee 8cbb 9e93067daeb6 avatar
Vahid KazimovReal User

There 2000 people in our Univeristy
Which Fortinet product (Fortigate and FortiAp) must we use without any probems ?

Like (0)11 January 16
F68c6f94 2a28 479e 9b53 86c7c1be91e8 avatar
Fabrizio VolpeReal UserTOP REVIEWERELITE SQUAD

Hi Vahid.
I see no good reason to NOT use Fortinet products in your university.
They are good and scalable as much as you need.
Just keep an eye on sizing (i.e. selecting the right appliance for your needs).

Like (2)11 January 16
88c58488 451e 4cee 8cbb 9e93067daeb6 avatar
Vahid KazimovReal User

Fabrizio Volpe, thank you very much

Like (0)12 January 16
Anonymous avatar x30

Hi, exactly how do you get to pick the right Fortinet firewall device for your needs? I have about 3000 users on my university network and still using Firtigate 82c which seems to fail now. Please advice!!!

Like (0)26 May 16
F68c6f94 2a28 479e 9b53 86c7c1be91e8 avatar
Fabrizio VolpeReal UserTOP REVIEWERELITE SQUAD

Good morning Nkosinathi.
A good starting point is the Fortinet Product Matrix ( https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/Fortinet_Product_Matrix.pdf ) that contains all the devices and related capabilities.

You have to select the best fit based (for example) on the number of FortiClients used by your university.

My suggestion (for a 2,000 users campus) would be a couple of FG-200D (at least) paired in a cluster for redundancy.
As usual, the more you will spend, the better result you will have.

Like (1)26 May 16
A5223938 eed9 42af 9f16 9a9bd1568f21 avatar
Orlee GillisCommunity Mgr

Fabrizio, once you've chosen a product from Fortinet's Product Matrix, do you stay with your selection permanently, or have you changed products in the past?

Like (0)05 October 16
Anonymous avatar x30

What Fortigate model number would be most appropriate for a school with around 50 users in total?

Like (0)18 May 17
Jody reed li?1423677088
JODY REEDReal UserTOP 20

We use a 90D in our office of 30. All our users are heavily interacting with web based portals and such. I would think it would scale to your target of 50 nicely.

Like (0)18 May 17
Anonymous avatar x30
JosephKingoriReal User

Am using fortigate 500D, experience is excellent. User friendly GUI config environment. When it comes to security, its the best.

Like (0)19 June 17
Anonymous avatar x30

Hi Fabrizio, great review! Thanks for your valuable time!
If you have a chance, could you please advise about what model fits better for a warehouse with about 60 users (desktops, smartphones, handheld scanners) plus 10 vpn users? Also we use site-to-site vpn between 2 companies.
Should I pick Fortinet, Sonicwall or pFsense?

Like (0)08 August 17
F68c6f94 2a28 479e 9b53 86c7c1be91e8 avatar
Fabrizio VolpeReal UserTOP REVIEWERELITE SQUAD

Hi Claudio. Based on the Product Matrix ( https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/Fortinet_Product_Matrix.pdf ) the FortiGate 30E looks like a good candidate (calculating 50 sessions per user).
HAving not enough experience on SonicWall and pFsense I am not able to give you a comparison :-)

Like (0)08 August 17
Anonymous avatar x30
Guest

Have A Question About Fortinet FortiGate?

Our experts can help. 233,815 professionals have used our research on 5,900 solutions.
Why do you like it?

Sign Up with Email