Fortinet FortiGate Review

For price criteria, Fortinet wins over competitors. That being said, certain areas of the product need improvement

Valuable Features

  • Performances
  • VDOM
  • UTM
  • Consolidated Management
  • FortiGuard

    Improvements to My Organization

    • Endpoint control of mobile devices with Security Profiles compliancy checking, captive portal redirection, Antivirus, IPS and Web Filtering enabled on outgoing traffic (coupled to FortiClient solution)
    • Identity-based policies used to authenticated and profile users and guests whatever the media used to access the network (ie. Wired and WiFi)
    • Dynamic BGP routes injections to divert traffic requiring UTM inspection or DDOS mitigation
    • Two-Factor Authentication VPN SSL for itinerant users (coupled to FortiToken solution)
    • Active/Active cluster load-balancing http/https traffic
    • GTP tunnels inspections over GPRS backbones for pure-player telco operators
    • Distributed WiFi infrastructure with UTM enabled and managed from the central console like signatures and firmware updates
    • Classical IP/IPv6 Firewall with consolidated-management

    Room for Improvement

    • Fix all pending bugs present in 5.0.x branch
    • Improve the testing process of newly published firmware like using real and representative configurations submitted to consequent traffic load during a while
    • Support SNMPv3 INFORM requests
    • Uniform the scheduled backup between FortiGate, FortiManager and FortiAnalyzer
    • Integrate graphical troubleshoot tools for policies based on devices or user identities

    Use of Solution

    4.5 years

    Deployment Issues

    Some few non-blocking bugs present in the latest release and which are now solved. In the past I encountered serious bug regarding SCTP and GTP supports. Fortinet helped me to qualify the bug, implement a temporary workaround and then published appropriate patches rapidly.

    Stability Issues

    No. I always used the latest qualified-stable firmware recommended by Fortinet and check by own testing methods the stability of HW and SW before deploying anything into customer premises.

    Scalability Issues

    With design and dimensioning parts well achieved I never encountered scalability issue. However it happened I had to troubleshoot some slowness and latency issues on existing projects already running live. Most of the time they were due to some design issues and non-optimized configurations like for instance “in” and “out” ports not handled by the same NP, policy rules non-optimized and non-used features enabled.

    Customer Service and Technical Support

    Customer Service:

    Very good.

    Technical Support:

    Very good.

    Previous Solutions

    • CISCO ASA: Too expensive, performances issues, non-consolidated management between traditional ASA and inspection ASA CX, not the best security engines
    • Checkpoint: Very expensive but good solutions, not the leader in UTM segment
    • Juniper: Expensive but good solutions, not the leader in UTM segment
    • Cyrberoam: Attractive prices but not yet tested, looks like promising
    • Arkoon/Netasq: Obsoletes (Stormshield not yet tested)

    Initial Setup

    It was quite simple if you have at least a minimum of experiment with Firewalls integration. It is now even simpler thanks to the FortiExplorer application.

    Implementation Team


    Other Solutions Considered

    Taking into account the price criteria, nowadays Fortinet always wins offers in front of competitors like CISCO and Checkpoint. Mixing this key-point with other success keys like UTM features and performances.

    Other Advice

    Contact Fortinet or Fortinet’s partner and ask for a POC.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    6 visitors found this review helpful
    Add a Comment
    Sign Up with Email