Fortinet FortiGate Review
For price criteria, Fortinet wins over competitors. That being said, certain areas of the product need improvement
What is most valuable?
- Performances
- VDOM
- UTM
- Consolidated Management
- FortiGuard
How has it helped my organization?
- Endpoint control of mobile devices with Security Profiles compliancy checking, captive portal redirection, Antivirus, IPS and Web Filtering enabled on outgoing traffic (coupled to FortiClient solution)
- Identity-based policies used to authenticated and profile users and guests whatever the media used to access the network (ie. Wired and WiFi)
- Dynamic BGP routes injections to divert traffic requiring UTM inspection or DDOS mitigation
- Two-Factor Authentication VPN SSL for itinerant users (coupled to FortiToken solution)
- Active/Active cluster load-balancing http/https traffic
- GTP tunnels inspections over GPRS backbones for pure-player telco operators
- Distributed WiFi infrastructure with UTM enabled and managed from the central console like signatures and firmware updates
- Classical IP/IPv6 Firewall with consolidated-management
What needs improvement?
- Fix all pending bugs present in 5.0.x branch
- Improve the testing process of newly published firmware like using real and representative configurations submitted to consequent traffic load during a while
- Support SNMPv3 INFORM requests
- Uniform the scheduled backup between FortiGate, FortiManager and FortiAnalyzer
- Integrate graphical troubleshoot tools for policies based on devices or user identities
For how long have I used the solution?
What was my experience with deployment of the solution?
Some few non-blocking bugs present in the latest release and which are now solved. In the past I encountered serious bug regarding SCTP and GTP supports. Fortinet helped me to qualify the bug, implement a temporary workaround and then published appropriate patches rapidly.
What do I think about the stability of the solution?
No. I always used the latest qualified-stable firmware recommended by Fortinet and check by own testing methods the stability of HW and SW before deploying anything into customer premises.
What do I think about the scalability of the solution?
With design and dimensioning parts well achieved I never encountered scalability issue. However it happened I had to troubleshoot some slowness and latency issues on existing projects already running live. Most of the time they were due to some design issues and non-optimized configurations like for instance “in” and “out” ports not handled by the same NP, policy rules non-optimized and non-used features enabled.
How are customer service and technical support?
Customer Service:
Very good.
Technical Support:
Very good.
Which solution did I use previously and why did I switch?
- CISCO ASA: Too expensive, performances issues, non-consolidated management between traditional ASA and inspection ASA CX, not the best security engines
- Checkpoint: Very expensive but good solutions, not the leader in UTM segment
- Juniper: Expensive but good solutions, not the leader in UTM segment
- Cyrberoam: Attractive prices but not yet tested, looks like promising
- Arkoon/Netasq: Obsoletes (Stormshield not yet tested)
How was the initial setup?
It was quite simple if you have at least a minimum of experiment with Firewalls integration. It is now even simpler thanks to the FortiExplorer application.
What about the implementation team?
Which other solutions did I evaluate?
Taking into account the price criteria, nowadays Fortinet always wins offers in front of competitors like CISCO and Checkpoint. Mixing this key-point with other success keys like UTM features and performances.
What other advice do I have?
Contact Fortinet or Fortinet’s partner and ask for a POC.
Which version of this solution are you currently using?
5.2