Fortinet FortiGate Review

I could achieve the same results with a software firewall. This one comes in a nice hardware package. Using the CLI should be documented better.

Valuable Features

  • Flexibility
  • Flow tracking
  • B2B VPN

Improvements to My Organization

It's good for what it is. I could achieve the same results with a pfSense firewall. This one just comes in a nice hardware package.

Room for Improvement

Better documentation about usage of the CLI. I learned most of what I know in diagnostic functionality through saving SSH sessions with the customer support staff while in WebEx sessions.

I have tried looking up the manuals. They are OK in some respects, but I feel exhaustive documentation about the CLI "with examples" should be there, and I feel it's not.

I'm saying, hey lets consolidate some of the primary real world scenarios like:
Section A: - Troubeshooting B2B VPN peering with a business partner or client when initially setting up the VPN tunnel.

Inevitably, there are always quirks and nuances between the fortigate vendor versus peering with a Palo Alto or an ASA firewall or even a Juniper SSG.

Imagine providing all steps, command line syntax, and GUI (if available) and how to take steps to debug the flow and see what's failing.
Sometimes it's super hard to figure out what's wrong with a fortigate VPN unless you know the commands on the CLI to see the flow and how to interpret it.

If they had all the methods / syntax and the "how's and why's" for a scenario; even possibly an instructional video showing how via the CLI and gui alongside the documentation. It would be like the pearly gates had opened and I had gone to heaven.

Use of Solution

I have used it for three years.

Stability Issues

I never encountered any stability issues. It is a very stable product.

Scalability Issues

Scalability's not been an issue for my org. We only utilize it for certain applications.

Customer Service and Technical Support

Technical support is excellent, although it can be a bit difficult to understand the tech. As with most support staff from almost all vendors now, the support comes from somewhere across the pond.

Previous Solutions

On the site where the FortiGate is stationed, it's never been changed out.

Initial Setup

Initial setup was straightforward.

Pricing, Setup Cost and Licensing

Buy the support package! Upgrades, advice about upgrade paths, and troubleshooting help is paramount. There have been some times where, without it, I'd have been dead in the water.

Other Solutions Considered

This was an in-place firewall when I integrated the site to my org.

Other Advice

Figure out what features you want, and what policies you want. Look up how to do it in advance, and create an implementation plan.

Plan for policies, routing, NATting, etc. Create a step-by-step process in advance, possibly create the environment in a DEV sandbox, test it, then implement.

It has a good feature set. However, sometimes you are forced to solicit technical support to get it working.

Also, I find the web interfaces sometimes do not display things properly.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
1 visitor found this review helpful
Hamza_FarhanReal User

I agree with you that reading the output of Fortigate debug command(s) needs the knowledge first of how to interpret the output and to have that one, you either take NSE-7 course or read the admin guide since it shows some debug outputs along with explanation.

The logs are useful but does not provide too much explanation which is the reason why most of the time we depends on debug commands to find out what is the problem.

With 5.4.0 firmware, Fortinet introduced new feature called "Policy Learning Mode". The learning mode feature is a quick and easy method for setting a policy to allow everything but to log it all so that it can later be used to determine what restrictions and protections should be applied.


29 September 16
IT Infrastucture - Cloud Admin at Primary S.A.Real UserTOP 20LEADERBOARD

Nice review!
I would like to replace the cisco asa that i have in production... Annoying CLI, and other stuff that make manage that device a really painful experience (im ccna, almost ccnp).
Fortinet is one brand that i will evaluate, this review helpme, thanks!

29 September 16
NetworkEng896Real User

Luciano, thanks for the kind comments on my review. IT Central Station asked me to comment on the Fortigate product and I tried to give it a fair but firm evaluation of my user experience to date. I'm glad you found it useful.

29 September 16
Orlee GillisConsultant

Hamza, how has Fortinet's new feature, "Policy Learning Mode" affected your understanding of which restrictions to apply and which aren't relevant?

29 September 16
Hamza_FarhanReal User

This feature gives you what we called "Network Visibility" by applying all security profiles such as IPS/IDS, App Control, Web filter .. etc all in monitoring mode to help building effective security policy between different network zone(s). But first you need to understand what type of traffic passing through your network by using different tools such NetFlow but Fortinet added that feature with 5.4 firmware so need for you to use multiple tools to gain such network viability.

29 September 16
Andrew S. Baker (ASB)ConsultantTOP 5POPULAR

Great review. I was going to disagree with you about the CLI documentation, but I found that the examples are really missing for the common use cases, as you stated, so I had to agree.

The cookbook is getting better, but it's not yet comprehensive enough. Very good platform.

I also wish there were elements that you could rename without having to reload an entire config, but I am happy that you can easily search/replace a config and then replace it.


18 July 17
Sign Up with Email