The UTM (application control) features have been very important, because they have solved many issues that other firewall providers have not developed as Fortinet has.
A clear example of this feature advantages is blocking and allowing the Google suite. For example, without UTM, we would not have been able to execute some customer requirements like this one:
A customer asked us that some host on their LAN is going to be assigned to be a POS workstation. They needed that workstation to have permissions to some applications and some URLs, and they needed to block users from opening sites like YouTube, Google+, and Google Drive, but they needed to get in to some POS URLs hosted in the Google cloud. We were working with rules allowing some specified URLs, but it didn’t work because the subnetting IP address the customer needed to be allowed, sometimes matched the YouTube service. Google support engineers told us they rotate their IP addressing subnets to be more secure and they do not always attach an IP address to a domain name. So, sometimes the customer’s workstations were able to open YouTube sites too.
The way we could block YouTube and allow the customer POS URLs sites, was by configuring an application control sensor, where we were able to block some categories like this:
Another requirement was to allow some specified applications, so we configured the next sensor structure:
Another customer reported to us they had issues working with Gmail attachment files; they could not do it. Executing some packet captures and with the Fortinet TAC help, we found they were using the latest Chrome versions that use the QUIC Google protocol, which is not supported by Fortinet because it is not a valid protocol. We proceeded to block the QUIC protocol using an application control sensor.
After this blocking action, the customer was able to work without any issue.
How has it helped my organization?
It can block applications in level 7.
Even though other companies have latest-generation firewalls, FortiGate’s database is bigger.
What needs improvement?
They could improve performance with all the UTM features working.
Sometimes, we have seen that when you enable the antivirus sensor, customers report slow web browsing. We know this is normal, but we would like to know if it is possible to make feel the customer their web browsing is fast with not as much delay. The antivirus sensor analyzes all the protocols and packets we specified, and this is an important performance affectation. In my personal point of view, I don’t think it is a serious issue, but we receive many reports from users who browse the web with antivirus sensors applied to their firewall policies.
For how long have I used the solution?
I have been using it for seven years.
It is working in route mode, with all UTM licences active; it has FSSO configured to give permission to the users. It is configured to provide VPN SSL service.
What do I think about the stability of the solution?
I have encountered stability issues only when we enable all the UTM features.
What do I think about the scalability of the solution?
I have not encountered any scalability issues.
How are customer service and technical support?
Technical support is 9/10.
Which solution did I use previously and why did I switch?
We have been using FortiGate solutions for eight years. We have been upgrading when solutions in the family become unsupported.
How was the initial setup?
The initial setup is easy; no issues with doing it.
Which other solutions did I evaluate?
My company did not evaluate other options. They decided to purchase FortiGate directly.
What other advice do I have?
Work a lot with all of the UTM features because they can be very helpful right now with configuring firewall policies. The policies became very whole.
Which version of this solution are you currently using?
**Disclosure: My company has a business relationship with this vendor other than being a customer: My company is a Fortinet provider for Mexico.
Security Analyst at a tech services company with 10,001+ employees
Advanced routing (RIP, OSPF, BGP, PBR). It gives you a seamless and simple integration into a large network.
Anti-Spam web content filterinG.
We are a visual effects company, and there have been a number of high profile security issues in our industry. This has brought us to a higher standard of security, which our clients are very keen on these days.
It blocks the vulnerabilities that can negatively impact us.
The security features are about the best that I've seen anywhere.
The most valuable feature is the VDOM, which allows the customer to have multiple firewalls in a single campus.
FortiGate Secure SD-WAN includes best-of-breed next-generation firewall (NGFW) security, SD-WAN, advanced routing, and WAN optimization capabilities, delivering a security-driven networking WAN edge transformation in a unified offering.